Inactive Cannot install Malwarebytes in safe mode -- XP

Extras - Part 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Belarc Advisor" = Belarc Advisor 8.2
"DyslexSim1.1" = DyslexSim
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExamView ActiveX Control v2" = ExamView ActiveX Control v2
"FTD2XX" = FTDI FTD2XX USB Drivers
"HASP4 Device Drivers" = HASP4 Device Drivers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Security Task Manager" = Security Task Manager 1.8c
"SimEditor (UB01)" = SimEditor (UB01) v.2.6.8 (remove only)
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.80.00.XP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/04/2012 18:23:19 | Computer Name = YOUR-EDBA3D365E | Source = McLogEvent | ID = 259
Description = The file c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\radfghdfghxcxvox.jar-430a90b5-2cbe74ec.zip\Glocker.class
contains the Downloader.a!pb Trojan. Undetermined clean error, OAS denied access
and continued. Detected using Scan engine version 5400.1158 DAT version 6674.0000.

Error - 10/04/2012 03:56:21 | Computer Name = YOUR-EDBA3D365E | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5400.1158 DAT version
6674.

Error - 10/04/2012 04:00:46 | Computer Name = YOUR-EDBA3D365E | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 11/04/2012 14:45:45 | Computer Name = YOUR-EDBA3D365E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/04/2012 04:12:16 | Computer Name = YOUR-EDBA3D365E | Source = Application Error | ID = 1000
Description = Faulting application extract.3xe, version 0.0.0.0, faulting module
crtdll.dll, version 4.0.1183.1, fault address 0x000115ce.

Error - 14/04/2012 13:29:34 | Computer Name = YOUR-EDBA3D365E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/04/2012 13:29:34 | Computer Name = YOUR-EDBA3D365E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/04/2012 19:00:22 | Computer Name = YOUR-EDBA3D365E | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 15/04/2012 14:39:07 | Computer Name = YOUR-EDBA3D365E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2012 14:39:42 | Computer Name = YOUR-EDBA3D365E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 14/04/2012 05:37:42 | Computer Name = YOUR-EDBA3D365E | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 14/04/2012 05:37:48 | Computer Name = YOUR-EDBA3D365E | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 14/04/2012 05:37:54 | Computer Name = YOUR-EDBA3D365E | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 14/04/2012 05:38:26 | Computer Name = YOUR-EDBA3D365E | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 14/04/2012 08:48:41 | Computer Name = YOUR-EDBA3D365E | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 14/04/2012 08:48:41 | Computer Name = YOUR-EDBA3D365E | Source = Service Control Manager | ID = 7000
Description = The SMART Display Controller service failed to start due to the following
error: %%2

Error - 14/04/2012 15:24:38 | Computer Name = YOUR-EDBA3D365E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0013029FBB42 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 14/04/2012 16:48:18 | Computer Name = YOUR-EDBA3D365E | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 15/04/2012 14:36:07 | Computer Name = YOUR-EDBA3D365E | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 15/04/2012 14:36:07 | Computer Name = YOUR-EDBA3D365E | Source = Service Control Manager | ID = 7000
Description = The SMART Display Controller service failed to start due to the following
error: %%2


< End of report >
 
Actually I don't see anything malicious in your logs.
What are the current issues?
 
Hi,
After getting locked out with the Met Police virus I tried accessing safemode which I couldn't do. Since getting rid of this and 14 trojans from a later scan I still cannot use any of the 3 safemodes. What makes me more suspicious is that I cannot install RKill or many of the other virus/malware killers. Other prgorammes such as Photoshop have issues whereby once un-installed they don't work correctly on reinstall - hence my reference to the restore disk assuming that I have something nasty on the H/D. Pleased that it doesn't look like it's infected but still not sure how to get rid of the other the issues experienced. However I do really appreciate all your efforts and time looking at the logs provided.
Cheers
SlowDownHill
 
Possibly your Windows installation got corrupted but....

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Back