HiJack This Help?

[tyns]

I am having this trouble with one of my clients.
The are getting pop-ups with koalabingo, partypoker.. etc.. in IE. (even though I repeatedly tell them NOT to use IE, they do)

anyhow.. I can run spybot, windows defender, virusscan.. all check out okay.. but when I go to run adaware.. it find 2 items.. then suddenly blue screens windows.

I have looked at the Hijack this log, it looks pretty normal to me.. If anyone can provide any help that would be great.

I am remotely trying to assess this system.. so I am unable to reboot the computer in safe mode to test with the procedures outlined in the instruction for posting a hijack this log in safe mode ..

 

[Spike]

Seeing as you are trying to do this remotely....

I would highly reccomed that you run a trend micro online scan on the target machine, and also install Ewido to it ans scan with that. Beyond this, I haven't picked out every little thing from the log because of the fact that you are doing this remotely, but the major issues I feel are below...

The following are very much suspect...
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\ssttt.dll

O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll

The following are suspect unless you know what they are...
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

URL deliberately voided

 

[howard_hopkinso]

Hello and welcom to Techspot.

Your system is infected with the vundo trojan.

Go HERE and follow the instructions.

Then, go HERE and follow the instructions exactly.

Post a fresh HJT, only after you have completed the above.

Regards Howard :wave: :wave:

 

[tyns]

Thank You Kindly

Thank You Kindly!

I will give it a try.