MLacey8804
Posts: 6 +0
I know for definite that I have Infostealer, but I'm quite certain there are other problems. Please help me resolve these issues.
Thanks, Mike.
Thanks, Mike.
The following are for Symantec, but there is no Symantec security program running. If a Symantec/Norton program was previously on the system, these processes should be stopped and the program uninstalled:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O4 - Global Startup: VTAgentReboot.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdnsg.exe] C:\WINDOWS\system32\kdnsg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe> uodate
O8 - Extra context menu item: &Search - ?p=ZNxmk571YYGB
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode:O16 - DPF: {6A344D34-5231-452A-8A57-D064A9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab> Download Manager for Symantec products.
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
When finished> Apply> OKAny Adobe processes
Any entries for BitComet and Bearshare
VRAgentReboot
Symantec or Norton
Go to the Start> Run> type in services.msc> find each of the following Services> right click> Properties> change startp type to Disabled:Adobe
BitComet
Bearshare
Symantec
VTAgent(Reboot)
Right click on Start> Explore> Windows> System 32> delete the following if present:Symantec Lic Net
Symantec Core LC
Reboot into Normal Mode> close the nag message that comes up after checking 'don't show this message again'. Stay in Selective Startup.kdnsg.exe
Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK BitComet> Apply> OK> Reboot> Close the nag message after checking 'don't sow this message again'. Stay in Selective Startup.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
This infection steals passwords . I would suggest you change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean.
Mbam cleaned up the infections- users accounts were 'Richard' and Shexual Fairy'. Did Mbam include the accounts of the other users 'siob-han, 'dad' , matty and the various 'guests'? It is strange to see the large amount of Tracking Cookies for ALL the users, but not see anything in Mbam>