Avast is picking up Leboborta and then malwarebytes is picking up searchnet.blinkxcore.com. I’ve attached a few files…please help!
Can you also attached a screenshot of the alert + the MBAM logfile?
Remover Notified.
Screenshots! Let me get log file
I scanned it multiple times over the 2 days…here are my logs
All the logs are the same…
However, I can see lots of adware. Thanks
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Task: {61C934CF-5915-463B-A9BF-389ADA160D37} - System32\Tasks\DSite => C:\Users\NATHAN~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {70870F02-9EB8-4026-9557-3CCBA4B8B3B3} - System32\Tasks\{9A3D7BCF-0C60-17CD-4FB6-B7EBF228AD83} => C:\Users\NathanSMSU\AppData\Roaming\lgbngjl.dll [2014-10-28] () <==== ATTENTION
Task: {DD1D5525-7457-4690-A0C9-8A567CD03525} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F5139168-E6CB-4169-BFC9-C1F491EE7943} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\NATHAN~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {10efa2c1-d344-11e2-a0b5-00219b0668fa} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {10efa3c0-d344-11e2-a0b5-00219b0668fa} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {13d4f3bd-082c-11e0-9564-00219b0668fa} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {1e737793-c091-11e3-9803-00219b0668fa} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {86bdfc23-d1da-11e3-a94c-00219b0668fa} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {96d499e0-3edc-11e4-8747-00219b0668fa} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {98c0f6b7-4d88-11e3-8f70-00219b0668fa} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {9bb0deec-8167-11e3-978a-00219b0668fa} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {a424d45c-3193-11e3-b283-00219b0668fa} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...\MountPoints2: {fd77f459-648c-11e2-a927-00219b0668fa} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2106541641-119053125-3253436460-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - {1EE22D9B-0D9E-1B8E-2CA7-6ACA4629C6E1} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={DA2A8436-650A-11E2-A927-00219B0668FA}
FF DefaultSearchEngine: Mysearchdial
FF Extension: No Name - C:\Users\NathanSMSU\AppData\Roaming\Mozilla\Firefox\Profiles\cjngacrq.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [Not Found]
C:\ProgramData\e9fbebn.fee
C:\ProgramData\f8zvllwl.bxx
C:\ProgramData\f8zvllwl.fvv
C:\Users\NathanSMSU\acrobatreader.exe
C:\Users\NathanSMSU\java.exe
C:\Users\NathanSMSU\jqs.exe
C:\Users\NathanSMSU\msconfig.exe
EmptyTemp:
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Looks like I’m clean! Thank you!
Okay…this is getting aggressive. I’m back with pop-ups…and now it’s deleting frst32 just the minute I download it! What next? Thanks for your help
Re-run FRST and click scan.