What's new

[7SP1Pro x64] On Screen Keyboard (OSK) not working

Magdalene

Well-known member
Joined
Mar 19, 2017
Posts
75
Location
Uk
Hi all,
Have been advised by Win 7 Forum (StruldBrug)to get my System checked out by yourselves with respect to getting error 'Could not start On Screen Keyboard'
Full details of steps taken so far can be found in the Win 7 Forum Thread Win 7 SP1 X64 On Screen Keyboard not working.
Have backed up and run FRST.
Resultant Logs attached

Thanks in advance,
Magdalene.


View attachment Addition.txtView attachment FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Nick Crowther (administrator) on NICKSLAPTOP (22-05-2018 20:19:52)
Running from C:\Users\Nick Crowther\Desktop
Loaded Profiles: Nick Crowther (Available Profiles: Nick Crowther)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo64S.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NirSoft) C:\Portable Applications\Volmouse x 64\volumouse.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Portable Applications\Volmouse x 64\volumouse32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Tweaking.com) C:\Portable Applications\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\PROGRAM FILES\CLASSIC SHELL\CLASSICSTARTMENU.EXE [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-11] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\igfxcui: [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Run: [$Volumouse$] => C:\PORTABLE APPLICATIONS\VOLMOUSE X 64\VOLUMOUSE.EXE [94816 2016-06-10] (NirSoft)
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Policies\Explorer: [NoReadingPane] 1
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\MountPoints2: {2999041e-d219-11e3-b208-00c2c6388848} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\MountPoints2: {e41f0646-579c-11e3-8370-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: PDBoot.exeautocheck autochk *
AlternateShell:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FAB78576-140F-4617-A7E7-4C79D7B50EB0}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1653829839-743396242-3690768953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> {006E7550-69CE-4CEE-B68B-10E0BB662AAE} URL =
SearchScopes: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> {0C19CD4E-49BE-4DCD-8B83-734F0504B9E2} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2017-10-04] (Ghostery, Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2017-10-04] (Ghostery, Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1518369605390
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF DefaultProfile: 5v3b70qn.default
FF ProfilePath: C:\Users\Nick Crowther\AppData\Roaming\Mozilla\Firefox\Profiles\5v3b70qn.default [2018-05-22]
FF Homepage: Mozilla\Firefox\Profiles\5v3b70qn.default -> hxxps://www.google.co.uk/
FF NewTabOverride: Mozilla\Firefox\Profiles\5v3b70qn.default -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
FF Extension: (New Tab Homepage) - C:\Users\Nick Crowther\AppData\Roaming\Mozilla\Firefox\Profiles\5v3b70qn.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2018-03-31]
FF Extension: (Web of Trust) - C:\Users\Nick Crowther\AppData\Roaming\Mozilla\Firefox\Profiles\5v3b70qn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-03-30]
FF Extension: (Adblock Plus) - C:\Users\Nick Crowther\AppData\Roaming\Mozilla\Firefox\Profiles\5v3b70qn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-03-19]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> E:\Adobe Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-11] (AVAST Software)
S3 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-20] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2018-03-09] (Sandboxie Holdings, LLC)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23920 2017-12-12] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-11] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-02] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-02] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-02] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-02] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-11] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-11] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-11] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-11] (AVAST Software)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [53776 2016-06-12] (IVT Corporation.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [153616 2016-04-11] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2015-11-27] (Motorola Solutions, Inc.)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-08-06] (Intel Corporation)
R0 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [637360 2012-03-21] (Intel Corporation)
R0 megasas2; C:\Windows\System32\drivers\megasas2.sys [52048 2012-09-21] (LSI Corporation)
R0 mv64xx; C:\Windows\System32\drivers\mv64xx.sys [333352 2011-04-11] (Marvell Semiconductor, Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-08-19] (Intel Corporation)
R3 pelbtm; C:\Windows\System32\DRIVERS\pelbtm.sys [16384 2012-06-19] (Primax Electronics Ltd.)
R1 pelmoubt; C:\Windows\System32\DRIVERS\pelmoubt.sys [22528 2012-06-19] (Primax Electronics Ltd.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [328920 2016-04-05] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228208 2018-03-09] (Sandboxie Holdings, LLC)
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2003-06-13] (Macrovision Europe Ltd) [File not signed]
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-26] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [745632 2016-10-29] (Sunplus Innovation Technology Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-02-11] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-02-11] (Microsoft Corporation) [File not signed]
S4 IBMPMDRV; system32\DRIVERS\ibmpmdrv.sys [X]
U3 usbaudio; no ImagePath
U3 UsbScan; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-22 20:19 - 2018-05-22 20:20 - 000014314 _____ C:\Users\Nick Crowther\Desktop\FRST.txt
2018-05-22 20:19 - 2018-05-22 20:19 - 000000000 ____D C:\FRST
2018-05-22 20:18 - 2018-05-22 20:18 - 002413056 _____ (Farbar) C:\Users\Nick Crowther\Desktop\FRST64.exe
2018-05-22 20:06 - 2018-05-22 20:06 - 000008224 _____ C:\Users\Nick Crowther\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-22 18:07 - 2018-05-22 18:07 - 000000000 ____D C:\Users\Nick Crowther\AppData\Roaming\Wise Euask
2018-05-22 15:46 - 2018-05-22 15:46 - 000000000 ____D C:\Windows\Trend Micro
2018-05-22 15:46 - 2018-05-22 15:46 - 000000000 ____D C:\ProgramData\Trend Micro
2018-05-22 15:45 - 2015-05-29 08:43 - 000307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-05-22 15:43 - 2018-05-22 15:44 - 000216142 _____ C:\TDSSKiller.3.1.0.17_22.05.2018_15.43.41_log.txt
2018-05-22 13:59 - 2018-05-22 13:59 - 000000000 ___HD C:\ProgramData\CanonIJEGV
2018-05-22 13:45 - 2018-05-22 13:45 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool
2018-05-22 13:45 - 2013-02-04 15:10 - 000321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BTL.dll
2018-05-22 13:45 - 2012-11-26 12:29 - 000095744 _____ C:\Windows\SysWOW64\CNC1770D.TBL
2018-05-22 13:45 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2018-05-22 13:44 - 2018-05-22 13:44 - 000000000 ____D C:\Windows\system32\STRING
2018-05-22 13:44 - 2018-05-22 13:44 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-05-22 13:44 - 2018-05-22 13:44 - 000000000 ____D C:\Program Files\Canon
2018-05-22 13:44 - 2013-01-24 08:24 - 000359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2018-05-22 13:44 - 2013-01-24 08:24 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2018-05-22 13:44 - 2013-01-24 08:23 - 000366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2018-05-22 13:43 - 2018-05-22 13:43 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-05-22 13:43 - 2018-05-22 13:43 - 000000000 ___HD C:\Program Files\CanonBJ
2018-05-22 13:41 - 2018-05-22 13:41 - 000000000 ___HD C:\ProgramData\CanonIJETV
2018-05-22 13:40 - 2018-05-22 13:53 - 000000000 ____D C:\Program Files (x86)\Canon
2018-05-21 04:30 - 2018-05-21 04:30 - 000000207 _____ C:\Windows\tweaking.com-regbackup-NICKSLAPTOP-Windows-7-Professional-(64-bit).dat
2018-05-20 19:00 - 2015-03-27 02:54 - 000163480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comDlg32.ocx
2018-05-20 19:00 - 2014-11-12 08:46 - 000354944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2018-05-20 19:00 - 2011-01-12 05:06 - 001054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2018-05-20 19:00 - 2007-02-01 13:43 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-05-19 11:17 - 2018-05-19 11:22 - 000000978 _____ C:\Windows\system32\0
2018-05-12 06:24 - 2018-05-12 06:24 - 000000218 _____ C:\Users\Nick Crowther\AppData\Local\recently-used.xbel
2018-05-12 05:59 - 2018-05-12 05:59 - 000000000 ____D C:\Users\Nick Crowther\AppData\Local\gtk-3.0
2018-05-11 10:25 - 2018-05-11 10:25 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-11 10:25 - 2018-05-11 10:25 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-05-11 08:02 - 2018-05-22 20:09 - 000000000 ____D C:\Users\Nick Crowther\AppData\LocalLow\Ghostery
2018-05-11 08:02 - 2018-05-11 08:02 - 000000000 ____D C:\Users\Nick Crowther\AppData\LocalLow\GhosteryConfig
2018-05-11 08:02 - 2018-05-11 08:02 - 000000000 ____D C:\Program Files (x86)\Ghostery
2018-05-11 07:39 - 2018-05-11 07:39 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-08 18:46 - 2018-05-08 19:13 - 000003196 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1653829839-743396242-3690768953-1000
2018-05-08 18:45 - 2018-05-08 18:45 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-08 18:17 - 2018-05-08 18:53 - 000000000 ___RD C:\Users\Nick Crowther\OneDrive
2018-05-01 22:42 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-01 22:42 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-01 22:42 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-01 22:42 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-01 22:42 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-01 22:42 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-01 22:42 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-01 22:42 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-01 22:42 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-01 22:42 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-01 22:42 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-01 22:42 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-01 22:42 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-01 22:42 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-01 22:42 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-01 22:42 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-01 22:42 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-01 22:42 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-01 22:42 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-01 22:42 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-01 22:42 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-01 22:42 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-01 22:42 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-01 22:42 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-01 22:42 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-01 22:42 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-01 22:42 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-01 22:42 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-01 22:42 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-01 22:42 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-01 22:42 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-01 22:42 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-01 22:42 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-01 22:42 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-01 22:42 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-01 22:42 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-01 22:42 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-01 22:42 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-01 22:42 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-01 22:42 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-01 22:42 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-01 22:42 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-01 22:42 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-01 22:42 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-01 22:42 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-01 22:42 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-01 22:42 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-01 22:42 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-01 22:42 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-01 22:42 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-01 22:42 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-01 22:42 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-01 22:42 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-01 22:42 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-01 22:42 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-01 22:42 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-01 22:42 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-01 22:42 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-01 22:42 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-01 22:42 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-01 22:42 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-01 22:42 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-01 22:42 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-01 22:42 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-01 22:42 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-01 22:42 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-01 22:42 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-01 22:42 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-01 22:36 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-01 22:26 - 2017-10-17 00:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-05-01 22:26 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-05-01 22:26 - 2017-10-12 01:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-05-01 22:26 - 2017-10-12 01:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-05-01 22:26 - 2017-10-12 01:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-05-01 22:26 - 2017-10-12 01:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-05-01 22:26 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-05-01 22:26 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-05-01 22:26 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-05-01 22:26 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2018-05-01 22:26 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-05-01 22:26 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-05-01 22:26 - 2017-10-12 01:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-05-01 22:26 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-05-01 22:26 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-05-01 22:26 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-05-01 22:26 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-05-01 22:26 - 2017-10-12 01:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2018-05-01 22:26 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-05-01 22:03 - 2017-09-13 16:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2018-05-01 22:03 - 2017-09-13 16:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-05-01 22:03 - 2017-09-13 16:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-05-01 22:03 - 2017-09-13 16:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2018-05-01 22:03 - 2017-09-13 16:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2018-05-01 22:03 - 2017-09-13 16:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2018-05-01 22:03 - 2017-09-13 16:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2018-05-01 22:03 - 2017-09-13 16:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2018-05-01 22:03 - 2017-09-13 16:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2018-05-01 22:03 - 2017-09-13 16:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2018-05-01 22:03 - 2017-09-13 16:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2018-05-01 22:03 - 2017-09-13 16:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-05-01 22:03 - 2017-09-08 16:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-05-01 22:03 - 2017-09-08 16:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-05-01 22:03 - 2017-09-08 15:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2018-05-01 22:03 - 2017-09-08 15:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2018-05-01 22:03 - 2017-09-07 16:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-05-01 22:03 - 2017-09-07 16:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-05-01 22:03 - 2017-09-07 15:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-01 22:03 - 2017-09-07 15:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-01 22:03 - 2017-09-07 15:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-01 21:49 - 2017-08-19 16:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2018-05-01 21:49 - 2017-08-19 16:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2018-05-01 21:49 - 2017-08-16 16:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2018-05-01 21:49 - 2017-08-16 16:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2018-05-01 21:49 - 2017-08-15 16:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-05-01 21:49 - 2017-08-15 16:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-05-01 21:49 - 2017-08-15 16:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-05-01 21:49 - 2017-08-15 16:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2018-05-01 21:49 - 2017-08-14 18:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2018-05-01 21:49 - 2017-08-14 18:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2018-05-01 21:49 - 2017-08-13 22:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2018-05-01 21:49 - 2017-08-13 22:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2018-05-01 21:49 - 2017-08-11 07:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2018-05-01 21:49 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2018-05-01 21:49 - 2017-08-11 07:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-05-01 21:49 - 2017-08-11 07:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-01 21:49 - 2017-08-11 07:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2018-05-01 21:49 - 2017-08-11 07:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2018-05-01 21:49 - 2017-08-11 07:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-01 21:49 - 2017-08-11 07:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2018-05-01 21:49 - 2017-08-11 07:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2018-05-01 21:49 - 2017-08-11 07:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2018-05-01 21:49 - 2017-08-11 07:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-01 21:49 - 2017-08-11 07:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2018-05-01 21:49 - 2017-08-11 07:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2018-05-01 21:49 - 2017-08-11 07:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2018-05-01 21:49 - 2017-08-11 07:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2018-05-01 21:49 - 2017-08-11 07:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2018-05-01 21:49 - 2017-08-11 07:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-01 21:49 - 2017-08-11 07:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2018-05-01 21:49 - 2017-08-11 06:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2018-05-01 21:34 - 2017-07-29 15:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2018-05-01 21:34 - 2017-07-21 15:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2018-05-01 21:34 - 2017-07-21 15:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2018-05-01 21:34 - 2017-07-21 15:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2018-05-01 21:34 - 2017-07-21 15:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2018-05-01 21:34 - 2017-07-14 16:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-05-01 21:34 - 2017-07-14 16:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2018-05-01 21:34 - 2017-07-14 16:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-05-01 21:34 - 2017-07-14 15:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2018-05-01 21:34 - 2017-07-14 15:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2018-05-01 21:34 - 2017-07-14 15:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2018-05-01 21:34 - 2017-07-08 16:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-01 21:34 - 2017-07-07 16:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2018-05-01 21:34 - 2017-07-01 14:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2018-05-01 21:34 - 2017-07-01 14:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2018-05-01 21:24 - 2017-07-06 05:56 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2018-05-01 21:24 - 2017-06-15 21:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-05-01 21:24 - 2017-06-12 23:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2018-05-01 21:24 - 2017-06-12 23:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2018-05-01 21:24 - 2017-06-12 23:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2018-05-01 21:24 - 2017-06-12 23:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2018-05-01 21:24 - 2017-06-12 23:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2018-05-01 21:24 - 2017-06-12 23:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2018-05-01 21:24 - 2017-06-12 23:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2018-05-01 21:24 - 2017-06-12 23:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2018-05-01 21:24 - 2017-06-12 23:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2018-05-01 21:24 - 2017-06-12 23:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2018-05-01 21:24 - 2017-06-12 23:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2018-05-01 21:24 - 2017-06-12 23:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2018-05-01 21:24 - 2017-06-12 23:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2018-05-01 21:24 - 2017-06-12 23:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2018-05-01 21:24 - 2017-05-30 05:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-05-01 21:24 - 2017-05-30 05:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-05-01 21:24 - 2017-05-30 05:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-05-01 21:09 - 2017-06-02 09:10 - 000733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2018-05-01 21:09 - 2017-05-12 17:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2018-05-01 21:09 - 2017-05-12 16:58 - 001648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2018-05-01 21:09 - 2017-05-12 16:58 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2018-05-01 21:09 - 2017-05-10 16:33 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2018-05-01 21:09 - 2017-05-10 16:29 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-01 21:09 - 2017-05-10 16:29 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-01 21:09 - 2017-05-10 16:29 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-01 21:09 - 2017-05-10 16:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-01 21:09 - 2017-05-10 16:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2018-05-01 21:09 - 2017-05-10 16:14 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-01 21:09 - 2017-05-10 16:13 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-01 21:09 - 2017-05-10 16:13 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-01 21:09 - 2017-05-10 16:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-01 21:09 - 2017-05-10 16:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-01 21:09 - 2017-05-10 16:13 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-01 21:09 - 2017-05-10 16:13 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-01 21:09 - 2017-05-10 16:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-01 21:09 - 2017-05-10 16:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-01 21:09 - 2017-05-10 16:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-01 21:09 - 2017-05-10 16:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-01 21:09 - 2017-05-10 16:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-01 21:09 - 2017-05-07 16:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2018-05-01 21:09 - 2017-05-07 16:29 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2018-05-01 21:09 - 2017-03-30 16:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2018-05-01 21:09 - 2017-03-30 15:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2018-05-01 19:28 - 2018-05-08 17:07 - 000000000 ____D C:\Program Files\DVD Maker
2018-05-01 19:28 - 2018-05-01 19:28 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2018-05-01 19:28 - 2018-05-01 19:28 - 000000000 ____D C:\Program Files\Common Files\Services
2018-05-01 18:18 - 2018-05-16 17:57 - 000000000 ____D C:\Users\Nick Crowther\AppData\Roaming\Wise Registry Cleaner
2018-05-01 18:12 - 2018-05-22 18:34 - 000000000 ____D C:\Users\Nick Crowther\AppData\Roaming\Wise Disk Cleaner
2018-05-01 18:10 - 2018-05-11 07:45 - 000000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2018-05-01 18:10 - 2018-05-01 18:17 - 000000000 ____D C:\Program Files (x86)\Wise
2018-04-30 22:41 - 2018-04-30 22:41 - 000000280 _____ C:\Windows\system32\PDBootState
2018-04-30 19:52 - 2018-04-30 19:54 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.0
2018-04-30 19:52 - 2018-04-23 19:00 - 002155880 _____ C:\Windows\ampa.exe
2018-04-30 19:52 - 2016-12-25 23:26 - 000038320 _____ C:\Windows\SysWOW64\ampa.sys
2018-04-30 19:52 - 2016-12-25 23:26 - 000038320 _____ C:\Windows\system32\ampa.sys
2018-04-30 18:36 - 2018-05-21 08:15 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-30 17:59 - 2018-04-30 17:59 - 000000000 ____D C:\ProgramData\Raxco
2018-04-30 17:59 - 2018-04-30 17:59 - 000000000 ____D C:\Program Files\Raxco
2018-04-30 17:59 - 2018-04-30 17:59 - 000000000 ____D C:\Program Files\Common Files\Raxco

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-22 20:11 - 2018-03-19 13:26 - 000000000 ____D C:\Users\Nick Crowther\AppData\LocalLow\Mozilla
2018-05-22 20:08 - 2015-07-26 11:47 - 000000000 ____D C:\Users\Nick Crowther\AppData\Local\ClassicShell
2018-05-22 18:40 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-05-22 18:33 - 2018-02-12 16:59 - 000000000 ____D C:\Users\Nick Crowther\AppData\Local\Everything
2018-05-22 18:32 - 2018-02-12 15:35 - 000000000 ____D C:\Users\Nick Crowther\AppData\Roaming\Everything
2018-05-22 18:27 - 2009-07-14 05:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-22 18:27 - 2009-07-14 05:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-22 18:20 - 2016-10-28 21:11 - 000000318 _____ C:\Windows\Tasks\Lenovo Active Protection System.job
2018-05-22 18:20 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-22 16:31 - 2014-05-02 21:47 - 002223358 _____ C:\Users\Nick Crowther\AppData\Local\census.cache
2018-05-22 16:31 - 2014-05-02 21:45 - 000180275 _____ C:\Users\Nick Crowther\AppData\Local\ars.cache
2018-05-22 16:19 - 2014-04-30 16:19 - 000000010 _____ C:\Users\Nick Crowther\AppData\Local\sponge.last.runtime.cache
2018-05-22 13:58 - 2015-11-27 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices and Printers
2018-05-22 13:45 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-05-22 13:36 - 2017-08-13 10:07 - 000000000 ___RD C:\Portable Applications
2018-05-21 21:40 - 2016-06-10 17:23 - 000000000 ____D C:\Users\Nick Crowther\AppData\LocalLow\Adblock Plus for IE
2018-05-21 21:08 - 2018-02-12 17:18 - 000001888 _____ C:\Windows\Sandboxie.ini
2018-05-21 18:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-05-21 18:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\inetsrv
2018-05-21 10:30 - 2014-04-16 22:20 - 000000000 ____D C:\Program Files\Recuva
2018-05-21 10:25 - 2014-04-29 23:46 - 000000000 ____D C:\Users\Nick Crowther\AppData\Local\CrashDumps
2018-05-20 23:53 - 2014-04-16 12:09 - 000000000 ____D C:\Users\Nick Crowther
2018-05-20 23:47 - 2017-08-13 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Information and Benchmark
2018-05-20 21:39 - 2014-04-28 22:00 - 000738662 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-20 21:39 - 2009-07-14 06:13 - 000782264 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-20 19:00 - 2014-04-29 23:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-20 09:18 - 2016-11-02 13:43 - 000000000 ____D C:\Program Files\Core Temp
2018-05-19 19:47 - 2018-03-23 20:11 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-17 07:57 - 2018-03-19 13:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-16 20:56 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-05-16 10:43 - 2017-08-13 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Documentation & Win 7 Tutorials
2018-05-16 04:01 - 2018-03-23 19:54 - 000000000 ____D C:\ProgramData\Adobe
2018-05-14 09:03 - 2015-05-23 19:03 - 000001956 __RSH C:\ProgramData\ntuser.pol
2018-05-13 20:33 - 2017-08-13 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image creation & manipulation
2018-05-13 20:17 - 2014-04-30 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Search - Management - Menus
2018-05-11 20:22 - 2018-03-28 17:38 - 000000000 ____D C:\Users\Nick Crowther\AppData\Local\niemiro
2018-05-11 07:39 - 2018-02-11 13:42 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-11 07:39 - 2018-02-11 13:42 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-09 11:30 - 2014-04-16 23:08 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-09 11:30 - 2013-11-27 21:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-07 19:46 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-04 20:30 - 2017-04-08 19:47 - 000000000 ____D C:\Users\Nick Crowther\AppData\Roaming\Skype
2018-05-01 21:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2018-05-01 21:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\migwiz
2018-05-01 19:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Web
2018-05-01 19:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2018-05-01 19:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Cursors
2018-05-01 19:28 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-01 18:15 - 2014-04-30 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
2018-04-30 22:43 - 2018-02-12 14:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-30 19:54 - 2018-02-16 21:36 - 000001024 ____H C:\AMTAG.BIN
2018-04-30 18:36 - 2017-04-08 19:16 - 000000000 ____D C:\Program Files\CCleaner
2018-04-30 16:57 - 2015-11-08 16:22 - 000000000 ____D C:\Program Files (x86)\OEClassic
2018-04-30 16:57 - 2015-05-17 16:54 - 000001030 _____ C:\Users\Nick Crowther\Desktop\OE Classic.lnk

==================== Files in the root of some directories =======

2016-10-31 19:32 - 2016-10-31 19:32 - 000285478 ____H () C:\Program Files\569084471418571142779919224811710121830300.ico
2016-10-31 19:58 - 2016-10-31 19:58 - 000285478 ____H () C:\Program Files (x86)\44873372144719116123611015199532141106730.ico
2014-06-02 22:37 - 2014-06-02 22:37 - 000019366 _____ () C:\Users\Nick Crowther\AppData\Roaming\UserTile.png
2014-05-02 18:03 - 2017-04-09 20:31 - 000002554 _____ () C:\Users\Nick Crowther\AppData\Roaming\wklnhst.dat
2015-06-29 18:08 - 2015-06-29 18:08 - 000000038 ___SH () C:\Users\Nick Crowther\AppData\Local\69ff07055291669bb2b218.72821112
2014-05-02 21:45 - 2018-05-22 16:31 - 000180275 _____ () C:\Users\Nick Crowther\AppData\Local\ars.cache
2014-05-02 21:47 - 2018-05-22 16:31 - 002223358 _____ () C:\Users\Nick Crowther\AppData\Local\census.cache
2018-03-19 12:01 - 2018-03-19 12:01 - 000000036 _____ () C:\Users\Nick Crowther\AppData\Local\housecall.guid.cache
2018-02-13 17:07 - 2018-02-19 09:28 - 000011867 _____ () C:\Users\Nick Crowther\AppData\Local\Perfmon.PerfmonCfg
2018-05-12 06:24 - 2018-05-12 06:24 - 000000218 _____ () C:\Users\Nick Crowther\AppData\Local\recently-used.xbel
2014-04-30 22:39 - 2018-04-02 10:52 - 000007637 _____ () C:\Users\Nick Crowther\AppData\Local\Resmon.ResmonCfg
2014-04-30 16:19 - 2018-05-22 16:19 - 000000010 _____ () C:\Users\Nick Crowther\AppData\Local\sponge.last.runtime.cache
2017-05-20 14:26 - 2017-05-20 14:26 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{64C3660D-32CC-4E28-BE80-A65C5F36EFF3}.ini
2017-05-20 14:25 - 2017-05-20 14:25 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{6DEF1F24-4E6F-43DD-863B-D03CB7C9C767}.ini
2017-05-20 14:27 - 2017-05-20 14:27 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{814EFEC4-B3F8-4CC3-A908-75C77D2C661C}.ini
2017-05-20 14:25 - 2017-05-20 14:25 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{B0129282-0F3F-4588-BC0B-BDA5A85B2C6F}.ini
2017-05-20 14:30 - 2017-05-20 14:30 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{BA0F6D9F-863D-4639-A8B0-244CF4C8D0E3}.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\igd10umd32.dll
C:\Windows\System32\MSVBVM60.DLL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-17 18:20

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Nick Crowther (22-05-2018 20:20:28)
Running from C:\Users\Nick Crowther\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-16 11:09:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1653829839-743396242-3690768953-500 - Administrator - Disabled)
Guest (S-1-5-21-1653829839-743396242-3690768953-501 - Limited - Disabled)
Nick Crowther (S-1-5-21-1653829839-743396242-3690768953-1000 - Administrator - Enabled) => C:\Users\Nick Crowther

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
AOMEI Partition Assistant Standard Edition 7.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Awesome Duplicate Photo Finder v. 1.0 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)
Canon MG6400 series On-screen Manual (HKLM-x32\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG6400 series User Registration (HKLM-x32\...\Canon MG6400 series User Registration) (Version: - *Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
Core Temp 1.12 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12 - ALCPU)
CrystalDiskInfo 7.6.0 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.6.0 - Crystal Dew World)
Everything 1.4.1.895 (x64) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter)
Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 4.3 - ArcticLine Software)
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Ghostery (HKLM-x32\...\Ghostery) (Version: - Ghostery Inc)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.107 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
inSSIDer (HKLM-x32\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 5.6.5.394 - KC Softwares)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.17 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}) (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}) (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{47C4D20F-1A75-44F4-BF51-479C3119BEEF}) (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0070 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
LibreOffice 6.0.2.1 (HKLM\...\{673086D4-1E80-4ED2-A68E-2F6AF26F9760}) (Version: 6.0.2.1 - The Document Foundation)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-1653829839-743396242-3690768953-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219.473 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219.473 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (HKLM\...\{2CD849A7-86A1-34A6-B8F9-D72F5B21A9AE}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (HKLM\...\{C99E2ADC-0347-336E-A603-F1992B09D582}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 60.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-GB)) (Version: 60.0.1 - Mozilla)
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
OE Classic 2.8 (HKLM-x32\...\OEClassic) (Version: 2.8 - OE Classic)
Paint XP version 1.4 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.4 - MSPAINTXP.COM)
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PerfectDisk Professional (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.892 - Raxco Software Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registrar Registry Manager 8.04 (HKLM\...\RegistrarHome_is1) (Version: - Resplendence Software Projects Sp.)
Sandboxie 5.24 (64-bit) (HKLM\...\Sandboxie) (Version: 5.24 - Sandboxie Holdings, LLC)
SideWinder Precision 2 (HKLM-x32\...\SideWinder Precision 2) (Version: - )
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
TCPEye 1.0 (HKLM-x32\...\{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1) (Version: - Free Software Relase)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.0.0 - )
TreeSize Free V4.1.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.1.2 - JAM Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM\...\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Wise Disk Cleaner 9.7.3 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.7.3 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 9.6.2 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.6.2 - WiseCleaner.com, Inc.)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [Open With EncryptionMenu] -> ?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers1: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ContextMenuHandlers4: [EncryptionMenu] -> ?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers4: [Offline Files] -> ?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [FMMenuExt] -> {47C91696-894C-46A1-B196-2C7CA1952F45} => C:\Program Files (x86)\Folder Marker\ShellExt64.dll [2017-04-26] (ArcticLine Software)
ContextMenuHandlers6: [Offline Files] -> ?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19E3F9DA-4DBB-4872-AC41-5D0BAA1A71E6} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-06-28] (Lenovo.)
Task: {25C9C243-ED61-4262-B338-D5E7174C6FBB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-11] (AVAST Software)
Task: {3A40F84A-F471-4D4D-97AB-3A75DE4D45F3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-10] (Piriform Ltd)
Task: {4539E126-9E61-4CA9-AE90-46599B754756} - System32\Tasks\Core Temp Autostart Nick Crowther => C:\Program Files\Core Temp\Core Temp.exe [2018-05-19] (ALCPU)
Task: {4BC9EDEF-5C9A-4961-A93E-862830A33649} - System32\Tasks\{BE5ADCB2-5E5B-4563-A2B1-AA99DE395199} => C:\Windows\system32\pcalua.exe -a "C:\Users\Nick Crowther\Desktop\kb2538243\vcredist_x86.exe" -d "C:\Users\Nick Crowther\Desktop\kb2538243"
Task: {5BF700EC-9A89-47AC-A97B-24C39A30D3DF} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo64S.exe [2018-03-22] (Crystal Dew World)
Task: {6BCA0E34-F5C0-4404-85C9-A368D62A906A} - System32\Tasks\{12852366-FF67-4D23-A374-E67B654A7D19} => C:\Windows\system32\pcalua.exe -a "C:\Users\Nick Crowther\AppData\Local\Temp\wz26f6\StarterSetup.exe" -d "C:\Users\Nick Crowther\Desktop" <==== ATTENTION
Task: {82788567-A687-4058-8A19-B0BB1A459DAE} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2018-04-10] (WiseCleaner.com)
Task: {975ADE9A-6175-46A2-A79B-A1ABBD9B6EF2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-12-12] ()
Task: {C515788F-F2DE-4352-9A1D-6595005A56EF} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2018-05-09] (WiseCleaner.com)
Task: {C53C94A2-3816-45F1-A3D5-EB3262203436} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C53E8542-FCB9-4AFF-8388-AEBE5D92115F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C76703F1-3479-4175-80BD-483E0694DCA5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-30] (AVAST Software)
Task: {D1AB0025-25A6-4330-8175-DC022DF1EC4F} - System32\Tasks\{52B7BA68-AB52-48BB-89DE-779A182DA40E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Nick Crowther\Desktop\SandboxieInstall.exe" -d "C:\Users\Nick Crowther\Desktop"
Task: {D5B0DF14-4735-4D7A-BA88-E62EF0396535} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-12-12] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-11 07:39 - 2018-05-11 07:39 - 000736984 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 001069784 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 000598232 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-08-13 10:07 - 2016-06-10 13:38 - 000014848 _____ () C:\Portable Applications\Volmouse x 64\volumouse32.exe
2018-05-11 07:39 - 2018-05-11 07:39 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-22 18:13 - 2018-05-22 18:13 - 005843600 _____ () C:\Program Files\AVAST Software\Avast\defs\18052204\algo.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-11 07:39 - 2018-05-11 07:39 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-02 09:39 - 2018-03-02 09:39 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-29 14:27 - 2014-05-29 14:27 - 000000000 _____ () C:\Windows\system32\MSVBVM60.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:638E6F6B [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09788256.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33385302.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09788256.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33385302.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1653829839-743396242-3690768953-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick Crowther\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: FPLService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BD47DD9D-9AD4-48F2-A55C-26653414B541}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{14702395-6DE9-407D-9410-AD4935B10153}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{CF003831-0075-4544-92E5-CA112CB1CF86}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{7D312AF4-0320-4887-A186-092808675D74}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8AEEC93E-95BA-4DCE-A908-0122753B9EF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4E792665-BFC0-410E-B834-F8E12FEF8BBE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{58EB379C-BB9A-491B-B61E-907467B5A501}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D8913A0C-22D7-4A54-9D3F-E9425B03CD2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E349DE3E-BE5D-414E-8C2B-B8FA68D4A4EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Lenovo PM Device
Description: Lenovo PM Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: IBMPMDRV
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2018 07:56:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary ALSysIO.

System Error:
The system cannot find the file specified.
.

Error: (05/22/2018 06:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary ALSysIO.

System Error:
The system cannot find the file specified.
.

Error: (05/22/2018 06:49:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary ALSysIO.

System Error:
The system cannot find the file specified.
.

Error: (05/22/2018 06:49:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary ALSysIO.

System Error:
The system cannot find the file specified.
.

Error: (05/22/2018 06:44:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary ALSysIO.

System Error:
The system cannot find the file specified.
.

Error: (05/22/2018 06:36:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Portable Applications\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (05/22/2018 06:36:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Portable Applications\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (05/22/2018 06:36:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Portable Applications\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


System errors:
=============
Error: (05/22/2018 07:45:51 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume H: were aborted because the shadow copy storage failed to grow.

Error: (05/22/2018 06:44:27 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 3689.96 MB
Available physical RAM: 1736.88 MB
Total Virtual: 3688.13 MB
Available Virtual: 1864.93 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:30 GB) (Free:7.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:100 GB) (Free:39.07 GB) NTFS

\\?\Volume{e41f0644-579c-11e3-8370-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2823DDF6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Last edited by a moderator:

Corrine

Site Administrator, Microsoft MVP, Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
9,317
Location
Upstate, NY
Re: Win 7 X 64 SP1 On Screen Keyboard OSK) not working

Hi, Magdalene.

I edited your post to paste the logs for easier review. Having gone through the long thread about the onscreen keyboard, it certainly appears that plodr had you go through all the appropriate troubleshooting.

There does not appear to be much in your logs for cleanup. However, before we continue, why do you have System Restore disabled via the registry? Certainly you don't need to keep restore points going back many, many months. However, having a fresh System Restore point prior to making changes to your computer is recommended, particularly since you have Wise Registry Cleaner installed (which I do not recommend).

Please let me know when you have re-enabled System Restore and then we'll proceed.

Thank you.
 

Magdalene

Well-known member
Joined
Mar 19, 2017
Posts
75
Location
Uk
Re: Win 7 X 64 SP1 On Screen Keyboard OSK) not working

Hi, Magdalene.

I edited your post to paste the logs for easier review. Having gone through the long thread about the onscreen keyboard, it certainly appears that plodr had you go through all the appropriate troubleshooting.

There does not appear to be much in your logs for cleanup. However, before we continue, why do you have System Restore disabled via the registry? Certainly you don't need to keep restore points going back many, many months. However, having a fresh System Restore point prior to making changes to your computer is recommended, particularly since you have Wise Registry Cleaner installed (which I do not recommend).

Please let me know when you have re-enabled System Restore and then we'll proceed.

Thank you.
Hi Corrine,
Apologies, I should have copied and pasted those logs.
System Restore is now enabled on all partitions. Nowadays I always rely on a System Image when things go pear shaped as System restore has on occasion failed to
correct the problem. ( my current two backups by the way display the self same OSK problem as I generally backup every 2 or 3 weeks)
Wise Reg Cleaner results always reviewed manually before any changes as with Ccleaner but understand where you are coming from, and am not running any tools
whilst this problem still 'active'

Thanks again for everyone's help,

Magdalene.
 

Corrine

Site Administrator, Microsoft MVP, Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
9,317
Location
Upstate, NY
Re: Win 7 X 64 SP1 On Screen Keyboard OSK) not working

Even with doing a backup, I always "feel better" having a restore point before making changes on my computer. :smile9:

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".
Code:
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Toolbar: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 IBMPMDRV; system32\DRIVERS\ibmpmdrv.sys [X]
U3 usbaudio; no ImagePath
U3 UsbScan; no ImagePath
2016-10-31 19:32 - 2016-10-31 19:32 - 000285478 ____H () C:\Program Files\569084471418571142779919224811710121830300.ico
2016-10-31 19:58 - 2016-10-31 19:58 - 000285478 ____H () C:\Program Files (x86)\44873372144719116123611015199532141106730.ico
2015-06-29 18:08 - 2015-06-29 18:08 - 000000038 ___SH () C:\Users\Nick Crowther\AppData\Local\69ff07055291669bb2b218.72821112
2017-05-20 14:26 - 2017-05-20 14:26 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{64C3660D-32CC-4E28-BE80-A65C5F36EFF3}.ini
2017-05-20 14:25 - 2017-05-20 14:25 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{6DEF1F24-4E6F-43DD-863B-D03CB7C9C767}.ini
2017-05-20 14:27 - 2017-05-20 14:27 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{814EFEC4-B3F8-4CC3-A908-75C77D2C661C}.ini
2017-05-20 14:25 - 2017-05-20 14:25 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{B0129282-0F3F-4588-BC0B-BDA5A85B2C6F}.ini
2017-05-20 14:30 - 2017-05-20 14:30 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{BA0F6D9F-863D-4639-A8B0-244CF4C8D0E3}.ini
C:\Windows\System32\igd10umd32.dll
C:\Windows\System32\MSVBVM60.DLL
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [Open With EncryptionMenu] -> ?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers1: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers2: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers4: [EncryptionMenu] -> ?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers4: [Offline Files] -> ?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> ?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {6BCA0E34-F5C0-4404-85C9-A368D62A906A} - System32\Tasks\{12852366-FF67-4D23-A374-E67B654A7D19} => C:\Windows\system32\pcalua.exe -a "C:\Users\Nick Crowther\AppData\Local\Temp\wz26f6\StarterSetup.exe" -d "C:\Users\Nick Crowther\Desktop" <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:638E6F6B [130]
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 

Magdalene

Well-known member
Joined
Mar 19, 2017
Posts
75
Location
Uk
Re: Win 7 X 64 SP1 On Screen Keyboard OSK) not working

Hi Corrine,
Please find fixlog.txt as requested.View attachment Fixlog.txt

Magdalene

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Nick Crowther (23-05-2018 05:39:30) Run:1
Running from C:\Users\Nick Crowther\Desktop\FRST64
Loaded Profiles: Nick Crowther (Available Profiles: Nick Crowther)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Toolbar: HKU\S-1-5-21-1653829839-743396242-3690768953-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 IBMPMDRV; system32\DRIVERS\ibmpmdrv.sys [X]
U3 usbaudio; no ImagePath
U3 UsbScan; no ImagePath
2016-10-31 19:32 - 2016-10-31 19:32 - 000285478 ____H () C:\Program Files\569084471418571142779919224811710121830300.ico
2016-10-31 19:58 - 2016-10-31 19:58 - 000285478 ____H () C:\Program Files (x86)\44873372144719116123611015199532141106730.ico
2015-06-29 18:08 - 2015-06-29 18:08 - 000000038 ___SH () C:\Users\Nick Crowther\AppData\Local\69ff07055291669bb2b218.72821112
2017-05-20 14:26 - 2017-05-20 14:26 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{64C3660D-32CC-4E28-BE80-A65C5F36EFF3}.ini
2017-05-20 14:25 - 2017-05-20 14:25 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{6DEF1F24-4E6F-43DD-863B-D03CB7C9C767}.ini
2017-05-20 14:27 - 2017-05-20 14:27 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{814EFEC4-B3F8-4CC3-A908-75C77D2C661C}.ini
2017-05-20 14:25 - 2017-05-20 14:25 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{B0129282-0F3F-4588-BC0B-BDA5A85B2C6F}.ini
2017-05-20 14:30 - 2017-05-20 14:30 - 000000079 _____ () C:\Users\Nick Crowther\AppData\Local\Temp{BA0F6D9F-863D-4639-A8B0-244CF4C8D0E3}.ini
C:\Windows\System32\igd10umd32.dll
C:\Windows\System32\MSVBVM60.DLL
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [Open With EncryptionMenu] -> ?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers1: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers2: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers4: [EncryptionMenu] -> ?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers4: [Offline Files] -> ?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [Sharing] -> ?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> ?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {6BCA0E34-F5C0-4404-85C9-A368D62A906A} - System32\Tasks\{12852366-FF67-4D23-A374-E67B654A7D19} => C:\Windows\system32\pcalua.exe -a "C:\Users\Nick Crowther\AppData\Local\Temp\wz26f6\StarterSetup.exe" -d "C:\Users\Nick Crowther\Desktop" <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:638E6F6B [130]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKU\S-1-5-21-1653829839-743396242-3690768953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => invalid subkey removed.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\IBMPMDRV" => removed successfully
IBMPMDRV => service removed successfully
"HKLM\System\CurrentControlSet\Services\usbaudio" => removed successfully
usbaudio => service removed successfully
"HKLM\System\CurrentControlSet\Services\UsbScan" => removed successfully
UsbScan => service removed successfully
C:\Program Files\569084471418571142779919224811710121830300.ico => moved successfully
C:\Program Files (x86)\44873372144719116123611015199532141106730.ico => moved successfully
C:\Users\Nick Crowther\AppData\Local\69ff07055291669bb2b218.72821112 => moved successfully
C:\Users\Nick Crowther\AppData\Local\Temp{64C3660D-32CC-4E28-BE80-A65C5F36EFF3}.ini => moved successfully
C:\Users\Nick Crowther\AppData\Local\Temp{6DEF1F24-4E6F-43DD-863B-D03CB7C9C767}.ini => moved successfully
C:\Users\Nick Crowther\AppData\Local\Temp{814EFEC4-B3F8-4CC3-A908-75C77D2C661C}.ini => moved successfully
C:\Users\Nick Crowther\AppData\Local\Temp{B0129282-0F3F-4588-BC0B-BDA5A85B2C6F}.ini => moved successfully
C:\Users\Nick Crowther\AppData\Local\Temp{BA0F6D9F-863D-4639-A8B0-244CF4C8D0E3}.ini => moved successfully
C:\Windows\System32\igd10umd32.dll => moved successfully
C:\Windows\System32\MSVBVM60.DLL => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu" => removed successfully
HKLM\Software\Classes\CLSID\?{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Open With EncryptionMenu" => removed successfully
HKLM\Software\Classes\CLSID\?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Sharing" => removed successfully
HKLM\Software\Classes\CLSID\?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Sharing" => removed successfully
HKLM\Software\Classes\CLSID\?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EncryptionMenu" => removed successfully
HKLM\Software\Classes\CLSID\?{A470F8CF-A1E8-4f65-8335-227475AA5C46} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Sharing" => removed successfully
HKLM\Software\Classes\CLSID\?{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu" => removed successfully
HKLM\Software\Classes\CLSID\?{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\?{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BCA0E34-F5C0-4404-85C9-A368D62A906A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BCA0E34-F5C0-4404-85C9-A368D62A906A}" => removed successfully
C:\Windows\System32\Tasks\{12852366-FF67-4D23-A374-E67B654A7D19} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12852366-FF67-4D23-A374-E67B654A7D19}" => removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\ProgramData\TEMP => ":638E6F6B" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10197491 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 23443271 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 1152 B
Public => 0 B
ProgramData => 0 B
systemprofile => 290 B
systemprofile32 => 9035 B
LocalService => 0 B
NetworkService => 0 B
Nick Crowther => 6069329 B

RecycleBin => 0 B
EmptyTemp: => 37.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:40:16 ====
 
Last edited by a moderator:

Corrine

Site Administrator, Microsoft MVP, Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
9,317
Location
Upstate, NY
Hi, Magdalene.

Based on what was in your logs as well as what was removed by FRST, I don't see how that would have solved the problem with on-screen keyboard not working. However, based on the Lenovo items shown in "installed programs", it appears your device may be a T-430, or not. :smile9: I suggest you go to the Lenovo Home Global Support and enter your product information and run the troubleshooter.
 
Top