Can't run HJT

[wonder]

I've already uninstalled the out-of-date version of Flash that was on my computer...I haven't installed the newest version yet. Just thought you should know. I didn't do anything to shockwave.

Here's the info log:


info.txt logfile of random's system information tool 1.06 2009-09-04 09:31:29

======Uninstall list======

HijackThis 2.0.2-->"C:\Documents and Settings\Mary\Desktop\HijackThis.exe" /uninstall

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall (disabled)

======System event log======

Computer Name: BACK
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 105
Source Name: DCOM
Time Written: 20090821071753.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BACK
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 62
Source Name: DCOM
Time Written: 20090820073830.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BACK
Event Code: 240
Message: A request to suspend power was denied by OUTLOOK.EXE.

Record Number: 56
Source Name: Win32k
Time Written: 20090819210558.000000-300
Event Type: warning
User:

Computer Name: BACK
Event Code: 54
Message: Document Microsoft Word - Document9.doc was corrupted and has been deleted. The associated driver is: HP DeskJet 855C.

Record Number: 45
Source Name: Print
Time Written: 20090819202622.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BACK
Event Code: 240
Message: A request to suspend power was denied by WINWORD.EXE.

Record Number: 39
Source Name: Win32k
Time Written: 20090819182307.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: BACK
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module helper.dll, version 4.0.0.0, fault address 0x0000c1b9.

Record Number: 16062
Source Name: Application Error
Time Written: 20081214192434.000000-360
Event Type: error
User:

Computer Name: BACK
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module helper.dll, version 4.0.0.0, fault address 0x0000c1b9.

Record Number: 16061
Source Name: Application Error
Time Written: 20081214185354.000000-360
Event Type: error
User:

Computer Name: BACK
Event Code: 1517
Message: Windows saved user BACK\Mary registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 16055
Source Name: Userenv
Time Written: 20081214004853.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BACK
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module helper.dll, version 4.0.0.0, fault address 0x0000c1b9.

Record Number: 16054
Source Name: Application Error
Time Written: 20081214004750.000000-360
Event Type: error
User:

Computer Name: BACK
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 16053
Source Name: Application Hang
Time Written: 20081214001533.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

[Blade81]

Hi,

Could you take a screenshot of your add/remove contents? Pick randomly a few items there and see if remove -button appears when item is activated.

[wonder]

The only two programs that have the remove button are Abacast and Hijackthis.

I have taken a screen shot, but it won't let me paste it to this post. I tried and I can paste it to email. Is there a way to make it an attachment so you can see it?

[Blade81]

Could you paste the screenshot into MS Paint for example and save the file in suitable picture format(png, gif or jpg for example)? That could be attached to your reply then.

[wonder]

Working on it right now.

[wonder]

I apparently don't have a paint program now. I believe I used to, but don't know where it went! I can get the screenshot to show up when I paste it to an email. When I try to save the picture (on the email) it will only let me save it as bitmap. Is there another place I can save it so I can paste it here?

[wonder]

Attached below...maybe.

McAfee just popped up a screen about artemis trojan even though the program is disabled. Weird.

[Blade81]

Hi,

See if you're able to find uninstall.dat file in c:\QooBox folder or in one of its subfolders. Kindly archive it into zip file and attach to your post if found.

[wonder]

Can't find the uninstall file.

[wonder]

Just in case you need it, here's more info on c:\Qoobox folder.

There are 6 files and 2 folder in c:\Qoobox. Folders: BackEnv and Quarantine. Files: Add-Remove Programs, CFScript_used_2009-09-03_23.07.56, ComboFix2, ComboFix-quarantined-files, LogA, SnapShot@2009-09-03_14.13.41.

I opened the two folders. BackEnv had 15 DAT file with names like startmenu.folder and 1 DAT file named SysPath and one MS-DOS Batch File named Set Path. Quaranine had 2 folders (C and Registry_backups) and two files, both named catchme. C folder contained 3 folders (Documents and Settings, Program Files, and WINDOWS). I can tell you what was in those three if you need it.

I could have just posted the above info in a screen shot, but I had some trouble doing that earlier. To do the screen shot requested in the earlier post, I had to paste the screenshot to an email and send it to another computer in my house. Then I saved the picture in the email on that computer as JPEG (because my computer would not let me save it as anything but bitmap) and then emailed it back to this computer. Then I attached it to my post. Mcafee sent me the trojan warning message after getting that email back on this computer. I figured out then that I had not disabled the part of mcafee that protects/scans emails. So I wonder if I sent out that trojan and then received it back. The second computer should have excellent virus/trojan protection but it does get online from the wireless router connected to this computer (D-link).