Tech Support Forum banner
Not open for further replies.
1 - 2 of 2 Posts

1 Posts
Discussion Starter · #1 ·
Well, i'm having a problem: my msn messenger is sending out links, that i havent sent. It spreads this infection that i have. I hadn't my nod32 antivirus updated, so i got the virus from somewhere without even knowing. Now i want to get rid of it, but as a girl, i don't have any idea, how to do it.
as a result of my searches, i claim to think that i have this virus in C:/windows/system32/kdthost.exe
as a system file, i claim to think that it isn't very smart thing to just delete it. I have a access to windows install CD also, if nessecary.
I did all that was asked and attached the zip file, and my DDS is following.
Im waiting for your ideas, because i don't want to do format for my computer.

Waiting foward to your prompt reply, Annika. You can e-mail me answer back. Great thanks!

DDS (Ver_09-12-01.01) - NTFSx86
Run by kasutaja at 14:14:26,64 on R 11.12.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.195 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kasutaja\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-8562166905-9043363042-647074193-3871\rundll32.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live'i sisselogimisabiline: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Task Bar] kdthost.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRunServices: [Task Bar] kdthost.exe
StartupFolder: c:\docume~1\kasutaja\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
TCP: {DDF21718-5FAB-45E9-A16B-8E97C6C63C9B} =,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kasutaja\applic~1\mozilla\firefox\profiles\2py4tomj.default\
FF - prefs.js: - hxxp://
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://
FF - component: c:\documents and settings\kasutaja\application data\mozilla\firefox\profiles\2py4tomj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\kasutaja\application data\mozilla\firefox\profiles\2py4tomj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\\framework\v3.5\windows presentation foundation\dotnetassistantextension\

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-4-8 820133]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-9-22 0]
S3 SS1018mdm;Sony Ericsson Mobile Device Full USB Driver;c:\windows\system32\drivers\SS1018mdm.sys [2009-10-15 58536]

=============== Created Last 30 ================

2009-12-11 11:44:37 0 d-----w- c:\docume~1\kasutaja\applic~1\Uniblue
2009-12-10 19:55:02 0 d-----w- c:\docume~1\kasutaja\applic~1\QuickScan
2009-11-28 12:04:06 0 d-----w- c:\program files\Windows Journal Viewer
2009-11-14 09:59:02 0 d-----w- c:\docume~1\kasutaja\applic~1\AVS4YOU
2009-11-14 09:59:00 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-11-14 09:56:45 0 d-----w- c:\program files\common files\AVSMedia
2009-11-14 09:56:34 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-14 09:56:34 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-11-14 09:56:34 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-14 09:56:34 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-11-14 09:56:33 0 d-----w- c:\program files\AVS4YOU
2009-11-13 18:16:10 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-11-13 18:16:10 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS

==================== Find3M ====================

============= FINISH: 14:15:01,68 ===============


Premium Member
29,790 Posts
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

1 - 2 of 2 Posts
Not open for further replies.