Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please lead me to thread [Solved]

pc healthcenter

  • This topic is locked This topic is locked
74 replies to this topic

#16 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 November 2014 - 05:14 AM

Delete the ones in documents downloads and also the older version folder, when you create the fixlist make sure your spelling it correctly, save it as FIXLIST.TXT


  • sleepybear likes this

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#17 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 02 November 2014 - 04:06 PM

ok I will delete everything and start over, then will save as FIXLIST.TXT, it was in lower case before. This computer is very important to us, thank you for your help.



#18 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 November 2014 - 05:01 PM

It doesn't matter if its upper or lower case, I just did that to enhance it so you would get the spelling correct

 

So you should have FRST on your desktop ....Correct, just copy the this into Notepad

 

Start
CloseProcesses:
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
C
:\WINDOWS\system32\jebufijo.dll
CMD
: ipconfig /flushdns
Hosts:
EmptyTemp:
End

 

 

Then click on File>  Save As and name it Fixlist.txt, save it to your desktop, then open FRST and click on Fix



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#19 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 02 November 2014 - 05:12 PM

Thank you Ken, it's running slow, so locking up when downloading farbar. I will keep trying. Having several keyboard issues also. 



#20 sleepybear

sleepybear

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 02 November 2014 - 08:38 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by HP_Administrator at 2014-11-02 18:33:53 Run:1
Running from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Task: C:\WINDOWS\Tasks\ijmcbczm.job => C:\WINDOWS\system32\jebufijo.dll
C:\WINDOWS\system32\jebufijo.dll
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
 
Processes closed successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.
"HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
C:\WINDOWS\Tasks\ijmcbczm.job => Moved successfully.
"C:\WINDOWS\system32\jebufijo.dll" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 40.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#21 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 November 2014 - 09:19 PM

:thumbup:

 

 

Run these in the order listed 

 

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #22 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 03 November 2014 - 07:54 PM

    # AdwCleaner v3.311 - Report created 03/11/2014 at 17:47:52
    # Updated 30/09/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
    # Username : HP_Administrator - YOUR-55E5F9E3D2
    # Running from : C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    File Deleted : C:\Program Files\Mozilla Firefox\user.js
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\SOFTWARE\Babylon
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v6.0.2900.2180
     
     
    -\\ Google Chrome v38.0.2125.111


    #23 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 04 November 2014 - 12:04 AM

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.5 (10.31.2014:1)
    OS: Microsoft Windows XP x86
    Ran by HP_Administrator on Mon 11/03/2014 at 17:57:07.92
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\babylon"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 11/03/2014 at 18:04:35.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    #24 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 04 November 2014 - 12:33 AM

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 11/3/2014
    Scan Time: 10:12:21 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.11.04.01
    Rootkit Database: v2014.11.01.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows XP Service Pack 2
    CPU: x86
    File System: NTFS
    User: HP_Administrator
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 374464
    Time Elapsed: 16 min, 30 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #25 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 November 2014 - 04:16 AM

    Good.  

     

    With this next scanner be sure to read the instructions and uncheck found threats as sometimes it picks up false positives and we dont want it removing anything thats not bad, I just want to see the report

     

      

     
    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
  • scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as
  • ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #26 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 04 November 2014 - 09:51 PM

    Thank you very much Ken, I am noticing my computer is running better already with less keyboard takeover. I just wanted to ask you from the earlier reports above there, is there a virus called BABYLON? because i'm not sure if the 'PC HEALTH CENTER' virus is the only one I have on here??

     

    OK  I  will now get started with the ESET online scanner.
     



    #27 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 04 November 2014 - 11:43 PM

    NO THREATS FOUND

    SCANNED FILES 169,079

    INFECTED FILES 0

    CLEANED FILES  0

    TOTAL SCAN TIME  1:12:57

    SCAN STATUS       FINISHED   



    #28 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 November 2014 - 04:50 AM

    Babylon was removed by AdwCleaner, I never saw and entries for PC Health Center, do you still see it on your system ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #29 sleepybear

    sleepybear

      Authentic Member

    • Authentic Member
    • PipPip
    • 61 posts

    Posted 05 November 2014 - 01:58 PM

    Thank you Ken.   Yes pc health center is still here, it affected a binary file that cannot be erased even with Unlocker 1.85.  The main problem I am having is keyboard errors, like the shift key will print a slash mark instead of making a capital letter etc.  Something got into our Sonic Record program (on here for many years) and it turns on when you press the shift key sometimes. I completely deleted my Sonic program but it still turns on the start page of it. Do you think that was the pc health center or the babylon virus that affected that ?



    #30 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 November 2014 - 02:28 PM

    Open FRST and copy and paste this into the box

    PC Health Center

    Then click on Search Files and copy and paste the report for me to see

     

    Then do the same thing but this time Search Registry and post the report


    • sleepybear likes this

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users