Security Tool and maybe more malaware

yeah I do have my windows XP copy is just the cd key is at my mom house.

So anyway I performed the first scan, it didnt said nothing the CD Drive was spinning but it just finished like that. Am I supposed to get a report or something? Anyway because it takes a while to do I will perform the 2nd one tomorrow and let you know the result tomorrow night. Its 2 am and I work tomorrow, well in 5 hours!

Thanks for the help so far DragonMaster Jay!

Hi Dragonmaster Jay,

After second scan nothing happened. No errors reported to fix, still have all my issues.

Would you be able to transfer a download of Internet Explorer from another computer to yours, to install?

Im not sure I understand what your asking. I have acces to a laptop with internt and a USB storage key. Would that do it?

Yes, it should.

Ok cool, so what should I do?

Download Internet Explorer from here: http://www.microsoft.com/windows/Internet-explorer/default.aspx
Save the download, not open it.
Then, transfer the saved download to your flash drive or other storage media, and then on to the infected computer.

Install it after it gets transferred on to the infected computer. Did this work?

Hi DragonMaster Jay,

It doesnt install, it does the same when windows update try to make me install it. It fails at the second step (detecting spyware etc) and at the third (installing explorer 8) and then it stops telling me it cant install explorer 8.

THings you should know:

Any programs that requieres the internet doesnt work. Anything related to explorer or spybots removal most of them dont work. My connection is on and alive tho.

oh and since the beggining, when I click on the ie icon, I get the error message that windows cannot access the file or doesnt have the approprate authorisation to do so.

Again, I think thatg my problem is more as if I have been stripped off my admin rights on my computer.

Once again, transfer the download, and then open it.

1. Download peek.bat from the download link below and save it to your Desktop.
   
   Download peek.bat
   

Double-click peek.bat to run it.

A black Command Prompt window will appear shortly: the program is running.

Once it is finished, copy and paste the entire contents of the Log.txt (transfer the text file back, etc) file it creates as a reply to this post.

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C63-623B

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2004-08-05 07:00 186ÿ368 scecli.dll

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2004-08-05 07:00 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2004-08-05 07:00 55ÿ808 eventlog.dll
3 fichier(s) 649ÿ216 octets

R‚pertoire de C:\WINDOWS\ERDNT\cache

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\ERDNT\cache

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\ERDNT\cache

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\system32

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\system32

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\system32

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\system32\dllcache

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\system32\dllcache

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\system32\dllcache

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

Total des fichiers list‚sÿ:
15 fichier(s) 3ÿ252ÿ224 octets
0 R‚p(s) 11ÿ234ÿ775ÿ040 octets libres

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe
cngaudit.dll
beep.sys
wscntfy.exe
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

There you go sir

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:43 on 12/11/2009 by joe (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 186368 bytes [22:30 22/08/2008] [12:00 05/08/2004] DEC0397F35D027874804EC72979D03CC
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 187392 bytes [04:45 03/11/2009] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 187392 bytes [02:33 14/04/2008] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 187392 bytes [12:00 05/08/2004] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3
C:\WINDOWS\system32\scecli.dll ------ 187392 bytes [12:00 05/08/2004] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [22:30 22/08/2008] [12:00 05/08/2004] FAF07FDCDE76000621A28D19F8E2E8EB
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [04:45 03/11/2009] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [02:33 14/04/2008] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [12:00 05/08/2004] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2
C:\WINDOWS\system32\netlogon.dll ------ 407040 bytes [12:00 05/08/2004] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [22:30 22/08/2008] [12:00 05/08/2004] 21E83876A6287F15538EF187D286FE11
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [04:45 03/11/2009] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [02:33 14/04/2008] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 56320 bytes [12:00 05/08/2004] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14
C:\WINDOWS\system32\eventlog.dll ------ 56320 bytes [12:00 05/08/2004] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14

Searching for "winlogon.exe"
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 506368 bytes [22:30 22/08/2008] [12:00 05/08/2004] D2DE785AEAB0BB8CA4C14A8A199DBE4E
C:\WINDOWS\ERDNT\cache\winlogon.exe --a--- 512000 bytes [04:45 03/11/2009] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 512000 bytes [02:34 14/04/2008] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174
C:\WINDOWS\system32\dllcache\winlogon.exe --a--c 512000 bytes [12:00 05/08/2004] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174
C:\WINDOWS\system32\winlogon.exe ------ 512000 bytes [12:00 05/08/2004] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174

Searching for "comres.dll"
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 851968 bytes [22:30 22/08/2008] [12:00 05/08/2004] 19428638D8F4440F67519BD03A623BBB
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 851968 bytes [02:33 14/04/2008] [02:33 14/04/2008] F4B7146C7EED6C4E158DCD9B5266C25A
C:\WINDOWS\system32\comres.dll --a--- 851968 bytes [12:00 05/08/2004] [02:33 14/04/2008] F4B7146C7EED6C4E158DCD9B5266C25A
C:\WINDOWS\system32\dllcache\comres.dll --a--c 851968 bytes [12:00 05/08/2004] [02:33 14/04/2008] F4B7146C7EED6C4E158DCD9B5266C25A

Searching for "crypt32.dll"
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 604672 bytes [22:30 22/08/2008] [12:00 05/08/2004] FD8631128E14583F135EB4B3F37EF626
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 606208 bytes [02:33 14/04/2008] [02:33 14/04/2008] 39976DAD9564B336B153184268DB032F
C:\WINDOWS\system32\crypt32.dll --a--- 606208 bytes [12:00 05/08/2004] [02:33 14/04/2008] 39976DAD9564B336B153184268DB032F
C:\WINDOWS\system32\dllcache\crypt32.dll --a--c 606208 bytes [12:00 05/08/2004] [02:33 14/04/2008] 39976DAD9564B336B153184268DB032F

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33792 bytes [22:30 22/08/2008] [12:00 05/08/2004] F5402CD47B7389DDC21F92119A906EEE
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33792 bytes [02:34 14/04/2008] [02:34 14/04/2008] 93AD0B78C7357A05F50E594EC7C22300
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33792 bytes [12:00 05/08/2004] [02:34 14/04/2008] 93AD0B78C7357A05F50E594EC7C22300
C:\WINDOWS\system32\rundll32.exe --a--- 33792 bytes [12:00 05/08/2004] [02:34 14/04/2008] 93AD0B78C7357A05F50E594EC7C22300

Searching for "sfc.dll"
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [22:30 22/08/2008] [12:00 05/08/2004] 94559DE281DADCB58E6A3919C7EAC0B4
C:\WINDOWS\ERDNT\cache\sfc.dll --a--- 5120 bytes [04:45 03/11/2009] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [02:33 14/04/2008] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [12:00 05/08/2004] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC
C:\WINDOWS\system32\sfc.dll ------ 5120 bytes [12:00 05/08/2004] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC

Searching for "svchost.exe"
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [22:30 22/08/2008] [12:00 05/08/2004] 1BD6C2F707A275CB7C16FD99FE0F31CA
C:\WINDOWS\ERDNT\cache\svchost.exe --a--- 14336 bytes [04:45 03/11/2009] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [02:34 14/04/2008] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D
C:\WINDOWS\system32\dllcache\svchost.exe --a--c 14336 bytes [12:00 05/08/2004] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D
C:\WINDOWS\system32\svchost.exe ------ 14336 bytes [12:00 05/08/2004] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\WINDOWS\ERDNT\cache\beep.sys --a--- 4224 bytes [04:45 03/11/2009] [12:00 05/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\dllcache\beep.sys --a--c 4224 bytes [12:00 05/08/2004] [12:00 05/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys ------ 4224 bytes [12:00 05/08/2004] [12:00 05/08/2004] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe -----c 13824 bytes [22:31 22/08/2008] [12:00 05/08/2004] 54CDDAD404557ED98433D6ECBFC92691
C:\WINDOWS\ERDNT\cache\wscntfy.exe --a--- 13824 bytes [04:45 03/11/2009] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe ------ 13824 bytes [02:34 14/04/2008] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--c 13824 bytes [12:00 05/08/2004] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA
C:\WINDOWS\system32\wscntfy.exe ------ 13824 bytes [12:00 05/08/2004] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [22:30 22/08/2008] [12:00 05/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [02:33 06/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [04:26 03/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [04:26 03/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

Sorry this has been difficult. I need to take a big picture of your system here:

(if you have an old version, please use that.)

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
  
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

THE ZIP FOLDER ABOVE CAN BE TRANSFERRED TO ANOTHER COMPUTER IF NECESSARY, THEN UPLOAD TO THE PARSER
Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

here it is Dragn Mastah Jay!

http://www.getsysteminfo.com/read.php?file=304c3b3172d75faaca3fb6469da45537