Inactive Windows 10 Error C000021a on Startup

gaztech · 2016/07/04

Hi everyone,
I have a nasty predicament where I cannot boot my Win 10 Pro on my desktop machine. I was using it one evening (all was ok) then when I turned it on the next morning I was unable to boot and got the C000021a error. However, over the last 3 months I've also experienced a couple of WHEA errors too but rebooting solved those.

I've tried the usual, Startup Repair, Normal Startup, Safe mode (won't work) and Last Known Good Configuration.

None of these yield any results so it's looking like something serious - possible malware infection.

I have a load of music composition programs on this particular machine and whilst I can indeed install the OS and these programs again, I have them all set up just as I want them. It took me months to get them all "just so" so I really want to get this machine back if I can without going through all the pain of another install! I've not updated anything recently that I can recall (at least just before the crash) so it is a little odd.

Hardware is:
Asus P7P55D-E motherboard
Intel i5
6GB Patriot DDR3 memory
NVidia GEForce Graphics card (not sure which one but I could take it out if you really need to know which one!)
Corsair 550W power supply.
1 * WD Blue 1GB disk, 1 * Samsung 1GB disk. 1 * Pioneer DVD RW, 1 * LG DVD/BluRay RW

To rule out the hardware, I installed my previous (working) Windows 7 boot disk and booted the machine with that. The machine came up and worked perfectly. I think that should rule out the hardware (all except the actual Win10 HDD of course). I then took the Win7 drive out and put the Win10 one back - still the same error and machine would not boot - error C000021a.

Any help you can give would be much appreciated. I've read through some of the other posts here and gone as far as I can but your notes here suggest that I shouldn't run "fixing" type tools without realising what I'm doing - hence the need for the post here.

Here's what I've done so far based on what I've read on the forum...

I collected together a load of utilites and put them on a USB stick.

I have the following:
tdsskiller.exe (Kaspersky)
Combofix.exe
EmsisoftEmergencyKit.exe
esetsmartinstaller_enu.exe
FRST64.exe
HitmanPro_x64.exe
mbam-setup-2.2.1.1043.exe
Roguekillerx64.exe

After booting up with my recovery USB stick I then ran ONLY FRST64.exe from the USB stick. I got a message to say that it was setting itself up for my environment (or something like that). Then it aborted. I then found that my internal boot drive had moved from what it was (E to C:.

I thought it might be useful to have all the utilities on the internal drive (not sure if this was a good idea or not) so I copied all of the above to C:\Kill.

I then ran FRST64.exe from the C:\Kill folder using only the default options. A log was of course created. It seems I can't paste the log in here as the system states that I can't post more than 55,000 characters...

How should I proceed? Any advice you can give would be greatly appreciated.

broni · 2016/07/04

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

Split the log between couple of replies.

gaztech · 2016/07/05

"broni said: ↑

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

Split the log between couple of replies.
Click to expand...

Brin

Hi Broni.

Many thanks for replying to my post! I thought I would have to wait a long time to get a reply to this one!

Log follows, split into two posts as advised.

Thanks.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by SYSTEM on MININT-A1NVBMS (04-07-2016 13:40:16)
Running from C:\kill
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [269824 2015-10-30] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Administrator\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\Gary\...\Policies\Explorer: []
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-09-12] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
S2 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2877112 2015-11-19] (Microsoft Corporation)
S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
S3 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [184328 2014-12-13] (Trace Software International)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2013-03-22] (Gladinet, INC)
S2 HPSLPSVC; C:\Users\Gary\AppData\Local\Temp\7zS521D\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 Mezzmo; C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [5645056 2014-12-08] (Conceiva Pty. Ltd.)
S2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 MSSQL$EASYJOB6; C:\Program Files\Microsoft SQL Server\MSSQL11.EASYJOB6\MSSQL\Binn\sqlservr.exe [194240 2015-05-05] (Microsoft Corporation)
S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2015-05-05] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
S3 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Create 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
S2 protonic.easyjob.mobile.server.Service.6; C:\Program Files (x86)\protonic software\easyjob 6\protonic.easyjob.mobile.server.Service.exe [266528 2016-05-04] (protonic software gmbh)
S2 protonic.easyjob.server.service.6; c:\Program Files (x86)\protonic software\easyjob 6\protonic.easyjob.server.service.exe [299296 2016-05-04] (protonic software gmbh)
S2 protonic.easyjob.TaskScheduler.Service.6; C:\Program Files (x86)\protonic software\easyjob 6\protonic.easyjob.TaskScheduler.Service.exe [289056 2016-05-04] (protonic software gmbh)
S2 protonic.easyjob.WebApi.Service.6; C:\Program Files (x86)\protonic software\easyjob 6\protonic.easyjob.WebApi.service.exe [565536 2016-05-04] (protonic software gmbh)
S2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [234632 2014-12-13] (Mentor Graphics Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SQLAgent$EASYJOB6; C:\Program Files\Microsoft SQL Server\MSSQL11.EASYJOB6\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation)
S2 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation)
S2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-09-12] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinA1314; C:\Program Files\WinA1314\WinA1314.exe [142848 2014-06-08] (George Samartzidis)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AKAI_EIE_PRO_MIDI; C:\Windows\system32\drivers\akaieiem.sys [33536 2013-05-15] (Numark)
S3 AKAI_EIE_PRO_USB; C:\Windows\System32\Drivers\akaieieu.sys [466688 2013-05-15] (Ploytec GmbH)
S3 AKAI_EIE_WDM; C:\Windows\system32\drivers\akaieiea.sys [55552 2013-05-15] (Numark)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-05] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 keyboard; C:\Windows\System32\Drivers\keyboard.sys [18536 2013-07-07] (Oblita)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-26] (Kaspersky Lab ZAO)
S2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-23] (Kaspersky Lab)
S3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
S1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-05-24] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-05-24] (AO Kaspersky Lab)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-05-24] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-10-02] (AO Kaspersky Lab)
S1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-05-24] (AO Kaspersky Lab)
S1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 MADFUMIDISPORT2010; C:\Windows\System32\drivers\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-15] (Malwarebytes)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2015-12-27] ()
S1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-17] ()
S3 NIWinCDEmu; C:\Windows\System32\drivers\NIWinCDEmu.sys [111696 2015-11-15] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 14:51 - 2018-01-12 14:51 - 00000000 ____D C:\Users\Gary\AppData\Local\eLicenser
2016-07-04 13:08 - 2016-07-04 13:10 - 00000000 ____D C:\FRST
2016-07-04 13:01 - 2016-07-04 13:08 - 00000000 ____D C:\kill
2016-07-04 12:53 - 2016-07-04 12:57 - 00000000 _____ C:\Recovery.txt
2016-07-01 11:52 - 2016-07-01 11:52 - 00003304 ____N C:\bootsqm.dat
2016-06-22 08:40 - 2016-06-22 09:09 - 00490112 _____ C:\Windows\ntbtlog.txt
2016-06-21 16:44 - 2016-06-21 16:44 - 04784128 _____ C:\Users\Gary\Downloads\Spotmau_powersuite_full_version.iso
2016-06-21 16:27 - 2016-06-21 16:27 - 00167084 _____ C:\Windows\Minidump\062116-101578-01.dmp
2016-06-21 16:16 - 2016-06-21 16:16 - 00177452 _____ C:\Windows\Minidump\062116-33234-01.dmp
2016-06-20 20:58 - 2016-06-20 20:59 - 00313828 _____ C:\Windows\Minidump\062016-33062-01.dmp
2016-06-20 16:16 - 2016-06-21 15:46 - 00001184 _____ C:\Users\Gary\Desktop\Minix SETUP Mark-Penny.txt
2016-06-20 15:57 - 2016-06-20 15:57 - 00612140 _____ C:\Windows\Minidump\062016-31062-01.dmp
2016-06-20 10:44 - 2016-06-20 10:44 - 02962609 _____ C:\Users\Gary\Downloads\ipscan-3.4.1-setup.exe
2016-06-20 10:44 - 2016-06-20 10:44 - 00000000 ____D C:\Users\Gary\.swt
2016-06-20 10:44 - 2016-06-20 10:44 - 00000000 ____D C:\Program Files\Angry IP Scanner
2016-06-19 14:59 - 2016-06-19 14:59 - 00000796 _____ C:\Users\Gary\Desktop\BurnInTest.lnk
2016-06-19 14:59 - 2016-06-19 14:59 - 00000000 ____D C:\Windows\System32\temp
2016-06-19 14:59 - 2016-06-19 14:59 - 00000000 ____D C:\Users\Gary\Documents\PassMark
2016-06-19 14:59 - 2016-06-19 14:59 - 00000000 ____D C:\Users\Gary\Desktop\BurnInTest
2016-06-19 14:59 - 2016-06-19 14:59 - 00000000 ____D C:\ProgramData\PassMark
2016-06-19 14:59 - 2016-06-19 14:59 - 00000000 ____D C:\Program Files\BurnInTest
2016-06-19 14:50 - 2016-06-22 15:42 - 477552988 _____ C:\Windows\MEMORY.DMP
2016-06-19 14:50 - 2016-06-19 14:51 - 00174340 _____ C:\Windows\Minidump\061916-33109-01.dmp
2016-06-19 14:48 - 2016-06-19 14:48 - 13758982 _____ (Passmark Software ) C:\Users\Gary\Downloads\bitstd.exe.part
2016-06-19 14:48 - 2016-06-19 14:48 - 00000000 _____ C:\Users\Gary\Downloads\bitstd.exe
2016-06-19 13:37 - 2016-06-19 13:37 - 00000000 __SHD C:\found.001
2016-06-19 13:21 - 2016-06-19 13:21 - 00408398 _____ C:\Users\Gary\Desktop\cc_20160619_152133.reg
2016-06-19 13:18 - 2016-06-19 13:18 - 00002852 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-19 13:18 - 2016-06-19 13:18 - 00000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-19 13:18 - 2016-06-19 13:18 - 00000000 ____D C:\Program Files\CCleaner
2016-06-19 13:17 - 2016-06-19 13:17 - 06893008 _____ (Piriform Ltd) C:\Users\Gary\Downloads\ccsetup518.exe
2016-06-18 07:28 - 2016-06-21 15:37 - 00001659 _____ C:\Users\Gary\Desktop\Melita Modem Setup Text.txt
2016-06-17 08:45 - 2016-06-17 08:45 - 20019904 _____ (Adobe Systems Incorporated) C:\Users\Gary\Downloads\install_flash_player_22_plugin.exe
2016-06-17 08:43 - 2016-06-17 08:43 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\Gary\Downloads\flashplayer22_xa_install(1).exe
2016-06-15 16:17 - 2016-05-28 05:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2016-06-15 16:17 - 2016-05-28 05:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-15 16:17 - 2016-05-28 05:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-06-15 16:17 - 2016-05-28 05:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 16:17 - 2016-05-28 04:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 16:17 - 2016-05-28 04:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-06-15 16:17 - 2016-05-28 04:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsdport.sys
2016-06-15 16:17 - 2016-05-28 04:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2016-06-15 16:17 - 2016-05-28 04:29 - 00045568 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2016-06-15 16:17 - 2016-05-28 04:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2016-06-15 16:17 - 2016-05-28 04:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-06-15 16:17 - 2016-05-28 04:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\omadmclient.exe
2016-06-15 16:17 - 2016-05-28 04:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 16:17 - 2016-05-28 04:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 16:17 - 2016-05-28 04:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2016-06-15 16:17 - 2016-05-28 04:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-06-15 16:17 - 2016-05-28 04:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-06-15 16:17 - 2016-05-28 04:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\System32\enterprisecsps.dll
2016-06-15 16:17 - 2016-05-28 04:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2016-06-15 16:17 - 2016-05-28 04:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\System32\mos.dll
2016-06-15 16:17 - 2016-05-28 04:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2016-06-15 16:17 - 2016-05-28 04:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\System32\MapConfiguration.dll
2016-06-15 16:17 - 2016-05-28 04:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\System32\MessagingDataModel2.dll
2016-06-15 16:17 - 2016-05-28 04:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\mdmmigrator.dll
2016-06-15 16:17 - 2016-05-28 04:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 16:17 - 2016-05-28 04:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2016-06-15 16:17 - 2016-05-28 04:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 16:17 - 2016-05-28 04:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\System32\JpMapControl.dll
2016-06-15 16:17 - 2016-05-28 04:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\System32\MapsStore.dll
2016-06-15 16:17 - 2016-05-28 04:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-06-15 16:17 - 2016-05-28 04:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-06-15 16:17 - 2016-05-28 04:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-15 16:17 - 2016-05-28 04:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\System32\NMAA.dll
2016-06-15 16:17 - 2016-05-28 04:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2016-06-15 16:17 - 2016-05-28 04:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-06-15 16:17 - 2016-05-28 04:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\System32\MapControlCore.dll
2016-06-15 16:17 - 2016-05-28 04:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-06-15 16:17 - 2016-05-28 04:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 16:17 - 2016-05-28 04:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-06-15 16:17 - 2016-05-28 04:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-06-15 16:17 - 2016-05-28 04:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 16:17 - 2016-05-28 04:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 16:17 - 2016-05-28 04:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2016-06-15 16:17 - 2016-05-28 04:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-06-15 16:17 - 2016-05-28 04:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 16:17 - 2016-05-28 04:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\System32\BingMaps.dll
2016-06-15 16:17 - 2016-05-28 04:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 16:17 - 2016-05-28 04:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2016-06-15 16:17 - 2016-05-28 04:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\System32\SyncController.dll
2016-06-15 16:17 - 2016-05-28 04:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-06-15 16:17 - 2016-05-28 04:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 16:17 - 2016-05-28 04:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-06-15 16:17 - 2016-05-28 04:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\System32\internetmail.dll
2016-06-15 16:17 - 2016-05-28 04:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 16:17 - 2016-05-28 04:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-15 16:17 - 2016-05-28 04:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2016-06-15 16:17 - 2016-05-28 04:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-06-15 16:17 - 2016-05-28 04:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\System32\DeviceEnroller.exe
2016-06-15 16:17 - 2016-05-28 03:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2016-06-15 16:17 - 2016-05-28 03:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2016-06-15 16:17 - 2016-05-28 03:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\System32\ActiveSyncProvider.dll
2016-06-15 16:17 - 2016-05-28 03:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\ngcpopkeysrv.dll
2016-06-15 16:16 - 2016-05-28 06:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2016-06-15 16:16 - 2016-05-28 06:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2016-06-15 16:16 - 2016-05-28 06:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2016-06-15 16:16 - 2016-05-28 06:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2016-06-15 16:16 - 2016-05-28 06:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2016-06-15 16:16 - 2016-05-28 06:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2016-06-15 16:16 - 2016-05-28 05:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2016-06-15 16:16 - 2016-05-28 05:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 16:16 - 2016-05-28 05:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 16:16 - 2016-05-28 05:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-06-15 16:16 - 2016-05-28 05:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\System32\setupapi.dll
2016-06-15 16:16 - 2016-05-28 05:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2016-06-15 16:16 - 2016-05-28 05:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2016-06-15 16:16 - 2016-05-28 05:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\System32\ws2_32.dll
2016-06-15 16:16 - 2016-05-28 05:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2016-06-15 16:16 - 2016-05-28 05:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2016-06-15 16:16 - 2016-05-28 05:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
2016-06-15 16:16 - 2016-05-28 05:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupEngine.dll
2016-06-15 16:16 - 2016-05-28 05:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ufx01000.sys
2016-06-15 16:16 - 2016-05-28 05:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupApi.dll
2016-06-15 16:16 - 2016-05-28 05:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2016-06-15 16:16 - 2016-05-28 05:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2016-06-15 16:16 - 2016-05-28 05:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-15 16:16 - 2016-05-28 05:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2016-06-15 16:16 - 2016-05-28 05:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-06-15 16:16 - 2016-05-28 05:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2016-06-15 16:16 - 2016-05-28 05:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2016-06-15 16:16 - 2016-05-28 05:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 16:16 - 2016-05-28 05:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Shell.Broker.dll

---------- Next Page follows: ---

gaztech · 2016/07/05

Next Page: -----

2016-06-15 16:16 - 2016-05-28 05:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
2016-06-15 16:16 - 2016-05-28 05:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-06-15 16:16 - 2016-05-28 05:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 16:16 - 2016-05-28 05:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2016-06-15 16:16 - 2016-05-28 05:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2016-06-15 16:16 - 2016-05-28 05:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 16:16 - 2016-05-28 05:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-06-15 16:16 - 2016-05-28 05:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll
2016-06-15 16:16 - 2016-05-28 05:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-15 16:16 - 2016-05-28 05:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\System32\gpapi.dll
2016-06-15 16:16 - 2016-05-28 04:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2016-06-15 16:16 - 2016-05-28 04:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2016-06-15 16:16 - 2016-05-28 04:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2016-06-15 16:16 - 2016-05-28 04:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-15 16:16 - 2016-05-28 04:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2016-06-15 16:16 - 2016-05-28 04:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2016-06-15 16:16 - 2016-05-28 04:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2016-06-15 16:16 - 2016-05-28 04:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2016-06-15 16:16 - 2016-05-28 04:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-15 16:16 - 2016-05-28 04:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 16:16 - 2016-05-28 04:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\tdlrecover.exe
2016-06-15 16:16 - 2016-05-28 04:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\System32\MapsCSP.dll
2016-06-15 16:16 - 2016-05-28 04:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-06-15 16:16 - 2016-05-28 04:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-15 16:16 - 2016-05-28 04:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\MosHostClient.dll
2016-06-15 16:16 - 2016-05-28 04:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\adhsvc.dll
2016-06-15 16:16 - 2016-05-28 04:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\httpprxp.dll
2016-06-15 16:16 - 2016-05-28 04:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2016-06-15 16:16 - 2016-05-28 04:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll
2016-06-15 16:16 - 2016-05-28 04:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\mapsupdatetask.dll
2016-06-15 16:16 - 2016-05-28 04:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
2016-06-15 16:16 - 2016-05-28 04:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\System32\dmcertinst.exe
2016-06-15 16:16 - 2016-05-28 04:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\System32\MapsBtSvc.dll
2016-06-15 16:16 - 2016-05-28 04:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\MosStorage.dll
2016-06-15 16:16 - 2016-05-28 04:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2016-06-15 16:16 - 2016-05-28 04:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\gpscript.dll
2016-06-15 16:16 - 2016-05-28 04:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2016-06-15 16:16 - 2016-05-28 04:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Ndu.sys
2016-06-15 16:16 - 2016-05-28 04:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2016-06-15 16:16 - 2016-05-28 04:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\AppCapture.dll
2016-06-15 16:16 - 2016-05-28 04:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\moshost.dll
2016-06-15 16:16 - 2016-05-28 04:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2016-06-15 16:16 - 2016-05-28 04:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 16:16 - 2016-05-28 04:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2016-06-15 16:16 - 2016-05-28 04:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc.dll
2016-06-15 16:16 - 2016-05-28 04:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2016-06-15 16:16 - 2016-05-28 04:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2016-06-15 16:16 - 2016-05-28 04:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\System32\moshostcore.dll
2016-06-15 16:16 - 2016-05-28 04:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\System32\tetheringservice.dll
2016-06-15 16:16 - 2016-05-28 04:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-06-15 16:16 - 2016-05-28 04:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2016-06-15 16:16 - 2016-05-28 04:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2016-06-15 16:16 - 2016-05-28 04:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\System32\BrokerLib.dll
2016-06-15 16:16 - 2016-05-28 04:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupSvc.dll
2016-06-15 16:16 - 2016-05-28 04:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2016-06-15 16:16 - 2016-05-28 04:21 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 16:16 - 2016-05-28 04:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\System32\newdev.dll
2016-06-15 16:16 - 2016-05-28 04:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\System32\polstore.dll
2016-06-15 16:16 - 2016-05-28 04:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2016-06-15 16:16 - 2016-05-28 04:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\System32\GnssAdapter.dll
2016-06-15 16:16 - 2016-05-28 04:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_Privacy.dll
2016-06-15 16:16 - 2016-05-28 04:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-06-15 16:16 - 2016-05-28 04:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-06-15 16:16 - 2016-05-28 04:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\System32\MBMediaManager.dll
2016-06-15 16:16 - 2016-05-28 04:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
2016-06-15 16:16 - 2016-05-28 04:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2016-06-15 16:16 - 2016-05-28 04:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2016-06-15 16:16 - 2016-05-28 04:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2016-06-15 16:16 - 2016-05-28 04:18 - 00678912 _____ (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2016-06-15 16:16 - 2016-05-28 04:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2016-06-15 16:16 - 2016-05-28 04:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2016-06-15 16:16 - 2016-05-28 04:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2016-06-15 16:16 - 2016-05-28 04:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\System32\VEEventDispatcher.dll
2016-06-15 16:16 - 2016-05-28 04:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-15 16:16 - 2016-05-28 04:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2016-06-15 16:16 - 2016-05-28 04:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2016-06-15 16:16 - 2016-05-28 04:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-06-15 16:16 - 2016-05-28 04:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\RDXTaskFactory.dll
2016-06-15 16:16 - 2016-05-28 04:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Management.dll
2016-06-15 16:16 - 2016-05-28 04:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2016-06-15 16:16 - 2016-05-28 04:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2016-06-15 16:16 - 2016-05-28 04:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\System32\AppContracts.dll
2016-06-15 16:16 - 2016-05-28 04:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\tileobjserver.dll
2016-06-15 16:16 - 2016-05-28 04:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-06-15 16:16 - 2016-05-28 04:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2016-06-15 16:16 - 2016-05-28 04:15 - 00579072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 16:16 - 2016-05-28 04:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2016-06-15 16:16 - 2016-05-28 04:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2016-06-15 16:16 - 2016-05-28 04:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2016-06-15 16:16 - 2016-05-28 04:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2016-06-15 16:16 - 2016-05-28 04:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2016-06-15 16:16 - 2016-05-28 04:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-06-15 16:16 - 2016-05-28 04:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-06-15 16:16 - 2016-05-28 04:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2016-06-15 16:16 - 2016-05-28 04:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\System32\SharedStartModel.dll
2016-06-15 16:16 - 2016-05-28 04:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\System32\AppxPackaging.dll
2016-06-15 16:16 - 2016-05-28 04:13 - 00954368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2016-06-15 16:16 - 2016-05-28 04:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2016-06-15 16:16 - 2016-05-28 04:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-06-15 16:16 - 2016-05-28 04:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2016-06-15 16:16 - 2016-05-28 04:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 16:16 - 2016-05-28 04:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-06-15 16:16 - 2016-05-28 04:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-06-15 16:16 - 2016-05-28 04:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-06-15 16:16 - 2016-05-28 04:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\httpprxm.dll
2016-06-15 16:16 - 2016-05-28 04:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\System32\RDXService.dll
2016-06-15 16:16 - 2016-05-28 04:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2016-06-15 16:16 - 2016-05-28 04:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2016-06-15 16:16 - 2016-05-28 04:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2016-06-15 16:16 - 2016-05-28 04:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2016-06-15 16:16 - 2016-05-28 04:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\System32\NetworkMobileSettings.dll
2016-06-15 16:16 - 2016-05-28 04:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
2016-06-15 16:16 - 2016-05-28 04:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\dmenrollengine.dll
2016-06-15 16:16 - 2016-05-28 04:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2016-06-15 16:16 - 2016-05-28 04:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-06-15 16:16 - 2016-05-28 04:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\System32\LocationFramework.dll
2016-06-15 16:16 - 2016-05-28 04:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-06-15 16:16 - 2016-05-28 04:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-15 16:16 - 2016-05-28 04:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 16:16 - 2016-05-28 04:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2016-06-15 16:16 - 2016-05-28 04:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 16:16 - 2016-05-28 04:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2016-06-15 16:16 - 2016-05-28 04:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 16:16 - 2016-05-28 04:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2016-06-15 16:16 - 2016-05-28 04:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\System32\enrollmentapi.dll
2016-06-15 16:16 - 2016-05-28 04:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-06-15 16:16 - 2016-05-28 03:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\mdmregistration.dll
2016-06-15 16:16 - 2016-05-28 03:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2016-06-15 16:16 - 2016-05-28 03:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2016-06-15 16:16 - 2016-05-28 03:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2016-06-15 16:16 - 2016-05-28 03:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Shell.dll
2016-06-15 15:50 - 2016-06-15 15:50 - 00000000 __SHD C:\found.000
2016-06-15 15:23 - 2016-06-15 15:24 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-06-15 15:22 - 2016-06-15 15:22 - 22851472 _____ (Malwarebytes ) C:\Users\Gary\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-15 15:22 - 2016-06-15 15:22 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-15 15:22 - 2016-06-15 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-15 15:22 - 2016-03-10 12:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-06-15 15:22 - 2016-03-10 12:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-06-15 15:22 - 2016-03-10 12:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-06-15 08:16 - 2016-06-15 08:16 - 00032788 _____ C:\Users\Gary\Desktop\alpinhunting.htm
2016-06-15 08:16 - 2016-06-15 08:16 - 00000000 ____D C:\Users\Gary\Desktop\alpinhunting_files
2016-06-12 12:00 - 2016-06-12 12:03 - 04587336 _____ (Overplay, Inc ) C:\Users\Gary\Downloads\overplay_vpn_setup(2).exe
2016-06-12 11:42 - 2016-06-12 11:42 - 00000600 _____ C:\Users\Gary\AppData\Local\PUTTY.RND
2016-06-12 11:20 - 2016-06-12 11:20 - 00009258 _____ C:\Users\Gary\Downloads\VPNBook.com-OpenVPN-Euro1.zip
2016-06-12 10:05 - 2016-06-12 10:05 - 00009219 _____ C:\Users\Gary\Downloads\AirVPN_Europe_UDP-443.ovpn
2016-06-12 10:02 - 2016-06-12 10:02 - 00000913 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2016-06-12 10:02 - 2016-06-12 10:02 - 00000000 ____D C:\Program Files\OpenVPN
2016-06-12 09:49 - 2016-06-12 09:49 - 00000000 ____D C:\Program Files\AirVPN
2016-06-11 15:51 - 2016-06-11 15:51 - 00256240 _____ C:\Users\Gary\Downloads\tap-windows-9.21.2.exe
2016-06-11 15:26 - 2016-06-11 15:26 - 00000000 ____D C:\Program Files (x86)\Anonyproz Ltd
2016-06-11 15:25 - 2016-06-11 15:25 - 02106880 _____ C:\Users\Gary\Downloads\openvpnwatchdog.msi
2016-06-11 15:11 - 2014-06-18 21:50 - 00000938 _____ C:\Users\Gary\Downloads\Downloads - Copy.lnk
2016-06-11 10:23 - 2016-06-11 10:23 - 00000000 ____D C:\Users\Gary\AppData\Local\Overplay,_Inc
2016-06-11 10:15 - 2016-06-11 10:42 - 00000000 ____D C:\Program Files\Overplay
2016-06-11 10:15 - 2016-06-11 10:15 - 04587336 _____ (Overplay, Inc ) C:\Users\Gary\Downloads\overplay_vpn_setup(1).exe
2016-06-11 10:08 - 2016-06-11 10:08 - 03505667 _____ C:\Users\Gary\Downloads\airvpn_windows8_x64_installer.exe
2016-06-11 09:41 - 2016-06-11 09:41 - 00004053 _____ C:\Users\Gary\Desktop\AirVPNLog.txt
2016-06-11 09:32 - 2016-06-11 09:32 - 00226616 _____ C:\Users\Gary\Downloads\tap-windows-9.21.1.exe
2016-06-11 08:48 - 2016-06-11 08:48 - 01837808 _____ C:\Users\Gary\Downloads\openvpn-install-2.3.11-I601-x86_64.exe
2016-06-11 08:40 - 2016-06-11 08:40 - 30893488 _____ (OpenVPN Technologies) C:\Users\Gary\Downloads\privatetunnel-win-2.7.exe
2016-06-10 18:27 - 2016-06-11 08:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-10 17:16 - 2016-06-10 17:17 - 00415636 _____ C:\Users\Gary\Downloads\TSM-LS.rar
2016-06-10 17:00 - 2016-06-10 17:02 - 69115904 _____ C:\Users\Gary\Downloads\calibre-64bit-2.58.0.msi
2016-06-08 16:02 - 2016-06-08 16:02 - 00000000 ____D C:\Users\Gary\Documents\SymNet Designer 9.1
2016-06-08 15:49 - 2016-06-08 15:49 - 00001922 _____ C:\Users\Public\Desktop\SymNet Designer 9.1.lnk
2016-06-08 15:49 - 2016-06-08 15:49 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Symetrix
2016-06-08 15:49 - 2016-06-08 15:49 - 00000000 ____D C:\Program Files (x86)\Symetrix
2016-06-05 17:09 - 2016-06-05 17:10 - 00000000 ____D C:\Users\Gary\Desktop\GHS
2016-06-05 16:59 - 2016-06-05 17:06 - 00010867 _____ C:\Users\Gary\Desktop\Timesheet_2 - 4_June.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 21:48 - 2014-10-11 10:03 - 00000000 ____D C:\Users\Gary\Documents\Outlook Files
2016-06-21 21:42 - 2016-04-05 08:11 - 00000000 ____D C:\Users\Gary\AppData\Local\CrashDumps
2016-06-21 21:39 - 2016-03-22 14:29 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 21:39 - 2015-10-10 09:43 - 00004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{58F3CF93-55DA-4EB6-B244-DB9581236709}
2016-06-21 19:52 - 2015-09-12 14:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-21 16:48 - 2014-12-20 10:40 - 00000000 ____D C:\Users\Gary\AppData\Local\AirVPN
2016-06-21 16:46 - 2016-05-26 18:20 - 00000000 ____D C:\Users\Gary\AppData\LocalLow\uTorrent
2016-06-21 16:46 - 2014-12-20 10:01 - 00000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent
2016-06-21 16:43 - 2015-12-28 03:19 - 00000000 ____D C:\users\DefaultAppPool
2016-06-21 16:43 - 2015-12-28 03:19 - 00000000 ____D C:\users\Administrator
2016-06-21 16:30 - 2016-03-22 14:29 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 16:27 - 2016-04-11 21:39 - 00000000 ____D C:\Windows\Minidump
2016-06-21 16:27 - 2015-12-28 04:09 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 16:27 - 2015-12-28 03:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-21 16:20 - 2015-12-28 03:19 - 00000000 ____D C:\users\Gary
2016-06-21 15:40 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-21 15:40 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-19 18:09 - 2015-10-30 07:21 - 00000000 ____D C:\Windows\INF
2016-06-19 18:04 - 2014-11-03 20:31 - 00000000 ____D C:\Users\Gary\AppData\Roaming\vlc
2016-06-19 15:02 - 2015-12-28 03:19 - 01132200 _____ C:\Windows\System32\PerfStringBackup.INI
2016-06-19 14:11 - 2015-10-30 06:28 - 00524288 ___SH C:\Windows\System32\config\BBI
2016-06-19 14:10 - 2014-10-21 18:52 - 00000000 ____D C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
2016-06-19 14:10 - 2014-10-11 16:27 - 00000000 ____D C:\Users\Gary\AppData\Roaming\TeamViewer
2016-06-19 13:57 - 2015-10-30 07:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-18 10:06 - 2016-04-01 16:08 - 00000000 ____D C:\ProgramData\Leap Motion
2016-06-18 08:39 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\rescache
2016-06-18 07:25 - 2016-05-21 09:44 - 00001782 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-18 07:24 - 2016-05-21 09:43 - 00000000 ____D C:\Program Files\iTunes
2016-06-18 07:24 - 2014-10-13 09:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-17 08:49 - 2014-10-11 22:45 - 00000000 ____D C:\Users\Gary\AppData\Local\Adobe
2016-06-17 08:31 - 2015-09-12 11:27 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-17 08:26 - 2015-12-28 03:09 - 05191208 _____ C:\Windows\System32\FNTCACHE.DAT
2016-06-17 08:22 - 2015-10-30 07:24 - 00000000 ___SD C:\Windows\System32\DiagSvcs
2016-06-17 08:22 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-06-17 08:22 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2016-06-17 08:22 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\System32\en-GB
2016-06-17 08:22 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\bcastdvr
2016-06-15 16:28 - 2014-10-09 13:50 - 142482544 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-06-15 16:28 - 2014-10-09 13:50 - 00000000 ____D C:\Windows\System32\MRT
2016-06-14 18:33 - 2015-10-30 07:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 18:33 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 21:38 - 2016-04-18 08:41 - 00012855 _____ C:\Users\Gary\Desktop\FLAT_Snagging List.xlsx
2016-06-12 09:46 - 2015-11-28 15:27 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-11 15:20 - 2015-10-30 07:24 - 00000000 ____D C:\Windows\System32\NDF
2016-06-11 15:11 - 2015-10-07 12:48 - 00000000 ____D C:\ProgramData\Stardock
2016-06-11 12:12 - 2014-10-12 11:28 - 00000000 ____D C:\Users\Gary\Documents\Calibre Library
2016-06-11 10:26 - 2014-12-20 11:02 - 00000000 ____D C:\Program Files\TAP-Windows
2016-06-11 10:15 - 2014-10-11 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-11 09:59 - 2016-03-22 20:01 - 00000000 ____D C:\Users\Gary\AppData\Local\Deployment
2016-06-11 08:16 - 2014-10-23 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-10 17:04 - 2014-10-12 11:28 - 00000000 ____D C:\Program Files\Calibre2
2016-06-08 15:49 - 2014-10-10 10:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

Files to move or delete:
====================
C:\ProgramData\inf.dat
C:\Users\Gary\gaz.bat
C:\Users\Gary\gaz2.bat

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2016-05-11 12:29] - [2016-04-23 04:18] - 0585728 ____A (Microsoft Corporation) 5C156EC4E44E30331BCC865A3B61D839

C:\Windows\System32\wininit.exe
[2016-05-11 12:29] - [2016-04-23 05:06] - 0291360 ____A (Microsoft Corporation) C1C81AAF533552B3C4D9F11A5FF97700

C:\Windows\explorer.exe
[2016-06-15 16:16] - [2016-05-28 05:05] - 4515264 ____A (Microsoft Corporation) E15BEB03592BA12C5C99E2BA46146BDD

C:\Windows\SysWOW64\explorer.exe
[2016-06-15 16:16] - [2016-05-28 05:06] - 4074160 ____A (Microsoft Corporation) FB8900191867C5B4AA61AF85B8DD1869

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-05-11 12:29] - [2016-04-23 05:00] - 1399224 ____A (Microsoft Corporation) F5F7CE3E32536F1A37FB3972F27A814F

C:\Windows\SysWOW64\User32.dll
[2016-05-11 12:29] - [2016-04-23 05:00] - 1337240 ____A (Microsoft Corporation) E7BD4D15CDC5A1E162256CFADCA92344

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2016-04-15 16:35] - [2016-03-29 10:11] - 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4

C:\Windows\SysWOW64\dnsapi.dll
[2016-04-15 16:35] - [2016-03-29 09:28] - 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 6142.05 MB
Available physical RAM: 5274.84 MB
Total Virtual: 6142.05 MB
Available Virtual: 5335.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:207.13 GB) NTFS
Drive d: (ESD-USB) (Removable) (Total:7.2 GB) (Free:4.08 GB) FAT32
Drive e: () (Removable) (Total:1.97 GB) (Free:0.08 GB) FAT
Drive g: () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 90F5C802)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 002E2480)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2016-06-15 16:26

==================== End of FRST.txt ============================

Over to you... Thank you.

broni · 2016/07/05

I don't actually see anything malicious there so let's see if we can restore your computer to a date when it booted successfully for the last time (2016-06-15).

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run [color= "#0000FF"]FRST(FRST64)[/color] and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

gaztech · 2016/07/06

Hi Broni,

Ok, so I ran FRST64.exe (with the fixlist.txt file in place) and the machine rebooted.

Came up with "Preparing Automatic Repair "... couple of screen flashes later then it rebooted itself (from scratch) and tried to restart Windows. It took a long time in the start process and finally came up with "Your PC ran into a problem and needs to restart" and showed the same C000021a error.

It then rebooted again, came up with "Diagnosing your PC "... "Attempting Repairs "... and finally told me "Automatic Repair couldn't repair your PC ".

It also gave me the location of the Srt Log file which I've posted here for you along with the FRST log. The last line in this show an attempted repair of a "critical file" and shows it as a failure. Could this be the root cause of this problem? You should know that before I posted my error onto the forum I did attempt an mbrfix to no avail as I originally thought this was the root cause. However, this did show as being successfully completed. I should have told you that at the start ( - slipped my mind but I've not done anything else significant though...). I'm assuming you might want me to do that again. However, I will follow your instructions to the letter!

Logs follow:-

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by SYSTEM (2016-07-06 12:23:03) Run:1
Running from C:\kill
Boot Mode: Recovery
==============================================

fixlist content:
*****************
LastRegBack: 2016-06-15 16:26
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 12:23:13 ====

SRT LOG:
~~~~~~~~

Test Performed:
---------------------------
Name: Boot status test
Result: Completed successfully. Error code = 0x0
Time taken = 62 ms

Test Performed:
---------------------------
Name: Setup state check
Result: Completed successfully. Error code = 0x0
Time taken = 203 ms

Test Performed:
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code = 0x0
Time taken = 5266 ms

Test Performed:
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Bugcheck analysis
Result: Completed successfully. Error code = 0x0
Time taken = 656 ms

Root cause found:
---------------------------
Bugcheck c000021a. Parameters = 0xffffc000f1008220, 0xffffffffc0000006, 0xffffc000e29b29f0, 0x0.
Boot critical file is corrupt.

Repair action: File repair
Result: Failed. Error code = 0x2
Time taken = 12656 ms

---------------------------
---------------------------

I did try to reboot from the last known config (see my first post) so I'm not really surprised it didn't work but hopefully these logs may give you some more insight into the problem. Hope this isn't hurting your head as much as it hurts mine right now!

Thanks. I'll wait to hear from you.

broni · 2016/07/06

At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

gaztech · 2016/07/07

"broni said: ↑

At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck
Click to expand...

Ok. Will revert to the Windows forum. At least it doesn't appear to be a malware issue. Thanks for all your help.

broni · 2016/07/07

You're very welcome

Log in or Sign up

Inactive Windows 10 Error C000021a on Startup

gaztech New Member Thread Starter

broni Moderator Malware Analyst

gaztech New Member Thread Starter

gaztech New Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

gaztech New Member Thread Starter

broni Moderator Malware Analyst

gaztech New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Windows 10 Error C000021a on Startup

gaztech New Member Thread Starter

broni Moderator Malware Analyst

gaztech New Member Thread Starter

gaztech New Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

gaztech New Member Thread Starter

broni Moderator Malware Analyst

gaztech New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches