Tech Support Forum - View Single Post

jasonbeck · 11-22-2005, 09:03 AM

Thanks subs for your quick reply. Here is the VBG log below. I have done new HJT log and will post it with/after Activescan is complete. Thanks for your help!

[11/22/2005, 9:43:34] - Starting Process...
[11/22/2005, 9:43:34] - Looking for Browser Helper Object [MSEvents Object]
[11/22/2005, 9:43:34] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/22/2005, 9:43:34] - 2: {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - McBrwHelper Class
[11/22/2005, 9:43:34] - 3: {3EC8255F-E043-4cae-8B3B-B191550C2A22} - McAfee Privacy Service Popup Blocker
[11/22/2005, 9:43:34] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[11/22/2005, 9:43:34] - 5: {601ED020-FB6C-11D3-87D8-0050DA59922B} - WsftpBrowserHelper Class
[11/22/2005, 9:43:34] - 6: {CE70731D-F28D-4D81-9D61-C8EE60378401} - MSEvents Object
[11/22/2005, 9:43:34] - Found MSEvents Object!
[11/22/2005, 9:43:34] - File location: C:\WINDOWS\system32\sstqn.dll
[11/22/2005, 9:43:34] - Attempting to kill C:\WINDOWS\system32\sstqn.dll
[11/22/2005, 9:43:34] - Terminating Process: RUNDLL32.EXE
[11/22/2005, 9:43:34] - Terminating Process: IEXPLORE.EXE
[11/22/2005, 9:43:35] - Disabling Automatic Shell Restart
[11/22/2005, 9:43:35] - Terminating Process: EXPLORER.EXE
[11/22/2005, 9:43:35] - Suspending the NT Session Manager System Service
[11/22/2005, 9:43:36] - Terminating Windows NT Logon/Logoff Manager
[11/22/2005, 9:43:36] - Re-enabling Automatic Shell Restart
[11/22/2005, 9:43:36] - Renaming C:\WINDOWS\system32\sstqn.dll -> C:\WINDOWS\system32\sstqn.dll.vir
[11/22/2005, 9:43:36] - File successfully renamed!
[11/22/2005, 9:43:36] - Removing Registry references to {CE70731D-F28D-4D81-9D61-C8EE60378401}
[11/22/2005, 9:43:36] - Adding Internet Explorer Protection (Kill ActiveX) for {CE70731D-F28D-4D81-9D61-C8EE60378401}
[11/22/2005, 9:43:36] - Removing Winlogon Notify Entry: sstqn
[11/22/2005, 9:43:37] - BHO list has been changed! Starting over...
[11/22/2005, 9:43:37] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/22/2005, 9:43:37] - 2: {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - McBrwHelper Class
[11/22/2005, 9:43:37] - 3: {3EC8255F-E043-4cae-8B3B-B191550C2A22} - McAfee Privacy Service Popup Blocker
[11/22/2005, 9:43:37] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[11/22/2005, 9:43:37] - 5: {601ED020-FB6C-11D3-87D8-0050DA59922B} - WsftpBrowserHelper Class
[11/22/2005, 9:43:37] - Finished searching for [MSEvents Object]
[11/22/2005, 9:43:37] - Finishing up...
[11/22/2005, 9:43:37] - Enabling Automatic Reboot on STOP Error.
[11/22/2005, 9:43:37] - Attempting to Restart via STOP error (Blue Screen!)

11-22-2005, 09:03 AM	#3 (permalink)
jasonbeck Registered User Join Date: Nov 2005 Posts: 14 OS: XP	Thanks subs for your quick reply. Here is the VBG log below. I have done new HJT log and will post it with/after Activescan is complete. Thanks for your help! [11/22/2005, 9:43:34] - Starting Process... [11/22/2005, 9:43:34] - Looking for Browser Helper Object [MSEvents Object] [11/22/2005, 9:43:34] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class [11/22/2005, 9:43:34] - 2: {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - McBrwHelper Class [11/22/2005, 9:43:34] - 3: {3EC8255F-E043-4cae-8B3B-B191550C2A22} - McAfee Privacy Service Popup Blocker [11/22/2005, 9:43:34] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess [11/22/2005, 9:43:34] - 5: {601ED020-FB6C-11D3-87D8-0050DA59922B} - WsftpBrowserHelper Class [11/22/2005, 9:43:34] - 6: {CE70731D-F28D-4D81-9D61-C8EE60378401} - MSEvents Object [11/22/2005, 9:43:34] - Found MSEvents Object! [11/22/2005, 9:43:34] - File location: C:\WINDOWS\system32\sstqn.dll [11/22/2005, 9:43:34] - Attempting to kill C:\WINDOWS\system32\sstqn.dll [11/22/2005, 9:43:34] - Terminating Process: RUNDLL32.EXE [11/22/2005, 9:43:34] - Terminating Process: IEXPLORE.EXE [11/22/2005, 9:43:35] - Disabling Automatic Shell Restart [11/22/2005, 9:43:35] - Terminating Process: EXPLORER.EXE [11/22/2005, 9:43:35] - Suspending the NT Session Manager System Service [11/22/2005, 9:43:36] - Terminating Windows NT Logon/Logoff Manager [11/22/2005, 9:43:36] - Re-enabling Automatic Shell Restart [11/22/2005, 9:43:36] - Renaming C:\WINDOWS\system32\sstqn.dll -> C:\WINDOWS\system32\sstqn.dll.vir [11/22/2005, 9:43:36] - File successfully renamed! [11/22/2005, 9:43:36] - Removing Registry references to {CE70731D-F28D-4D81-9D61-C8EE60378401} [11/22/2005, 9:43:36] - Adding Internet Explorer Protection (Kill ActiveX) for {CE70731D-F28D-4D81-9D61-C8EE60378401} [11/22/2005, 9:43:36] - Removing Winlogon Notify Entry: sstqn [11/22/2005, 9:43:37] - BHO list has been changed! Starting over... [11/22/2005, 9:43:37] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class [11/22/2005, 9:43:37] - 2: {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - McBrwHelper Class [11/22/2005, 9:43:37] - 3: {3EC8255F-E043-4cae-8B3B-B191550C2A22} - McAfee Privacy Service Popup Blocker [11/22/2005, 9:43:37] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess [11/22/2005, 9:43:37] - 5: {601ED020-FB6C-11D3-87D8-0050DA59922B} - WsftpBrowserHelper Class [11/22/2005, 9:43:37] - Finished searching for [MSEvents Object] [11/22/2005, 9:43:37] - Finishing up... [11/22/2005, 9:43:37] - Enabling Automatic Reboot on STOP Error. [11/22/2005, 9:43:37] - Attempting to Restart via STOP error (Blue Screen!)