everytime i try to run any program (exe) file it causes either a "Program has detected a problem and will close...Send/Donґt Send" or "error at adress ########..."
when i ran Kaspersky Virus Removal Tool it detected only one virus(Trojan): Trojan-PSW.Win32.Kates.j in the File: c:\docume~1\admini~1\config~1\lwq.dat.
I have attached the AVZ_CollectSysInfo result file: syscheck.txt.
Thanks.
-------------------------------------------
<AVZ_CollectSysInfo>
--------------------
Start time: 23/10/2009 08:50:38 am
Duration: 00:08:00
Finish time: 23/10/2009 08:58:38 am
<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
23/10/2009 08:50:50 am Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
23/10/2009 08:50:50 am System Restore: enabled
23/10/2009 08:50:50 am System booted in Safe Mode with Networking
23/10/2009 08:51:02 am 1.1 Searching for user-mode API hooks
23/10/2009 08:51:02 am Analysis: kernel32.dll, export table found in section .text
23/10/2009 08:51:02 am Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
23/10/2009 08:51:02 am Hook kernel32.dll:CreateProcessA (99) blocked
23/10/2009 08:51:02 am Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
23/10/2009 08:51:02 am Hook kernel32.dll:CreateProcessW (103) blocked
23/10/2009 08:51:02 am Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AA66->61F041FC
23/10/2009 08:51:02 am Hook kernel32.dll:FreeLibrary (241) blocked
23/10/2009 08:51:02 am Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B357->61F040FB
23/10/2009 08:51:02 am Hook kernel32.dll:GetModuleFileNameA (372) blocked
23/10/2009 08:51:02 am Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B25D->61F041A0
23/10/2009 08:51:02 am Hook kernel32.dll:GetModuleFileNameW (373) blocked
23/10/2009 08:51:02 am Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC28->61F04648
23/10/2009 08:51:02 am Hook kernel32.dll:GetProcAddress (408) blocked
23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryA (578) blocked
23/10/2009 08:51:02 am >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryExA (579) blocked
23/10/2009 08:51:02 am >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryExW (580) blocked
23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ACD3->61F03D0C
23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryW (581) blocked
23/10/2009 08:51:03 am IAT modification detected: LoadLibraryW - 00E30010<>7C80ACD3
23/10/2009 08:51:03 am Analysis: ntdll.dll, export table found in section .text
23/10/2009 08:51:03 am Analysis: user32.dll, export table found in section .text
23/10/2009 08:51:03 am Analysis: advapi32.dll, export table found in section .text
23/10/2009 08:51:04 am Analysis: ws2_32.dll, export table found in section .text
23/10/2009 08:51:04 am Analysis: wininet.dll, export table found in section .text
23/10/2009 08:51:05 am Analysis: rasapi32.dll, export table found in section .text
23/10/2009 08:51:05 am Analysis: urlmon.dll, export table found in section .text
23/10/2009 08:51:06 am Analysis: netapi32.dll, export table found in section .text
23/10/2009 08:51:08 am 1.2 Searching for kernel-mode API hooks
23/10/2009 08:51:09 am Driver loaded successfully
23/10/2009 08:51:09 am Driver communication failure [00000002] - [1]
23/10/2009 08:51:11 am 1.4 Searching for masking processes and drivers
23/10/2009 08:51:11 am Checking not performed: extended monitoring driver (AVZPM) is not installed
23/10/2009 08:51:11 am Driver loaded successfully
23/10/2009 08:51:11 am Driver communication failure [00000002] - [1]
23/10/2009 08:53:05 am >>> C:\ARCHIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
23/10/2009 08:53:05 am >>> C:\ARCHIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
23/10/2009 08:53:09 am Latent loading of libraries through AppInit_DLLs suspected: "winmm.dll"
23/10/2009 08:53:14 am >>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)
23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: TermService (Servicios de Terminal Server)
23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: SSDPSRV (Servicio de descubrimientos SSDP)
23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: Schedule (Programador de tareas)
23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: mnmsrvc (Escritorio remoto compartido de NetMeeting)
23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: RDSessMgr (Administrador de sesiуn de Ayuda de escritorio remoto)
23/10/2009 08:53:16 am > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
23/10/2009 08:53:16 am >> Security: disk drives' autorun is enabled
23/10/2009 08:53:16 am >> Security: administrative shares (C$, D$ ...) are enabled
23/10/2009 08:53:17 am >> Security: anonymous user access is enabled
23/10/2009 08:53:18 am >> Security: sending Remote Assistant queries is enabled
23/10/2009 08:53:48 am >> Disable HDD autorun
23/10/2009 08:53:49 am >> Disable autorun from network drives
23/10/2009 08:53:49 am >> Disable CD/DVD autorun
23/10/2009 08:53:50 am >> Disable removable media autorun
23/10/2009 08:53:50 am >> Windows Update is disabled
23/10/2009 08:53:51 am System Analysis in progress
23/10/2009 08:58:38 am System Analysis - complete
23/10/2009 08:58:38 am Delete file:C:\Archivos de programa\Virus Removal Tool\is-CNLUT\LOG\avptool_syscheck.htm
23/10/2009 08:58:38 am Delete file:C:\Archivos de programa\Virus Removal Tool\is-CNLUT\LOG\avptool_syscheck.xml
23/10/2009 08:58:38 am Deleting service/driver: utmxntu1
23/10/2009 08:58:38 am Delete file:C:\WINDOWS\system32\Drivers\utmxntu1.sys
23/10/2009 08:58:38 am Deleting service/driver: ujmxntu1
23/10/2009 08:58:38 am Script executed without errors
--------------------------------------------