virus hampering boot on Windows Vista Solved/Closed

Question

My laptop Windows Vista opens to a gray screen with the words Microsoft windows Vista at the top and Memory diagnostic tool at the bottom. Memory diagnostic tool said no errors. Ran diagnostic on F12 key -- said no problem. Ran Avast anti virus -- found nothing. The only way to open computer is to select Microsoft Windows Vista -- select Enter and wait through numerous beeps. I got instructions from Ambucias to download ZHPDiag2, start a new topic in virus-security and send the URL from the test. HTML linkDownload at SpeedyShare download link http://speedy.sh/rqd5z/ZHPDiag.txt I hope this is what you need. It still installed with mostly French so I had to guess a little.

2011N2 · Answer

Hello,

Download the following Adwcleaner created by Xplode 
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/ 
Launch it (for Windows 7 and 8, click right to run as administrator) 
Click on delete 
Post the log C:\Adwcleaner[Sx].txt on this thread. 

Gabriel.

Ambucias · Answer

Erie,

Second thought, you have downloaded ADWCleaner but you don't seem to have installed it.

Do me a favour, using Internet Explorer, download Adwcleaner from this link:

https://toolslib.net

From the download window you will have the option to save it. Save it to your desktop.

Once on the desktop, click twice on it to install.

Once installed, launch it.  When open, click on the second button "delete". Let the tool run. Then close it.

You should then see the text log C:\Adwcleaner[Sx].txt saved at the root of your C drive.  Open the text file by clicking on it and copy it. Paste the text file in this thread.

Good luck

2011N2 · Answer

Hello,

Do what Ambucias said. The "x" of C:\Adwcleaner[Sx].txt is a number.

Gabriel.

ErieE · Answer

I typed the link to Adwcleaner into Internet Explorer 7.  I got the install screen and saved it to the desktop.  That's where things went wrong.  When I clicked twice on it, it did not install but opened the same screen I saw before --
Adwcleaner with the tabs scan, clean, report, and install below it.  Above Adwcleaner are the words file, tools. and help.  The same thing happened when I clicked on scan as before.  There was no delete button .  There was a button saying PCtechhotline which I did not install and I don't know how it got there.

I did check the root of the C drive.  The only thing there was Adwcleaner -- just the same as before.  The program does not seem to install at all.  I checked control panel -- programs and Adwcleaner was not there while the other program you had me download was.

ErieE · Answer

OK.  When I opened Adwcleaner a box appeared telling me to download an updated version.  Do you want me to do that at this time?  Ordinarily, I would,  but would it  mess up what you are trying to do?

2011N2 · Answer

Hello,

Yes, accept and install the update.

Gabriel.

ErieE · Answer

Well, I thought I was doing what you said but I don't think I did.  Some of the instructions were in French but I thought I understood enough of them to make it work.   I clicked on the button to update.  The directions said to install on desktop.    I went through the screens to install and the program opened so I  scanned as before and clicked on clean.  But when I went to the desktop there was no shortcut for ADWclearner for any version.  

I found the first version and what I assumed was the updated in downloads.  

ADWcleaner -- the first one -- installed on 3/31 will open but it says to update

The "new" version was in Downloads as ADWcleaner_TS47H3RK.  Clicking on it says to update.  As a sub file under ADWcleaner_TS47H3RK, there was 
b8flb70992d9b4add93a599b656e09dc_adwcleaner.  Clicking on it says to update.  

Since I had presumed I had updated and ran clean some things are different.

1.  Under the root I did find ADWcleaner.  It had sub files [RO] through ADWcleaner[R19].  It also had files ADWcleaner [S0] and ADWcleaner [S1].  Could that be what you wanted?
2.  things are missing -- the machine says some video drivers are missing, I cannot open Internet Explorer at all, Chrome opens without preferences.

Did I miss everything up?  I hope not.

2011N2 · Answer

Hello,

OK.

First, post the logs C:\AdwCleaner[S0].txt and C:\AdwCleaner[S1].txt in your next answer, please.

Gabriel.

ErieE · Answer

OK here goes  ADWcleaner [so]

# AdwCleaner v3.023 - Report created 01/04/2014 at 15:36:45
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Beth - OWNER-PC
# Running from : C:\Users\Beth\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : ca82e1a5
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files\v-Grabber
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\owner\AppData\Local\SearchProtect
Folder Deleted : C:\Users\owner\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Beth\AppData\Local\apn
Folder Deleted : C:\Users\Beth\AppData\Local\Conduit
Folder Deleted : C:\Users\Beth\AppData\Local\PackageAware
Folder Deleted : C:\Users\Beth\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Beth\AppData\LocalLow\AskToolbar

ADWcleaner [s1]

# AdwCleaner v3.023 - Report created 01/04/2014 at 15:36:45
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Beth - OWNER-PC
# Running from : C:\Users\Beth\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : ca82e1a5
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files\v-Grabber
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\owner\AppData\Local\SearchProtect
Folder Deleted : C:\Users\owner\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Beth\AppData\Local\apn
Folder Deleted : C:\Users\Beth\AppData\Local\Conduit
Folder Deleted : C:\Users\Beth\AppData\Local\PackageAware
Folder Deleted : C:\Users\Beth\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Beth\AppData\LocalLow\AskToolbar

If I did this wrong, please, tell me

2011N2 · Answer

Good. :)

The logs are not full but it doesn't matter.

- Download Shortcut_Module from this link : http://www.telecharger.sosvirus.net/download/shortcut-module/

- Save it to your desktop, run it and click on "Clean" after it has verified if it's up to date

Attention : It'll close all the programs opened like IE, Firefox, Word etc...

- If the tool detects a proxy and if you didn't install one , click on "Delete the proxy"

- It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt.

- To transmit the report, click on this link : https://authentification.site 

- Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt). 

- Select the file ZHPDiag.txt. 

- Click on "upload » 

- Copy the URL and post it here.

Gabriel.

ErieE · Answer

Something isn't working.  I clicked on the link and translated it from French to English.  All did not translate.  Does  "telecharer" (minus the accent marks) mean download? 

I tried clicking on that but I could not get an install window to save it to the desk top. I did get a run window but I ended up with two icons in downloads folder called shortcut-module.  I tried clicking on them and nothing happens.

At one point a message popped up said that that program was not a "valid Win 32 bit application.

What did I do wrong?  Shall I delete the 2 entries under downloads and try again.

2011N2 · Answer

Hello,

Yes, "télécharger" mean download.

Delete everything that match at Shortcut_Module, and try again.
Check in the settings of your browser where the files are saved automatically.

Gabriel.

ErieE · Answer

Well, here is what happened.  I'll tell everything since I don't know if any of it is important or if I messed up. 

I got it downloaded.  It verified that it was up to date.  An application appeared.  It looked like it was "floating" on the desktop.  I ran it -- took about 3 hours and clicked on clean.  Actually clicking on clean was the only way to run it.  It did close all programs.  It told me to disable my virus program but started before I got it disabled.  No proxy.

Now, I can find  Computer -C: Shorcut_Module it is not a txt file.

Clicking on that I get the following:

folder      Quarantine     4/3/2014
folder      Res                  4/3/2014
folder      Save                4/3/2014

icon              MSI_ tests       4/2/2014        application
same icon    smss                 6/1/2008        application
same icon     svchost            8/30/2000       application

icon like a blank piece of paper   upd     4/3/2014

The first three open into sub files -- no txt  I can give them to you if they might be important.
MSI does not open
the next two open to files that look like notepad but the won't stay open long enough to read them

The upd opens to a choice of programs -- it only showed anything when I associated it with note pad and it was 02.04.20143 which I am pretty sure is not what you were looking for.

I did find a txt file in Windows Update that said a lot about programs and application being deleted.  Could that possibly be what you need?

I apologize for the length of time this is taking or rather the length of your time it is taking.

2011N2 · Answer

Hello,

The report is saved at C:\, not in the folder C:\Shortcut_Module.
Search at the root of C drive, and you should find Shortcut_Module_date_hour.txt. 

Gabriel.

ErieE · Answer

I found it at least I think I did.  If I understood you correctly, you asked me to send you two reports  C:/Shortcut_Module_date_hour.txt and ZHPDiag.txt     The last one did not have the extension but it was a text file.  Tell me if I did not find the correct file.  Thank you for your patience with me.


download link
http://speedy.sh/HWSXK/Shortcut-Module-03-04-2014-10-37-27.txt

lisicijedoli    delete key

2011N2 · Answer

Hello,

Good. :)

Run again ZHPDiag by clicking on Full and transmit the report by Speedyshare please.

Gabriel.

ErieE · Answer

By full I assume you mean full options?




http://speedy.sh/sgpQS/ZHPDiagApril4.txt

2011N2 · Answer

Hello,

Yes. :)

Uninstall Speed Cleaner.

1. Close all applications 

2. Select and copy all lines which are in this link : https://dl.dropboxusercontent.com/u/32869654/Pour%20ErieE.txt

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not 

4. Click on the the Import button and the lines will automatically paste themselves. 

5. Click on the Go button to clean 

6. Confirm by clicking OK 

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time 

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.

ErieE · Answer

Well, here is what is happening.

I do understand what you want me to do but either the machine or the software does not seem to be cooperating.  I cannot get Speed Cleaner off!  I never installed it.  It just appeared and whenever I log on tells me how many errors I have.  I have never done anything with it except close it.  It is not in the programs and features part of the Control Panel so I cannot get rid of it there.  I did find where it was installed -- under Programs -- but when I try it tells me to click on continue to confirm and when I do nothing happens.  I can't even uninstall the shortcut on the desktop.  I tried to find an uninstall program for it on the internet  but no luck.  Is it malware?  Is there a remover like Spybot that might take it off?  The thing sticks like glue.

# 3  ZHP fix only appears on the desktop if I log on as administrator which, of course, I can do.  If I log on as me I can get to it by opening the ZHP Diag  folder but it is not on the desktop and the icon is different.  

What should I do at this point?


On #7  what should my choice be -- I presume to empty the bin but as I have not dealt with this kind of thing before, I thought I should make sure.

2011N2 · Answer

Hello,

Do ZHPFix (the application on your desktop) and we will see after for SpeedCleaner. :)
And yes, you can empty the bin.

Gabriel.

ErieE · Answer

Ok  I found a couple more applications I did not want or install.  Maybe I can get rid of them later too.

Thanks for your time and assistance

2011N2 · Answer

Hello,

Which applications ?

Gabriel.

ErieE · Answer

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre : 
Run by owner at 4/7/2014 5:45:49 PM
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Recycle Bin emptied (03mn AMs)
Prefetcher emptied

========== Software ==========
ABSENT Uninstall Process: c:\program fileseimageeimage repair\uninst.exe
ABSENT Uninstall Process: c:\program files\speedypc software\speedypc\uninstall.exe

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Windows\Tasks\SpeedyPC Pro.job
REMOVES Reboot: Memory Process: C:\Windows\Tasks\SpeedyPC Update Version3.job
REMOVES Reboot: Memory Process: C:\Windows\Installer\bc6db.msi
REMOVES Reboot: Memory Process: C:\Windows\Reimage.ini

========== Registry keys ==========
REMOVES:³ Service: ReimageRealTimeProtection
REMOVES: HKLM\Software\Reimage
REMOVES: HKLM\Software\SpeedyPC Software
REMOVES:³ HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtection
REMOVES:³ HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
REMOVES:³ HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
REMOVES:³ CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
REMOVES Reboot: c:\users\public\desktop\pc scan & repair by reimage.lnk
REMOVES Reboot: c:\program fileseimageeimage repaireimagerepair.exe
REMOVES Reboot: c:\program files\speedypc software\speedypc\speedypc.exe
REMOVES Reboot: c:\program fileseimageeimage repaireiguard.exe
REMOVES Reboot: c:\windows	asks\speedypc pro.job
REMOVES Reboot: c:\windows	asks\speedypc update version3.job
REMOVES Reboot: c:\windows\system32\websteroids.b324755f3f87.dll
REMOVES Reboot: c:	ranslate
REMOVES Reboot: c:\windowseimage.ini
Deletes temporary Windows (61) (2,423,700 octets)
REMOVES Flash Cookies (105) (34,230 octets)

========== System restore ==========
No System Restore Point created


========== Summary ==========
4 : Process memory
11 : Registry keys
1 : Folders
11 : Files
2 : Software
1 : System restore


End of clean in 11mn AMs

========== Path to file report ==========
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/7/2014 6:08:53 PM [2753]
 I have not yet restarted the computer as I got a message to do so.

2011N2 · Answer

Hello,

It's OK, ZHPFix did a good work.

Run again ZHPDiag and send the report on SpeedyShare please.

Gabriel.

ErieE · Answer

tried to run ZHPDiag again.  I got a message asking me to upgrade to version 2014.4.9.16.    My version is 2014.3.2.28.35.  Most of the instructions were in French.  Oui and Non I could figure out. Then a message box popped with words I could not read and the older version opened.  Do you want me to run the older version.  If I logged on as admin I might be able to get the newer one if you want that.

Sorry -- I just don't know much French.

2011N2 · Answer

Hello,

Otherwise you can try to uninstall ZHPDiag and then reinstall, as the last time.
But you can run the older version still.

Gabriel.

ErieE · Answer

I didn't quite trust myself to deal with a new version.  At least I have worked with the older one before so I used it.  I hope I did correctly.  I clicked on Full options and it ran twice.  Here is the result of the first run.

http://speedy.sh/3Zu6u/ZHPDiagapril-10-1.txt

2011N2 · Answer

Hello,

Good.
Try to uninstall Reimage Repair and SpeedyPC Pro.

Gabriel.

ErieE · Answer

I had to log on as admin but I did get them uninstalled.  What next?

2011N2 · Answer

Hello,

OK good job.

Run again ZHPDiag and send the report please.

Gabriel.

ErieE · Answer

OK  Will do.

2011N2 · Answer

Hello,

1. Close all applications 

2. Select and copy all lines which are into this link : https://dl.dropboxusercontent.com/u/32869654/For%20ErieE.txt

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not 

4. Click on the the Import button and the lines will automatically paste themselves. 

5. Click on the Go button to clean 

6. Confirm by clicking OK 

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time 

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.

ErieE · Answer

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre : 
Run by owner at 4/12/2014 5:48:54 PM
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Recycle Bin emptied (25mn AMs)
Prefetcher emptied

========== Software ==========
REMOVES: Speed Cleaner
ABSENT Uninstall Process: c:\programdata\package cache\{541ac74f-d2f8-4430-9f75-45fae734edac}\speedcleanersetup.exe

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Windows\Installer\bc6db.msi
REMOVES Reboot: Memory Process: C:\Windows\Reimage.ini

========== Registry keys ==========
REMOVES: HKLM\Softwareeimage
REMOVES:³ CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

========== Registry values ==========
REMOVES RunValue: Speed Cleaner

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
REMOVES Reboot: c:	ranslate
REMOVES Reboot: c:\windowseimage.ini
REMOVES Reboot: c:\users\public\desktop\speed cleaner.lnk
REMOVES Reboot: c:\windows\installer\{3a196b37-3f16-40b8-b0d2-e43333acce8d}\guy1.ico
REMOVES Reboot: c:\programdata\microsoft\windows\start menu\programs\speed cleaner.lnk
REMOVES Reboot: c:\windows\installer\{3a196b37-3f16-40b8-b0d2-e43333acce8d}\guy.ico
REMOVES Reboot: c:\program files\speed cleaner\speed cleaner.exe
Deletes temporary Windows (91) (123,687,333 octets)
REMOVES Flash Cookies (0) (0 octets)

========== System restore ==========
No System Restore Point created


========== Summary ==========
2 : Process memory
2 : Registry keys
1 : Registry values
1 : Folders
9 : Files
2 : Software
1 : System restore


End of clean in 40mn AMs

========== Path to file report ==========
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/7/2014 5:08:53 PM [2833]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R2].txt - 4/12/2014 5:49:19 PM [1874]

I hope I did this correctly.

2011N2 · Answer

Hello,

Good job. :)

Some problems are persisting ?

Run again ZHPDiag and host the report please.

Gabriel.

ErieE · Answer

http://speedy.sh/7vVGt/ZHPDiagapril-12-second-run.txt

I wasn't sure how you wanted it but it seemed a little long for copy and paste so I uploaded it.

2011N2 · Answer

Hello,

OK, run again ZHPFix as the last time but with this lines : https://dl.dropboxusercontent.com/u/32869654/For%20ErieE2.txt

Host the report.

Gabriel.

ErieE · Answer

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre : 
Run by owner at 4/13/2014 3:40:33 PM
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Recycle Bin emptied (06mn AMs)
Prefetcher emptied

========== Software ==========
REMOVES: Speed Cleaner
ABSENT Uninstall Process: c:\programdata\package cache\{541ac74f-d2f8-4430-9f75-45fae734edac}\speedcleanersetup.exe

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Windows\Installer\bc6db.msi
REMOVES Reboot: Memory Process: C:\Windows\Reimage.ini

========== Registry keys ==========
REMOVES:³ CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
REMOVES Reboot: c:	ranslate
REMOVES Reboot: c:\windowseimage.ini
REMOVES Reboot: c:\users\public\desktop\speed cleaner.lnk
REMOVES Reboot: c:\windows\installer\{3a196b37-3f16-40b8-b0d2-e43333acce8d}\guy1.ico
REMOVES Reboot: c:\programdata\microsoft\windows\start menu\programs\speed cleaner.lnk
REMOVES Reboot: c:\windows\installer\{3a196b37-3f16-40b8-b0d2-e43333acce8d}\guy.ico
Deletes temporary Windows (20) (261,786 octets)
REMOVES Flash Cookies (0) (0 octets)

========== System restore ==========
No System Restore Point created


========== Summary ==========
2 : Process memory
1 : Registry keys
1 : Folders
8 : Files
2 : Software
1 : System restore


End of clean in 19mn AMs

========== Path to file report ==========
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/7/2014 5:08:53 PM [2833]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R2].txt - 4/12/2014 4:49:19 PM [1955]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R2]april 12.txt - 4/12/2014 4:53:33 PM [1955]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R4].txt - 4/13/2014 3:40:40 PM [1847]

Here's what I got.

2011N2 · Answer

Hello,

No thanks it's OK. :)

Some problems are persisting ?

Run again ZHPDiag and send the report, to see if all is clean.

Gabriel.

ErieE · Answer

http://speedy.sh/6rUYn/ZHPDiagapril13-second-run.txt

Here is what I got.  Speed Cleaner still sticks like glue as a desktop shortcut.

2011N2 · Answer

Hello,

Please disable Avast during this manipulation.

1- Download OTM on your desktop. 
2- Run it. 
3- In the left part, paste the lines which are in this link. 
4- Click on MoveIt! 
5- Post the log saved at C:\_OTM\MovedFiles\[MMJJAAAA_***].txt 

Gabriel.

ErieE · Answer

OK.  This is a new application so I have questions.  I assume from what you said it won't just go in automatically like with ZHP fix.  I actually have to copy and paste -- right?  



I apologize for not knowing all this.  I was the school computer tech for several years but they only let us set up machines, run virus and  other programs they trained us on, train teachers in the basics and bail teachers and students out of certain problems.  I didn't have to train the students.  They knew more than the teachers.

2011N2 · Answer

Hi,

Yes, you have to copy and paste the lines in the left part of OTM. And then click on MoveIt!

It is normal, it is a thing to ask questions if you are not sure.

Gabriel.

ErieE · Answer

Thanks.  Sometimes I feel I should know things that I don't.  Anyway, I did everything you said.  I disabled Avast until the next restart and that may have been an error.  When I ran OTM and pasted the lines, everything on my desktop disappeared (which I realized later was supposed to happen.) Then I got a box saying I had to restart to finish "removing objects".  So, when I restarted, Avast came back on.  Maybe the whole operation was not done with Avast disabled.  Here is what I got.  Should I run it again and disable Avast for an hour?

http://speedy.sh/rpKHz/04142014-095239.log

http://speedy.sh/3ZVUu/04142014-095239.res

As you see, it was not C:\_\movedfiles\[MM]]AAAA_***].txt

Should I keep looking or run it again?  I included the one with the res extension because I was not familiar with it and I did not know whether you would need it or not.

2011N2 · Answer

What happens when you try to remove Speed Cleaner's shortcut on your desktop ?

Run again ZHPDiag please, to see.

Gabriel.

ErieE · Answer

If I try to delete the shortcut, I get a message saying that the action has to be confirmed.  My choices are continue skip cancel.  If click on continue, it just repeats the message box over and over.  If I click on skip, the box closes.

I ran ZHPDiag and got this

http://speedy.sh/YHB7b/ZHPDiag.txt4-14-1.txt

http://speedy.sh/aUrhG/ZHPDiag.txt4-14.txt

2011N2 · Answer

Hi,

Try to uninstaller Speed Cleaner with the mode Advanced : http://ccm.net/faq/7387-uninstall-a-program-properly-with-revo-uninstaller

Disable Avast during the operation.

Gabriel.

ErieE · Answer

I did download Revo uninstaller.  It is a neat little program!  However, I had to log on as adminstrator to install it.  When I did that it showed up on admin screen and on my screen.  It did not show up on my daughter's.  It would not run if I logged on as me.  Even though I right clicked and told it to run as administrator, it simply told me I was not one.  I was able to run it on the admin screen.  Unfortunately, Speed Cleaner did not show up as an application.  I clicked on Tools and auto run management and it was there.  I could uncheck it but that would  only stop it from running on  start.  It was installed in default location 
C:\program files\speed cleaner\speed cleaner.exe.  Same thing happened when I clicked on the exe file.  Speed Cleaner only showed up under tools and start up management.

I checked and it is in the same file path no matter which user logged in.  I clicked on Task Manager and it runs constantly and is consuming quite a bit of memory as it does so.

I thought I had deleted PCtechHotline but it showed up in Revo uninstaller under Tools also.  I noticed one thing -- maybe important, probably not.  Under Tools it said hpgSRMon was "invalid".  Again just in case it means anything, when I log on as admin I get a message box saying C:\users\Beth\AppData\local\conduit\APIS Support\APISSupport.dll could not be loaded.  "The Module cannot be found".  It only shows up when I log on there.  I mentioned so much because I am not sure what is important or if I made an error.  I did disable Avast when ran the uninstaller.

2011N2 · Answer

Hello,

OK so Revo Uninstaller is not necessary.

Try to run again OTM as the last time with the same lines in safe mode with networking (press F8 at the boot), with Avast disabled.

Gabriel.

ErieE · Answer

What's wrong?  I cannot reply.  I tried to log on and it sent me back here.

2011N2 · Answer

Hello,

Maybe the robot remove your message because of OTM's report.

Host the report on SpeedShare and copy / paste the link.

Gabriel.

ErieE · Answer

Things are really strange.  I did use SpeedShare and sent it twice.   I did disable Avast and use Safe Mode with networking.  I never found the a file with the path you mentioned.  I did find  a file under OTM.  That is what I sent.  Today it is gone I did read most of what appeared in OTM after cleaning. Many  files  including Speed Cleaner were supposed to be deleted on reboot.  They were not.  I saved every txt file generated by OTM and today they are gone.  I did not delete them.  Now other programs I have never seen before have appeared.  What happened"  What did I do wrong?    This reply would not submit until I put in my nickname and e mail.  I must have messed up somewhere.

2011N2 · Answer

Hello,

Is Avast reactivates automatically at startup ? Because it could be what prevents deleting files.

Gabriel.

ErieE · Answer

The first time you had me deactivate Avast -- I don't remember which tool we were using, I did make that mistake.  After that, I always set it to re-activate in one hour.

2011N2 · Answer

Hello,

And if you try to remove all this files and folders manually, it works ?

C:\Program Files\Speed Cleaner\Speed Cleaner.exe
C:\Windows\Installer\{3A196B37-3F16-40B8-B0D2-E43333ACCE8D}\guy.ico
C:\Windows\Installer\{3A196B37-3F16-40B8-B0D2-E43333ACCE8D}\guy1.ico
C:\Program Files\Speed Cleaner
C:\Users\owner\AppData\Local\SpeedCleaner
C:\Windows\Installer\12aa37.msi
C:\Program Files\sweetpacks bundle uninstaller
C:\ProgramData\SpeedyPC Software
C:\ProgramData\Updater 
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
C:\TRANSLATE
C:\Windows\Reimage.ini 
C:\Windows\Installer\bc6db.msi  
C:\Program Files\SearchProtect

Gabriel.

ErieE · Answer

I will try and see.  I have been afraid to remove or add anything in case it interfered with what you were doing.  Get back to you.

Beth

2011N2 · Answer

Hello,

OK good.
And so, Speed Cleaner is still here ?

Restart your computer, run again ZHPDiag and host the report.

Gabriel.

ErieE · Answer

Sorry. I didn't make myself clear.  Speed Cleaner is gone.  It was just in a different path than you indicated. It was under C:\Users\Beth (not owner)\AppData\Local\SpeedCleaner.  Once I found that one, I could get all the other paths involving Speedcleaner off.  I restarted a couple of times to make sure.  

All of the paths you sent are gone.

Do you still want me to run ZHPDiag?

2011N2 · Answer

Hello,

OK, but run again by clicking on the button Full options please. :)
I still see Speed Cleaner on the report.

So, for you, now, there is any problem on the computer ?

Gabriel.

ErieE · Answer

http://speedy.sh/PrEav/ZHPDiagapril22-full-options.txt

Here is the run I just did.  Speed Cleaner does not open.  I did not think to check if it is running.  I will do that.  Yes, the original problem still remains.

The computer goes to the splash screen then does not hand control over to Windows. I'm sure the boot process even completes.   I get a black and gray screen saying Microsoft windows Vista at the top and memory diagnostics at the bottom.  I work around it by selecting Microsoft windows Vista and hitting enter.  After about 100 beeps I get my desktop.  On March 27 I used the computer at 6 AM and it was fine.  At noon on the same day the problem appeared.

2011N2 · Answer

Hello,

OK, so, when you remove the folder of Speed Cleaner, it reappear just after a reboot of the computer ?

Gabriel.

ErieE · Answer

I replied to this question but when I hit submit, it was not accepted.  Sorry if you get two replies

Actually SearchProtect reappreard.

Speed Cleaner does not run as it used to.  I only found these indications of it in the Quarantine section of ZHP when I ran a search:

1.  Speed Cleaner. DIR

2.  Speed Cleaner. exe. config.

Under the # 1 are all the files I deleted manually a few days ago.  Shall I eliminate these files?

Could Speed Cleaner be buried in the registry?  If so, where should I look?

2011N2 · Answer

Hello,

OK, two possibilities :

- A planified task reintalle the programs after their removing.

- A protection (as Avast) prevents the suppression.

Run again ZHPDiag, we will see the planified tasks.
Otherwise, I will give you another tool which maybe solve the problem.

Gabriel.

ErieE · Answer

This was run with Avast enabled.  I got two reports on Note Pad.  Between them there was an error message in French.  I couldn't get it copied before it went off.  All I got was -- Violation d'acces a'--.  I did not get the rest of it and I don't know how to put the accent marks in.  Sorry, I am not familiar with French.

http://speedy.sh/6DkSn/ZHPDiagapril-26-first-run.txt

http://speedy.sh/mvtCN/ZHPDiagapril-26-second-run.txt

I clicked on Full Options.  Am I supposed to click on Search?

2011N2 · Answer

Hello,

OK it's better. :)

Please run again Shrotcut_Module, as the last time : https://ccm.net/forum/affich-746882-virus-hampering-boot-on-windows-vista#15

Verify it is up to date after running it.

Gabriel.

ErieE · Answer

I can't get Short_Module to run.  I tried to download it again.  I was unable to install it. It just ran.  I watched it run.  It said there were several viruses and then it reported them to Google. I did not tell it to do that.

Should I install what I have left of the first time we used short_Module.  There is no exe file to run.  There is a quarantine file and a file with the dll's in it

Nothing like you said to look for.

What shall I do now.

2011N2 · Answer

Hi,

There is no report at the root of C: drive ?

Gabriel.

ErieE · Answer

No.  I tried to delete the app and then download it again.  I got most of it off.  All that is left is a protect_module.  It will not let me delete it as an admin.  I did check task manager and it is running under processes.

Is it safe for me to stop the process?

What am I doing wrong?

2011N2 · Answer

It's strange.

You've ran Shortcut_Module and clicked on Clean ?

Gabriel.

ErieE · Answer

Yes.  I am positive I did that.  What was unusual was that I could not install it on the desktop like you said.  It looked like it was "floating" on top of the desktop.

2011N2 · Answer

Hello,

OK, and do you remember if it worked properly, till the end ?

Gabriel.

ErieE · Answer

I don't know.  I have only used Shortcut_Module three times.  I can tell you it worked differently the times I ran it yesterday than the first time you had me run it.  That time I was able to find the report and there was nothing about submitting the "viruses" to Google.

2011N2 · Answer

Hello,

It's very strange because the title of the report is the good, but it's not a report Shortcut_Module...

Run again ZHPDiag, we will see if we there is Bing and always Speed Cleaner.

Gabriel.

ErieE · Answer

I am sending everything ZHP gave me.  Some may be the same but I am taking no chances.  Here is what I got.

http://speedy.sh/gKuAd/TestsZHPDiag.txt

http://speedy.sh/jVQKE/ZHPADSReport.txt

http://speedy.sh/bdyVM/ZHPDiag.txt

http://speedy.sh/GEBdH/ZHPDiagmay-1-first-run.txt

http://speedy.sh/RMrEU/ZHPDiagMay-1-second-run.txt

Avast was disabled.

2011N2 · Answer

Hello,

OK, two things.

1/ Run again ZHPFix with this lines and post the report :

Script ZHPFix
O2 - BHO: RrSavings - {10AD2C61-0898-4348-8600-14A342F22AC3} . (...) -- C:\Program Files\Rr Savings\RrSavings.dll    
O23 - Service: yewimmxqbs32 (yewimmxqbs32) . (...) - C:\Program Files\002\yewimmxqbs32.exe    
O42 - Logiciel: RrSavings - (.RrSavings.) [HKLM] -- {3566FB70-E722-4182-8266-815EAE862998}    
[HKCU\Software\RrSavings]    
[HKLM\Software\LevelQualityWatcher]  
O43 - CFD: 4/17/2014 - 10:05:36 PM - [0.517] ----D C:\Program Files\002    
O43 - CFD: 4/30/2014 - 10:46:57 AM - [2.892] ----D C:\Program Files\Rr Savings    
O43 - CFD: 4/30/2014 - 10:47:46 AM - [1.280] ----D C:\Program Files\RrFilter    
O43 - CFD: 11/7/2013 - 2:33:49 PM - [1.300] ----D C:\ProgramData\SpyAlert    
O90 - PUC: "07BF6653227E2814286618E5EA689289" . (.RrSavings.) -- c:\Windows\Installer\{3566FB70-E722-4182-8266-815EAE862998}\icon64.ico    
[HKLM\Software\LevelQualityWatcher]   
O2 - BHO: RrSavings - {10AD2C61-0898-4348-8600-14A342F22AC3} . (...) -- C:\Program Files\Rr Savings\RrSavings.dll    
O23 - Service: yewimmxqbs32 (yewimmxqbs32) . (...) - C:\Program Files\002\yewimmxqbs32.exe    
O42 - Logiciel: RrSavings - (.RrSavings.) [HKLM] -- {3566FB70-E722-4182-8266-815EAE862998}    
[HKCU\Software\RrSavings]    
[HKLM\Software\LevelQualityWatcher]  
O43 - CFD: 4/17/2014 - 10:05:36 PM - [0.517] ----D C:\Program Files\002    
O43 - CFD: 4/30/2014 - 10:46:57 AM - [2.892] ----D C:\Program Files\Rr Savings    
O43 - CFD: 4/30/2014 - 10:47:46 AM - [1.280] ----D C:\Program Files\RrFilter    
O43 - CFD: 11/7/2013 - 2:33:49 PM - [1.300] ----D C:\ProgramData\SpyAlert    
O90 - PUC: "07BF6653227E2814286618E5EA689289" . (.RrSavings.) -- c:\Windows\Installer\{3566FB70-E722-4182-8266-815EAE862998}\icon64.ico    
[HKLM\Software\LevelQualityWatcher]   
[MD5.DEABB07BC9B0009D826D2CA04C43F90F] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe   [4693792] [PID.3612]  
[MD5.EFAAE131121B7AD73CBA0FECC0B5A277] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe   [3037472] [PID.2316]  
G1 - GCS: Preference [User Data\Default] http://search.conduit.com    
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com    
O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll  
O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe  
O42 - Logiciel: Search Protect - (.Conduit.) [HKLM] -- SearchProtect  
O61 - LFC: 5/1/2014 - 7:44:47 PM ---A- . (...) -- C:\Users\owner\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat   [210462]  
O61 - LFC: 5/1/2014 - 7:44:47 PM ---A- . (...) -- C:\Users\owner\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat   [1952]  
O61 - LFC: 5/1/2014 - 7:44:47 PM ---A- . (...) -- C:\Users\owner\AppData\Local\SearchProtect\UI\rep\UIRepository.dat   [4366]  
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc]   
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]   
C:\Program Files\SearchProtect   
C:\Users\owner\AppData\Local\SearchProtect   
C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe   
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe   
[MD5.DEABB07BC9B0009D826D2CA04C43F90F] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe   [4693792] [PID.3612]  
[MD5.EFAAE131121B7AD73CBA0FECC0B5A277] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe   [3037472] [PID.2316]  
G1 - GCS: Preference [User Data\Default] http://search.conduit.com    
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com    
O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll  
O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe  
O42 - Logiciel: Search Protect - (.Conduit.) [HKLM] -- SearchProtect  
O61 - LFC: 5/1/2014 - 7:46:23 PM ---A- . (...) -- C:\Users\owner\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat   [210462]  
O61 - LFC: 5/1/2014 - 7:46:23 PM ---A- . (...) -- C:\Users\owner\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat   [1952]  
O61 - LFC: 5/1/2014 - 7:46:23 PM ---A- . (...) -- C:\Users\owner\AppData\Local\SearchProtect\UI\rep\UIRepository.dat   [4366]  
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc]   
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]   
C:\Program Files\SearchProtect   
C:\Users\owner\AppData\Local\SearchProtect   
C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe   
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe   
O42 - Logiciel: Speed Cleaner - (.OneBit IT.) [HKLM] -- {3A196B37-3F16-40B8-B0D2-E43333ACCE8D}    
O42 - Logiciel: Speed Cleaner - (.OneBit IT.) [HKLM] -- {541ac74f-d2f8-4430-9f75-45fae734edac}    


2/ - Download MBAM by clicking " Free Download Version".
- Save it on your desktop.
- Double- click the downloaded file to launch the installation process (if the firewall asks for permission to connect to Malwarebytes, accept)
- Once the software is installed and running, go to the "Review " tab.
- Select Review "Custom" and then click Check Now.
- Select all drives and all exam options (including search rootkits).
- Ensure that Process as malicious detections is selected for PUP and PUM.
- Click Start exam.
- If an update is shown click Update Now and then wait for the review
- Once the review is completed , make sure that the action Quarantine is selected for all elements detected.
- Click Apply actions. If asked to restart the PC, do it.
- In the Review tab, click Export Log = > text file (txt). Otherwise, go to the history tab and Application logs.
- Paste the report.

Gabriel.

ErieE · Answer

OK  I will do it.  I could at least get to Google Chrome yesterday.  Today I it always reverts to Bing.  If I click on Internet Explorer, Google not Chrome comes up but you cannot do any searches on it.

2011N2 · Answer

OK, do ZHPFix and MBAM then tell me.

Gabriel.

ErieE · Answer

Well, I did the first instruction.    Speed Cleaner is now re-installed.

You will get  two reports because I ran the first as me and it would not deal with a couple of apps so I switched to admin.

The first is the one I ran as me.

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre : 
Run by owner at 5/2/2014 6:15:10 PM
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Recycle Bin emptied (13mn AMs)

========== Software ==========
REMOVES: RrSavings
ABSENT Uninstall Process: c:\progra~1\searchprotect\main\bin\uninstall.exe
REMOVES: Speed Cleaner
ABSENT Uninstall Process: c:\programdata\package cache\{541ac74f-d2f8-4430-9f75-45fae734edac}\speedcleanersetup.exe

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
REMOVES Reboot: Memory Process: C:\Program Files\SearchProtect\UI\bin\cltmngui.exe

========== Registry keys ==========
REMOVES: CLSID BHO: {10AD2C61-0898-4348-8600-14A342F22AC3}
REMOVES:³ Service: yewimmxqbs32
REMOVES: HKCU\Software\RrSavings
REMOVES: HKLM\Software\LevelQualityWatcher
ERROR: [HKLM\Software\Classes\Installer\Products\07BF6653227E2814286618E5EA689289]
REMOVES:³ Service: CltMngSvc
REMOVES:³ HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc
REMOVES:³ HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

========== Preferences browser ==========
NOW Chrome File: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://search.conduit.com
REMOVES Chrome Site: http://search.conduit.com
REMOVES Chrome Site: http://search.conduit.com
REMOVES Chrome Site: http://search.conduit.com
REMOVES Chrome Site: http://search.conduit.com
NOW Chrome File: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://search.conduit.com

========== Folders ==========
REMOVES Reboot:** C:\Program Files\002
REMOVES Reboot:** C:\Program Files\Rr Savings
REMOVES Reboot:** C:\Program Files\RrFilter
REMOVES Reboot:** C:\ProgramData\SpyAlert
REMOVES Reboot:** c:\program files\searchprotect
REMOVES Reboot:** c:\users\owner\appdata\local\searchprotect

========== Files ==========
REMOVES Reboot: c:\program filesr savingsrsavings.dll
REMOVES Reboot: c:\program files\002\yewimmxqbs32.exe
REMOVES Reboot: c:\program files\searchprotect\main\bin\cltmngsvc.exe


========== Summary ==========
2 : Process memory
8 : Registry keys
6 : Folders
3 : Files
4 : Software
8 : Preferences browser


End of clean in 41mn AMs

========== Path to file report ==========
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/7/2014 5:08:53 PM [2833]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R2].txt - 4/12/2014 4:49:19 PM [1955]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R2]april 12.txt - 4/12/2014 4:53:33 PM [1955]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R4].txt - 4/13/2014 2:40:40 PM [1928]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R4]april13.txt - 4/13/2014 2:43:42 PM [1928]
C:\Users\owner\AppData\Roaming\ZHP\ZHPFix[R6].txt - 5/2/2014 6:15:24 PM [2913]

ErieE · Answer

You may get this twice.  All of my links that helped me get to things are gone.  Anyway I downloaded MBAM.  Unfortunately,  the site was in French and Bing did not have a translate option.  I think I guessed fairly well though.  There are two logs because on the May second one, I could not find what you wanted.  By the May 2 one, I did locate everything, I think,  There were fairly long so I uploaded them.

http://speedy.sh/RMh3U/mbamMay3.txt

They were different so I will include both.

http://speedy.sh/SHWDg/mbamMay-2.txt

hope this gives you what you need

2011N2 · Answer

Hello,

Yes it's OK for MBAM.
The account where you do all the manipulations, it is an administrateur account or a simple user ?

Gabriel.

ErieE · Answer

At first it was as a user.  Now I do it as an administrator.  Some of the early manipulations were certainly done as a user.  The ones you got yesterday were done as admin.

2011N2 · Answer

Hello,

No no I meant an administrateur user, not run as an administrator. Look at this if you don't understand : http://ccm.net/faq/3407-administrator-or-user-mode-under-xp

Gabriel.

ErieE · Answer

Now when you tell me to do something I sign on as administrator user because many times that is the only way I can download and install many items.  In the beginning I tended to just use user.  

However what confuses me is that when Dell directed me in a total re-install of Vista 2 or 3 years ago, I ended up with Beth and Ruth  as just users and Elizabeth as administrator user and at times it seems as though there is an owner account although there is not an owner account when either of us logs in.

Sorry, I got in the habit of using admin when I was the admin of my workplace and did sign in that way at times when my ISS supervisor told me to do so.  

At home I am administrator user.  I know in the beginning I used just the Beth-user account, however..

2011N2 · Answer

Hello,

OK, and you run the tools from the user that has problems ?

Gabriel.

ErieE · Answer

I have checked and all three users have the same problems -- Beth, Ruth, and Elizabeth.  I don't know what to do about Owner since there is no account for it.,

I didn't think of running each one three times but I certainly will if you think it will help.  At this time I run them all from the administrator - user account.  In the beginning I know I used my user account but I found that many of the tools you gave me would not run unless I used the administrator-user account.

2011N2 · Answer

Hello,

Can you try to run again ZHPDiag in safe mode with networking ?

Gabriel.

ErieE · Answer

Sure.  Do you want me to run it as administrator-user or what?  Do you want Avast disabled?

thank you.  I know this us taking a lot of your time  I do appreciate your efforts.

2011N2 · Answer

Yes, with administrateur user, and with Avast disabled.

This situation is strange, I don't really understand why all is reappearing...

Gabriel.

ErieE · Answer

Here is exactly what I did in case I did anything wrong.  I logged on in safe mode with networking.  I chose Elizabeth which is my administrator-user account.  I ran ZHP with full options chosen.  I did not choose search or configure.   Here is what I got

http://speedy.sh/WPja6/ZHPDiagsafenet-May-7.txt

The weird thing was when I was in safe mode with networking, I could not go to the network.  I had to save the report, restart, log on as Elizabeth, and upload the report from there.

2011N2 · Answer

Hi,

Good news, Speed cleaner is missing. :)

Just run again ZHPFix with this lines and paste the report :

Script ZHPFix
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)    
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)    
[HKCU\Software\Reimage]  
[HKCU\Software\SpeedyPC Software]  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3]    
G1 - GCS: Preference [User Data\Default] http://search.conduit.com    
[HKCU\Software\Condut]    
O43 - CFD: 10/27/2013 - 9:43:06 PM - [2.755] ----D C:\Users\Beth\AppData\Local\CRE    
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect]   



Gabriel.

ErieE · Answer

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre : 
Run by Beth at 5/7/2014 11:02:42 AM
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Recycle Bin emptied (Canceled by user)

========== Registry keys ==========
REMOVES: HKCU\Software\Reimage
REMOVES: HKCU\Software\SpeedyPC Software
REMOVES: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3
REMOVES: HKCU\Software\Condut
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

========== Folders ==========
REMOVES: C:\Users\Beth\AppData\Local\CRE

========== Files ==========
REMOVES: c:\users\beth\appdata\local\google\chrome\user data\default\preferences


========== Summary ==========
5 : Registry keys
1 : Folders
1 : Files


End of clean in 06mn AMs

========== Path to file report ==========
C:\Users\Beth\AppData\Roaming\ZHP\ZHPFix[R1].txt - 5/2/2014 5:24:25 PM [2154]
C:\Users\Beth\AppData\Roaming\ZHP\ZHPFix[R1]may 2.txt - 5/2/2014 5:24:59 PM [2154]
C:\Users\Beth\AppData\Roaming\ZHP\ZHPFix[R3].txt - 5/7/2014 11:02:48 AM [1141]

This was all done in administrator-user mode but not safe mode.

C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\yewimmxqbs32.exe.VIR,c:\program files\002\yewimmxqbs32.exe
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\002.DIR,C:\Program Files\002
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\RrFilter.DIR,C:\Program Files\RrFilter
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\SpyAlert.DIR,C:\ProgramData\SpyAlert
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\cltmngsvc.exe.VIR,c:\program files\searchprotect\main\bin\cltmngsvc.exe
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\searchprotect.DIR,c:\program files\searchprotect
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\searchprotect.DIR,c:\users\owner\appdata\local\searchprotect
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\preferences.VIR,c:\users\beth\appdata\local\google\chrome\user data\default\preferences
C:\Users\Beth\AppData\Roaming\ZHP\Quarantine\CRE.DIR,C:\Users\Beth\AppData\Local\CRE

2011N2 · Answer

OK, and all is good or not ?

Gabriel.

ErieE · Answer

No. Unfortunately, the original problem still remains. When I turn the computer on it goes to the Dell Splash Screen.  Then Windows  Boot Manager appears not Vista.  I get a choice of Vista and Memory Diagnostics.  I have to click on Vista and after about 100 clicks Vista comes up.  Something is wrong with the Boot Process or what lets Vista come up automatically.

Sorry

2011N2 · Answer

Hello,

You have to click 100 times before Windows boot ?

Gabriel.

ErieE · Answer

No.  I was not clear. 

I turn on the machine.  Windows Boot Manager Appears giving me two choices:

Microsoft Windows Vista

and Memory Diagnostics.

I then select Microsoft Windows Vista and press the Enter key on the laptop keyboard one and only one time.  Then the machine beeps about 100 times.  I can't be sure of the number.  

After that the screen opens that lets me choose which account I want and Vista opens and works very well since you have cleaned it up.

I press the Enter key one time.  The machine beeps about 100 times and then Vista opens.  That is the only way to get Vista.

Sorry I was not clear

2011N2 · Answer

Hello,

No problem it was me, I didn't understand. Maybe it is a hardware problem.

And what about Speed Cleaner, and when the computer is open ?

Gabriel.

ErieE · Answer

Speed Cleaner appears to gone.  It no longer starts when the machine starts., if that is what you mean.

The only problem is the original one.  The computer boots to Windows Boot Manager not Vista.

What hardware problem could it be?

2011N2 · Answer

Hello,

I don't really know but your computer is clean now.

Have you tried to remove Bing from the settings of the browser ? You can do this normaly.

And for the problem at the boot, maybe open a new topic in Hardware category.

Gabriel.

ErieE · Answer

OK.  I will.  Thank you so much for your help. My machine works much better know once it starts.  I had it in hardware in the beginning.  I don't remember the person's name but he transferred it to virus.  Anyway,  Thanks very much.

As to removing Bing.  No, I can't.  It does not show up.

Do you know how I can get the English Google Chrome?

2011N2 · Answer

Hello,

Yes, it was maybe Ambucias who has redirected you in this category, but it was a good idea because your computer was a little infected.

I think you can answer in your first topic and explain that your computer is now clean : http://ccm.net/forum/affich-752736-dell-inspiron-laptop-boots-to-windows-boot-manager-not-vista

For the icon which doesn't work on your desktop, it's probably the shortcut which is corrupted. Delete it, and after recreate it and it will be probably good. Do a right click and then "Create a shortcut".

Gabriel.

ErieEl · Answer

I am a  little confused.  Bing is back and I really don't want it.  I can't find it listed anywhere to get rid of it.  I also cannot get Internet Explorer to work.  I don't use it but there have been a few sites I needed to get into that required it.  Are  these covered under hardware?

2011N2 · Answer

Hello,

Bing, it is a toolbar, a seach engine or a homepage ?

Gabriel.

ErieE · Answer

It is a Search Engine but I think I figured out how to get rid of it.  It is connected through Conduit to Chrome but it is not as good as Google Chrome.  There is a setting where you can delete it or just not check the box beside it.  That turns it off as your default search engine.  So far, everything is OK. 

 Internet explorer is now working.  It was a matter of changing the settings also.  I don't use it anyway.  There have been a couple of instances where I had to use it for locate a particular web site. That was the only reason I wanted it.  

 It looks as though every thing is OK except the boot problem.  Thanks so much for all your help.  I still don't know how to say the problems are solved, though.  I notice other problems have  "solved" by them.  How do I do that.

2011N2 · Answer

Hello,

Perfect. :)

I have mark the topic as solved.

See you soon.

Gabriel.

Virus hampering boot on Windows Vista

103 responses

Subscribe To Our Newsletter!