[Pat_54]

Hi Godawgs

Thank you that worked going to do the erunt now. I'll be back after doing the rest that you ask. Ok I did the system restore it worked fine. Followed the instructions and re downloaded STPD file everything worked fine on the second try. Downloaded erunt and backed up the registry. Went into registry as directed but when I doubled clicked source path and edit string opened the value was already set to C:\Windows so I closed registry and restarted computer. Ran cmd.exe and cmd window opened. C:\documents and settings\administrator> typed in sfc /scannow and got the same thing as before. A dialog box appears named Window File Protection please wait, starts to run then dialog box pop ups that says, files that are required for windows to run properly must be copied to the DLL CACHE. Insert your windows XP Professional Service Pack 3 CD now. three things to choice Retry Information Cancel. Tried several times clicking retry but won't do nothing. Cancel brings up dialog box that says: if you cancel, windows might require you to insert a CD later. Are you sure you want to skip this file? yes or no. I clicked yes and it brought me back to command prompt so I just typed exit. Awaiting further instructions. Thanks Pat

Edited by Pat_54, 05 March 2013 - 01:22 AM.

[Advertisements]

I believe that the error message is telling us that the missing or corrupted files in the dllcache folder aren't found in the C:\Windows\I386 folder and that is why it is asking for the installation CD to find a copy. But the CD that you have only has XP2 on it so it says it's the wrong CD. I am goning to check a couple of other Registry keys and values but I will do that with a OTL custom scan. If those are OK we will edit the Registry to point to a more recent I386 folder and see if SFC can find the needed files there.
If that doesn't work we will then start looking at the system event logs to see if we can identify the files and get them into the dllcache folder.
In the end this may not help with the issues you are experiencing with IE but we need to replace those files if we can find them.


OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

2. Re-open on the desktop. To do that:

• XP users: Double click on the OTL icon.

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the greyed out NONE button at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Post the OTL.txt log in your next reply.

[godawgs]

I believe that the error message is telling us that the missing or corrupted files in the dllcache folder aren't found in the C:\Windows\I386 folder and that is why it is asking for the installation CD to find a copy. But the CD that you have only has XP2 on it so it says it's the wrong CD. I am goning to check a couple of other Registry keys and values but I will do that with a OTL custom scan. If those are OK we will edit the Registry to point to a more recent I386 folder and see if SFC can find the needed files there.
If that doesn't work we will then start looking at the system event logs to see if we can identify the files and get them into the dllcache folder.
In the end this may not help with the issues you are experiencing with IE but we need to replace those files if we can find them.


OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

2. Re-open on the desktop. To do that:

• XP users: Double click on the OTL icon.

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the greyed out NONE button at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Post the OTL.txt log in your next reply.

[Pat_54]

Ho Godawgs

Here is the OTL

OTL logfile created on: 3/5/2013 5:25:17 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 76.85% Memory free
3.84 Gb Paging File | 3.45 Gb Available in Paging File | 89.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.71 Gb Total Space | 42.21 Gb Free Space | 61.43% Space Free | Partition Type: NTFS
Drive D: | 5.80 Gb Total Space | 2.95 Gb Free Space | 50.78% Space Free | Partition Type: FAT32

Computer Name: PATTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion >
"SubVersionNumber" =
"CurrentBuild" = 1.511.1 () (Obsolete data - do not use)
"InstallDate" = 1216887476
"ProductName" = Microsoft Windows XP
"RegDone" =
"RegisteredOrganization" =
"RegisteredOwner" =
"SoftwareType" = SYSTEM
"CurrentVersion" = 5.1
"CurrentBuildNumber" = 2600
"BuildLab" = 2600.xpsp_sp3_gdr.130107-0416
"CurrentType" = Multiprocessor Free
"CSDVersion" = Service Pack 3
"SystemRoot" = C:\WINDOWS -- [2013/03/05 17:14:08 | 000,000,000 | ---D | M]
"SourcePath" = C:\WINDOWS\I386 -- [2009/05/09 08:59:42 | 000,000,000 | ---D | M]
"PathName" = C:\WINDOWS -- [2013/03/05 17:14:08 | 000,000,000 | ---D | M]
"ProductId" = 76487-OEM-0011903-00806
"DigitalProductId" = A4 00 00 00 03 00 00 00 37 36 34 38 37 2D 4F 45 4D 2D 30 30 31 31 39 30 33 2D 30 30 38 30 36 00 2D 00 00 00 41 32 32 2D 30 30 30 30 31 00 00 00 00 00 00 00 CC 9D 2F 8E 46 80 51 CF CF D9 E9 D2 DE D0 00 00 00 00 00 00 3F D8 87 48 71 89 07 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 32 34 30 36 00 00 00 00 00 00 00 67 15 00 00 06 47 E2 A4 FF 07 00 00 A8 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 F4 B1 E1 [Binary data over 200 bytes]
"LicenseInfo" = E7 F4 E2 D2 AB A4 B3 CC F3 F7 02 6C DA EB 02 37 A8 BA F3 4C 67 06 A9 D2 EF D2 C8 36 C8 A1 0F 35 99 F5 05 84 F9 07 F5 F3 5D 80 BA 02 C4 0D 81 E1 52 CD 39 00 11 C5 16 5A [binary data]
"IeakHelpString" = This is a customized version of Internet Explorer.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ELK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownFunctionTableDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LastFontSweep]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ModuleCompatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\related.desc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\systemCode]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup >
"DriverCachePath" = %SystemRoot%\Driver Cache -- [2006/06/16 21:26:05 | 000,000,000 | ---D | M]
"BootDir" = C:\ -- [2013/03/05 01:35:19 | 000,000,000 | ---D | M]
"PrivateHash" = E0 50 74 D0 2B F5 FC 48 CB BC D9 FA 6B C9 86 BB [binary data]
"Installation Sources" = C: -- [2013/03/05 01:35:19 | 000,000,000 | ---D | M]
"SourcePath" = c:\windows -- [2013/03/05 17:14:08 | 000,000,000 | ---D | M]
"ServicePackSourcePath" = c:\windows\ServicePackFiles -- [2008/07/25 10:51:50 | 000,000,000 | ---D | M]
"CDInstall" = 0
"LogLevel" = 0
"ServicePackCachePath" = c:\windows\ServicePackFiles\ServicePackCache -- [2008/07/25 10:54:59 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures]

< End of report >

[godawgs]

The keys are pointing to the correct location so there goes my other idea for changing the Registry values.

Guess we will need to do some detective work and have a look at the system event logs.

• Click Start then click Run
• In the Open box type compmgmt.msc and click the OK button. The Computer Management window will open.
• In the tree on the left click the + beside Event Viewer
• Click System. The right pane will populate with system events.
• Fairly high in the right part of the window, below Source there should be at least 1 entry of Windows File Protection and the value in the Event column should be 64017.
  
  Possible values in the right part of the windows in the Event column could be:
  • 64016: System File Checker has started.
  • 64021: System File Checker hasn't been able to successfully restore a certain file.
  • 64017: System File Checker has finished.
  
  All Windows File Protection entries with an Event ID of 6421 are the ones we are interested in.
• Double click on a Windows File Protection entry with an event ID of 6421. A window will pop up.
• Click the Copy button. This will put the event details in the Windows clipboard.
• Click the Close button.
• Open a new text file. Right click inside the file and click Paste. This will put the event details in the text file.
• Minimize the text file and double click on the next Windows File Protection event with an ID of 6421, then copy and add it to the text file.
• Do this until you have included all of the events with an ID of 6421.
• Close the Computer Management window.
• Save the text file with a name like Events.txt and post it in your next reply.

[Pat_54]

Hi Godawgs

This is what I found in event viewer. Hope I did this right. I copied everyone I found.

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/5/2013\par
Time:\tab\tab 2:48:49 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/5/2013\par
Time:\tab\tab 2:48:41 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/5/2013\par
Time:\tab\tab 2:48:28 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/5/2013\par
Time:\tab\tab 2:42:16 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/5/2013\par
Time:\tab\tab 2:28:40 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/5/2013\par
Time:\tab\tab 1:56:45 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:56 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\ehituner.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:53 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\ehiepg.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:51 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\ko\\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:48 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\ja\\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:37 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\fr\\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:34 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\de\\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:29 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\zh-chs\\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:20:20 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\windows\\ehome\\ehcircl.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:17:35 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\wmpns.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 4:04:48 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\npdrmv2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 3:51:20 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 3:51:15 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
Event Type:\tab Information\par
Event Source:\tab Windows File Protection\par
Event Category:\tab None\par
Event ID:\tab 64021\par
Date:\tab\tab 3/4/2013\par
Time:\tab\tab 3:50:58 AM\par
User:\tab\tab N/A\par
Computer:\tab PATTY\par
Description:\par
The system file c:\\program files\\windows media player\\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.\par
]. This file is necessary to maintain system stability.\par
\par
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.\par
\par
}

[godawgs]

This is what I found in event viewer. Hope I did this right. I copied everyone I found.

Yep, that's perfect.
The good news is that files are not the kind of system critical files that I was looking for and that means that those files are OK.
The files are related to Windows Media Center and Windows Media Player so I don't think they are what we are looking for. I'm gonna get a md5 on the the files and check them out.
The problem with SFC not being able to copy the Media Center files to the dllcache folder is one that has been known to Microsoft for some time. It doesn't mean that the files are missing from the program, just that they are not in the folder that SFC looks in to find them, the Windows\I386 folder. This is because, according to a Microsoft KB article:
NOTE: The bold and red emphasis was added by me.

When you run the sfc.exe /scannow command, you may be prompted to provide certain Windows installation files. Because Windows XP Media Center Edition 2005 was included with your computer, the computer manufacturer may have customized the location of the Windows installation files. Therefore, the location of these Windows installation files may vary.
Media Center Technical Support
Because Microsoft Windows XP Media Center Edition was included with your hardware device or system, the hardware manufacturer provides technical support and assistance for this software. Your manufacturer may have customized the installation with unique components such as specific device drivers and optional settings to maximize the performance of that manufacturer's hardware. If you require technical help with Windows XP Media Center Edition, contact your manufacturer directly because the manufacturer is best qualified to support the software that the manufacturer has installed on the hardware.

The other files are related to the Media Player. I don't have any idea why the upgrade to Media Player 11 didn't put a copy of the files in the dllcache folder, but again, that doesn't mean they are missing from the Media Player program. It just means that for some reason the files weren't added to the Windows\I386 folder that SFC looked in. If you use the Windows Media Player a lot then open it and make sure it is working properly. If it isn't it can be uninstalled from the Add/Remove Programs list then downloaded and re-installed. But if you aren't comfortable doing that, once we are finished here, you can go to our XP systems forum and post a topic asking for help. Anyone can reply there. And a lot of our regular members know a lot about this but I would look for any reply by a member who has a green Expert label or Tech badge under the name and photo.

Questions:When did you first notice this issue with IE taking so long to open pages etc;?
Did you make any changes to the system around that time like adding any M/Soft updates like the Microsoft NET framework 4 update or adding any new programs or hardware or updating any hardware drivers etc;?

We are gonna do a new FULL OTL scan that will include the files I want to check. This will also give me a final look at the system entries so we can clean up anything needed during the clean up process.
Before the cleanup process I will give you instructions to completely remove the old Firefox so that if you decide to install it to use as a browser when going to sites that require Java you will get a clean install.


OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
ehituner.dll
ehiepg.dll
ehepgdat.resources.dll
ehcircl.dll
npwmsdrm.dll
npdsplay.dll
mplayer2.exe
wmpns.dll
npdrmv2.dll
/md5stop

2. Re-open on the desktop. To do that:

• XP users: Double click on the OTL icon.

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console
• Do Not click the box beside Include 64bit Scans at the top of the console. (If it is there)
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The OTL.txt log

[Pat_54]

Hi Godawgs

I'm so sorry but I really can't pin point when the issue with IE started. I just know sometimes if it was slow to open, I mostly took it as being ISP server problems or that the computer was getting as I called, junked up. I had search out several things with another laptop that I have here and there was some problems with the DSL modem, but not with having any slowing or opening websites or trying to click on any links on sites. I have since had the server tech come here and they had changed things with my DSL modem. I thought once that was fixed, things would be okay with this laptop, but no luck. I have to assume it is something with this computer since the other one works fine. But to actually say when it happened or if it was something downloaded from windows update that triggered it, I'm sorry, I really can't say. When I bought this laptop it had Windows Media Center Edition on it, I have the recovery disk but it only has service pack 2 on it and it says wrong CD. I went on a little search after I read your last message to me. This might not have anything to do with this or might not help at all but I hope it will, I feel so useless that I can't help you more. I did look in, C:\windows\system32 and I believe this is where the original files are, and found a file there C:\windows\system32\dll.cache. Is this where the files may be stored? Also you asked me to run OTL and here is the results.

OTL logfile created on: 3/6/2013 3:02:56 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.74% Memory free
3.84 Gb Paging File | 3.43 Gb Available in Paging File | 89.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.71 Gb Total Space | 42.12 Gb Free Space | 61.29% Space Free | Partition Type: NTFS
Drive D: | 5.80 Gb Total Space | 2.95 Gb Free Space | 50.78% Space Free | Partition Type: FAT32

Computer Name: PATTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/24 04:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2012/11/06 23:03:25 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/07 19:40:06 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/14 15:42:18 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/14 15:40:52 | 001,376,340 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/02 02:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 02:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Services (SafeList) ==========

SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2012/09/07 19:40:06 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2008/12/01 10:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/24 03:02:46 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/22 00:47:50 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/31 10:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/04 09:19:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCVideo32.sys -- (MusCVideo32)
DRV - [2008/06/04 09:19:16 | 000,508,544 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCDriverV32.sys -- (MusCDriverV32)
DRV - [2007/12/14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/09/14 12:03:52 | 000,980,736 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/08/02 03:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/14 15:21:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/03/14 15:19:24 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/03/14 15:18:00 | 000,851,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/03/14 15:15:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/03/14 15:15:24 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/03/14 15:14:52 | 000,065,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/14 15:12:02 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/03/14 15:10:56 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/09/09 17:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/06/30 04:50:00 | 000,072,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/06/30 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/06/30 04:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...s=PTB&M=NX860XL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...s=PTB&M=NX860XL
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4230808171-790681429-768623690-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/10 18:36:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/02/28 02:27:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-4230808171-790681429-768623690-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4230808171-790681429-768623690-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4230808171-790681429-768623690-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4230808171-790681429-768623690-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4230808171-790681429-768623690-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2698A5C7-EA98-4195-ADC3-6AB12C1614C6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/05 01:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/03/05 01:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/03/05 01:09:12 | 000,663,128 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Administrator\Desktop\SPTDinst-v183-x86.exe
[2013/03/04 05:36:55 | 020,564,496 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 19.0.exe
[2013/03/04 04:52:52 | 000,354,265 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2013/03/02 16:14:03 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/02 16:14:02 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/02 15:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/03/02 15:13:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/02 15:13:19 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/02 15:13:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/02 15:13:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/02 15:13:13 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/02 15:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/28 03:48:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/28 02:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/02/28 02:23:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/28 02:23:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/28 02:23:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/28 02:23:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/28 02:23:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/28 02:18:21 | 005,036,023 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/02/27 20:48:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/02/26 16:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Fix IE
[2013/02/24 18:19:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/24 04:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\documents
[2013/02/24 04:15:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/10 18:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\RealNetworks
[2013/02/10 18:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/02/10 18:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/02/10 18:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/02/10 18:36:09 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/02/10 18:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/02/10 18:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2013/02/10 18:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/01 02:14:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/03/06 14:51:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/06 14:50:57 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/03/06 14:40:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/06 01:46:42 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Administrator\random.dat
[2013/03/06 00:17:44 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
[2013/03/05 01:35:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2013/03/05 01:09:17 | 000,663,128 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Administrator\Desktop\SPTDinst-v183-x86.exe
[2013/03/04 05:36:56 | 020,564,496 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 19.0.exe
[2013/03/04 04:53:11 | 000,354,265 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2013/03/04 03:09:41 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/02 16:34:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2013/03/02 16:14:03 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/02 16:14:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/02 15:12:59 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/02 15:12:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/02 15:12:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/02 15:12:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/02 15:12:56 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/02 15:12:55 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/02 15:12:55 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/02 14:15:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/01 02:56:29 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2013/02/28 04:07:18 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/02/28 02:27:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/28 02:18:32 | 005,036,023 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/02/27 20:49:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/02/26 16:39:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/02/26 16:34:32 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/02/26 16:34:32 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/02/26 16:25:07 | 000,415,707 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fix IE.zip
[2013/02/26 16:21:37 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2013/02/24 15:33:25 | 000,881,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2013/02/24 15:23:42 | 000,594,019 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2013/02/24 04:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/24 02:04:48 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PC Matic.lnk
[2013/02/14 16:47:41 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 01:16:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/14 01:14:15 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/14 01:14:15 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/10 18:36:09 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/02/10 18:36:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/02/10 18:36:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/02/10 18:35:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2013/03/05 01:35:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2013/03/02 16:07:50 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/28 02:23:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/28 02:23:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/28 02:23:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/28 02:23:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/28 02:23:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/27 21:17:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2013/02/26 16:49:36 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/02/26 16:24:58 | 000,415,707 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fix IE.zip
[2013/02/26 16:21:37 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2013/02/24 15:33:12 | 000,881,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2013/02/24 15:23:21 | 000,594,019 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2013/02/24 15:03:34 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/24 02:04:48 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PC Matic.lnk
[2012/10/25 23:30:19 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_loginapplet_LIVE.dat
[2012/06/21 19:00:42 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE1.dat
[2012/06/01 22:30:20 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
[2012/05/12 18:53:16 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Administrator\random.dat
[2012/02/25 20:00:35 | 000,000,316 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2012/02/17 11:03:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 00:20:18 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2012/01/30 00:20:15 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2012/01/30 00:20:15 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2012/01/30 00:20:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2012/01/30 00:20:10 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2012/01/30 00:20:10 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2012/01/30 00:20:05 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2012/01/30 00:20:04 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/20 20:24:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ESGAppInfo.dll
[2011/11/20 12:41:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/28 22:53:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/10/28 22:53:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/10/28 22:53:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2011/01/25 07:14:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 23:49:05 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2009/04/07 19:38:36 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2009/02/10 00:47:28 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ghH6NSCmtt.gif
[2009/02/10 00:47:28 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ghH6NSCmnn.gif
[2009/02/10 00:47:28 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ghH6NSCmyy.gif
[2009/02/05 19:04:32 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2009/01/31 23:59:44 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\tt.gif
[2009/01/31 23:59:44 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\nn.gif
[2009/01/31 23:59:44 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\yy.gif
[2009/01/01 20:48:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/01/01 02:14:27 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
[2009/01/01 02:14:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/01/01 02:14:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/08/14 20:04:24 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2008/07/29 21:37:50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/06/17 04:37:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/02/01 00:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2012/02/26 00:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2009/05/09 10:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blitware
[2011/03/11 18:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\bsbandmltbpi
[2011/12/20 19:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/05/09 09:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/08/24 23:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2011/07/20 14:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2009/02/01 00:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2008/07/24 03:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/07/24 02:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2009/05/28 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Musicmatch
[2011/02/27 20:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2011/04/08 08:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/12/20 21:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/05/11 11:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/07/20 15:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2008/08/13 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2008/08/15 00:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ringtone
[2008/12/29 23:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RipIt4Me
[2008/07/24 02:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/10/29 01:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011/07/21 23:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDVDCreator
[2010/10/06 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/04/07 19:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2011/11/15 13:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2011/07/20 20:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2012/07/04 15:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/07/19 22:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/11/15 12:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2009/05/09 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2012/01/29 23:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverWizard
[2010/11/03 11:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/08/13 20:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/02/27 20:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/02/25 02:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/09 08:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/08/13 23:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/03/06 14:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/10/28 22:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/01/01 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/07/24 03:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2008/07/24 02:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: NPDSPLAY.DLL >
[2004/08/10 14:00:00 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) MD5=07DED8A6959AB2F75EBD057656109C72 -- C:\WINDOWS\$NtUninstallKB911564$\npdsplay.dll

< >
[2006/06/17 04:23:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/06/17 04:45:27 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013/02/24 15:03:34 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/26 16:49:36 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\Tasks\MpIdleTask.job

< >

< >

< End of report >

Edited by Pat_54, 06 March 2013 - 09:56 PM.

[godawgs]

Hi Pat,

I did look in, C:\windows\system32 and I believe this is where the original files are, and found a [color=redfile[/color] there C:\windows\system32\dll.cache. Is this where the files may be stored?

The files are stored in the C:\windows\system32\dllcache folder, but I'm not clear about what you found. Did you find a file named dll.cache in the C:\windows\system32 folder or did you mean you found a folder named dllcache in the C:\windows\system32 folder?

The OTL scan doesn't show any malware but it didn't find any of the missing files in either the correct program folder, the windows\I386 folder or the dllcache folder. This isn't really my strong suit so I'm gonna need to check with some colleagues.

I'll be back.

[Pat_54]

Hi Godawgs

This is what I found. C:\WINDOWS\system32\dllcache. When I opened this I was just looking at all the files, there are several files in here but came across something that looks a little suspicious to me. There is three red icons called EQ. One says, eqndiag.exe and when I hover mouse over it description is equinox channel diagnostics. company is Equinox Systems Inc., gives file version, date created and size. The second says, eqnlogr.exe, description is equinox logger and IRP trace utility, same company, date version and size. Third one says, eqnloop.exe, description loopback utiity, same company, date created and size. I don't even know if this is anything but looked suspicious so wanted to ask. I know I never downloaded anything with this name and the date this was created was 1/21/2012 so nothing that was installed when computer was bought. I will wait to hear back from you. Thanks again. Pat

Edited by Pat_54, 07 March 2013 - 04:06 AM.

[godawgs]

Equinox Systems is a software provider for the communications industry. The files research as clean. They could have been installed by your internet provider or some other software that updated them when it was updated.
If you want to check them out, go back to post #6 and in number 2, copy and paste the following (one at a time) in the Choose File Box:

C:\WINDOWS\system32\dllcache\eqndiag.exe
C:\WINDOWS\system32\dllcache\eqnlogr.exe
C:\WINDOWS\system32\dllcache\eqnloop.exe

If the files come back as infected copy the results and paste them in your next reply or post a link to each file.
If they come back OK. Let me know and we will continue with the IE issue.

[Pat_54]

Hi Godawgs

The files come back clean.

[godawgs]

That's good.

I want to see if we start IE without any add-ons if you still have the problem. If you do I want you to start Windows in a Clean Boot state and see if that has any effect.


Run IE without Add-ons

• Click Start, then click Run. The Run dialog window will open.
• In the Open box type iexplore –extoff and click the OK button. This opens up IE without ActiveX controls and browser extensions. You will probably get a warning like the image below:
  
  
  
• Browse in IE and see if the problem is still there.

IF the problem is still there...


Step 1: Start the System Configuration Utility

Click Start, click Run, type msconfig, and then click OK.The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options

• In the System Configuration Utility dialog box, click the General tab, and then click [b[Selective Startup[/b].
• Click to clear the Process SYSTEM.INI File check box.
• Click to clear the Process WIN.INI File check box.
• Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
• Click the Services tab.
• Click to select the Hide All Microsoft Services check box.
• Click Disable All, and then click OK.
• When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

• If you are prompted, log on to Windows.
• When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.
  
  

  You have used the System Configuration Utility to make changes to the way Windows starts.
  The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
  Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

Step 4: Determine whether the problem is resolved

After the computer starts, open IE and see if the problem is resolved.
Very Important:If the problem is still there STOP here and change msconfig to start Windows normally andlet me know.


Steps to configure Windows to use a Normal startup state

You can follow these steps to configure Windows XP to start normally.

• Click Start, and then click [/b]Run[/b].
• Type msconfig, and then click OK.
• The System Configuration Utility dialog box is displayed.
• Click the General tab, click Normal Startup - load all device drivers and services, and then click OK.
• When you are prompted, click Restart to restart the computer.

If the problem doesn't re-occur, the interference is occurring because of a background program or service. In this case, see the "Determine what is causing the problem" section.


Determine what is causing the problem

Step 1: Start the System Configuration Utility again.

Step 2: Enable half of the Services items

• Click the Services tab, and then click to select the Hide All Microsoft Services check box.
• Click to select half of the check boxes in the Services list.
• Click OK.
• When you are prompted, click Restart.

Step 3: Determine whether the problem is resolved

If the problem still occurs after you restart the computer, follow these steps:

• Repeat Step 1 and Step 2 except that, in Step 2, click to clear half of the check boxes in the Services list that you originally selected.
• If the problem still occurs after another restart, click to clear half of the remaining check boxes again until one service is running when the problem occurs.
• If the problem does not occur after a restart, reverse the selection of check boxes. Repeat this process until you can isolate the one service that is running when this problem occurs.
  
  If the problem does not occur after you restart the computer, follow these steps:
• Repeat Step 1 and Step 2 except that, in step 2, click to select half of the cleared check boxes.
• If the problem still does not occur after another restart, click to select half of the cleared check boxes again. Repeat this process until you have selected all the check boxes and the problem still does not occur.
• If the problem occurs after a restart, click to clear half of the check boxes that you last selected. Repeat this process until you can isolate the one service that is running when this problem occurs.

If you can isolate one service that is selected when the problem occurs, that service is the one that causes the problem.

[Pat_54]

HI Godawgs

Hi ran the IE with no add ons and problem still there. I did msconfig and problem still there. So will wait till you tell me what to do from here. Thanks Pat

Edited by Pat_54, 08 March 2013 - 04:06 PM.

[godawgs]

Well I'm running out of suggestions. It will probably be easier if you download all these tools to the desktop first and then close the browser and all windows and run them.


Step-1.

Scan with Speccy:

Please download the installer for Speccy from here to your Desktop. Look in the upper right for the Download Latest Version button.

• Double-click on spsetupNNN.exe to install the application >> follow the prompts >> deselect the option Automatically check for updates to Speccy(the others leave as is per your preference) >> Install
• Deselect View Release notes but leave Run Speccy vN.NN selected >> Finish
• Speccy will now automatically scan your system, this may take some time etc.
  When it finishes the little icon in the bottom left will stop moving.
• Once it has completed scanning >> click on File >> Save as Text File... >> select the Desktop as the save destination >> Save. Note the name it gives the file.
• Close Speccy.
• Open the notepad file you have just saved...
• Scroll down to the heading Operating System >> next to Serial Number:
• Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Step-2.

Scan with Process Explorer:

Please download Process Explorer from here to the desktop.

• Double click (Vista/7/8 users will need to right click and click Run as Administrator on the procexp.exe file to start the application >> Agree
• Click on View >> Select Columns... >> ensure Verified Signer is selected >> OK
• Click Options >> Verify Image Signatures
• Now click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
• Wait for a few minutes...
• Then click on File >> Save As... >> choose the Desktop as the save destination >> Save
• Post the contents of the notepad file created Procexp.txt in your next reply for my review.

NEXT.... Open IE and run Process Explorer again. When it finishes, post it along with the log you got from the first run of Process Explorer when IE wasn't running.


Step-3.

Clear Event Logs

• Click Start then click Run.
• Type eventvwr.msc in the Open box and click the OK button. The Computer Management window will open.
• On the left side of the window, Right click on System and click Clear All Events
• Click No when asked if you want to save the old logs and click OK.
• Repeat for the Applications
• Close the Computer Management window and Reboot.

Step-4.

• Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
• Double-click VEW.exe
• Under Select log to query select: :
  
  • System
• Under Select type to list select:
  
  • Error
  • Warning
  Then use the Number of events as follows:
• Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
  Notepad will open with the output log.

Please post the Output log in your next reply

Then repeat the above instructions but under Select log to query select Application and post that output log also.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Speccy log
2. The Process Explorer logs (one when IE was not running and one when it was)
3. The Event Viewer System and Application logs.

[Pat_54]

Hi Godawgs

I downloaded all the next steps you have asked me to but I wanted to tell you I also decided to try something. I downloaded firefox browser. Their is a huge difference between the two browsers. But OMG it is lightning fast. There is no delay, no waiting nothing like what was happening in IE. Pages don't hang and mouse moves like it use to in IE. It will take some adjustment for me to get use to using firefox but I think I can do it. Sometimes you hate change and I sure would like to know what happened to IE, you know how curiosity killed the cat well that's how I'm going to feel never finding out what was really wrong with IE. I'm so sorry that I didn't do this a while ago before I had you going plum crazy trying to figure out IE's flaws. If you want I can run the steps you mentioned but if you rather proceed we can. It's hard to believe how fast this browser is. Computer is sailing on the internet no problems what so ever. Again, I'm so sorry that I put you through all this. Thanks again for being so patient with me. Awaiting to hear from you on what u want me to do.

Edited by Pat_54, 10 March 2013 - 02:02 AM.