log-otl

OTL logfile created on: 23/07/2015 22:46:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Felipe\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17905)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

5.80 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 29.82% Memory free
6.74 Gb Paging File | 3.42 Gb Available in Paging File | 50.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.52 Gb Total Space | 268.84 Gb Free Space | 59.81% Space Free | Partition Type: NTFS

Computer Name: MAGFLIP | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/07/23 22:42:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe\Downloads\OTL.exe
PRC - [2015/07/07 00:49:05 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/07/01 04:46:04 | 005,456,720 | ---- | M] (Crawler Group) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2015/07/01 04:45:54 | 003,860,304 | ---- | M] (Crawler Group) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2015/06/22 09:04:44 | 000,134,512 | ---- | M] (Dropbox, Inc.) -- C:\Users\Felipe\AppData\Local\Dropbox\Update\DropboxUpdate.exe
PRC - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/06/18 07:55:23 | 017,905,424 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe
PRC - [2015/06/18 07:55:23 | 005,495,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/06/18 07:32:23 | 000,229,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe
PRC - [2014/10/01 13:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Arquivos de Programas\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/02/27 14:21:30 | 002,615,368 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2013/02/07 20:22:34 | 000,994,880 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2013/01/16 06:02:28 | 000,476,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2013/01/16 06:02:23 | 000,350,984 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2013/01/16 06:02:22 | 001,192,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/07/13 10:14:22 | 016,307,888 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll
MOD - [2015/07/07 00:49:03 | 001,281,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
MOD - [2015/07/07 00:49:02 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
MOD - [2013/02/20 22:58:24 | 000,089,672 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
MOD - [2012/10/01 19:37:48 | 006,522,480 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/05/30 16:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2015/05/25 10:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/05/12 10:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2015/05/07 12:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2015/02/20 20:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/10/31 01:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 00:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 00:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/10/28 23:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/28 23:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/28 23:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/28 23:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/28 23:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/28 22:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/28 22:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/28 22:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/28 22:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/28 22:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/28 22:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/28 22:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/28 22:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/28 22:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/28 22:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/28 22:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/28 21:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/28 21:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/28 21:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/28 21:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/05/21 00:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV - [2015/07/01 04:46:14 | 003,037,520 | ---- | M] (Crawler Group) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/06/18 07:55:23 | 005,495,056 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/06/03 16:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/05/07 12:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2015/01/16 17:53:16 | 000,243,880 | ---- | M] (Foxit Software Inc.) [Disabled | Stopped] -- C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/10/29 00:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/28 22:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 22:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/01 13:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Arquivos de Programas\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2014/08/29 18:07:46 | 000,441,144 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014/05/21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/07 01:52:20 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2013/07/29 23:11:12 | 000,096,880 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2013/03/15 15:00:12 | 000,662,088 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Arquivos de Programas\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2013/02/27 14:21:30 | 002,615,368 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2013/01/16 06:02:23 | 000,350,984 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/10/01 19:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012/07/24 07:00:08 | 002,457,232 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel(R)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/07/23 22:14:05 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2015/07/10 13:21:16 | 000,141,440 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2015/06/18 08:42:02 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2015/04/16 03:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2015/03/19 22:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2015/03/17 14:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2015/03/13 01:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2015/03/08 23:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2015/03/04 07:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2015/02/03 20:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/02/03 20:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/02/03 20:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/11/18 07:56:36 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:[b]64bit:[/b] - [2014/10/29 00:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 00:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/10/29 00:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 00:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/28 23:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/28 23:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/28 23:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/28 23:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/28 23:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/15 05:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/12 23:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/12 23:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/07 03:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 03:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/09/18 11:38:22 | 000,158,968 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:[b]64bit:[/b] - [2014/08/18 09:28:32 | 000,243,440 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2014/08/18 09:28:32 | 000,241,368 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\edevmon.sys -- (edevmon)
DRV:[b]64bit:[/b] - [2014/08/18 09:28:32 | 000,169,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2014/08/14 21:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/07/23 19:54:50 | 003,544,264 | ---- | M] (TamoSoft) [CommView] Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athrx.sys -- (TS_ARN5416)
DRV:[b]64bit:[/b] - [2014/07/02 10:47:43 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/05/21 00:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2014/05/06 19:39:17 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2014/05/06 19:39:17 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2014/03/18 07:18:13 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/03/18 07:17:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/03/18 07:17:56 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/03/18 07:17:55 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/03/18 07:17:55 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/03/18 06:44:37 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2013/09/07 01:29:14 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2013/08/22 10:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 10:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 09:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 09:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 09:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 09:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 09:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2013/08/22 09:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 09:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 08:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2013/08/22 08:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 08:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 08:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 08:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 08:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 08:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 08:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 08:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 08:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 05:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/12 20:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/09 21:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/30 15:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/29 23:11:12 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:[b]64bit:[/b] - [2013/07/25 16:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/06/18 11:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/01/21 02:56:12 | 003,747,840 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/01/17 22:31:22 | 000,336,784 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2012/08/17 02:55:26 | 000,288,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:[b]64bit:[/b] - [2012/08/16 13:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/07/15 12:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:[b]64bit:[/b] - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/06/19 11:40:51 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2008/09/24 10:03:22 | 000,092,160 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{96AD48B6-900E-470D-BC1C-1013B685DE8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{96AD48B6-900E-470D-BC1C-1013B685DE8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/uni: C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/12/30 08:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873}: C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014/12/05 08:30:48 | 000,000,000 | ---D | M]

[2014/04/29 21:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Extensions
[2015/07/14 13:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Firefox\Profiles\mcplpndx.default\extensions
[2015/07/14 13:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Firefox\Profiles\mcplpndx.default\extensions\staged

[color=#E56717]========== Chrome  ==========[/color]

CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.9.0_0\
CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015/07/23 21:03:15 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (SpaceCouupponAupp) - {372F0005-CF81-4D28-AB11-26BCB0222951} - C:\Program Files (x86)\SpaceCouupponAupp\GGOZNGwlaDk59f.x64.dll File not found
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Arquivos de Programas\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler Group)
O4:[b]64bit:[/b] - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler Group)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Dropbox Update] C:\Users\Felipe\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Felipe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\googledrivesync - Atalho.lnk = C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC85D85-D741-4D81-9F73-D14BB86A37F9}: DhcpNameServer = 192.11.104.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D61F13F-ACF6-4E1E-92CA-F6545A1493A3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Unable to save MBR. Invalid drive designation: 0

NetSvcs:[b]64bit:[/b] lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2015/07/23 22:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015/07/23 21:24:47 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/07/23 21:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/07/23 21:23:37 | 000,109,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/07/23 21:23:36 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/07/23 21:23:36 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/07/23 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/07/23 21:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/07/23 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
[2015/07/23 21:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator
[2015/07/23 20:42:46 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\ElevatedDiagnostics
[2015/07/23 19:59:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2015/07/23 19:23:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015/07/20 21:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2015/07/20 19:34:16 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/07/20 19:34:16 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/07/20 19:34:16 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/07/20 19:34:16 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/07/19 17:22:34 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcpl.dll
[2015/07/16 19:45:12 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/07/16 19:36:29 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/07/16 19:36:26 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/07/16 19:36:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/07/16 19:36:26 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/07/16 19:36:26 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/07/16 19:36:26 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/07/16 19:36:26 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2015/07/16 19:36:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015/07/16 19:36:25 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/07/16 19:36:25 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/07/16 19:36:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/07/16 19:36:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2015/07/16 19:36:25 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2015/07/16 19:36:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/07/16 19:36:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdc.ocx
[2015/07/16 19:36:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/07/16 19:36:24 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015/07/16 19:36:24 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/07/16 19:36:24 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/07/16 19:36:24 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdc.ocx
[2015/07/16 19:36:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2015/07/16 19:36:23 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/07/16 19:34:27 | 001,380,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2015/07/14 21:14:55 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/07/14 21:14:55 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/07/14 21:14:55 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2015/07/14 21:14:54 | 002,229,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/07/14 21:14:54 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/07/14 21:14:54 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/07/14 21:14:54 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll
[2015/07/14 21:14:54 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/07/14 21:14:54 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/07/14 21:14:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/07/14 21:14:54 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/07/14 21:14:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/07/14 21:14:54 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/07/14 21:14:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2015/07/14 21:14:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2015/07/14 21:13:56 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll
[2015/07/14 21:13:55 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2015/07/14 21:13:55 | 001,311,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll
[2015/07/14 21:13:54 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2015/07/14 21:13:54 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2015/07/14 21:13:43 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2015/07/14 21:13:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werdiagcontroller.dll
[2015/07/14 21:13:40 | 002,774,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/07/14 21:13:39 | 003,320,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2015/07/14 21:13:39 | 002,460,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/07/14 21:13:37 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll
[2015/07/14 21:13:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GeofenceMonitorService.dll
[2015/07/14 21:13:36 | 003,109,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2015/07/14 21:13:36 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2015/07/14 21:13:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2015/07/14 21:12:51 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2015/07/14 21:12:51 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2015/07/14 21:12:51 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/07/14 21:12:51 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/07/14 21:12:29 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2015/07/14 21:11:48 | 001,661,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2015/07/14 21:02:57 | 007,784,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2015/07/14 21:02:56 | 005,264,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2015/07/14 21:01:22 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2015/07/14 21:01:10 | 003,084,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2015/07/14 21:01:10 | 002,471,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2015/07/14 13:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\12453905324148249027
[2015/07/10 13:21:16 | 000,204,264 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\VBoxNetFltNobj.dll
[2015/07/10 13:21:16 | 000,141,440 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys
[2015/06/22 09:04:44 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\Dropbox
[2015/06/22 09:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Dropbox
[2015/06/19 19:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2015/06/19 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2015/06/13 16:02:51 | 001,119,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/06/13 16:02:51 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/06/13 16:02:51 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/06/13 16:02:51 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/06/13 16:02:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2015/06/13 16:02:50 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/06/13 16:02:50 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2015/06/13 16:02:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/06/11 20:16:21 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2015/06/11 20:16:21 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2015/06/11 20:16:21 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2015/06/11 20:16:21 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll
[2015/06/11 20:16:20 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastapi.dll
[2015/06/11 20:16:20 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastapi.dll
[2015/06/11 20:16:19 | 001,430,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/06/11 20:16:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll
[2015/06/11 20:16:18 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rgb9rast.dll
[2015/06/11 20:16:16 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authz.dll
[2015/06/11 20:16:15 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2015/06/11 20:16:15 | 001,018,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2015/06/11 20:16:14 | 002,551,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2015/06/11 20:16:14 | 001,920,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2015/06/11 20:16:14 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2015/06/11 20:16:13 | 003,633,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2015/06/11 20:16:13 | 002,749,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2015/06/11 20:16:13 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2015/06/11 20:16:13 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssvp.dll
[2015/06/11 20:16:13 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2015/06/11 20:16:13 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2015/06/11 20:16:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2015/06/11 20:16:13 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll
[2015/06/10 18:44:01 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2015/06/10 18:43:40 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2015/06/10 18:43:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2015/06/10 18:43:38 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2015/06/10 18:43:38 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2015/06/06 13:26:06 | 000,000,000 | ---D | C] -- C:\Users\Felipe\.jssc
[2015/06/04 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\TeamViewer
[2015/06/01 08:25:46 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\GWX
[2015/05/28 22:02:35 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\NetBeansProjects
[2015/05/25 21:45:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Desktop\Felipe_Megav2.2
[2015/05/24 21:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Migration
[2015/05/17 19:38:02 | 000,467,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/05/17 19:38:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\bthhfenum.sys
[2015/05/17 19:37:58 | 002,256,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2015/05/17 19:37:57 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2015/05/17 19:37:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ahcache.sys
[2015/05/17 19:37:55 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2015/05/17 19:37:55 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2015/05/17 19:37:53 | 002,819,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2015/05/17 19:37:53 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsDatabase.dll
[2015/05/17 19:36:06 | 004,417,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll
[2015/05/17 19:36:06 | 002,985,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll
[2015/05/17 19:36:06 | 001,491,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbghelp.dll
[2015/05/17 19:36:06 | 001,207,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbghelp.dll
[2015/05/17 19:35:56 | 002,162,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/05/17 19:35:56 | 001,812,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/05/17 19:30:38 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhotoMetadataHandler.dll
[2015/05/17 19:30:38 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PhotoMetadataHandler.dll
[2015/05/17 19:30:28 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll
[2015/05/17 19:30:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdbinst.exe
[2015/05/17 19:30:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sdbinst.exe
[2015/05/17 19:29:48 | 000,239,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2015/05/17 19:29:48 | 000,154,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2015/05/17 19:29:41 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpdshext.dll
[2015/05/14 21:49:06 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/05/14 21:49:06 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/05/12 22:01:30 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/05/12 22:01:29 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inseng.dll
[2015/05/12 21:53:30 | 001,996,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015/05/12 21:53:24 | 000,410,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2015/04/26 20:11:10 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Tracing
[2015/04/26 20:10:10 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\Skype
[2015/04/26 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Skype
[2015/04/26 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/04/26 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/04/26 20:09:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/04/26 20:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2015/07/23 22:22:30 | 000,037,624 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2015/07/23 22:15:15 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/07/23 22:14:05 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/07/23 22:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf4f8b7c1a83c.job
[2015/07/23 22:13:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/07/23 22:13:09 | 687,525,887 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/23 22:13:05 | 000,053,284 | ---- | M] () -- C:\WINDOWS\SysNative\wpbbin.exe
[2015/07/23 21:58:01 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cf6a437714e932.job
[2015/07/23 21:30:12 | 000,000,286 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/07/23 21:28:46 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2015/07/23 21:03:15 | 000,000,824 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2015/07/23 20:47:18 | 000,000,024 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\appdataFr25.bin
[2015/07/23 19:22:43 | 001,797,166 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/07/23 19:22:43 | 000,774,900 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
[2015/07/23 19:22:43 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/07/23 19:22:43 | 000,158,494 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
[2015/07/23 19:22:43 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/07/23 19:04:45 | 000,014,477 | ---- | M] () -- C:\Users\Felipe\tsUser.properties
[2015/07/21 06:54:50 | 000,483,464 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/07/20 21:41:49 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2015/07/19 19:02:59 | 005,266,442 | ---- | M] () -- C:\Users\Felipe\Desktop\python_para_desenvolvedores_2ed.pdf
[2015/07/18 16:14:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001Core1d0c18d3eee817a.job
[2015/07/18 16:09:19 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001UA1d0c18d3fca1cec.job
[2015/07/18 13:03:16 | 000,005,975 | ---- | M] () -- C:\Users\Felipe\AppData\Local\package.nw.new
[2015/07/14 11:14:06 | 000,301,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/07/14 11:14:02 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/07/14 11:14:00 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/07/14 11:13:55 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/07/13 18:10:13 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/07/13 18:10:13 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/07/10 13:21:16 | 000,204,264 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\VBoxNetFltNobj.dll
[2015/07/10 13:21:16 | 000,141,440 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys
[2015/07/09 22:06:13 | 000,001,191 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/07/09 16:51:16 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/07/09 15:40:34 | 000,359,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll
[2015/07/09 12:54:39 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/07/09 12:53:47 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/07/09 12:50:26 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/07/09 12:50:06 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/07/09 12:48:47 | 000,891,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/07/09 12:46:59 | 002,229,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/07/09 12:38:21 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/07/09 12:37:44 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/07/09 12:35:19 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/07/09 12:34:40 | 000,721,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/07/01 19:08:54 | 005,923,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/06/28 02:06:58 | 001,311,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll
[2015/06/27 00:08:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2015/06/27 00:08:17 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2015/06/26 23:40:09 | 000,445,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2015/06/26 23:14:22 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2015/06/26 23:05:14 | 001,441,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2015/06/26 22:53:22 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2015/06/21 18:51:57 | 564,985,150 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2015/06/18 08:42:02 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/06/18 08:41:44 | 000,109,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/06/16 02:36:27 | 001,661,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2015/06/15 19:39:09 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/06/15 19:38:29 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2015/06/15 19:26:20 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/06/15 19:24:38 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/06/15 19:24:36 | 003,320,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2015/06/15 19:02:47 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdc.ocx
[2015/06/15 18:58:16 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2015/06/15 18:57:40 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/06/15 18:56:03 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/06/15 18:55:00 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015/06/15 18:38:31 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/06/15 18:36:31 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/06/15 18:17:28 | 002,880,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/06/15 18:13:40 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015/06/15 18:04:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/06/15 18:03:38 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/06/15 17:52:53 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/06/15 17:50:38 | 002,774,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/06/15 17:47:41 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdc.ocx
[2015/06/15 17:44:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2015/06/15 17:43:32 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2015/06/15 17:42:00 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/06/15 17:30:46 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/06/15 17:02:27 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/06/15 16:57:02 | 002,460,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/06/11 00:49:53 | 001,380,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2015/06/07 11:52:26 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\MegaLogViewer.lnk
[2015/06/06 19:11:30 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2015/06/06 19:11:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2015/06/06 13:24:56 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\TunerStudio MS.lnk
[2015/05/30 18:18:56 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werdiagcontroller.dll
[2015/05/30 16:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2015/05/25 10:23:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll
[2015/05/25 10:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/05/23 00:14:51 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2015/05/23 00:04:50 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2015/05/22 16:00:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2015/05/22 15:47:03 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2015/05/22 10:08:24 | 000,700,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/05/21 10:08:13 | 000,756,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/05/21 10:08:13 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/05/21 10:08:12 | 001,119,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/05/21 10:08:12 | 001,020,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/05/21 10:08:12 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2015/05/21 10:08:12 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/05/12 10:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2015/05/11 13:34:40 | 000,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcpl.dll
[2015/05/07 14:00:31 | 003,109,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2015/05/07 13:47:01 | 000,564,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll
[2015/05/07 13:12:22 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2015/05/07 12:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll
[2015/05/07 12:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GeofenceMonitorService.dll
[2015/05/03 12:09:49 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/05/03 12:07:24 | 007,784,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2015/05/03 11:58:08 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/05/03 11:57:19 | 005,264,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2015/05/03 11:55:07 | 000,971,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2015/05/03 11:49:27 | 000,811,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2015/05/01 20:33:58 | 000,410,739 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/04/30 17:35:31 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/04/30 17:35:19 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/04/29 20:22:29 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll
[2015/04/26 20:09:56 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/04/24 23:34:24 | 000,653,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2015/04/24 23:25:32 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/07/23 22:22:30 | 000,037,624 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2015/07/23 21:30:09 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/07/23 21:28:46 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2015/07/20 21:41:49 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2015/07/19 19:02:59 | 005,266,442 | ---- | C] () -- C:\Users\Felipe\Desktop\python_para_desenvolvedores_2ed.pdf
[2015/07/18 16:09:19 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001UA1d0c18d3fca1cec.job
[2015/07/18 16:09:18 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001Core1d0c18d3eee817a.job
[2015/07/14 21:12:15 | 000,410,739 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/07/14 13:34:28 | 000,000,024 | ---- | C] () -- C:\Users\Felipe\AppData\Roaming\appdataFr25.bin
[2015/06/26 09:16:48 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2015/06/19 19:34:37 | 000,260,696 | ---- | C] () -- C:\WINDOWS\SysNative\unrar64.dll
[2015/06/19 19:34:37 | 000,218,712 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2015/06/07 11:52:26 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\MegaLogViewer.lnk
[2015/06/06 13:24:56 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\TunerStudio MS.lnk
[2015/04/26 20:09:56 | 000,002,715 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/03/21 11:38:39 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/03/21 11:38:23 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/01/24 15:27:55 | 000,014,477 | ---- | C] () -- C:\Users\Felipe\tsUser.properties
[2015/01/24 15:27:54 | 000,000,132 | ---- | C] () -- C:\Users\Felipe\tsMS.reg
[2015/01/17 10:53:07 | 000,164,864 | ---- | C] () -- C:\WINDOWS\SysWow64\UNWISE32.EXE
[2014/11/22 21:58:15 | 000,005,975 | ---- | C] () -- C:\Users\Felipe\AppData\Local\package.nw.new
[2014/07/23 09:57:30 | 000,720,082 | ---- | C] () -- C:\Users\Felipe\AppData\Roaming\unins000.exe
[2014/07/23 09:57:30 | 000,017,065 | ---- | C] () -- C:\Users\Felipe\AppData\Roaming\unins000.dat
[2014/07/05 15:22:14 | 000,016,155 | ---- | C] () -- C:\WINDOWS\SysWow64\uniiprct.exe
[2014/07/02 08:02:05 | 000,070,144 | ---- | C] () -- C:\WINDOWS\SysWow64\tasks.dll
[2014/06/28 10:04:53 | 000,000,959 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014/06/27 20:27:14 | 000,000,305 | ---- | C] () -- C:\WINDOWS\SysWow64\secushr.dat
[2014/06/27 17:32:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2014/05/21 00:33:38 | 000,348,088 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014/05/21 00:33:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/05/21 00:33:32 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2014/03/18 07:18:34 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2013/08/22 12:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 12:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 11:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 04:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 20:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/07/29 23:17:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[color=#E56717]========== ZeroAccess Check ==========[/color]


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/05/07 14:50:50 | 022,292,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/05/07 13:53:12 | 019,734,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 22:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 21:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 22:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< *crack* /s  >[/color]
[2014/03/31 22:39:00 | 000,005,330 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\manpages\aircrack-ng.1
[2014/03/31 23:20:58 | 000,004,636 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\packages\aircrack-ng.spec
[2009/07/22 16:01:36 | 000,000,281 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\patches\old\aicrack-ng-rc2_Intel_macOSX.patch
[2013/05/01 20:46:34 | 000,017,795 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\scripts\dcrack.py
[2011/11/20 01:00:14 | 000,001,164 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\scripts\airoscript-ng\doc\rst\crack.rst
[2012/01/30 12:09:54 | 000,002,062 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\scripts\airoscript-ng\doc\rst\crack.rst.html
[2013/03/17 13:36:30 | 000,000,954 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\scripts\airoscript-ng\src\extras\completions\_aircrack_ng
[2013/08/10 13:04:58 | 000,007,006 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\scripts\airoscript-ng\src\functions\autocrack
[2014/03/30 22:39:16 | 000,134,730 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\src\aircrack-ng.c
[2014/03/22 17:04:58 | 000,008,857 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\src\aircrack-ng.h
[2014/02/04 00:04:18 | 000,022,010 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\src\aircrack-ptw-lib.c
[2013/07/21 19:42:20 | 000,003,863 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2669463329-884396847-839217480-1001\$RYQ10A8.2-beta3\src\aircrack-ptw-lib.h
[2014/11/18 07:59:57 | 000,012,964 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Azureus\torrents\Spyware_Terminator_Premium_2012_v3.0.0.82_Incl_Crack_-_[MUMBAI].torrent
[24 \Users\Felipe\AppData\Roaming\Azureus\torrents\*.tmp files -> \Users\Felipe\AppData\Roaming\Azureus\torrents\*.tmp -> ]
[2015/01/21 21:48:58 | 011,049,829 | ---- | M] () -- \Users\Felipe\Desktop\Músicas pendrive\Eletro\39. Bassjackers - Crackin (Original Mix).mp3
[2015/03/11 22:37:27 | 005,226,981 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win.zip
[2013/12/01 00:46:00 | 000,045,056 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\bin\Aircrack-ng GUI.exe
[2014/10/31 19:39:06 | 000,394,147 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\bin\aircrack-ng.exe
[2014/10/31 17:43:14 | 000,005,330 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\manpages\aircrack-ng.1
[2014/10/31 17:43:14 | 000,004,634 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\packages\aircrack-ng.spec
[2013/05/01 20:46:33 | 000,017,795 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\scripts\dcrack.py
[2014/07/11 23:24:03 | 000,135,005 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\aircrack-ng.c
[2014/03/22 17:04:57 | 000,008,857 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\aircrack-ng.h
[2014/07/26 18:12:04 | 000,022,039 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\aircrack-ptw-lib.c
[2013/07/21 19:42:19 | 000,003,863 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\aircrack-ptw-lib.h
[2008/12/06 23:53:26 | 000,000,922 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\GUI\Aircrack-ng.sln
[2008/12/06 23:53:26 | 000,003,341 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\GUI\Aircrack-ng\Aircrack-ng.csproj
[2008/12/06 23:53:26 | 000,000,538 | ---- | M] () -- \Users\Felipe\Downloads\aircrack-ng-1.2-rc1-win\aircrack-ng-1.2-rc1-win\src\GUI\Aircrack-ng\Aircrack-ng.csproj.user
[2015/01/21 21:48:58 | 011,049,829 | ---- | M] () -- \Users\Felipe\Downloads\Top 100 DJ 2015 - www.musicasparabaixar.org\Eletro\39. Bassjackers - Crackin (Original Mix).mp3

[color=#A23BEC]< *keygen* /s  >[/color]

[color=#A23BEC]< *serial* /s  >[/color]
[2015/01/30 12:54:54 | 000,005,989 | ---- | M] () -- \Program Files (x86)\eclipse\configuration\org.eclipse.osgi\128\0\.cp\org\eclipse\epp\internal\mpc\ui\wizards\SelectionModelStateSerializer.class
[2015/01/09 03:25:22 | 000,302,018 | ---- | M] () -- \Program Files (x86)\eclipse\plugins\org.apache.xml.serializer_2.7.1.v201005080400.jar
[2012/03/13 17:30:46 | 000,209,484 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\config\ecuDef\MS2ExtraSerial321.ini
[2012/06/08 00:22:12 | 000,211,627 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\config\ecuDef\MS2ExtraSerial323.ini
[2013/04/16 08:04:48 | 000,215,370 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\config\ecuDef\MS2ExtraSerial324.ini
[2013/05/21 15:30:18 | 000,255,025 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\config\ecuDef\MS2ExtraSerial325.ini
[2010/10/12 12:18:10 | 000,231,304 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\librxtxSerial.jnilib
[2010/10/23 00:33:26 | 000,146,489 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\librxtxSerial.so
[2006/03/01 15:01:40 | 000,077,759 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\rxtxSerial.dll
[2009/02/04 20:08:38 | 000,146,489 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\alternateLinuxDrivers\32-Bit-x86-linux\librxtxSerial.so
[2010/10/23 10:52:42 | 000,231,304 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\alternateLinuxDrivers\OSX\librxtxSerial.jnilib
[1969/12/31 20:00:00 | 000,124,416 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\alternateLinuxDrivers\win64\rxtxSerial.dll
[2009/02/04 20:09:24 | 000,174,170 | ---- | M] () -- \Program Files (x86)\EFIAnalytics\TunerStudioMS\lib\alternateLinuxDrivers\x86_64-linux\librxtxSerial.so
[2011/11/13 16:56:26 | 000,004,232 | ---- | M] () -- \Program Files (x86)\LinuxLive USB Creator\tools\syslinux-modules\v3\serialinfo.c32
[2011/11/13 16:55:56 | 000,004,624 | ---- | M] () -- \Program Files (x86)\LinuxLive USB Creator\tools\syslinux-modules\v4\serialinfo.c32
[2013/06/04 07:33:56 | 000,001,720 | ---- | M] () -- \Program Files (x86)\LinuxLive USB Creator\tools\syslinux-modules\v5\serialinfo.c32
[2014/10/06 04:29:24 | 000,001,728 | ---- | M] () -- \Program Files (x86)\LinuxLive USB Creator\tools\syslinux-modules\v6\serialinfo.c32
[2014/07/08 22:45:06 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2015/01/29 20:09:36 | 000,016,264 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\bin\serialver.exe
[2012/10/01 19:36:32 | 000,166,864 | ---- | M] () -- \Program Files\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll
[2012/10/01 19:36:32 | 000,209,360 | ---- | M] () -- \Program Files\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll
[2014/07/08 22:45:33 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014/07/02 10:40:21 | 000,094,208 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR\System.RunTime.Serialization.Resources.dll
[2015/06/11 20:08:04 | 000,020,444 | ---- | M] () -- \Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6\HP.Framework.Extensions.PrinterSettings\FaxSetupWizard\Views\SerialTypePhoneSystemPage.xbf
[2014/09/16 10:26:30 | 000,007,834 | ---- | M] () -- \Users\Felipe\AppData\Local\Popcorn Time\node_modules\opensrt_js\node_modules\xmlrpc\lib\deserializer.js
[2014/09/16 10:26:30 | 000,005,092 | ---- | M] () -- \Users\Felipe\AppData\Local\Popcorn Time\node_modules\opensrt_js\node_modules\xmlrpc\lib\serializer.js
[2014/07/10 15:23:05 | 000,004,439 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Azureus\torrents\Everest Ultimate Edition 5.50.2100 + Serial [TrT-TcT].torrent
[24 \Users\Felipe\AppData\Roaming\Azureus\torrents\*.tmp files -> \Users\Felipe\AppData\Roaming\Azureus\torrents\*.tmp -> ]
[2014/07/10 15:24:09 | 010,255,637 | ---- | M] () -- \Users\Felipe\Desktop\Felipe\Aplicativos e instaladores\Everest Ultimate Edition 5.50.2100 + Serial [TrT-TcT]\Everest Ultimate Edition 5.50.2100 + Serial [TrT-TcT].rar
[2011/01/18 22:38:39 | 000,000,861 | ---- | M] () -- \Users\Felipe\Desktop\Felipe\Aplicativos e instaladores\Everest Ultimate Edition 5.50.2100 + Serial [TrT-TcT]\Everest Ultimate Edition 5.50.2100 + Serial [TrT-TcT]\serial.txt
[2015/01/18 18:18:02 | 003,315,807 | ---- | M] () -- \Users\Felipe\Downloads\USBGear-FTDI_serial_drivers.zip
[2014/10/12 23:02:58 | 001,854,464 | ---- | M] () -- \Users\Felipe\Downloads\vista-prolific-chip-driver-for-serial-adapters.zip
[2003/12/18 09:19:54 | 000,805,250 | R--- | M] () -- \Users\Felipe\Downloads\usb-810\USB-SERIAL ADAPTER User's Manual _English_.pdf
[2013/08/16 21:06:30 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/23 19:12:42 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014/07/02 10:40:21 | 000,094,208 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_pt-BR_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014/07/08 22:45:06 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2015/03/25 07:42:12 | 002,803,200 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
[2015/03/25 07:42:12 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll.aux
[2015/03/25 07:47:30 | 003,529,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\769339283c5376245c011d81ce725abd\System.Runtime.Serialization.ni.dll
[2015/03/25 07:47:30 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\769339283c5376245c011d81ce725abd\System.Runtime.Serialization.ni.dll.aux
[2013/08/22 12:32:39 | 000,001,032 | ---- | M] () -- \Windows\Inf\c_multiportserial.inf
[2014/03/18 06:28:25 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_pt-BR_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/09 21:55:16 | 000,142,104 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/09 21:55:16 | 000,029,392 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/08/09 21:55:16 | 000,029,432 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2014/06/05 00:33:05 | 000,115,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_pt-BR_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013/08/09 21:55:16 | 000,029,896 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014/07/24 00:20:32 | 001,059,536 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/08/09 21:55:49 | 000,045,720 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/08/09 21:55:49 | 000,029,848 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014/06/23 19:12:42 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/16 21:06:24 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/07/08 22:45:07 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014/07/24 00:20:32 | 001,059,536 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/08/09 21:55:16 | 000,142,104 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/09 21:55:16 | 000,029,392 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/08/09 21:55:16 | 000,029,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/08/09 21:55:16 | 000,029,896 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/08/09 21:55:49 | 000,045,720 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/08/09 21:55:49 | 000,029,848 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2014/03/18 06:28:25 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\pt-BR\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/05 00:33:05 | 000,115,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\pt-BR\System.RunTime.Serialization.resources.dll
[2014/06/23 19:12:50 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/16 21:06:30 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014/07/08 22:45:34 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014/07/24 00:20:21 | 001,059,536 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2013/08/09 21:41:27 | 000,142,104 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/09 21:41:27 | 000,029,392 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/08/09 21:41:28 | 000,029,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/08/09 21:41:28 | 000,029,896 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/08/09 21:42:08 | 000,045,720 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2013/08/09 21:42:08 | 000,029,848 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2014/03/18 06:28:26 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\pt-BR\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/05 00:33:05 | 000,115,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\pt-BR\System.RunTime.Serialization.resources.dll
[2013/08/22 17:12:14 | 000,008,827 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~pt-BR~6.3.9600.16384.cat
[2013/08/22 16:42:10 | 000,000,781 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~pt-BR~6.3.9600.16384.mum
[2013/08/22 09:55:01 | 000,008,827 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat
[2013/08/22 03:47:48 | 000,000,511 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~~6.3.9600.16384.mum
[2014/10/28 22:46:05 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2013/08/22 17:12:14 | 000,008,827 | ---- | M] () -- \Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~pt-BR~6.3.9600.16384.cat
[2013/08/22 09:55:01 | 000,008,827 | ---- | M] () -- \Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat
[2014/03/18 06:28:01 | 000,000,232 | ---- | M] () -- \Windows\System32\DriverStore\en-US\c_multiportserial.inf_loc
[2013/08/22 03:57:38 | 000,001,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_7875073d426d59a6\c_multiportserial.inf
[2014/07/02 11:00:31 | 000,004,224 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_7875073d426d59a6\c_multiportserial.PNF
[2013/08/22 08:40:08 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_1be60ad3a61e5531\serial.sys
[2014/03/18 06:28:10 | 000,005,120 | ---- | M] () -- \Windows\System32\pt-BR\serialui.dll.mui
[2014/10/28 22:46:05 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2014/03/18 06:28:10 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\pt-BR\serialui.dll.mui
[2014/03/18 06:28:01 | 000,000,232 | ---- | M] () -- \Windows\WinSxS\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_35eaebe6834354eb\c_multiportserial.inf_loc
[2013/08/22 03:57:38 | 000,001,032 | ---- | M] () -- \Windows\WinSxS\amd64_c_multiportserial.inf_31bf3856ad364e35_6.3.9600.16384_none_91b10a007e43beff\c_multiportserial.inf
[2014/09/04 21:23:10 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_f5dd4cded2fb738f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2013/08/16 21:06:30 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.17226_pt-br_f620144cd2c91b11\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014/09/04 21:23:13 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.20708_pt-br_f6c16fe3ebd490a2\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014/03/18 06:28:10 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_841bc37d0b5024ed\serialui.dll.mui
[2015/03/29 13:58:26 | 000,001,685 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.16384_none_e5c00198f2a1c32d\serialui.dll
[2014/10/28 23:27:06 | 000,017,920 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.17415_none_e60c9c74f2682fb5\serialui.dll
[2014/09/04 21:24:41 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_9324f47c7a2439cc\System.RunTime.Serialization.Resources.dll
[2014/07/02 10:40:21 | 000,094,208 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.3.9600.17226_pt-br_9367bbea79f1e14e\System.RunTime.Serialization.Resources.dll
[2014/09/04 21:24:42 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.3.9600.20708_pt-br_9409178192fd56df\System.RunTime.Serialization.Resources.dll
[2014/03/18 06:28:01 | 000,011,264 | ---- | M] () -- \Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_fa67047173e1c496\serial.sys.mui
[2013/08/22 08:40:08 | 000,083,456 | ---- | M] () -- \Windows\WinSxS\amd64_msports.inf_31bf3856ad364e35_6.3.9600.16384_none_e95610bc8c554aa7\serial.sys
[2014/09/23 20:39:17 | 000,004,324 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..alization.resources_b03f5f7f11d50a3a_4.0.9600.16384_pt-br_6c6a12a04a87af06\System.RunTime.Serialization.resources.dll
[2014/06/05 00:33:05 | 000,115,480 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..alization.resources_b03f5f7f11d50a3a_4.0.9600.17238_pt-br_6c64b8184a8c93ad\System.RunTime.Serialization.resources.dll
[2014/09/23 20:39:17 | 000,003,398 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..alization.resources_b03f5f7f11d50a3a_4.0.9600.20720_pt-br_5596c4d864341171\System.RunTime.Serialization.resources.dll
[2013/08/09 21:41:27 | 000,142,104 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9600.16384_none_f73c7de0bb1de286\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/09 21:41:28 | 000,029,432 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..lization.primitives_b03f5f7f11d50a3a_4.0.9600.16384_none_64635c6af076b012\System.Runtime.Serialization.Primitives.dll
[2014/03/18 06:28:26 | 000,027,920 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..ters.soap.resources_b03f5f7f11d50a3a_4.0.9600.16384_pt-br_b4b7c317ae20c730\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/09 21:41:27 | 000,029,392 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_031841e9b021a288\System.Runtime.Serialization.Json.dll
[2013/08/09 21:41:28 | 000,029,896 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_ea3019bcd508d7f5\System.Runtime.Serialization.Xml.dll
[2014/09/23 20:39:20 | 000,018,929 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_afcfdcce0af8e4ba\System.Runtime.Serialization.dll
[2014/07/24 00:20:21 | 001,059,536 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.17238_none_afca82460afdc961\System.Runtime.Serialization.dll
[2014/09/23 20:39:21 | 000,004,122 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.20720_none_98fc8f0624a54725\System.Runtime.Serialization.dll
[2013/08/09 21:42:08 | 000,045,720 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.xml.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_1f92ce7ac9b9f399\System.Xml.Serialization.dll
[2013/08/09 21:42:08 | 000,029,848 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_0b1c65bd7b1ef04c\System.Xml.XmlSerializer.dll
[2014/09/04 21:28:27 | 000,000,531 | ---- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.16384_none_f057a9271ce694b1\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/23 19:12:50 | 000,131,072 | ---- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.17226_none_f0517be51cec2cbf\System.Runtime.Serialization.Formatters.Soap.dll
[2014/09/04 21:28:28 | 000,000,491 | ---- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.20708_none_d981a48b36959176\System.Runtime.Serialization.Formatters.Soap.dll
[2014/09/04 21:30:03 | 000,000,639 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.16384_none_9fc99c9c7c4c05c7\System.Runtime.Serialization.dll
[2014/09/23 20:41:03 | 000,000,425 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17226_none_9fc36f5a7c519dd5\System.Runtime.Serialization.dll
[2014/07/08 22:45:34 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17231_none_9fc4e18c7c503707\System.Runtime.Serialization.dll
[2014/09/04 21:30:05 | 000,000,424 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20708_none_88f3980095fb028c\System.Runtime.Serialization.dll
[2014/09/23 20:41:04 | 000,000,619 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20717_none_88f4af1295fa0242\System.Runtime.Serialization.dll
[2014/09/04 21:30:06 | 000,000,639 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_daa0a966d0440060\System.Runtime.Serialization.dll
[2014/09/23 20:41:06 | 000,000,425 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_da9a7c24d049986e\System.Runtime.Serialization.dll
[2014/07/08 22:45:33 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_da9bee56d04831a0\System.Runtime.Serialization.dll
[2014/09/04 21:30:08 | 000,000,424 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_c3caa4cae9f2fd25\System.Runtime.Serialization.dll
[2014/09/23 20:41:08 | 000,000,619 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_c3cbbbdce9f1fcdb\System.Runtime.Serialization.dll
[2014/03/18 06:26:21 | 000,000,276 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf-languagepack_31bf3856ad364e35_6.3.9600.16384_pt-br_07f5efd5d5811ee1.manifest
[2014/03/18 06:26:42 | 000,000,249 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_35eaebe6834354eb.manifest
[2013/08/22 12:20:14 | 000,000,210 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf_31bf3856ad364e35_6.3.9600.16384_none_91b10a007e43beff.manifest
[2013/08/22 10:25:34 | 000,000,297 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.3.9600.16384_none_0273ed2980a1f589.manifest
[2013/08/22 12:22:11 | 000,001,512 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-serial-classextension_31bf3856ad364e35_6.3.9600.16384_none_26d3123b2d2a9360.manifest
[2013/08/22 12:22:07 | 000,000,110 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.3.9600.16384_none_1d7b32f2da6cfe0c.manifest
[2013/08/22 12:24:27 | 000,000,402 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_031841e9b021a288.manifest
[2013/08/22 12:24:29 | 000,000,401 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_ea3019bcd508d7f5.manifest
[2013/08/22 12:24:24 | 000,000,420 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_afcfdcce0af8e4ba.manifest
[2014/09/10 20:48:02 | 000,000,420 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.17238_none_afca82460afdc961.manifest
[2014/09/10 20:48:02 | 000,000,413 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.20720_none_98fc8f0624a54725.manifest
[2013/08/22 12:24:28 | 000,000,397 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.xml.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_1f92ce7ac9b9f399.manifest
[2013/08/22 12:24:27 | 000,000,403 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_0b1c65bd7b1ef04c.manifest
[2013/08/22 12:24:13 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.16384_none_9fc99c9c7c4c05c7.manifest
[2014/08/13 19:01:58 | 000,000,404 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17226_none_9fc36f5a7c519dd5.manifest
[2014/09/10 21:07:56 | 000,000,404 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17231_none_9fc4e18c7c503707.manifest
[2014/08/13 19:01:58 | 000,000,407 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20708_none_88f3980095fb028c.manifest
[2014/09/10 21:07:56 | 000,000,406 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20717_none_88f4af1295fa0242.manifest
[2013/08/22 12:24:13 | 000,000,416 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_daa0a966d0440060.manifest
[2014/08/13 19:01:58 | 000,000,413 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_da9a7c24d049986e.manifest
[2014/09/10 21:07:56 | 000,000,412 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_da9bee56d04831a0.manifest
[2014/08/13 19:01:58 | 000,000,415 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_c3caa4cae9f2fd25.manifest
[2014/09/10 21:07:56 | 000,000,414 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_c3cbbbdce9f1fcdb.manifest
[2013/08/22 12:24:29 | 000,000,418 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_61eedd30ec040245.manifest
[2013/08/22 12:24:24 | 000,000,430 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9600.16384_none_dde82ee214ba2d3d.manifest
[2013/08/22 12:24:13 | 000,000,400 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.16384_none_ed2ffed67c428df1.manifest
[2014/08/13 19:01:57 | 000,000,399 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17226_none_ed29d1947c4825ff.manifest
[2014/09/10 21:07:56 | 000,000,401 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17231_none_ed2b43c67c46bf31.manifest
[2014/08/13 19:01:57 | 000,000,399 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20708_none_d659fa3a95f18ab6.manifest
[2014/09/10 21:07:56 | 000,000,401 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20717_none_d65b114c95f08a6c.manifest
[2014/03/18 06:27:38 | 000,000,451 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.16384_pt-br_743cec76f28091ef.manifest
[2014/09/10 20:48:03 | 000,000,452 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.17238_pt-br_743791eef2857696.manifest
[2014/09/10 20:48:03 | 000,000,448 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.20720_pt-br_5d699eaf0c2cf45a.manifest
[2014/03/18 06:27:33 | 000,000,412 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.16384_pt-br_c99f93b9107b4eb6.manifest
[2014/08/13 19:01:58 | 000,000,411 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17226_pt-br_c99966771080e6c4.manifest
[2014/09/10 21:07:56 | 000,000,413 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17231_pt-br_c99ad8a9107f7ff6.manifest
[2014/08/13 19:01:58 | 000,000,412 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20708_pt-br_b2c98f1d2a2a4b7b.manifest
[2014/09/10 21:07:56 | 000,000,413 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20717_pt-br_b2caa62f2a294b31.manifest
[2013/08/22 12:24:24 | 000,000,419 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_0d0d9cf22bac10f4.manifest
[2013/08/22 12:24:27 | 000,000,471 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.16384_none_c8108d2e85eed25d.manifest
[2014/09/10 20:48:02 | 000,000,471 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.17238_none_c80b32a685f3b704.manifest
[2014/09/10 20:48:02 | 000,000,465 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.20720_none_b13d3f669f9b34c8.manifest
[2013/08/22 12:24:13 | 000,000,422 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.16384_none_1d733470a3e98f24.manifest
[2014/08/13 19:01:57 | 000,000,421 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17226_none_1d6d072ea3ef2732.manifest
[2014/09/10 21:07:56 | 000,000,422 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17231_none_1d6e7960a3edc064.manifest
[2014/08/13 19:01:57 | 000,000,421 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20708_none_069d2fd4bd988be9.manifest
[2014/09/10 21:07:56 | 000,000,423 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20717_none_069e46e6bd978b9f.manifest
[2013/08/22 12:24:28 | 000,000,447 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.serialization_b77a5c561934e089_4.0.9600.16384_none_5aaf0d34c0033202.manifest
[2013/08/22 12:24:24 | 000,000,420 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_3cc4c9f9340d8755.manifest
[2013/08/22 12:24:56 | 000,000,411 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_224de03de4c02966.manifest
[2014/08/13 19:01:57 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_2247b2fbe4c5c174.manifest
[2014/09/10 21:07:56 | 000,000,412 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_2249252de4c45aa6.manifest
[2014/08/13 19:01:57 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_0b77dba1fe6f262b.manifest
[2014/09/10 21:07:56 | 000,000,411 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_0b78f2b3fe6e25e1.manifest
[2013/08/09 21:55:16 | 000,142,104 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9600.16384_none_0dbd81c1c9e100df\System.Runtime.Serialization.Formatters.Soap.dll
[2014/09/04 21:32:39 | 000,000,531 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.16384_none_63202903e7dbbda6\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/23 19:12:42 | 000,131,072 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.17226_none_6319fbc1e7e155b4\System.Runtime.Serialization.Formatters.Soap.dll
[2014/09/04 21:32:40 | 000,000,491 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.20708_none_4c4a2468018aba6b\System.Runtime.Serialization.Formatters.Soap.dll
[2014/03/18 06:28:25 | 000,027,920 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.9600.16384_pt-br_15aae6574865aa83\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/09/04 21:32:40 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.3.9600.16384_pt-br_6b0d8d996660674a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/16 21:06:30 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.3.9600.17226_pt-br_6b0760576665ff58\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/09/04 21:32:41 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.3.9600.20708_pt-br_543788fd800f640f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/09 21:55:16 | 000,029,392 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_61eedd30ec040245\System.Runtime.Serialization.Json.dll
[2013/08/09 21:55:16 | 000,029,432 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9600.16384_none_dde82ee214ba2d3d\System.Runtime.Serialization.Primitives.dll
[2014/09/04 21:32:43 | 000,000,661 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.16384_none_ed2ffed67c428df1\System.Runtime.Serialization.dll
[2014/09/23 20:42:25 | 000,000,436 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17226_none_ed29d1947c4825ff\System.Runtime.Serialization.dll
[2014/07/08 22:45:07 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17231_none_ed2b43c67c46bf31\System.Runtime.Serialization.dll
[2014/09/04 21:32:44 | 000,000,433 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20708_none_d659fa3a95f18ab6\System.Runtime.Serialization.dll
[2014/09/23 20:42:26 | 000,000,632 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20717_none_d65b114c95f08a6c\System.Runtime.Serialization.dll
[2014/09/23 20:42:27 | 000,004,324 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.16384_pt-br_743cec76f28091ef\System.RunTime.Serialization.resources.dll
[2014/06/05 00:33:05 | 000,115,480 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.17238_pt-br_743791eef2857696\System.RunTime.Serialization.resources.dll
[2014/09/23 20:42:27 | 000,003,398 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.20720_pt-br_5d699eaf0c2cf45a\System.RunTime.Serialization.resources.dll
[2014/09/04 21:32:45 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.16384_pt-br_c99f93b9107b4eb6\System.RunTime.Serialization.Resources.dll
[2014/09/23 20:42:28 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17226_pt-br_c99966771080e6c4\System.RunTime.Serialization.Resources.dll
[2014/07/02 10:40:21 | 000,094,208 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17231_pt-br_c99ad8a9107f7ff6\System.RunTime.Serialization.Resources.dll
[2014/09/04 21:32:45 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20708_pt-br_b2c98f1d2a2a4b7b\System.RunTime.Serialization.Resources.dll
[2014/09/23 20:42:28 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20717_pt-br_b2caa62f2a294b31\System.RunTime.Serialization.Resources.dll
[2013/08/09 21:55:16 | 000,029,896 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_0d0d9cf22bac10f4\System.Runtime.Serialization.Xml.dll
[2014/09/23 20:42:30 | 000,018,929 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.16384_none_c8108d2e85eed25d\System.Runtime.Serialization.dll
[2014/07/24 00:20:32 | 001,059,536 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.17238_none_c80b32a685f3b704\System.Runtime.Serialization.dll
[2014/09/23 20:42:32 | 000,004,122 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.20720_none_b13d3f669f9b34c8\System.Runtime.Serialization.dll
[2014/09/04 21:32:47 | 000,000,661 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.16384_none_1d733470a3e98f24\System.Runtime.Serialization.dll
[2014/09/23 20:42:34 | 000,000,436 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17226_none_1d6d072ea3ef2732\System.Runtime.Serialization.dll
[2014/07/08 22:45:06 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17231_none_1d6e7960a3edc064\System.Runtime.Serialization.dll
[2014/09/04 21:32:49 | 000,000,433 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20708_none_069d2fd4bd988be9\System.Runtime.Serialization.dll
[2014/09/23 20:42:36 | 000,000,632 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20717_none_069e46e6bd978b9f\System.Runtime.Serialization.dll
[2013/08/09 21:55:49 | 000,045,720 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.serialization_b77a5c561934e089_4.0.9600.16384_none_5aaf0d34c0033202\System.Xml.Serialization.dll
[2013/08/09 21:55:49 | 000,029,848 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_3cc4c9f9340d8755\System.Xml.XmlSerializer.dll
[2014/09/04 21:40:38 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_99beb15b1a9e0259\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/16 21:06:24 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.17226_pt-br_9a0178c91a6ba9db\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/09/04 21:40:44 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.20708_pt-br_9aa2d46033771f6c\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/03/18 06:28:10 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_27fd27f952f2b3b7\serialui.dll.mui
[2015/03/31 21:58:52 | 000,001,912 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.16384_none_89a166153a4451f7\serialui.dll
[2014/10/28 22:46:05 | 000,015,360 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.17415_none_89ee00f13a0abe7f\serialui.dll
[2014/09/04 21:44:31 | 000,000,661 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_224de03de4c02966\System.Runtime.Serialization.dll
[2014/09/23 21:10:21 | 000,000,436 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_2247b2fbe4c5c174\System.Runtime.Serialization.dll
[2014/07/08 22:45:06 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_2249252de4c45aa6\System.Runtime.Serialization.dll
[2014/09/04 21:44:33 | 000,000,433 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_0b77dba1fe6f262b\System.Runtime.Serialization.dll
[2014/09/23 21:10:22 | 000,000,632 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_0b78f2b3fe6e25e1\System.Runtime.Serialization.dll

[color=#A23BEC]< *AutoKMS* /s >[/color]
[1007 \Users\Felipe\AppData\Local\Temp\*.tmp files -> \Users\Felipe\AppData\Local\Temp\*.tmp -> ]
[2014/02/12 22:15:30 | 003,727,360 | ---- | M] () -- \Windows\AutoKMS\AutoKMS.exe
[2015/07/23 22:16:57 | 000,202,141 | ---- | M] () -- \Windows\AutoKMS\AutoKMS.log

[color=#A23BEC]< *loader* /s >[/color]
[2013/02/27 14:21:56 | 001,592,904 | ---- | M] () -- \Program Files (x86)\Acer\Acer Cloud\BT\Win32\SmBIOSWmiLoader.dll
[2013/02/27 14:21:56 | 002,169,416 | ---- | M] () -- \Program Files (x86)\Acer\Acer Cloud\BT\x64\SmBIOSWmiLoader.dll
[2013/01/30 00:31:12 | 000,010,776 | ---- | M] () -- \Program Files (x86)\Acer\clear.fi SDK21\Movie\mm\MediaCtrl\ImageLoader.kc
[2013/01/30 00:31:15 | 000,003,505 | ---- | M] () -- \Program Files (x86)\Acer\clear.fi SDK21\Movie\widget\langloader.kc
[2013/01/30 00:31:15 | 000,012,808 | ---- | M] () -- \Program Files (x86)\Acer\clear.fi SDK21\Movie\widget\layoutloader.kc
[2013/02/05 23:36:41 | 000,126,528 | ---- | M] () -- \Program Files (x86)\Acer\clear.fi SDK21\Video\koan\pyloader.dll
[2012/09/23 19:43:52 | 000,012,278 | ---- | M] () -- \Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\WebPublish\BootStrapLoader.swf
[2007/10/12 07:19:58 | 000,052,232 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\AddinLoader.dll
[2007/10/12 07:20:18 | 000,129,024 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\VSTOLoader.dll
[2007/10/12 07:20:14 | 000,017,416 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\1033\VSTOLoaderUI.dll
[2008/07/29 14:23:46 | 000,211,456 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\VSTOLoader.dll
[2008/06/17 09:39:56 | 000,018,952 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\1033\VSTOLoaderUI.dll
[2013/02/07 20:22:56 | 000,127,520 | ---- | M] () -- \Program Files (x86)\CyberLink\MediaEspresso\Koan\pyloader.dll
[2013/02/07 20:23:04 | 000,018,123 | ---- | M] () -- \Program Files (x86)\CyberLink\MediaEspresso\subsys\DataCenter\ImageLoader.kc
[2015/01/30 12:54:56 | 000,003,297 | ---- | M] () -- \Program Files (x86)\eclipse\configuration\org.eclipse.osgi\227\0\.cp\org\eclipse\m2e\core\ui\internal\wizards\MavenProjectWizardArchetypeParametersPage$RequiredPropertiesLoader.class
[2015/01/29 20:09:41 | 000,000,948 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml
[2015/01/29 20:09:42 | 000,000,411 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\lib\visualvm\platform\config\Modules\org-openide-loaders.xml
[2015/01/29 20:09:43 | 001,215,972 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\lib\visualvm\platform\modules\org-openide-loaders.jar
[2015/01/29 20:09:43 | 000,006,286 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar
[2015/01/29 20:09:43 | 000,005,840 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar
[2015/01/29 20:09:44 | 000,000,456 | ---- | M] () -- \Program Files\Java\jdk1.8.0_31\lib\visualvm\platform\update_tracking\org-openide-loaders.xml
[2013/02/06 14:39:28 | 000,003,282 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_01.scale-100.png
[2013/02/06 14:39:28 | 000,003,471 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_01.scale-140.png
[2014/07/06 20:26:33 | 000,001,754 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_01.scale-180.png
[2013/02/06 14:39:28 | 000,003,303 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_02.scale-100.png
[2013/02/06 14:39:28 | 000,003,447 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_02.scale-140.png
[2014/07/06 20:26:33 | 000,001,752 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_02.scale-180.png
[2013/02/06 14:39:28 | 000,003,290 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_03.scale-100.png
[2013/02/06 14:39:28 | 000,003,450 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_03.scale-140.png
[2014/07/06 20:26:33 | 000,001,745 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_03.scale-180.png
[2013/02/06 14:39:28 | 000,003,307 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_04.scale-100.png
[2013/02/06 14:39:28 | 000,003,478 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_04.scale-140.png
[2014/07/06 20:26:33 | 000,001,752 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_04.scale-180.png
[2013/02/06 14:39:28 | 000,003,272 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_05.scale-100.png
[2013/02/06 14:39:28 | 000,003,456 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_05.scale-140.png
[2014/07/06 20:26:33 | 000,001,752 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_05.scale-180.png
[2013/02/06 14:39:28 | 000,003,303 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_06.scale-100.png
[2013/02/06 14:39:28 | 000,003,458 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_06.scale-140.png
[2014/07/06 20:26:33 | 000,001,754 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_06.scale-180.png
[2013/02/06 14:39:28 | 000,003,286 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_07.scale-100.png
[2013/02/06 14:39:28 | 000,003,469 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_07.scale-140.png
[2014/07/06 20:26:33 | 000,001,766 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_07.scale-180.png
[2013/02/06 14:39:28 | 000,003,298 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_08.scale-100.png
[2013/02/06 14:39:28 | 000,003,456 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_08.scale-140.png
[2014/07/06 20:26:33 | 000,001,745 | ---- | M] () -- \Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4\Data\UISource\loader_08.scale-180.png
[2013/01/27 12:03:36 | 000,001,849 | ---- | M] () -- \Program Files\WindowsApps\esobiIncorporated.newsXpressoMetro_3.1.3.395_x86__sngswjb5h6fyg\Assets\Web\lib\galleria\classic-loader.gif
[2014/03/18 06:52:47 | 000,000,856 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\js\HtmlFileLoader.js
[2014/03/18 06:48:51 | 000,001,160 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\modernpeople\appframe\backgroundloader.js
[2014/03/18 06:48:51 | 000,004,996 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\modernshareanything\sharedataloader.js
[2014/03/18 06:48:51 | 000,002,125 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\modernsharetarget\sharemaildataloader.js
[2014/03/18 06:53:01 | 000,043,128 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2013/11/12 23:46:18 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2015/06/22 22:49:50 | 000,001,980 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\0S9FIUIS\AdLoader[1].htm
[2015/05/25 23:53:39 | 000,000,003 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\0S9FIUIS\loader[1].js
[2015/04/26 20:11:57 | 000,019,121 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\1VTVWYWK\AdLoader-288a31a04e1398b1a794975bf93ce9a4.min[1].js
[2015/04/26 20:11:57 | 000,001,980 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\7Y32KIDK\AdLoader[1].htm
[2015/07/18 13:09:05 | 000,000,003 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\FBO8ZJGI\loader[1].js
[2015/07/18 13:08:52 | 000,004,724 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\IY27QCYR\loader[1].js
[2015/05/16 08:07:51 | 000,001,980 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\OC72WVKP\AdLoader[1].htm
[2015/06/04 15:04:55 | 000,001,980 | ---- | M] () -- \Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE\OC72WVKP\AdLoader[2].htm
[2015/06/05 20:08:42 | 000,072,638 | ---- | M] () -- \Users\Felipe\AppData\Local\Skype\Apps\login\images\loader.gif
[2015/06/05 20:08:42 | 000,003,032 | ---- | M] () -- \Users\Felipe\AppData\Local\Skype\Apps\login\images\loader.png
[2015/06/05 20:08:42 | 000,006,012 | ---- | M] () -- \Users\Felipe\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015/06/05 20:08:42 | 000,021,956 | ---- | M] () -- \Users\Felipe\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015/06/05 20:08:42 | 000,009,772 | ---- | M] () -- \Users\Felipe\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2015/01/13 07:02:35 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI100042\_win32sysloader.pyd
[2015/01/20 12:23:24 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI10722\_win32sysloader.pyd
[2014/12/04 20:48:22 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI10842\_win32sysloader.pyd
[2014/11/18 07:31:57 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI112002\_win32sysloader.pyd
[2014/12/09 12:21:59 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI114642\_win32sysloader.pyd
[2014/11/21 05:59:11 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI127962\_win32sysloader.pyd
[2014/11/28 18:19:34 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI128602\_win32sysloader.pyd
[2014/11/28 06:17:19 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI128642\_win32sysloader.pyd
[2014/11/29 15:33:09 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI141562\_win32sysloader.pyd
[2014/12/02 12:28:14 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI14402\_win32sysloader.pyd
[2014/11/25 06:21:16 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI145322\_win32sysloader.pyd
[2014/11/26 22:37:31 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI148562\_win32sysloader.pyd
[2014/11/10 18:45:53 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI15122\_win32sysloader.pyd
[2014/11/27 06:25:59 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI152362\_win32sysloader.pyd
[2014/11/24 19:08:15 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI15522\_win32sysloader.pyd
[2014/12/15 20:45:38 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI18322\_win32sysloader.pyd
[2014/12/04 12:26:29 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI18482\_win32sysloader.pyd
[2014/12/11 12:36:44 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI18922\_win32sysloader.pyd
[2014/11/20 06:27:36 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI19882\_win32sysloader.pyd
[2014/12/10 20:43:16 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI20402\_win32sysloader.pyd
[2015/01/22 10:27:16 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI21242\_win32sysloader.pyd
[2014/12/16 12:26:19 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI21322\_win32sysloader.pyd
[2014/12/15 21:47:59 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI22762\_win32sysloader.pyd
[2014/12/29 19:47:54 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI23122\_win32sysloader.pyd
[2015/01/19 06:09:18 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI23842\_win32sysloader.pyd
[2015/01/17 07:50:42 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI24202\_win32sysloader.pyd
[2014/12/29 06:13:57 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI2522\_win32sysloader.pyd
[2015/01/23 22:22:15 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI25362\_win32sysloader.pyd
[2015/01/20 18:43:27 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI26002\_win32sysloader.pyd
[2015/01/26 06:10:07 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI26202\_win32sysloader.pyd
[2014/12/19 19:59:13 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI26842\_win32sysloader.pyd
[2014/11/25 19:44:37 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI29402\_win32sysloader.pyd
[2014/12/04 06:02:16 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI30002\_win32sysloader.pyd
[2014/12/25 19:36:45 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI30282\_win32sysloader.pyd
[2014/12/09 06:09:19 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI3082\_win32sysloader.pyd
[2015/01/27 12:25:11 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI31122\_win32sysloader.pyd
[2014/12/30 21:16:41 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI31442\_win32sysloader.pyd
[2014/12/19 06:04:24 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI31602\_win32sysloader.pyd
[2014/11/29 09:31:30 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI32722\_win32sysloader.pyd
[2014/12/12 07:03:07 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI32922\_win32sysloader.pyd
[2015/01/22 06:25:46 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI33402\_win32sysloader.pyd
[2014/12/16 21:19:12 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI37322\_win32sysloader.pyd
[2014/12/15 23:22:46 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI37722\_win32sysloader.pyd
[2014/12/22 05:32:05 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI38122\_win32sysloader.pyd
[2015/01/21 18:57:52 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI38242\_win32sysloader.pyd
[2014/12/25 10:54:52 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI38322\_win32sysloader.pyd
[2015/01/20 06:02:14 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI39322\_win32sysloader.pyd
[2014/12/12 21:07:39 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI40882\_win32sysloader.pyd
[2015/01/22 07:41:28 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI41282\_win32sysloader.pyd
[2014/12/05 06:04:25 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI41922\_win32sysloader.pyd
[2014/12/06 08:01:17 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI42002\_win32sysloader.pyd
[2015/01/24 08:02:26 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI42722\_win32sysloader.pyd
[2015/01/21 18:50:06 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI43402\_win32sysloader.pyd
[2014/12/22 21:35:43 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI43442\_win32sysloader.pyd
[2014/12/12 12:27:33 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI44202\_win32sysloader.pyd
[2015/01/22 11:13:00 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI44402\_win32sysloader.pyd
[2014/12/03 19:10:44 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI45002\_win32sysloader.pyd
[2014/12/09 12:58:35 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI45003\_win32sysloader.pyd
[2014/12/02 06:02:14 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI45162\_win32sysloader.pyd
[2014/12/06 20:35:13 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI46522\_win32sysloader.pyd
[2014/11/17 19:07:49 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI46922\_win32sysloader.pyd
[2015/02/08 18:20:27 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47002\_win32sysloader.pyd
[2015/02/12 20:52:44 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47003\_win32sysloader.pyd
[2014/12/01 12:49:50 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47202\_win32sysloader.pyd
[2015/01/18 12:45:46 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47682\_win32sysloader.pyd
[2015/01/22 07:32:33 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47683\_win32sysloader.pyd
[2014/11/16 15:54:56 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47802\_win32sysloader.pyd
[2014/12/24 17:27:25 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI47882\_win32sysloader.pyd
[2014/11/27 18:54:12 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI48082\_win32sysloader.pyd
[2015/02/10 08:59:02 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI48083\_win32sysloader.pyd
[2015/02/13 07:46:25 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI48162\_win32sysloader.pyd
[2014/12/16 07:16:12 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI48202\_win32sysloader.pyd
[2015/01/21 21:52:08 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI48642\_win32sysloader.pyd
[2015/01/18 11:17:20 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI48882\_win32sysloader.pyd
[2015/03/02 19:12:48 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49002\_win32sysloader.pyd
[2015/01/18 16:43:08 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49042\_win32sysloader.pyd
[2015/01/23 06:14:18 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49043\_win32sysloader.pyd
[2014/12/17 06:06:35 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49122\_win32sysloader.pyd
[2014/12/17 12:22:32 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49242\_win32sysloader.pyd
[2015/03/01 23:30:38 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49282\_win32sysloader.pyd
[2015/02/11 06:04:35 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49402\_win32sysloader.pyd
[2014/12/12 05:58:54 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49802\_win32sysloader.pyd
[2015/02/06 06:59:11 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI49803\_win32sysloader.pyd
[2014/12/11 06:05:57 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50202\_win32sysloader.pyd
[2015/01/18 16:59:36 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50322\_win32sysloader.pyd
[2015/01/29 16:28:40 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50522\_win32sysloader.pyd
[2015/03/11 08:46:33 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50523\_win32sysloader.pyd
[2015/01/21 06:09:40 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50602\_win32sysloader.pyd
[2015/02/28 00:33:00 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50882\_win32sysloader.pyd
[2015/01/16 08:32:16 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI50962\_win32sysloader.pyd
[2015/01/16 07:18:01 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI51122\_win32sysloader.pyd
[2014/12/09 22:17:18 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI51402\_win32sysloader.pyd
[2014/12/28 22:15:52 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI52642\_win32sysloader.pyd
[2014/12/09 19:08:28 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI53042\_win32sysloader.pyd
[2015/01/18 10:31:02 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI53642\_win32sysloader.pyd
[2014/12/18 06:47:22 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI54962\_win32sysloader.pyd
[2014/11/20 19:03:11 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI59562\_win32sysloader.pyd
[2015/01/22 12:30:50 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI60522\_win32sysloader.pyd
[2014/12/08 18:58:33 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI60842\_win32sysloader.pyd
[2014/12/11 21:05:37 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI61122\_win32sysloader.pyd
[2014/12/17 19:55:56 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI63322\_win32sysloader.pyd
[2014/11/24 06:41:51 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI65042\_win32sysloader.pyd
[2015/01/19 19:02:59 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI65202\_win32sysloader.pyd
[2015/01/13 20:24:18 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI65722\_win32sysloader.pyd
[2014/12/03 06:04:06 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI66162\_win32sysloader.pyd
[2014/12/14 13:28:31 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI68002\_win32sysloader.pyd
[2014/11/18 05:57:58 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI70042\_win32sysloader.pyd
[2014/12/15 19:50:28 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI70122\_win32sysloader.pyd
[2014/12/19 12:26:57 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI71802\_win32sysloader.pyd
[2014/12/18 19:06:56 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI7282\_win32sysloader.pyd
[2014/11/18 20:12:55 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI75322\_win32sysloader.pyd
[2014/12/31 15:03:23 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI75682\_win32sysloader.pyd
[2015/01/27 06:08:02 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI79082\_win32sysloader.pyd
[2015/04/27 07:17:43 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI81082\_win32sysloader.pyd
[2015/01/10 08:54:09 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI84562\_win32sysloader.pyd
[2014/12/23 07:05:29 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI8642\_win32sysloader.pyd
[2014/12/07 16:08:25 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI90522\_win32sysloader.pyd
[2015/01/07 07:11:10 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI94242\_win32sysloader.pyd
[2014/12/01 20:09:58 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI9522\_win32sysloader.pyd
[2014/11/26 06:36:27 | 000,008,192 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\_MEI98682\_win32sysloader.pyd
[2015/07/14 13:28:39 | 000,002,193 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\1300\images\loader.gif
[2015/06/19 19:28:53 | 000,002,193 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\7FF0\images\loader.gif
[2015/07/14 13:32:15 | 000,002,193 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\A8C0\images\loader.gif
[2015/07/14 13:32:03 | 000,002,193 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\B8A0\images\loader.gif
[2015/07/14 13:31:36 | 000,002,193 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\D00\images\loader.gif
[2015/07/14 13:28:42 | 000,002,193 | ---- | M] () -- \Users\Felipe\AppData\Local\Temp\F7C0\images\loader.gif
[2014/12/08 19:00:54 | 000,294,173 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mcplpndx.default\extensions.FastestTube_wombat.script_loader.data.pref
[2014/09/24 20:42:59 | 000,000,060 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mcplpndx.default\extensions.FastestTube_wombat.script_loader.last_request.2.2.7.1.pref
[2014/10/02 21:09:54 | 000,000,060 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mcplpndx.default\extensions.FastestTube_wombat.script_loader.last_request.2.2.8.0.pref
[2014/11/18 20:13:47 | 000,000,060 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mcplpndx.default\extensions.FastestTube_wombat.script_loader.last_request.2.2.8.2.pref
[2014/12/08 19:00:54 | 000,000,060 | ---- | M] () -- \Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mcplpndx.default\extensions.FastestTube_wombat.script_loader.last_request.2.2.9.3.pref
[2014/05/27 09:39:38 | 000,000,231 | ---- | M] () -- \Users\Felipe\AppData\Roaming\SketchUp\SketchUp 2014\SketchUp\Plugins\su_advancedcameratools\actloader.rb
[2014/05/27 09:39:38 | 000,000,517 | ---- | M] () -- \Users\Felipe\AppData\Roaming\SketchUp\SketchUp 2014\SketchUp\Plugins\su_dynamiccomponents\ruby\dcloader.rb
[2014/05/27 09:39:40 | 000,030,681 | ---- | M] () -- \Users\Felipe\AppData\Roaming\SketchUp\SketchUp 2014\SketchUp\Plugins\su_webtextures\webtextures_loader.rb
[2008/06/17 09:39:56 | 000,205,312 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\05835BF8A6427053A8ED000690F3EF6A\9.0.21022\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2013/08/22 01:17:27 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 01:17:25 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 01:17:24 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 01:17:20 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 01:17:34 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 01:17:33 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-stringloader-l1-1-1.dll
[2014/10/28 22:51:40 | 000,041,472 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/22 10:25:39 | 000,003,584 | ---- | M] () -- \Windows\System32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 10:25:39 | 000,003,072 | ---- | M] () -- \Windows\System32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 10:25:38 | 000,002,560 | ---- | M] () -- \Windows\System32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll
[2013/08/22 01:17:27 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 01:17:25 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 01:17:24 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 01:17:20 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 01:17:34 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 01:17:33 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-stringloader-l1-1-1.dll
[2014/10/28 22:51:40 | 000,041,472 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2013/08/22 10:25:39 | 000,003,584 | ---- | M] () -- \Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 10:25:39 | 000,003,072 | ---- | M] () -- \Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 10:25:38 | 000,002,560 | ---- | M] () -- \Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll
[2014/03/18 07:56:23 | 000,592,677 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.16384_none_210fb36c397c4e2b\hvloader.efi
[2014/03/18 07:56:22 | 000,536,051 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.16384_none_210fb36c397c4e2b\hvloader.exe
[2014/07/10 14:38:16 | 000,598,463 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17031_none_2142a5b03956989d\hvloader.efi
[2014/07/10 14:38:15 | 000,542,292 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17031_none_2142a5b03956989d\hvloader.exe
[2014/07/10 14:38:21 | 000,598,454 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17039_none_214aa800394f6355\hvloader.efi
[2014/07/10 14:38:20 | 000,542,288 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17039_none_214aa800394f6355\hvloader.exe
[2015/03/29 13:29:56 | 000,010,089 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.16384_none_36b27bfc6399d5ce\dmloader.dll
[2014/10/28 23:34:00 | 000,050,688 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.17415_none_36ff16d863604256\dmloader.dll
[2013/08/22 10:25:37 | 000,003,584 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 10:25:37 | 000,003,072 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 10:25:36 | 000,002,560 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-stringloader-l1-1-1.dll
[2013/08/22 08:45:31 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 08:45:33 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 08:45:35 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 08:45:30 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 08:45:40 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 08:45:44 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-stringloader-l1-1-1.dll
[2014/03/18 07:20:33 | 000,000,459 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_pt-br_692642d9248924f8.manifest
[2014/03/18 07:59:15 | 000,009,525 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_pt-br_692642d9248924f8_winload.efi.mui_35ee487d
[2014/03/18 07:59:15 | 000,009,527 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_pt-br_692642d9248924f8_winload.exe.mui_3bc5b827
[2014/03/18 07:59:15 | 000,007,831 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_pt-br_692642d9248924f8_winresume.efi.mui_f412814e
[2014/03/18 07:59:15 | 000,007,833 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_pt-br_692642d9248924f8_winresume.exe.mui_ff8b5358
[2014/09/16 21:39:06 | 000,000,547 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd.manifest
[2014/09/23 21:11:03 | 000,724,249 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winload.efi_75834aa0
[2014/09/23 21:11:04 | 000,660,625 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winload.exe_75835076
[2014/09/23 21:11:05 | 000,646,411 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winresume.efi_85cd069f
[2014/09/23 21:11:06 | 000,587,303 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winresume.exe_85cd1215
[2015/06/11 20:18:44 | 000,000,616 | ---- | M] () -- \Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2013/08/22 12:34:52 | 000,000,596 | ---- | M] () -- \Windows\WinSxS\FileMaps\programdata_microsoft_network_downloader_7fafaef6d33e4371.cdf-ms
[2014/03/18 06:27:21 | 000,000,456 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_68f3509524aeda86.manifest
[2014/03/18 07:15:28 | 000,000,459 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_pt-br_692642d9248924f8.manifest
[2013/08/22 12:22:38 | 000,000,542 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.16384_none_4be51a3d409de6bc.manifest
[2014/03/18 07:15:27 | 000,000,545 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17031_none_4c180c814078312e.manifest
[2014/09/16 20:24:28 | 000,000,547 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd.manifest
[2015/03/30 20:41:13 | 000,008,359 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.16384_none_da93e078ab3c6498\dmloader.dll
[2014/10/28 22:51:40 | 000,041,472 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.17415_none_dae07b54ab02d120\dmloader.dll
[2013/08/22 10:25:39 | 000,003,584 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 10:25:39 | 000,003,072 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 10:25:38 | 000,002,560 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-stringloader-l1-1-1.dll
[2013/08/22 01:17:27 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 01:17:25 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 01:17:24 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 01:17:20 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 01:17:34 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 01:17:33 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-stringloader-l1-1-1.dll

[color=#A23BEC]< *msconfig* >[/color]

[color=#A23BEC]< *activex* >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2013/06/18 09:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2015/07/23 22:13:09 | 687,525,887 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/23 22:13:10 | 1006,632,960 | -HS- | M] () -- C:\pagefile.sys
[2014/09/17 18:45:53 | 000,000,282 | ---- | M] () -- C:\SSUUpdater.log
[2015/07/23 22:13:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[color=#A23BEC]< %APPDATA%\Local\*. >[/color]

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2014/07/23 09:57:19 | 000,720,082 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\unins000.exe
[2014/12/22 10:21:08 | 001,316,680 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe
[2014/02/10 22:13:11 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Felipe\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2015/07/18 13:08:33 | 010,875,936 | ---- | M] (Azureus Software, Inc.) -- C:\Users\Felipe\AppData\Roaming\Azureus\tmp\AZU3058907687337253880.tmp\Vuze_5.6.1.2_win64.exe
[2009/08/11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3config.exe
[2009/08/11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\AC3 Filter\spdif_test.exe
[2010/03/22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\AC3 Filter\unins000.exe
[2012/10/11 09:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\FFDShow\unins000.exe
[2010/08/14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\Haali media splitter\dsmux.exe
[2010/08/14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\Haali media splitter\gdsmux.exe
[2010/08/14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\Haali media splitter\mkv2vfr.exe
[2010/09/30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO\Haali media splitter\uninstall.exe
[2015/07/07 16:26:10 | 044,236,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Felipe\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2015/07/07 16:26:18 | 000,165,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Felipe\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2015/04/02 04:19:20 | 000,049,664 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\Dropbox\bin\w9xpopen.exe
[2015/04/21 15:16:32 | 000,049,664 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\Dropbox\Client_3.6.7\w9xpopen.exe
[2011/09/22 00:01:20 | 000,248,880 | ---- | M] (Flashget) -- C:\Users\Felipe\AppData\Roaming\FlashgetSetup\fgmini.exe
[2014/05/20 18:29:07 | 000,098,304 | R--- | M] () -- C:\Users\Felipe\AppData\Roaming\Microsoft\Installer\{DF32BB9E-3ED8-36B5-A649-E8C845C5F3A2}\python_icon.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014/06/25 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\abgx360
[2014/12/30 08:48:22 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Adobe
[2014/02/14 18:21:29 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Ashampoo
[2014/07/19 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Atheros
[2015/07/18 15:03:52 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Azureus
[2014/08/26 23:14:59 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\BITS
[2015/05/15 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\BSplayer PRO
[2014/09/23 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\CadSoft
[2014/02/20 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\CyberLink
[2015/07/23 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Dropbox
[2014/06/28 09:16:21 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\FlashGet
[2014/06/27 17:29:47 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\FlashGetBHO
[2014/06/27 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\FlashgetSetup
[2014/09/17 22:12:19 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Foxit Software
[2014/07/02 11:24:21 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Identities
[2014/02/10 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\lm
[2014/02/10 21:18:03 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Macromedia
[2014/07/16 22:56:08 | 000,000,000 | --SD | M] -- C:\Users\Felipe\AppData\Roaming\Microsoft
[2014/07/16 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Mozilla
[2015/07/19 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\NetBeans
[2014/07/28 16:15:48 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\SketchUp
[2015/07/23 23:04:04 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Skype
[2014/11/18 07:56:36 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Spyware Terminator
[2015/06/04 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\TeamViewer
[2014/02/12 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\TestApp
[2014/04/29 21:50:48 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Thunderbird
[2014/02/11 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\WinRAR
[2014/05/22 18:10:38 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Wondershare
[2014/06/22 23:51:07 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Youtube to MP3 Converter

[color=#A23BEC]< %systemdrive%\drivers\*.exe >[/color]

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color]
[2015/07/23 22:12:23 | 000,021,522 | -H-- | M] () -- C:\Users\Felipe\AppData\Local\IconCache.db
[2015/07/18 13:03:16 | 000,005,975 | ---- | M] () -- C:\Users\Felipe\AppData\Local\package.nw.new

[color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*.* >[/color]
[2015/07/23 20:47:18 | 000,000,024 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\appdataFr25.bin
[2014/07/18 09:57:51 | 000,002,190 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\FoxitReaderUpdateInfo.txt
[2014/07/23 09:57:32 | 000,017,065 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\unins000.dat
[2014/07/23 09:57:19 | 000,720,082 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\unins000.exe
Invalid Environment Variable: systemroote

[color=#A23BEC]< %systemroot%\system32\*.ini >[/color]
[2014/03/18 07:18:34 | 000,002,255 | ---- | M] () -- C:\WINDOWS\system32\WimBootCompress.ini

[color=#A23BEC]< %systemroot%\Tasks\*.* >[/color]
[2015/07/18 16:14:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001Core1d0c18d3eee817a.job
[2015/07/18 16:09:19 | 000,001,050 | ---- | M] () -- C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001UA1d0c18d3fca1cec.job
[2015/07/23 22:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf4f8b7c1a83c.job
[2015/07/23 22:58:01 | 000,001,092 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a437714e932.job
[2015/07/23 22:13:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#A23BEC]< %systemroot%\system32\tasks\*.* /s /64 >[/color]
[2013/05/03 06:23:00 | 000,003,626 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\ALU
[2013/05/03 06:23:01 | 000,004,402 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\ALUAgent
[2015/07/23 22:16:58 | 000,003,758 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\AutoKMS
[2013/05/03 06:27:30 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\DeviceDetector
[2013/07/29 23:17:04 | 000,002,934 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Dolby Selector
[2015/07/18 16:09:18 | 000,003,618 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001Core1d0c18d3eee817a
[2015/07/18 16:09:19 | 000,003,998 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001UA1d0c18d3fca1cec
[2015/05/21 20:53:49 | 000,003,828 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore1cf4f8b7c1a83c
[2015/05/21 20:53:50 | 000,004,064 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA1cf6a437714e932
[2015/07/23 22:19:19 | 000,003,594 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Optimize Start Menu Cache Files-S-1-5-21-2669463329-884396847-839217480-1001
[2013/07/29 23:56:06 | 000,003,592 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Optimize Start Menu Cache Files-S-1-5-21-2669463329-884396847-839217480-500
[2013/07/29 23:29:19 | 000,002,914 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Power Management
[2015/07/23 19:20:08 | 000,003,942 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3825808B-6B66-431B-8E3F-A20BE171D99C}
[2014/02/12 22:11:17 | 000,003,532 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
[2014/02/12 22:11:13 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
[2015/07/12 21:09:40 | 000,003,704 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
[2015/07/12 21:09:30 | 000,003,710 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
[2015/05/15 09:01:09 | 000,003,476 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
[2015/05/15 09:06:06 | 000,003,470 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
[2013/08/22 12:37:37 | 000,004,472 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2013/08/22 12:37:37 | 000,003,854 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2013/08/22 12:38:14 | 000,002,900 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppID\PolicyConverter
[2013/08/22 12:38:32 | 000,003,558 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppID\SmartScreenSpecific
[2013/08/22 12:38:14 | 000,003,790 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2013/08/22 12:37:55 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\AitAgent
[2015/06/17 23:45:46 | 000,004,330 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[2015/06/17 23:45:45 | 000,003,542 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2013/08/22 12:38:31 | 000,003,154 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\StartupAppTask
[2013/08/22 12:38:48 | 000,002,814 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
[2014/07/02 13:34:24 | 000,003,640 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
[2013/08/22 12:37:41 | 000,003,022 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Autochk\Proxy
[2013/08/22 12:38:52 | 000,002,118 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2013/08/22 12:37:21 | 000,004,130 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2013/08/22 12:37:21 | 000,003,868 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2014/07/02 11:24:07 | 000,003,134 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2013/08/22 12:38:56 | 000,003,028 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Chkdsk\ProactiveScan
[2013/08/22 12:38:51 | 000,003,178 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
[2013/08/22 12:38:17 | 000,002,934 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2013/08/22 12:37:48 | 000,003,316 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2015/07/23 19:20:06 | 000,003,516 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2013/08/22 12:37:57 | 000,003,182 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2013/08/22 12:39:01 | 000,004,450 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
[2013/08/22 12:39:01 | 000,004,012 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
[2013/08/22 12:38:31 | 000,003,266 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2015/07/23 22:18:12 | 000,003,782 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Device Setup\Metadata Refresh
[2013/08/22 12:38:35 | 000,003,170 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Diagnosis\Scheduled
[2014/03/18 07:43:14 | 000,003,696 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
[2014/07/17 07:51:54 | 000,003,120 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2014/03/18 06:44:54 | 000,002,428 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2014/03/18 07:43:23 | 000,002,618 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskFootprint\Diagnostics
[2013/08/22 12:38:55 | 000,003,834 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
[2013/08/22 12:37:35 | 000,003,630 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\IME\SQM data sender
[2013/08/22 12:39:02 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Location\Notifications
[2013/08/22 12:37:37 | 000,003,178 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Maintenance\WinSAT
[2013/08/22 12:38:51 | 000,006,054 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
[2013/08/22 12:38:51 | 000,003,640 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
[2013/08/22 12:38:48 | 000,004,410 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
[2012/07/26 04:53:02 | 000,003,304 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MobilePC\HotStart
[2013/08/22 12:38:11 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MUI\LPRemove
[2013/08/22 12:38:42 | 000,002,602 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2013/08/22 12:37:17 | 000,002,738 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
[2013/08/22 12:38:14 | 000,002,044 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2015/07/23 19:26:33 | 000,004,084 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2013/08/22 12:38:56 | 000,002,980 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\PI\Secure-Boot-Update
[2013/08/22 12:38:56 | 000,002,872 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\PI\Sqm-Tasks
[2013/08/22 12:38:58 | 000,003,590 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
[2013/08/22 12:37:16 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
[2013/08/22 12:38:57 | 000,003,562 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
[2013/08/22 12:37:49 | 000,002,128 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
[2013/08/22 12:38:41 | 000,003,162 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2013/08/22 12:38:36 | 000,005,624 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RAC\RacTask
[2013/08/22 12:37:43 | 000,003,248 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Ras\MobilityManager
[2014/07/17 10:47:49 | 000,003,750 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
[2013/08/22 12:38:14 | 000,003,326 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Registry\RegIdleBackup
[2013/08/22 12:38:57 | 000,004,596 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2015/07/21 19:44:46 | 000,003,544 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RemovalTools\MRT_HB
[2013/08/22 12:38:47 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Servicing\StartComponentCleanup
[2013/08/22 12:39:00 | 000,003,360 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
[2013/08/22 12:39:00 | 000,003,364 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SettingSync\BackupTask
[2013/08/22 12:39:00 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
[2015/07/21 06:56:43 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess
[2015/07/21 06:56:42 | 000,003,050 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig
[2015/07/21 06:56:41 | 000,003,664 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
[2015/07/21 06:56:43 | 000,002,876 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent
[2015/07/23 21:08:19 | 000,003,786 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
[2013/08/22 12:37:23 | 000,002,236 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\CreateObjectTask
[2013/08/22 12:38:57 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
[2014/07/02 10:48:47 | 000,003,082 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
[2014/07/02 10:48:47 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\FamilySafetyUpload
[2013/08/22 12:37:27 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
[2012/07/26 04:53:01 | 000,003,580 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SideShow\AutoWake
[2012/07/26 04:53:01 | 000,003,392 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SideShow\GadgetManager
[2013/07/29 22:58:27 | 000,003,612 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SideShow\SessionAgent
[2014/02/10 21:17:34 | 000,003,698 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2013/08/22 12:39:06 | 000,003,036 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
[2013/08/22 12:39:06 | 000,002,768 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
[2015/07/23 22:39:34 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2015/07/18 15:10:26 | 000,003,840 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
[2015/07/18 15:10:27 | 000,004,478 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
[2013/08/22 12:38:38 | 000,003,590 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
[2013/08/22 12:37:37 | 000,003,214 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
[2013/08/22 12:37:37 | 000,003,284 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
[2014/08/28 21:25:33 | 000,003,858 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
[2013/08/22 12:38:48 | 000,002,798 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SystemRestore\SR
[2013/08/22 12:37:32 | 000,002,614 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Task Manager\Interactive
[2015/02/20 05:11:47 | 000,004,026 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
[2013/08/22 12:38:35 | 000,004,166 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
[2013/08/22 12:38:35 | 000,003,048 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
[2014/07/02 13:32:52 | 000,004,472 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
[2013/08/22 12:37:53 | 000,002,978 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2013/08/22 12:38:35 | 000,002,848 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
[2013/08/22 12:37:21 | 000,002,918 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2013/08/22 12:39:01 | 000,003,180 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
[2013/08/22 12:38:56 | 000,004,194 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TPM\Tpm-Maintenance
[2013/08/22 12:37:18 | 000,001,986 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2013/08/22 12:37:49 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2013/08/22 12:37:17 | 000,002,682 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WDI\ResolutionHost
[2014/07/29 10:07:22 | 000,004,520 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Activation Technologies\OatTask
[2013/08/22 12:37:17 | 000,004,004 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2013/08/22 12:37:25 | 000,003,290 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2013/08/22 12:38:32 | 000,003,304 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2014/02/11 17:37:49 | 000,004,328 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2013/08/22 11:47:31 | 000,003,532 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014/07/02 10:45:25 | 000,003,500 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
[2015/07/23 22:57:22 | 000,004,070 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
[2015/07/23 22:57:22 | 000,005,000 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
[2015/07/23 22:57:23 | 000,004,926 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
[2015/07/23 22:57:22 | 000,004,924 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
[2013/08/22 12:37:24 | 000,003,344 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Wininet\CacheTask
[2014/03/18 07:43:21 | 000,003,448 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WOF\WIM-Hash-Management
[2014/07/10 10:45:46 | 000,003,016 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
[2013/08/22 12:38:47 | 000,002,808 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
[2013/08/22 12:38:47 | 000,003,132 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
[2013/08/22 12:38:51 | 000,003,530 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join
[2013/08/22 12:39:06 | 000,003,606 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\Badge Update
[2015/07/21 19:44:27 | 000,005,070 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\License Validation
[2013/08/22 12:39:06 | 000,003,464 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\Sync Licenses
[2013/08/22 12:39:06 | 000,003,826 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
[2013/08/22 12:38:32 | 000,003,700 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\WSTask
[2014/07/02 11:25:30 | 000,004,474 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\WPD\SqmUpload_S-1-5-21-2669463329-884396847-839217480-1001

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2015/07/02 17:19:35 | 012,855,296 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.* /90 >[/color]

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color]
[2014/10/14 22:36:43 | 010,030,592 | ---- | M] (Microsoft Corporation) MD5=30F29BD9B4D547DA4DFC3532E7575E1B -- C:\WINDOWS\assembly\temp\24634ZNNC0\System.ni.dll
[2014/10/14 22:36:42 | 000,000,548 | ---- | M] () MD5=FFC4D843A86A90862BA3F0EBB67599F8 -- C:\WINDOWS\assembly\temp\24634ZNNC0\System.ni.dll.aux
[2014/10/14 22:19:07 | 005,392,384 | ---- | M] (Microsoft Corporation) MD5=649538A98723B72AB26E065D342AD3B9 -- C:\WINDOWS\assembly\temp\377HT1RG26\WindowsBase.ni.dll
[2014/10/14 22:19:07 | 000,000,940 | ---- | M] () MD5=91B3AA37EFE538F480A29D1464E75DA2 -- C:\WINDOWS\assembly\temp\377HT1RG26\WindowsBase.ni.dll.aux
[2014/10/20 14:43:46 | 000,161,280 | ---- | M] (Microsoft Corporation) MD5=A572B92D9D7725E6639D86E61FA4F9DD -- C:\WINDOWS\assembly\temp\71P9LIYFKQ\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
[2014/10/14 22:19:22 | 014,430,720 | ---- | M] (Microsoft Corporation) MD5=93FC800C738F577DB88700FD5F619FB5 -- C:\WINDOWS\assembly\temp\C3I2RH2NIM\PresentationCore.ni.dll
[2014/10/14 22:19:22 | 000,001,376 | ---- | M] () MD5=B58E385B92CEFB5BCA97058EC9A8BD05 -- C:\WINDOWS\assembly\temp\C3I2RH2NIM\PresentationCore.ni.dll.aux
[2014/10/15 19:06:19 | 006,951,424 | ---- | M] (Microsoft Corporation) MD5=97FB8429D2A3EBCD8DC1AB4FB64FAD82 -- C:\WINDOWS\assembly\temp\CZFK1O4N3Z\System.Core.ni.dll
[2014/10/15 19:06:18 | 000,000,804 | ---- | M] () MD5=7CA8CFED2AB5E87F1C0AC7F5ABB5599A -- C:\WINDOWS\assembly\temp\CZFK1O4N3Z\System.Core.ni.dll.aux
[2014/10/14 22:18:58 | 009,806,848 | ---- | M] (Microsoft Corporation) MD5=001518BA5E49149A546D9883AD9CE3B6 -- C:\WINDOWS\assembly\temp\D8VW96Y2WW\System.Core.ni.dll
[2014/10/14 22:18:58 | 000,000,804 | ---- | M] () MD5=BFDF8C06201A7EAB553FD167B869E390 -- C:\WINDOWS\assembly\temp\D8VW96Y2WW\System.Core.ni.dll.aux
[2014/10/14 22:21:05 | 016,523,776 | ---- | M] (Microsoft Corporation) MD5=7A500AEA34207BFB54F35E1A65B73112 -- C:\WINDOWS\assembly\temp\G8DO3OHDEY\System.Windows.Forms.ni.dll
[2014/10/14 22:21:05 | 000,001,528 | ---- | M] () MD5=E234B049239B50CAF362353E0D482CF0 -- C:\WINDOWS\assembly\temp\G8DO3OHDEY\System.Windows.Forms.ni.dll.aux
[2014/10/14 22:18:46 | 013,055,488 | ---- | M] (Microsoft Corporation) MD5=C8DC4100510DB1AEB258066ECC081FBB -- C:\WINDOWS\assembly\temp\GKJ3DDLNXD\System.ni.dll
[2014/10/14 22:18:42 | 000,000,548 | ---- | M] () MD5=55A360171E0BE6A3A8B6C94FF801CCE6 -- C:\WINDOWS\assembly\temp\GKJ3DDLNXD\System.ni.dll.aux
[2014/10/14 22:20:08 | 001,467,904 | ---- | M] (Microsoft Corporation) MD5=6B7B758D3576BAE77E10174B610A78EE -- C:\WINDOWS\assembly\temp\GSB0WE0H1Q\System.Management.ni.dll
[2014/10/14 22:20:08 | 000,000,692 | ---- | M] () MD5=65455327DE7FA516ACA74E3FCE0909A1 -- C:\WINDOWS\assembly\temp\GSB0WE0H1Q\System.Management.ni.dll.aux
[2014/10/15 19:06:50 | 001,169,920 | ---- | M] (Microsoft Corporation) MD5=C83337D160C6FD78D3663B3DC138CCC6 -- C:\WINDOWS\assembly\temp\HVIYXJDHA8\System.Management.ni.dll
[2014/10/15 19:06:50 | 000,000,692 | ---- | M] () MD5=96F59EF493A0404AB6BE8B19152D7360 -- C:\WINDOWS\assembly\temp\HVIYXJDHA8\System.Management.ni.dll.aux
[2014/10/14 22:20:06 | 002,207,744 | ---- | M] (Microsoft Corporation) MD5=A5271EA2829D50461BE164813B13E934 -- C:\WINDOWS\assembly\temp\J8HEPX72GQ\System.Drawing.ni.dll
[2014/10/14 22:20:06 | 000,000,536 | ---- | M] () MD5=DE242B4251F28187C51E175EF83B48C7 -- C:\WINDOWS\assembly\temp\J8HEPX72GQ\System.Drawing.ni.dll.aux
[2014/10/14 22:19:52 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=A7EFB28E9F754BC06994827FF63195B2 -- C:\WINDOWS\assembly\temp\S7CLF53HQ3\System.Configuration.ni.dll
[2014/10/14 22:19:52 | 000,000,672 | ---- | M] () MD5=D2ECD80A47ED405B3CCAAA405C4867BE -- C:\WINDOWS\assembly\temp\S7CLF53HQ3\System.Configuration.ni.dll.aux
[2014/10/14 22:19:49 | 023,885,824 | ---- | M] (Microsoft Corporation) MD5=A3839D89531580E006510A5C7A7801A3 -- C:\WINDOWS\assembly\temp\UKSK84U82J\PresentationFramework.ni.dll
[2014/10/14 22:19:49 | 000,002,188 | ---- | M] () MD5=F92347B4E97172F5E2D355A67C57EE57 -- C:\WINDOWS\assembly\temp\UKSK84U82J\PresentationFramework.ni.dll.aux
[2014/10/14 22:21:19 | 010,129,408 | ---- | M] (Microsoft Corporation) MD5=6C0BEEA9990731F66DE0BD397D7DA060 -- C:\WINDOWS\assembly\temp\V01SJ73DFW\System.Xml.ni.dll
[2014/10/14 22:21:19 | 000,000,676 | ---- | M] () MD5=C9C8E6C6EE8136A3540488A0414CD8E6 -- C:\WINDOWS\assembly\temp\V01SJ73DFW\System.Xml.ni.dll.aux
[2014/10/14 22:21:08 | 002,492,928 | ---- | M] (Microsoft Corporation) MD5=1E20741A1531FA991628C1A626A6C6A0 -- C:\WINDOWS\assembly\temp\W3K0EE5R3K\System.Xaml.ni.dll
[2014/10/14 22:21:08 | 000,000,524 | ---- | M] () MD5=B2A8D0AD6E7B78AAC47FB2AE85B134AB -- C:\WINDOWS\assembly\temp\W3K0EE5R3K\System.Xaml.ni.dll.aux

[color=#A23BEC]< %systemroot%\assembly\GAC\*.* /S /MD5 >[/color]
[2014/07/02 11:03:56 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=7ECB661F50F34A941A44DAC7241F7D08 -- C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll
[2014/07/02 11:03:56 | 000,000,247 | ---- | M] () MD5=3954B6A334EF427592C0E53476027563 -- C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2014/07/02 11:04:00 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=F8D11C60B70ACD2EC9154EE676F615BA -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
[2014/07/02 11:04:00 | 000,000,263 | ---- | M] () MD5=60D2F5C427EAB6B851DBCFF48404F8D8 -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2014/07/02 11:04:01 | 008,007,680 | ---- | M] ( ) MD5=5440EE9CD44616D60CDE57EBDB286E95 -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
[2014/07/02 11:04:01 | 000,000,269 | ---- | M] () MD5=7D9157C1DD7E5BB53E915F4A26063967 -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2014/07/02 11:04:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=D80746B2F94A3A28E380735D4B8A9EA3 -- C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll
[2014/07/02 11:04:06 | 000,000,275 | ---- | M] () MD5=B5ABEE4CA3FC67654737BBEC1DB59581 -- C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2014/07/02 11:04:13 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=AAA2E20588E154A10747BF1B31B55125 -- C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll
[2014/07/02 11:04:13 | 000,000,255 | ---- | M] () MD5=5C59E872076F814D304E4E4869EA1680 -- C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2014/07/02 11:04:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=E1EEB7E26AB04075EECC7275239B20B3 -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
[2014/07/02 11:04:15 | 000,000,249 | ---- | M] () MD5=ED8CD068B73410D5597D752FEAB92A06 -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.* /S /MD5 >[/color]
[2014/05/27 01:39:14 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=A24EFBACFC92D00057E8FC39F1BABE01 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2014/05/27 01:39:15 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=D556BD240BB81365657B20EA94A9C98C -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2013/08/22 02:24:11 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E11F20E431CC0153115B3CF3AC4788FC -- C:\WINDOWS\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2013/08/22 02:22:40 | 000,077,824 | ---- | M] ( ) MD5=53FD84596F2D6BA76F530DC3D3FB7E6F -- C:\WINDOWS\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2014/07/02 04:30:29 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=3541708B30BAE93F4589F0392E00B5E1 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2013/08/03 01:40:17 | 000,088,720 | ---- | M] (Microsoft Corporation) MD5=0653B51FE3E822CB95619D9E6388E37F -- C:\WINDOWS\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2013/06/18 09:24:39 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\WINDOWS\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2014/07/02 10:40:22 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2014/07/02 10:40:22 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2014/07/02 10:40:22 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2014/07/03 05:07:36 | 004,554,752 | ---- | M] (Microsoft Corporation) MD5=79A6102B74945E419F2465736BCCA3B6 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2013/06/18 09:28:40 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2014/07/02 10:40:22 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2014/07/02 10:40:22 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2014/07/02 10:40:22 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2014/07/02 10:40:22 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2014/07/02 10:40:22 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2014/07/02 10:40:22 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2014/07/02 10:40:22 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2014/07/02 10:40:22 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2014/07/02 10:40:22 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2015/04/30 17:35:17 | 004,222,976 | ---- | M] (Microsoft Corporation) MD5=468C2742E9A443E1B8B78F6051B51AB6 -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2013/06/18 09:33:25 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2015/04/30 17:35:18 | 001,737,888 | ---- | M] (Microsoft Corporation) MD5=63BCA0E1DBC6DCF85C41E1F8997362D8 -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2014/05/27 01:39:19 | 000,487,424 | ---- | M] (Microsoft Corporation) MD5=FC361EF0F7142A60A269C0FC3A2D9421 -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2014/05/27 01:39:19 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=171F7DC76C74EE9021ABBC831C02C731 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2014/05/27 01:39:20 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=F6899CEDB878EC30B426474E2BC51914 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2014/05/27 01:39:20 | 000,113,664 | ---- | M] (Microsoft Corporation) MD5=C1C44BF14A0C9FC278B65228026A032E -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2015/04/30 17:35:18 | 000,372,736 | ---- | M] (Microsoft Corporation) MD5=E9FD408AA3F4703DFD51D97EF868640A -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2014/06/03 19:11:03 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=81E397E88743A5AAEBF333183601BCAF -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2015/02/07 19:05:46 | 005,287,936 | ---- | M] (Microsoft Corporation) MD5=20CDF36E37B4FD0144AFE1AAA8537F34 -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.* /S /MD5 >[/color]
[2014/05/27 01:39:08 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=531B2708DAD772F4C691B2282EE600EC -- C:\WINDOWS\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2014/05/27 01:39:08 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=8CEF9BCE7A2AFCCAB5CC578D99BACDAD -- C:\WINDOWS\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2013/08/22 09:38:04 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=43FC43987838263E73BA5D9AE7DBA1BA -- C:\WINDOWS\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2013/08/22 09:36:08 | 000,077,824 | ---- | M] ( ) MD5=7A4083F8BD141E2EC7528ECA41EA16EF -- C:\WINDOWS\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2014/07/02 04:34:25 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=E24AB9FAFF2B86332367D446E9A40F95 -- C:\WINDOWS\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2013/08/03 01:42:43 | 000,084,624 | ---- | M] (Microsoft Corporation) MD5=044CB423EEF5F1C1EE746DB33A8AE8E4 -- C:\WINDOWS\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2013/06/18 11:46:10 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\WINDOWS\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2014/07/02 10:40:22 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2014/07/02 10:40:22 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2014/07/02 10:40:22 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2014/07/03 03:13:34 | 004,571,136 | ---- | M] (Microsoft Corporation) MD5=E712A69A34256292E82AA01BD27E4219 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2013/06/18 11:47:22 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2014/07/02 10:40:22 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2014/07/02 10:40:22 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2014/07/02 10:40:22 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2014/07/02 10:40:22 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2014/07/02 10:40:22 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2014/07/02 10:40:22 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2014/07/02 10:40:22 | 000,262,148 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2014/07/02 10:40:22 | 000,020,320 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2014/07/02 10:40:22 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2015/04/30 17:35:29 | 004,005,376 | ---- | M] (Microsoft Corporation) MD5=2CB30CC3B99022B75B2D4621458213AA -- C:\WINDOWS\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2013/06/18 11:53:54 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\WINDOWS\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2015/04/30 17:35:31 | 002,256,032 | ---- | M] (Microsoft Corporation) MD5=279A228DDB4D2B6C6FF6248B1EF87B59 -- C:\WINDOWS\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2014/05/27 01:39:14 | 000,503,296 | ---- | M] (Microsoft Corporation) MD5=C15AF6490EF4B73F703D14BEB4129144 -- C:\WINDOWS\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2014/05/27 01:39:14 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=9C1F55340D2C1B1B84B7FCD92A6EBDD7 -- C:\WINDOWS\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2014/05/27 01:39:14 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=9F794DEB4CEAC34BE7369F0B425BDC47 -- C:\WINDOWS\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2014/05/27 01:39:14 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=FEA484FA56FD70C719DBEBCCA7AE7D66 -- C:\WINDOWS\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2015/04/30 17:35:30 | 000,358,400 | ---- | M] (Microsoft Corporation) MD5=4C5E3411DADE31CE42D6880FBB58EC11 -- C:\WINDOWS\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2014/06/03 19:10:46 | 000,283,136 | ---- | M] (Microsoft Corporation) MD5=9EC544ED737B352F2D2EEF9396A9DF06 -- C:\WINDOWS\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2015/02/07 19:05:57 | 005,296,128 | ---- | M] (Microsoft Corporation) MD5=DE7B53F80BE98DA80FEB199936D7CC90 -- C:\WINDOWS\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >[/color]
[2015/07/23 22:15:53 | 000,093,942 | ---- | M] () -- C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
[2014/07/02 08:36:09 | 000,143,212 | ---- | M] () -- C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\winstore.log

[color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >[/color]
[2014/12/06 10:34:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log

[color=#A23BEC]< %systemdrive%\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.* >[/color]

[color=#A23BEC]< %systemdrive%\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*  >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s >[/color]
"Bounds" = 0  [binary data]
"auditbasedirectories" = 0
"fullprivilegeauditing" =  [binary data]
"crashonauditfail" = 0
"auditbaseobjects" = 0
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2014/10/28 22:01:41 | 000,214,016 | ---- | M] (Microsoft Corporation)
"Authentication Packages" = msv1_0 [binary data] -- [2015/06/28 02:06:50 | 000,332,120 | ---- | M] (Microsoft Corporation)
"SecureBoot" = 1
"ProductType" = 3
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
"LsaPid" = 708
"SamConnectedAccountsExist" = 1
"Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder" = Windows NT Access Provider [binary data]
"MartaExtension" = ntmarta.dll -- [2014/10/29 00:15:36 | 000,154,392 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath" = %SystemRoot%\system32\ntmarta.dll -- [2014/10/29 00:15:36 | 000,154,392 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\AuditPolicy]
"AuditPolicySD" = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 4F CB 3A ED 01 AC 66 44 96 7C FF 59 4A 2F 54 A1 00 00 00 20 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 A0 CC 7E D3 15 13 7A 25 11 BF 96 07 92 8B 9D 71 EF 05 0A F8 59 6C 88 D1 53 3E 84 6E 4F 64 F3 F2 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 DE 0A 8E AB 95 70 1C 97 19 02 FA 69 C4 79 F0 7D 8C D7 C4 0B D6 71 8F F5 9C 04 62 72 4D C9 72 BF 70 00 00 00 0F C4 95 2A D6 67 4A 35 3B 69 0E 66 37 2F E4 87 E1 97 E2 67 DB C3 AB 22 E8 A9 FA CD 0A 3C 8C 16 5C D9 1D 8A 34 94 C6 6F 23 EF FF 6D 45 44 5D 58 90 51 B7 3F 37 30 CB 51 B5 1C 57 AF F5 ED F1 75 37 75 34 B3 D5 18 FA 4C 32 34 3E D7 9F DA 43 92 9D 30 18 1D B6 6A C0 00 34 C5 D4 5B F4 AD F6 FE 71 EB 0B 8C EF 0F 64 83 EB A0 46 15 8C 23 27 09 40 00 00 00 C3 B3 65 6E 8E 9D 56 96 1F C7 B3 06 98 EB F4 DB F9 38 F1 C3 37 B3 D4 8F 94 EF AE D9 CC ED E7 91 5D 58 25 46 72 70 EC EC 59 AB 7E 78 C7 9C 0C 73 B4 95 0C FC 7E BF 66 01 D8 25 7A C5 58 DC C0 9C  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\CentralizedAccessPolicies]
"MaxDataSize" = 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\CentralizedAccessPolicies\CAPEs]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\CentralizedAccessPolicies\CAPs]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp]
"DebugLogLevel" = 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnlyDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyDefaultCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyDefaultCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyFreshCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyFreshCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenySavedCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenySavedCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern" = 98 E3 4A 1F E7 90 38 A8 DC 0D 81 38 A3 FB 6C B7  [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy]
"Enabled" = 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup" = F9 6C 57 FB 1A 7B DE FF AA  [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup" = CA 16 0F 2A 9A 0D  [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\HostToRealm]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Parameters]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132" = IISSUBA
"NtlmMinClientSec" = 536870912
"NtlmMinServerSec" = 536870912
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\OSConfig]
"Security Packages" = kerberosmsv1_0tspkgpku2ulivess [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix" = CD 8A B2 02 78 B7 58 B2 79 80 3A 1B 0A 3E 84 8E  [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL" = http://www.passport.com
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time" = E9 59 A1 94 1B 66 D0 01  [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\credssp.dll]
"Capabilities" = 8455987
"Comment" = Microsoft CredSSP Security Provider
"Name" = CREDSSP
"RpcId" = 65535
"Time" = 87 55 3B 74 17 F3 CF 01  [binary data]
"TokenSize" = 73032
"Type" = 33
"Version" = 1

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96AD48B6-900E-470D-BC1C-1013B685DE8A}]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"KnownProvidersUpgradeTime" = 6B 48 C9 1F DF AA D0 01  [binary data]
"Version" = 4
"UpgradeTime" = 61 84 FA 20 DF AA D0 01  [binary data]
"DefaultPackCorrection" = 1

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96AD48B6-900E-470D-BC1C-1013B685DE8A}]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings >[/color]
"IE5_UA_Backup_Flag" = 5.0
"EnableNegotiate" = 1
"MigrateProxy" = 1
"PrivacyAdvanced" = 0
"ProxyEnable" = 0
"User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade" = 23 CF 56 56 01 96 CF 01  [binary data]
"EmailName" = User@
"AutoConfigProxy" = wininet.dll -- [2015/06/15 17:07:27 | 001,951,232 | ---- | M] (Microsoft Corporation)
"MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"WarnOnPost" = 01 00 00 00  [binary data]
"UseSchannelDirectly" = 01 00 00 00  [binary data]
"EnableHttp1_1" = 1
"UrlEncoding" = 0
"SecureProtocols" = 2688
"DisableCachingOfSSLPages" = 0
"WarnonZoneCrossing" = 0
"CertificateRevocation" = 1
"EnableAutodial" = 0
"NoNetAutodial" = 0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]

[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2015/03/29 13:51:16 | 000,099,046 | ---- | M] () MD5=6B5BDEEB170D0DA2C56753F0347809DD -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17084_none_2fd708ffd09a6815\services.exe
[2014/07/10 14:52:04 | 000,082,895 | ---- | M] () MD5=892D1838D0C77D4734F7E21F064CD06C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
[2015/06/05 10:25:30 | 000,073,764 | ---- | M] () MD5=AB48952896280CE4CF1048334F6463DC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17415_none_3023c055d060b271\services.exe
[2015/04/08 19:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\WINDOWS\SysNative\services.exe
[2015/04/08 19:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17794_none_2fcc465dd0a27017\services.exe

[color=#A23BEC]< regedit /e c:\registrybackup.reg /c >[/color]

[color=#A23BEC]< %windir%\tasks\*.* /s >[/color]
[2015/07/18 16:14:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001Core1d0c18d3eee817a.job
[2015/07/18 16:09:19 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2669463329-884396847-839217480-1001UA1d0c18d3fca1cec.job
[2015/07/23 22:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf4f8b7c1a83c.job
[2015/07/23 22:58:01 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cf6a437714e932.job
[2015/07/23 22:13:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 237 bytes -> C:\Users\Felipe\OneDrive:ms-properties
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >