Virus hampering boot on Windows Vista [Solved/Closed]

Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
- - Latest reply: 2011N2
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
- May 14, 2014 at 03:13 AM
My laptop Windows Vista opens to a gray screen with the words Microsoft windows Vista at the top and Memory diagnostic tool at the bottom. Memory diagnostic tool said no errors. Ran diagnostic on F12 key -- said no problem. Ran Avast anti virus -- found nothing. The only way to open computer is to select Microsoft Windows Vista -- select Enter and wait through numerous beeps. I got instructions from Ambucias to download ZHPDiag2, start a new topic in virus-security and send the URL from the test.

HTML link<a href="http://speedy.sh/rqd5z/ZHPDiag.txt">Download at SpeedyShare</a>

download link http://speedy.sh/rqd5z/ZHPDiag.txt


I hope this is what you need. It still installed with mostly French so I had to guess a little.
See more 

20/103 replies

Best answer
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
1
Thank you
Hello,

I don't really know but your computer is clean now.

Have you tried to remove Bing from the settings of the browser ? You can do this normaly.

And for the problem at the boot, maybe open a new topic in Hardware category.

Gabriel.

Say "Thank you" 1

A few words of thanks would be greatly appreciated. Add comment

CCM 6871 users have said thank you to us this month

Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

Download the following Adwcleaner created by Xplode
http://ccm.net/download/download-24088-adwcleaner
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Gabriel.
ErieE
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
-
I hope I am answering you in the correct format. I downloaded the file using Google Chrome. Adwcleaner came up with several tabs -- services, folder, files, shortcuts, registry, internet explorer and chrome. Since services was first I scanned that. The log was not Adwcleaner [Sx] txt. I scanned on all tabs. When I click on a tab, it appears to show what it is checked but each time the result is the same. The logs are all Adwcleaner R4, R5, R6, Etc booting up in Notepad. I cannot fine a log Adwcleaner [Sx].txt . What did I do wrong?

Assuming I find the log [Sx].txt how do I get it to you. Upload it like before? This may not be important but under the Chrome tab each time there is a line saying
Found: urls to restore on startup. It is highlighted in blue each time.
Thank you very much for trying to help. What should I do now.?
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11893 -
Erie,

I just had a brief look at you ZHP log. This is serious business!

AdwCleaner is a primary disinfection tool, from what I gather from you and the log, it is being circumvented. Surgery is required.

Stay tune for Gabriel's instructions.
ErieE
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
-
You say, serious. How serious are we talking about? Have I made a mistake in what you told me to do? Have I been hacked? The only people who have ever touched this machine are my daughter and me. Of course, I know other people can wiggle their way into a machine if they wish even though I run virus scans and malware scans frequently. Again, I do appreciate the help I am being given.
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11893
0
Thank you
Erie,

Second thought, you have downloaded ADWCleaner but you don't seem to have installed it.

Do me a favour, using Internet Explorer, download Adwcleaner from this link:

http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

From the download window you will have the option to save it. Save it to your desktop.

Once on the desktop, click twice on it to install.

Once installed, launch it. When open, click on the second button "delete". Let the tool run. Then close it.

You should then see the text log C:\Adwcleaner[Sx].txt saved at the root of your C drive. Open the text file by clicking on it and copy it. Paste the text file in this thread.

Good luck
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

Do what Ambucias said. The "x" of C:\Adwcleaner[Sx].txt is a number.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
I typed the link to Adwcleaner into Internet Explorer 7. I got the install screen and saved it to the desktop. That's where things went wrong. When I clicked twice on it, it did not install but opened the same screen I saw before --
Adwcleaner with the tabs scan, clean, report, and install below it. Above Adwcleaner are the words file, tools. and help. The same thing happened when I clicked on scan as before. There was no delete button . There was a button saying PCtechhotline which I did not install and I don't know how it got there.

I did check the root of the C drive. The only thing there was Adwcleaner -- just the same as before. The program does not seem to install at all. I checked control panel -- programs and Adwcleaner was not there while the other program you had me download was.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11893 -
Click on "Clean"
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
OK. When I opened Adwcleaner a box appeared telling me to download an updated version. Do you want me to do that at this time? Ordinarily, I would, but would it mess up what you are trying to do?
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

Yes, accept and install the update.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
Well, I thought I was doing what you said but I don't think I did. Some of the instructions were in French but I thought I understood enough of them to make it work. I clicked on the button to update. The directions said to install on desktop. I went through the screens to install and the program opened so I scanned as before and clicked on clean. But when I went to the desktop there was no shortcut for ADWclearner for any version.

I found the first version and what I assumed was the updated in downloads.

ADWcleaner -- the first one -- installed on 3/31 will open but it says to update

The "new" version was in Downloads as ADWcleaner_TS47H3RK. Clicking on it says to update. As a sub file under ADWcleaner_TS47H3RK, there was
b8flb70992d9b4add93a599b656e09dc_adwcleaner. Clicking on it says to update.

Since I had presumed I had updated and ran clean some things are different.

1. Under the root I did find ADWcleaner. It had sub files [RO] through ADWcleaner[R19]. It also had files ADWcleaner [S0] and ADWcleaner [S1]. Could that be what you wanted?
2. things are missing -- the machine says some video drivers are missing, I cannot open Internet Explorer at all, Chrome opens without preferences.

Did I miss everything up? I hope not.
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

OK.

First, post the logs C:\AdwCleaner[S0].txt and C:\AdwCleaner[S1].txt in your next answer, please.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
OK here goes ADWcleaner [so]

# AdwCleaner v3.023 - Report created 01/04/2014 at 15:36:45
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Beth - OWNER-PC
# Running from : C:\Users\Beth\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : ca82e1a5
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files\v-Grabber
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\owner\AppData\Local\SearchProtect
Folder Deleted : C:\Users\owner\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Beth\AppData\Local\apn
Folder Deleted : C:\Users\Beth\AppData\Local\Conduit
Folder Deleted : C:\Users\Beth\AppData\Local\PackageAware
Folder Deleted : C:\Users\Beth\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Beth\AppData\LocalLow\AskToolbar

ADWcleaner [s1]

# AdwCleaner v3.023 - Report created 01/04/2014 at 15:36:45
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Beth - OWNER-PC
# Running from : C:\Users\Beth\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : ca82e1a5
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files\v-Grabber
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\owner\AppData\Local\SearchProtect
Folder Deleted : C:\Users\owner\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Beth\AppData\Local\apn
Folder Deleted : C:\Users\Beth\AppData\Local\Conduit
Folder Deleted : C:\Users\Beth\AppData\Local\PackageAware
Folder Deleted : C:\Users\Beth\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Beth\AppData\LocalLow\AskToolbar

If I did this wrong, please, tell me
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11893 -
You did it perfect! Gabriel will be back very soon.
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Good. :)

The logs are not full but it doesn't matter.

- Download Shortcut_Module from this link : http://www.telecharger.sosvirus.net/download/shortcut-module/

- Save it to your desktop, run it and click on "Clean" after it has verified if it's up to date

Attention : It'll close all the programs opened like IE, Firefox, Word etc...

- If the tool detects a proxy and if you didn't install one , click on "Delete the proxy"

- It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt.

- To transmit the report, click on this link : http://www.speedyshare.com/

- Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

- Select the file ZHPDiag.txt.

- Click on "upload »

- Copy the URL and post it here.

Gabriel.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11893 -
Good work Gab,

I saw all of them domains!
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
Something isn't working. I clicked on the link and translated it from French to English. All did not translate. Does "telecharer" (minus the accent marks) mean download?

I tried clicking on that but I could not get an install window to save it to the desk top. I did get a run window but I ended up with two icons in downloads folder called shortcut-module. I tried clicking on them and nothing happens.

At one point a message popped up said that that program was not a "valid Win 32 bit application.

What did I do wrong? Shall I delete the 2 entries under downloads and try again.
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

Yes, "télécharger" mean download.

Delete everything that match at Shortcut_Module, and try again.
Check in the settings of your browser where the files are saved automatically.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
Well, here is what happened. I'll tell everything since I don't know if any of it is important or if I messed up.

I got it downloaded. It verified that it was up to date. An application appeared. It looked like it was "floating" on the desktop. I ran it -- took about 3 hours and clicked on clean. Actually clicking on clean was the only way to run it. It did close all programs. It told me to disable my virus program but started before I got it disabled. No proxy.

Now, I can find Computer -C: Shorcut_Module it is not a txt file.

Clicking on that I get the following:

folder Quarantine 4/3/2014
folder Res 4/3/2014
folder Save 4/3/2014

icon MSI_ tests 4/2/2014 application
same icon smss 6/1/2008 application
same icon svchost 8/30/2000 application

icon like a blank piece of paper upd 4/3/2014

The first three open into sub files -- no txt I can give them to you if they might be important.
MSI does not open
the next two open to files that look like notepad but the won't stay open long enough to read them

The upd opens to a choice of programs -- it only showed anything when I associated it with note pad and it was 02.04.20143 which I am pretty sure is not what you were looking for.

I did find a txt file in Windows Update that said a lot about programs and application being deleted. Could that possibly be what you need?

I apologize for the length of time this is taking or rather the length of your time it is taking.
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

The report is saved at C:\, not in the folder C:\Shortcut_Module.
Search at the root of C drive, and you should find Shortcut_Module_date_hour.txt.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
I found it at least I think I did. If I understood you correctly, you asked me to send you two reports C:/Shortcut_Module_date_hour.txt and ZHPDiag.txt The last one did not have the extension but it was a text file. Tell me if I did not find the correct file. Thank you for your patience with me.


download link
http://speedy.sh/HWSXK/Shortcut-Module-03-04-2014-10-37-27.txt

lisicijedoli delete key
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

Good. :)

Run again ZHPDiag by clicking on Full and transmit the report by Speedyshare please.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
By full I assume you mean full options?




http://speedy.sh/sgpQS/ZHPDiagApril4.txt
Posts
13370
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
34
0
Thank you
Hello,

Yes. :)

Uninstall Speed Cleaner.

1. Close all applications

2. Select and copy all lines which are in this link : https://dl.dropboxusercontent.com/u/32869654/Pour%20ErieE.txt

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
0
Thank you
Well, here is what is happening.

I do understand what you want me to do but either the machine or the software does not seem to be cooperating. I cannot get Speed Cleaner off! I never installed it. It just appeared and whenever I log on tells me how many errors I have. I have never done anything with it except close it. It is not in the programs and features part of the Control Panel so I cannot get rid of it there. I did find where it was installed -- under Programs -- but when I try it tells me to click on continue to confirm and when I do nothing happens. I can't even uninstall the shortcut on the desktop. I tried to find an uninstall program for it on the internet but no luck. Is it malware? Is there a remover like Spybot that might take it off? The thing sticks like glue.

# 3 ZHP fix only appears on the desktop if I log on as administrator which, of course, I can do. If I log on as me I can get to it by opening the ZHP Diag folder but it is not on the desktop and the icon is different.

What should I do at this point?


On #7 what should my choice be -- I presume to empty the bin but as I have not dealt with this kind of thing before, I thought I should make sure.
ErieE
Posts
37
Registration date
Thursday March 27, 2014
Status
Member
Last seen
April 15, 2014
-
Scratch # 3 I found the application ZpH Fix and placed an icon on the desktop that is in my name so it is there and on Administrator (which,of course, is me, also) desktop. Which should I use or does it matter.

Should I go ahead and copy the link even if Speed Cleaner remains. By the way, 2 or 3 other programs installed themselves like Speed Cleaner. Should they come off or ignore them for awhile
1 2 3 4 5 6 Next