[slduke450]

Ok, the error message '53' is gone, Yeah!  I still have the virus quarantined in Mcafee (Threat Name:Artemis!4A4A32DAC4E6) (5FILES) should I run the Dat's download Mcafee suggested or leave well enough alone? My computer still sounds like its running rough but CPU Usage is low 0-6% and Memory is 1.26 GB, is that ok?  My next concern is the Internet, it's still a little off, I keep getting error 404 or 500 something and says I cant view the page? Would that be active x? pages want me to install shock wave? I want to be safe but be able to view web pages... should I download something for this?  I have virus protection but no malware, spyware protection is there a good free one if not, point me in the right direction, I have definitely downloaded malware before lol. Last question I promise.  I still have a lot of programs stopped running , A lot of  NET services, ASP.Net state service, Bit locker drives ,CNG key isolation, lltd.serv, Microsoft. Net frameworks. Here is the scan.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by shannon (2015-11-16 19:46:59) Run:2
Running from C:\Users\New Standard\Desktop
Loaded Profiles: shannon & New Standard (Available Profiles: shannon & New Standard)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-557553889-3344713927-2868400717-1000\...\Run: [FCACheck] => C:\Windows\SysWOW64\FCA\FCACheck.exe [28672 2009-02-08] (InfoWorks Technology Company)
HKU\S-1-5-21-557553889-3344713927-2868400717-1007\...\Run: [FCACheck] => C:\Windows\SysWOW64\FCA\FCACheck.exe [28672 2009-02-08] (InfoWorks Technology Company)
C:\Windows\SysWOW64\FCA
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKU\S-1-5-21-557553889-3344713927-2868400717-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FCACheck => value removed successfully
HKU\S-1-5-21-557553889-3344713927-2868400717-1007\Software\Microsoft\Windows\CurrentVersion\Run\\FCACheck => value removed successfully
C:\Windows\SysWOW64\FCA => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-557553889-3344713927-2868400717-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-557553889-3344713927-2868400717-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-557553889-3344713927-2868400717-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-557553889-3344713927-2868400717-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 216.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:47:23 ====

[Advertisements]

OK lets now see if we can resolve the service problem

Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme

Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop



Next select Step 5 and back up the registry



Open the Repairs tab



Select the following repair numbers :

3, 7, 13, 26 and 27

Set the system to reboot on completion
The press Start Repairs

[Essexboy]

OK lets now see if we can resolve the service problem

Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme

Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop



Next select Step 5 and back up the registry



Open the Repairs tab



Select the following repair numbers :

3, 7, 13, 26 and 27

Set the system to reboot on completion
The press Start Repairs

[slduke450]

I wasn't sure if and what you want me to send so I'm sending both repair log's, I hope I didn't mess up, I did the reparse points they said to do to correct it?? and I backed up registry both times.

 

┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair v3.6.4 - Pre-Scan
│ Computer: SHANNON-PC (Windows 7 Home Premium 6.1.7601 Service Pack 1) (64-bit)
│ [Started Scan - 11/17/2015 11:02:19 AM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (11/17/2015 11:02:19 AM)
│
│ No problems were found with the Packages Files.
│
│ Files Checked & Verified: 4,021
│
│ Done Scanning Windows Packages Files.(11/17/2015 11:03:31 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (11/17/2015 11:03:31 AM)
│
Reparse Point: (Type: JUNCTION) (Name: My Documents) (Original Path: C:\Windows\SysWOW64\config\systemprofile\My Documents) (Target Path: C:\Windows\system32\config\systemprofile\Documents) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: NetHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\NetHood) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: PrintHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\PrintHood) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: Recent) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Recent) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: SendTo) (Original Path: C:\Windows\SysWOW64\config\systemprofile\SendTo) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: Start Menu) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Start Menu) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: Templates) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Templates) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Music) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Music) (Target Path: C:\Windows\system32\config\systemprofile\Music) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Pictures) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures) (Target Path: C:\Windows\system32\config\systemprofile\Pictures) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

Reparse Point: (Type: JUNCTION) (Name: My Videos) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos) (Target Path: C:\Windows\system32\config\systemprofile\Videos) (Creation Time: 5/3/2013 4:41:04 PM)
Target Path doesn't exist!

│ Missing Default Reparse Point: (Original Path: C:\Users\Default\Cookies) (Target Path: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies)
│ A Default Reparse Point is missing and this can cause problems on the system.
│
│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.
│
│ Files & Folders Searched: 202,660
│ Reparse Points Found: 13,865
│
│ Done Scanning Reparse Points.(11/17/2015 11:05:55 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (11/17/2015 11:05:56 AM)
│
│ This folder in the 'Path' variable doesn't exist: C:\Program Files (x86)\AMD APP\bin\x86
│
│ This folder in the 'Path' variable doesn't exist:
│
│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.
│
│ Done Checking Environment Variables. (11/17/2015 11:05:56 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 11/17/2015 11:05:56 AM]
│
│ [x] Scan Complete - Problems Found!
│ [x]
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x]
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
│ [x] If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help.

 

Second Scan with reparse points fixed.

 

┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair v3.6.4 - Pre-Scan
│ Computer: SHANNON-PC (Windows 7 Home Premium 6.1.7601 Service Pack 1) (64-bit)
│ [Started Scan - 11/17/2015 12:40:44 PM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (11/17/2015 12:40:44 PM)
│
│ No problems were found with the Packages Files.
│
│ Files Checked & Verified: 4,021
│
│ Done Scanning Windows Packages Files.(11/17/2015 12:40:55 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (11/17/2015 12:40:55 PM)
│
│ Reparse Points are OK!.
│
│ Files & Folders Searched: 202,806
│ Reparse Points Found: 13,866
│
│ Done Scanning Reparse Points.(11/17/2015 12:41:03 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (11/17/2015 12:41:03 PM)
│
│ No problems were found with the Environment Variables.
│
│ Done Checking Environment Variables. (11/17/2015 12:41:03 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 11/17/2015 12:41:03 PM]
│
│ [x] Scan Complete - No Problems Found!
└────────────────────────────────────────────────────────────────────────────────┘
└────────────────────────────────────────────────────────────────────────────────┘

[Essexboy]

What errors are now occurring ?

[slduke450]

No error messages, but my computer is still running rough.  In the task bar ielowuti.exe*32 is running, my question is, why does it have an asterisk (*) by it?  also, under performance tab at bottom it says process 66, I'm assuming that applications?? Last but not least What do you advise for safe internet browsing and downloading??  

[Essexboy]

What do you mean by rough ?

66 processes is not a great deal, I am currently running 80

ielowuti.exe*32 is running, my question is, why does it have an asterisk (*) by it?

The asterisk means that it is a 32bit process running on a 64bit system http://www.thewindow...ic-utility-tool

[slduke450]

I mean the processer sounds like its running and running then it stop, slow down then run hard again. I checked task manager an the performance, CPU is High 85% and 1.87 gb,, that program is running again CCC catalyst control center??

 

I think I need to re scan something to make sure things are running right and things that are not suppose to be running are not.  I haven't download anything new? after I did the first tweaking it ran perfect, then I repaired reparse points, an repaired variables like it said, but when I went to save it took forever then quit.  

 

Oh when I logged on today it took a long time to load, an the black dos mode box popped up with sys32 an stayed up for like 3 minutes???

[slduke450]

I followed the link an I downloaded something called tweekbit pc cleaner saved to desktop it scanned an found 187 (red) fixes, but I didn't fix because I don't know if this is what you wanted me to do??? I will wait until I hear from you.  

[Essexboy]

CCC catalyst control

 

Is your video card .. You can disable that

 

 

I followed the link an I downloaded something called tweekbit pc cleaner saved to desktop it scanned an found 187 (red) fixes, but I didn't fix because I don't know if this is what you wanted me to do??? I will wait until I hear from you.

That is snake oil and can do more harm than good, I would highly recommend that you do not use it

 

 

I mean the processer sounds like its running and running then it stop, slow down then run hard again. I checked task manager an the performance, CPU is High 85% and 1.87 gb,, that program is running again CCC catalyst control center??

The noise is probably the fan as your computer gets hot

 

Download Speedfan and install it.  Once it's installed, run the program and post here the information it shows.  The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.


(this is a screenshot from a vista machine)

[slduke450]

I downloaded it, tried to run it as admin, it installed but cant run it I uninstalled it saved it to desktop, still cant run it??

[Essexboy]

When you try to run it what error do you get ?

[slduke450]

it just keeps installing when I click it or right click it. same thing, I agree to terms then it starts installing says done I got to open same thing over and over, I uninstalled and re installed an saved to desktop still same thing.

[slduke450]

The icon on the desktop now says initdebug... 

[slduke450]

I now have 3 iexplorer.exe running in task mgr. under processes, here is the memory they are using (239,416 k),(8,388K),(124,708K) also I keep stopping CCC  it keeps starting.  I just looked on internet for this an someone else posted this, I read their comment on Techspot.com, he had all the same things I did, I had Trojan viruses, plus I still have in MacAfee quarantined. I know something is still on this computer or it has came back.  plus  "I've noticed a small window randomly appearing in the middle of the screen occasionally but it then disappears straight away, it just flashes very quickly onscreen." I copied this same thing he has I would copy what he said but I didn't know if that would be ok. He has run all the fixes I "we" have...  

[Essexboy]

It sounds as though the system has been damaged

Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

Click on Next > then on Update button to download fresh definitions.


When database updates click Next

In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"


If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.


The Clean up procedure will be Scheduled for process.
When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.