74 replies to this topic

[ken545]

Delete the ones in documents downloads and also the older version folder, when you create the fixlist make sure your spelling it correctly, save it as FIXLIST.TXT

[sleepybear]

ok I will delete everything and start over, then will save as FIXLIST.TXT, it was in lower case before. This computer is very important to us, thank you for your help.

[ken545]

It doesn't matter if its upper or lower case, I just did that to enhance it so you would get the spelling correct

 

So you should have FRST on your desktop ....Correct, just copy the this into Notepad

 

Start
CloseProcesses:
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
C:\WINDOWS\system32\jebufijo.dll
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

 

 

Then click on File>  Save As and name it Fixlist.txt, save it to your desktop, then open FRST and click on Fix

[sleepybear]

Thank you Ken, it's running slow, so locking up when downloading farbar. I will keep trying. Having several keyboard issues also. 

[sleepybear]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014

Ran by HP_Administrator at 2014-11-02 18:33:53 Run:1

Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop

Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

CloseProcesses:

Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File

Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File

Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll

C:\WINDOWS\system32\jebufijo.dll

CMD: ipconfig /flushdns

Hosts:

EmptyTemp:

End

*****************

 

Processes closed successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.

"HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.

"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.

C:\WINDOWS\Tasks\ijmcbczm.job => Moved successfully.

"C:\WINDOWS\system32\jebufijo.dll" => File/Directory not found.

 

=========  ipconfig /flushdns =========

 

 

 

Windows IP Configuration

 

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 40.4 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[ken545]

 

 

Run these in the order listed 

 

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

===============================================================================

 

 

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

===============================================================================

 

Download Malwarebytes' Anti-Malware  to your desktop. 

 

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

 

 

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

[sleepybear]

# AdwCleaner v3.311 - Report created 03/11/2014 at 17:47:52

# Updated 30/09/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)

# Username : HP_Administrator - YOUR-55E5F9E3D2

# Running from : C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

File Deleted : C:\Program Files\Mozilla Firefox\user.js

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink

Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Babylon

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v6.0.2900.2180

 

 

-\\ Google Chrome v38.0.2125.111

[sleepybear]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.5 (10.31.2014:1)

OS: Microsoft Windows XP x86

Ran by HP_Administrator on Mon 11/03/2014 at 17:57:07.92

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\babylon"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 11/03/2014 at 18:04:35.54

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[sleepybear]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/3/2014

Scan Time: 10:12:21 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.04.01

Rootkit Database: v2014.11.01.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 2

CPU: x86

File System: NTFS

User: HP_Administrator

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 374464

Time Elapsed: 16 min, 30 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[ken545]

Good.  

 

With this next scanner be sure to read the instructions and uncheck found threats as sometimes it picks up false positives and we dont want it removing anything thats not bad, I just want to see the report

 

  

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Make sure that the option "Remove found threats" is Unchecked

Push the Start button.

ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push , and save the file to your desktop using a unique name, such as

ESETScan. Include the contents of this report in your next reply.

Push the button.

Push

Please make sure you include the following items in your next post:

The log that was produced after running ESET Online Scanner.

[sleepybear]

Thank you very much Ken, I am noticing my computer is running better already with less keyboard takeover. I just wanted to ask you from the earlier reports above there, is there a virus called BABYLON? because i'm not sure if the 'PC HEALTH CENTER' virus is the only one I have on here??

 

OK  I  will now get started with the ESET online scanner.
 

[sleepybear]

NO THREATS FOUND

SCANNED FILES 169,079

INFECTED FILES 0

CLEANED FILES  0

TOTAL SCAN TIME  1:12:57

SCAN STATUS       FINISHED   

[ken545]

Babylon was removed by AdwCleaner, I never saw and entries for PC Health Center, do you still see it on your system ?

[sleepybear]

Thank you Ken.   Yes pc health center is still here, it affected a binary file that cannot be erased even with Unlocker 1.85.  The main problem I am having is keyboard errors, like the shift key will print a slash mark instead of making a capital letter etc.  Something got into our Sonic Record program (on here for many years) and it turns on when you press the shift key sometimes. I completely deleted my Sonic program but it still turns on the start page of it. Do you think that was the pc health center or the babylon virus that affected that ?

[ken545]

Open FRST and copy and paste this into the box

PC Health Center

Then click on Search Files and copy and paste the report for me to see

 

Then do the same thing but this time Search Registry and post the report