Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

L.E.

Adaptador SATA para IDE no drive de DVD funciona?

34 posts neste tópico

Olá pessoal do Babooo

Minha placa-mãe é ASUS M2N-MX -SE, ela tem apenas duas entradas SATA II que estão ocupadas pelo drive de DVD e um HD de 500GB, enquanto a entrada IDE esta vazia...

Eu pretendo comprar outro HD SATA 3 de 2TB e para isso estava pensando em colocar um apaptador SATA para IDE, com um isso eu ligaria o drive de DVD nesse adpatador e ligaria na porta IDE, enquanto os dois HD's eu ligaria na porta SATA direto na placa-mãe!

Perguntas:

Alguém já usou esse adapatador ? Ele funciona ? Será q funciona na minha placa-mãe?

Adapatador

http://www.atera.com...ind=GooShopping

http://www.rortec.co...-KAIOMY-07-HDDC

HD SATA (6GB) funciona em placa-mãe com SATA 2?

Será que minha placa-mãe irá reconhecer esse HD de 2TB?

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ninguém??? :cry: :cry:

Aproveitando este topico, deu uma olhada nas temperaturas do meu PC e o HD Seagate ST3500418AS esta mostrando incriveis 52 °C !!! Essa temperatura é normal para esse HD ???

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Alguém já usou esse adapatador ? Ele funciona ? Será q funciona na minha placa mãe?

Esse é o grande problema, nem sempre se encontra relatos de funcionamento deste adaptador. Alguns dizem que funciona, outros dizem que encontraram problemas. Como é relativamente barato, talvez dê para comprar sem peso na consciência caso não funcione.

HD SATA (6GB) funciona em placa mãe com SATA 2?

Irá funcionar normalmente, pois são retrocompatíveis.

Será que minha placa mãe irá reconhecer esse HD de 2TB?

O valor inteiro há chances de não reconhecer, em ocorrendo isto você terá que particioná-lo.

Aproveitando este topico, deu uma olhada nas temperaturas do meu PC e o HD Seagate ST3500418AS esta mostrando incriveis 52 °C !!! Essa temperatura é normal para esse HD ???

Não, não é normal. Verifique o posicionamento dele dentro do gabinete.


Blog do Ciro Mota - Visite!
Leia mais em: http://www.ciromota.net/

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito Obrigado pela ajuda

Sobre a Temperatura do HD, dei uma pesquisada no no site da Seagate e encontrei este artigo:

http://knowledge.sea...?language=en_US

Pelo que eu entendi a temperatura normal é entre 5 ° C e 50 °C ... na mesma hora desliguei o PC e liguei novamente depois de 1 hora... agora pouco estava em 43° C e agora subiu para 46 °C, ops no fechamento do tópico 47°C :S:cry:

Esta fazendo muito calor aqui no RJ, mas mesmo assim nunca vi meu antigo HD ficar acima dos 44° C

As outras temperaturas parece que estão OK: placa-mãe: 46° C, processador 54°C

Então o que você me sugere para resfriar o HD ? Um cooler novo ? Qual?

Sobre a possibilidade da placa-mãe não reconhecer toda a capacidade do HD... eu vou poder diividir o HD com programas como Easus Parition Master usando neste mesmo PC, ou vou ter q colocar em um PC q "enxergue" toda a capacidade de 2TB para fazer isso ?

Sobre o adaptador, no site boadica, fica meio q implicito q funciona apenas com Drive de cd/dvd:

http://www.boadica.i...min=&preco_max=

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
As outras temperaturas parece que estão OK: placa mãe: 46° C, processador 54°C

Então o que você me sugere para resfriar o HD ? Um cooler novo ? Qual?

Mesmo com o calor, todas as duas estão bem altas. Sugiro dar uma verificada na organização interna do gabinete e/ou dimensionar mais coolers.

Sobre a possibilidade da placa mãe não reconhecer toda a capacidade do HD... eu vou poder diividir o HD com programas como Easus Parition Master usando neste mesmo PC, ou vou ter q colocar em um PC q "enxergue" toda a capacidade de 2TB para fazer isso ?

Creio que o próprio gerenciador de discos do Windows te dê esta possibilidade de criar partições.


Blog do Ciro Mota - Visite!
Leia mais em: http://www.ciromota.net/

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mudei a posição do HD e dei uma organizada nos cabos e melhorou um pouco, mas creio q ainda preciso comprar um cooler

Agora o HD não passa de 48°C

placa-mãe: 45°C

Processador 49°C

Sobre o cooler para o gabinete... não faço a minima idéia de qual escolher... pode me ajudar e me dizer qual desses coolers é o melhor:

http://www.boadica.c...&preco_max=

Ele é ligado na fonte do PC ?

Onde eu devo colocar do lado ou atrás? E qual a posição certa de botar o cooler no gabinete? Ele tem que tirar o ar quente do gabinete ou jogar ar para dentro do gabinete?

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Sobre o cooler para o gabinete... não faço a minima idéia de qual escolher... pode me ajudar e me dizer qual desses coolers é o melhor:

http://www.boadica.c...&preco_max=

The page cannot be displayed due to a gateway timeout.

De qualquer forma, estes são excelentes:

http://www.justshop.com.br/home/produto/codigo:1017/fan-enermax-t-b-silence-120mm-red-led-uctb12n-r

http://www.justshop.com.br/home/produto/codigo:896/fan-shark-blue-edition-120mm-aerocool

http://www.justshop.com.br/home/produto/codigo:1015/fan-de-gabinete-cooler-master-r4-xfbs-20pb-r1-xtraflo-120-blue-led

http://www.justshop.com.br/home/produto/codigo:615/fan-de-gabinete-akasa-ak-fn058-apache-fan-black

http://www.justshop.com.br/home/produto/codigo:616/fan-de-gabinete-akasa-viper-120mm-ak-fn059

Ele é ligado na fonte do PC ?

Ligado na fonte.

Onde eu devo colocar do lado ou atrás? E qual a posição certa de botar o cooler no gabinete? Ele tem que tirar o ar quente do gabinete ou jogar ar para dentro do gabinete?

Frontal jogando ar para dentro do gabinete.

Traseiro retirando o ar quente.

Lateral jogando ar para dentro do gabinete.

Topo retirando o ar quente.


Blog do Ciro Mota - Visite!
Leia mais em: http://www.ciromota.net/

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mais uma vez muito obrigado pela ajuda....

So mais algumas duvidas... esse coolers que você me passou são de 120mmx120mm e meu gabinete é bem simples, pelo q eu vi aqui so da pra botar cooler de 80mmx80mm na lateral e atrás, no topo e na frente não tem nem espaço para cooler

esse cooler é bom: http://www.justshop....a-ak-fn054-80mm ? Esse tem no site boadica!

E você acha que apenas um cooler na lateral já resolve o problema? Ou preciso de dois?

Sobre o site q eu passei foi esse:

http://www.boadica.c...aX=28&XT=2&XE=1

Se não conseguir, va nesse link e clique em coolers depois coolers para gabinetes:

http://www.boadica.c...pesquisa/precos

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
So mais algumas duvidas... esse coolers que você me passou são de 120mmx120mm e meu gabinete é bem simples, pelo q eu vi aqui so da pra botar cooler de 80mmx80mm na lateral e atrás, no topo e na frente não tem nem espaço para cooler

Qual seu gabinete?

esse cooler é bom: http://www.justshop....a-ak-fn054-80mm ? Esse tem no site boadica!

Apesar dele ter um valor de CFM inferior aos outros, mas é um bom cooler sim.

E você acha que apenas um cooler na lateral já resolve o problema? Ou preciso de dois?

O ideal é que se forme um fluxo, principalmente com o frontal e traseiro, o lateral viria para refrigerar melhor o interior.


Blog do Ciro Mota - Visite!
Leia mais em: http://www.ciromota.net/

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu gabinete é um Wisecase, bem vagab*****, não sei o modelo, na época ele veio com um fonte generica Wisecase WSNG 500 P4 (200w) que ja foi trocada a muito tempo por uma Cougar A350 (350W)

Fotos do Gabinete:

Frente:

post-223168-0-25331900-1355154924_thumb.

Lateral:

post-223168-0-75408200-1355154994_thumb.

Traseira:

post-223168-0-52876700-1355155011_thumb.

Por dentro:

post-223168-0-71394100-1355155002_thumb.

post-223168-0-48581400-1355154984_thumb.

Sobre o cooler no site boadica que eu escrevi acima tem dezenas de modelos... se não for incomodo... se você ver um melhor do que esse que eu coloquei acima e que não seja caro,(no máximo R$20,00 cada um) ja q eu vou ter que comprar dois, me diga... eu não ligo para aparencia do cooler, o importante é que funcione...

Na parte traseira do gabinete, qual dos dois buracos é melhor para colocar o cooler no buraco de cima ou de baixo?

E a proposito qual é a temperatura ideal e a máxima para a placa-mãe, Processador e memória?

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Meu gabinete é um Wisecase, bem vagab*****, não sei o modelo, na época ele veio com um fonte generica Wisecase WSNG 500 P4 (200w) que ja foi trocada a muito tempo por uma Cougar A350 (350W)

Pelo visto nas fotos, só há a possibilidade de instalação na traseira e lateral, talvez em virtude disto o HD esteja com temperatura elevada.

Sobre o cooler no site boadica que eu escrevi acima tem dezenas de modelos... se não for incomodo... se você ver um melhor do que esse que eu coloquei acima e que não seja caro,(no máximo R$20,00 cada um) ja q eu vou ter que comprar dois, me diga... eu não ligo para aparencia do cooler, o importante é que funcione...

Peguei só alguns modelos da primeira página:

AK-FN069

DFS802512H

EC8025M12SA

Na parte traseira do gabinete, qual dos dois buracos é melhor para colocar o cooler no buraco de cima ou de baixo?

O cooler do processador está bem no meio dos locais para os coolers. Eu colocaria no de baixo já que o de cima fica bem próximo a fonte.

E a proposito qual é a temperatura ideal e a máxima para a Placa Mãe, Processador e memória?

Placa-mãe, em média 35 ~ 37. Processador varia de acordo com o uso, porém em descaso a temperatura dele deve ser sempre a mais baixa possível, tão quando em full. Memórias, não possuem sensores.


Blog do Ciro Mota - Visite!
Leia mais em: http://www.ciromota.net/

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ops.... na pergunta acima sobre temperatura eu quis dizer HD em vez de memória!

Qual a temperatura ideal para o HD?

Pelo que eu vi esses coolers q você me passou são ligados a placa-mãe ? No caso de ser ligado na placa-mãe, de acordo com o esquema da mesma seria aqui o plug:

post-223168-0-64412000-1355171376_thumb.

CHA FAN? (escrevi errado na foto é CHA FAN q esta escrito no manual)

No manual da placa-mãe, na especificações esta escrito assim:

Internal Conector

1 x 4-pin CPU Fan / 1*Chassis Fan Conector

E nesse caso so poderia conectar só um cooler ?Não é?

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 3 Mensagens
    • 118 Visualizações
    • 3 Mensagens
    • 121 Visualizações
    • 2 Mensagens
    • 100 Visualizações
    • 10 Mensagens
    • 290 Visualizações
    • 2 Mensagens
    • 317 Visualizações

  • Postagens Recentes

    • Análise de logs - encaminhamento para sites duvidosos
      \Recovery
      [2016/07/29 10:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines
      [2016/07/29 10:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
      [2016/07/29 10:14:18 | 000,000,000 | --SD | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft
      [2016/07/29 10:14:18 | 000,000,000 | R-SD | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
      [2016/07/29 10:14:18 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
      [2016/07/29 10:14:18 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      [2016/07/29 10:14:18 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\AppData\Local\Temporary Internet Files
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\SendTo
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Recent
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Modelos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Documents\Minhas Músicas
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Documents\Minhas Imagens
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Documents\Meus Vídeos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Meus Documentos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Menu Iniciar
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\AppData\Local\Histórico
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Dados de Aplicativos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\AppData\Local\Dados de Aplicativos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Cookies
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Configurações Locais
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Ambiente de Rede
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Ambiente de Impressão
      [2016/07/29 10:14:18 | 000,000,000 | -H-D | C] -- C:\Users\FreeFall\AppData
      [2016/07/29 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Microsoft
      [2016/07/29 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      [2016/07/29 10:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Atheros
      [2016/07/29 10:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
      [2016/07/29 10:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
      [2016/07/29 10:09:53 | 011,941,376 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\idtsg64.cpl
      [2016/07/29 10:09:53 | 004,642,816 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
      [2016/07/29 10:07:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
      [2016/07/29 10:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
      [2016/07/29 10:01:36 | 000,000,000 | ---D | C] -- C:\Windows.old
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\msmq
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\BestPractices
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\BestPractices
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\inetpub
      [2016/07/29 08:50:50 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
      [2016/07/28 18:59:21 | 000,079,192 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\McPvDrv.sys
      [2016/07/28 18:59:21 | 000,000,000 | R-SD | C] -- C:\Users\FreeFall\Documents\McAfee Vaults
      [2016/07/28 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\McAfee File Lock
      [2016/07/28 18:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
      [2016/07/28 18:58:53 | 000,207,968 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys
      [2016/07/28 18:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel Security
      [2016/07/28 18:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
      [2016/07/28 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
      [2016/07/28 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Security
      [2016/07/28 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
      [2016/07/28 18:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
      [2016/07/28 18:50:03 | 000,277,744 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\mfevtps.exe
      [2016/07/28 18:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
      [2016/07/26 06:14:19 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2016/07/26 06:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fantasy Grounds
      [2016/07/25 21:51:13 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Quinta Edição
      [2016/07/13 17:47:38 | 000,610,336 | ---- | C] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | C] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:51:47 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Tracing
      [2016/06/27 19:50:57 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2016/06/27 19:50:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
      [2016/06/27 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
      [2016/06/22 23:00:07 | 000,077,824 | ---- | C] (Fox Magic Software) -- C:\WINDOWS\SysWow64\fmcodec.DLL
      [2016/06/21 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\aTubeCatcher
      [2016/06/08 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Pesquisa
       
      ========== Files - Modified Within 90 Days ==========
       
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 21:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FreeFall\Desktop\OTL.exe
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 18:59:44 | 000,891,918 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
      [2016/07/29 18:59:44 | 000,832,568 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
      [2016/07/29 18:59:44 | 000,197,030 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
      [2016/07/29 18:59:44 | 000,176,804 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
      [2016/07/29 18:59:44 | 000,006,792 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 18:58:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
      [2016/07/29 18:03:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
      [2016/07/29 18:01:59 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:46 | 001,309,184 | ---- | M] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:12:40 | 001,610,560 | ---- | M] (Malwarebytes) -- C:\Users\FreeFall\Desktop\JRT.exe
      [2016/07/29 17:06:08 | 003,712,064 | ---- | M] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 10:36:06 | 000,010,451 | ---- | M] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 10:36:06 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/29 10:34:10 | 000,022,956 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:26:29 | 000,329,184 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
      [2016/07/29 10:13:18 | 002,021,072 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 09:59:29 | 000,015,703 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
      [2016/07/29 09:57:24 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | M] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | M] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:43:24 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysWow64\msmqtrc.mof
      [2016/07/29 09:43:02 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysNative\msmqtrc.mof
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 08:50:48 | 000,001,950 | ---- | M] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8100 (Rede).lnk
      [2016/07/28 19:00:00 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:41:32 | 000,748,434 | ---- | M] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | M] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/07/13 17:47:38 | 000,610,336 | ---- | M] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | M] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:56:57 | 000,007,429 | ---- | M] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/06/21 08:25:59 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | M] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | M] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
       
      ========== Files Created - No Company Name ==========
       
      [2016/07/29 18:18:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:43 | 001,309,184 | ---- | C] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:06:00 | 003,712,064 | ---- | C] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 11:21:23 | 000,002,384 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      [2016/07/29 11:20:07 | 000,001,053 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk
      [2016/07/29 10:34:10 | 000,022,956 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:22:02 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      [2016/07/29 10:13:18 | 002,021,072 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 10:06:11 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
      [2016/07/29 09:57:24 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:23:32 | 000,010,451 | ---- | C] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 09:23:32 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/28 19:00:00 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:37:52 | 000,748,434 | ---- | C] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | C] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/06/27 19:56:56 | 000,007,429 | ---- | C] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | C] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | C] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
      [2016/04/27 04:04:42 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2015/10/30 04:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
      [2015/10/30 04:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
      [2015/10/30 04:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
      [2015/10/30 04:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
      [2015/10/30 04:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
      [2015/10/30 04:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
      [2015/10/30 04:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
      [2015/10/30 04:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
      [2015/10/30 04:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
      [2015/10/30 04:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
      [2015/10/30 04:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
      [2015/10/30 04:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
      [2015/10/30 04:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
      [2015/10/30 04:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
      [2015/06/01 21:00:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
      [2015/06/01 19:46:58 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
      [2015/06/01 19:45:24 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
      [2015/05/10 16:46:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
      [2015/05/05 20:19:36 | 000,811,218 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.exe
      [2015/05/05 20:19:36 | 000,017,292 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.dat
       
      ========== ZeroAccess Check ==========
       
      [2016/07/29 16:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\windows.storage.dll -- [2016/07/29 09:56:51 | 006,605,544 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\windows.storage.dll -- [2016/07/29 09:56:52 | 005,240,960 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 04:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 04:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 04:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== LOP Check ==========
       
      [2016/07/26 06:30:01 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2015/04/30 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fingertapps
      [2016/07/29 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\PCDr
      [2016/07/29 19:12:15 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Spotify
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %systemroot%\system32\drivers\*.* /90 >
       
      < %systemdrive%\drivers\*.exe >
       
      < %SYSTEMDRIVE%\*.* >
      [2015/10/30 04:18:34 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
      [2012/04/05 20:59:57 | 000,033,797 | RH-- | M] () -- C:\dell.sdr
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:46:02 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
       
      < %LOCALAPPDATA%\*.exe >
       
      < %LOCALAPPDATA%\*.txt >
       
      < %LOCALAPPDATA%\*.ini >
       
      < %LOCALAPPDATA%\*.dll >
       
      < %LOCALAPPDATA%\*.dat >
      [2015/07/29 21:01:02 | 000,105,576 | ---- | M] () -- C:\Users\FreeFall\AppData\Local\GDIPFONTCACHEV1.DAT
       
      < %USERPROFILE%\*.exe >
       
      < %USERPROFILE%\*.txt >
       
      < %USERPROFILE%\*.ini >
      [2016/07/29 11:09:05 | 000,000,020 | -HS- | M] () -- C:\Users\FreeFall\ntuser.ini
       
      < %USERPROFILE%\*.dll >
       
      < %USERPROFILE%\*.dat /30 >
      [2016/07/29 18:18:55 | 002,883,584 | -HS- | M] () -- C:\Users\FreeFall\NTUSER.DAT
       
      < C:\windows\system32\Tasks\*.* /s >
      [2015/05/22 21:24:12 | 000,001,066 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      [2015/05/22 21:24:12 | 000,001,070 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      [2016/04/27 04:10:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
       
      < C:\windows\system32\Tasks\*.* /s /64 >
      [2016/07/29 10:34:35 | 000,003,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Adobe Acrobat Update Task
      [2016/07/29 10:34:37 | 000,003,924 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineCore
      [2016/07/29 10:34:45 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineUA
      [2016/07/29 10:34:49 | 000,003,738 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\HPCustParticipation HP Officejet Pro 8100
      [2016/07/29 19:40:56 | 000,004,020 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      [2016/07/29 15:56:10 | 000,004,208 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
      [2016/07/29 10:34:36 | 000,003,194 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfeeLogon
      [2016/07/29 17:43:29 | 000,004,182 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\User_Feed_Synchronization-{F913369A-30D6-49AF-A679-1FFF203BAE96}
      [2016/07/29 10:34:47 | 000,003,040 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfee\McAfee Idle Detection Task
      [2016/07/29 10:34:42 | 000,004,196 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat
      [2016/07/29 10:34:37 | 000,003,658 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
      [2016/07/29 10:34:36 | 000,003,596 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
      [2016/07/29 10:34:38 | 000,004,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
      [2016/07/29 10:34:47 | 000,002,660 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
      [2016/07/29 10:34:43 | 000,002,666 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
      [2016/07/29 10:34:47 | 000,002,822 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
      [2016/07/29 10:34:43 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
      [2016/07/29 10:34:49 | 000,003,978 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
      [2016/07/29 10:34:48 | 000,003,436 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
      [2016/07/29 10:34:50 | 000,002,722 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
      [2016/07/29 10:34:37 | 000,003,320 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
      [2016/07/29 10:34:35 | 000,003,346 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
      [2016/07/29 11:10:19 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
      [2016/07/29 10:34:50 | 000,003,014 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      [2016/07/29 10:34:49 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
      [2016/07/29 10:34:39 | 000,003,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
      [2016/07/29 10:34:45 | 000,002,716 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
      [2016/07/29 10:34:38 | 000,003,026 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
      [2016/07/29 10:34:35 | 000,002,870 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
      [2016/07/29 10:34:42 | 000,002,936 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
      [2016/07/29 10:34:40 | 000,002,830 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
      [2016/07/29 10:34:40 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
      [2016/07/29 10:34:50 | 000,003,694 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
      [2016/07/29 10:34:38 | 000,003,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
      [2016/07/29 10:34:50 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
      [2016/07/29 10:34:46 | 000,002,780 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
      [2016/07/29 10:34:35 | 000,003,428 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Clip\License Validation
      [2016/07/29 10:34:44 | 000,002,242 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
      [2016/07/29 10:34:48 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
      [2016/07/29 10:34:50 | 000,003,410 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
      [2016/07/29 10:34:44 | 000,003,260 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
      [2016/07/29 10:34:35 | 000,003,714 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
      [2016/07/29 10:34:46 | 000,003,354 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
      [2016/07/29 10:34:45 | 000,002,930 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
      [2016/07/29 10:34:43 | 000,002,984 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
      [2016/07/29 11:44:23 | 000,003,198 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
      [2016/07/29 10:34:45 | 000,003,192 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
      [2016/07/29 11:44:23 | 000,003,112 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
      [2016/07/29 11:44:23 | 000,003,204 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
      [2016/07/29 11:08:38 | 000,003,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
      [2016/07/29 11:44:23 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
      [2016/07/29 11:44:23 | 000,003,212 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
      [2016/07/29 10:34:43 | 000,003,202 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
      [2016/07/29 10:34:36 | 000,003,308 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
      [2016/07/29 10:34:50 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
      [2016/07/29 10:34:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
      [2016/07/29 10:34:50 | 000,003,034 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
      [2016/07/29 10:34:37 | 000,002,766 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
      [2016/07/29 10:34:41 | 000,002,398 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
      [2016/07/29 10:34:45 | 000,002,562 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
      [2016/07/29 10:34:45 | 000,002,384 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DUSM\dusmtask
      [2016/07/29 10:34:40 | 000,002,782 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
      [2016/07/29 10:34:44 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
      [2016/07/29 10:34:41 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
      [2016/07/29 10:34:43 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
      [2016/07/29 10:34:38 | 000,003,550 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
      [2016/07/29 10:34:39 | 000,003,168 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
      [2016/07/29 10:34:48 | 000,003,340 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
      [2016/07/29 10:34:47 | 000,002,638 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\Notifications
      [2016/07/29 10:34:42 | 000,002,572 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\WindowsActionDialog
      [2016/07/29 10:34:50 | 000,003,002 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
      [2016/07/29 10:34:36 | 000,002,998 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Management\Provisioning\Logon
      [2016/07/29 10:34:42 | 000,002,946 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsToastTask
      [2016/07/29 10:34:39 | 000,003,474 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
      [2016/07/29 10:34:46 | 000,005,684 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
      [2016/07/29 10:34:39 | 000,003,446 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
      [2016/07/29 10:34:41 | 000,003,582 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
      [2016/07/29 10:34:38 | 000,003,578 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart
      [2016/07/29 10:34:40 | 000,002,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove
      [2016/07/29 10:34:37 | 000,002,574 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
      [2016/07/29 10:34:46 | 000,002,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
      [2016/07/29 10:34:48 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
      [2016/07/29 10:34:45 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
      [2016/07/29 10:34:44 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
      [2016/07/29 10:34:43 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks
      [2016/07/29 10:34:47 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
      [2016/07/29 10:34:38 | 000,002,992 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
      [2016/07/29 10:34:41 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
      [2016/07/29 10:34:45 | 000,002,338 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
      [2016/07/29 10:34:50 | 000,003,128 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
      [2016/07/29 10:34:50 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager
      [2016/07/29 10:34:39 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
      [2016/07/29 10:34:49 | 000,003,218 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup
      [2016/07/29 10:34:50 | 000,003,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
      [2016/07/29 10:37:28 | 000,004,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
      [2016/07/29 10:34:49 | 000,002,502 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
      [2016/07/29 10:34:42 | 000,002,544 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
      [2016/07/29 10:34:42 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
      [2016/07/29 10:34:40 | 000,002,838 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
      [2016/07/29 10:34:46 | 000,002,636 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask
      [2016/07/29 10:34:51 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
      [2016/07/29 10:34:51 | 000,004,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
      [2016/07/29 10:34:45 | 000,002,756 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
      [2016/07/29 10:34:37 | 000,003,802 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
      [2016/07/29 10:34:36 | 000,003,912 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
      [2016/07/29 21:05:27 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
      [2016/07/29 11:09:08 | 000,003,372 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
      [2016/07/29 10:34:41 | 000,004,048 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
      [2016/07/29 10:34:35 | 000,003,006 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
      [2016/07/29 10:34:35 | 000,003,070 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
      [2016/07/29 10:34:40 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
      [2016/07/29 10:34:40 | 000,003,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
      [2016/07/29 10:34:49 | 000,003,056 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
      [2016/07/29 10:34:40 | 000,003,126 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
      [2016/07/29 10:34:48 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
      [2016/07/29 10:34:42 | 000,002,968 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
      [2016/07/29 10:34:49 | 000,002,976 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR
      [2016/07/29 10:34:44 | 000,002,762 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive
      [2016/07/29 10:34:39 | 000,004,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
      [2016/07/29 10:34:39 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
      [2016/07/29 10:34:37 | 000,002,566 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
      [2016/07/29 10:34:39 | 000,002,932 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
      [2016/07/29 10:34:42 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
      [2016/07/29 10:34:44 | 000,002,600 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
      [2016/07/29 10:34:45 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
      [2016/07/29 10:34:46 | 000,003,592 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
      [2016/07/29 10:34:42 | 000,002,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
      [2016/07/29 10:34:40 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
      [2016/07/29 10:34:49 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
      [2016/07/29 16:33:28 | 000,002,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
      [2016/07/29 16:25:49 | 000,005,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
      [2016/07/29 10:34:43 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
      [2016/07/29 10:34:40 | 000,002,396 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
      [2016/07/29 10:34:47 | 000,003,650 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
      [2016/07/29 10:34:44 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WCM\WiFiTask
      [2016/07/29 10:34:49 | 000,002,892 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost
      [2016/07/29 10:34:50 | 000,003,990 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
      [2016/07/29 10:34:50 | 000,003,288 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
      [2016/07/29 10:34:44 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
      [2016/07/29 11:09:08 | 000,003,224 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
      [2016/07/29 21:26:41 | 000,005,246 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
      [2016/07/29 10:34:46 | 000,003,300 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sih
      [2016/07/29 10:34:34 | 000,003,186 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
      [2016/07/29 10:34:51 | 000,002,564 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask
      [2016/07/29 10:34:48 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
      [2016/07/29 10:34:41 | 000,002,794 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
      [2016/07/29 10:34:36 | 000,002,790 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
      [2016/07/29 10:34:36 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
      [2016/07/29 10:34:38 | 000,002,744 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
      [2016/07/29 10:34:44 | 000,004,116 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\License Validation
      [2016/07/29 10:34:47 | 000,002,784 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\WSTask
      [2016/07/29 10:34:42 | 000,004,490 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-2517854909-2660416918-4196023361-1000
       
      < %windir%\tasks\*.* /s >
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 18:46:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
       
      < %systemroot%\*.scr >
      [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
      "SavedLegacySettings" = 46 00 00 00 22 04 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
      "DefaultConnectionSettings" = 46 00 00 00 FF 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
       
      < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
       
      < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
       
      < \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
       
      < HKCU\Software\Microsoft\Internet Explorer\Downloads >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
      "AllowRemoteRPC" = 0
      "DelayConMgrTimeout" = 0
      "DeleteTempDirsOnExit" = 1
      "fDenyTSConnections" = 1
      "fSingleSessionPerUser" = 1
      "NotificationTimeOut" = 0
      "PerSessionTempDir" = 0
      "ProductVersion" = 5.1
      "RCDependentServices" = CertPropSvcSessionEnv [binary data]
      "SnapshotMonitors" = 1
      "StartRCM" = 0
      "TSUserEnabled" = 0
      "InstanceID" = 0988b076-e88a-4260-a571-7e151ad
      "GlassSessionId" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
      "auditbasedirectories" = 0
      "auditbaseobjects" = 0
      "Bounds" = 0  [binary data]
      "crashonauditfail" = 0
      "LimitBlankPasswordUse" = 1
      "NoLmHash" = 1
      "Notification Packages" = scecli [binary data] -- [2015/10/30 04:18:26 | 000,227,840 | ---- | M] (Microsoft Corporation)
      "Authentication Packages" = msv1_0 [binary data] -- [2016/07/29 09:56:54 | 000,294,752 | ---- | M] (Microsoft Corporation)
      "SecureBoot" = 1
      "disabledomaincreds" = 0
      "everyoneincludesanonymous" = 0
      "forceguest" = 0
      "restrictanonymous" = 0
      "restrictanonymoussam" = 1
      "fullprivilegeauditing" =  [binary data]
      "LsaPid" = 812
      "ProductType" = 3
      "Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
      "SamConnectedAccountsExist" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
       
      < \UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < \SpecialAccounts\UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
      "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2015/10/30 04:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation)
      "DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
      "ErrorControl" = 1
      "Start" = 3
      "Type" = 32
      "Description" = @%SystemRoot%\System32\termsrv.dll,-267
      "DependOnService" = RPCSS [binary data]
      "ObjectName" = NT Authority\NetworkService
      "ServiceSidType" = 1
      "RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
      "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
       
      < net user /c >
      Contas de usu rio para \\FREEFALL-PC
      -------------------------------------------------------------------------------
      Administrador            Convidado                DefaultAccount          
      FreeFall                
      Comando conclu¡do com ˆxito.
       
      < MD5 for: TERMSRV.DLL  >
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\System32\termsrv.dll
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\WINDOWS\SysNative\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.10586.0_none_1b24da20fe9b4a93\termsrv.dll
      [2010/11/21 00:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
      [2014/07/16 23:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
      [2014/10/13 23:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
      [2014/07/16 00:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
       
      < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt   < End of report > -->