Discussion in 'adware, spyware & hijack cleaning' started by seedlebug, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. seedlebug

    seedlebug Registered Member

    Jul 2, 2004
    I really need some help. I have AVG 6.0 and a window keeps popping up saying that I have SecThought.E. I have deleted my temporary internet files, and ran the virus scan again and it dosen't find anything. I have set my adaware and spybot search and destroy to the standards that this site recommended. I have read all of the post regarding this issue, and followed through on them. But nevertheless I still get the pop up. I downloaded the Highjacker program and I have my log from that:

    Logfile of HijackThis v1.98.0
    Scan saved at 11:48:02 AM, on 7/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\\bin\tgcmd.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Ahead\NeroVision\NeroVision.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Program Files\HijackThis.exe

    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Winsock2 driver] hvmnmdp.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -

    If someone could help me I would really be thankful. Thank you soo much.

    Just a little more information... I have windows XP, and I have already disabled my restore files. Also went into safe mode and ran TDS trojan seeker, and it only found one thing that was related to spybot, and also I ran my virus scan while I was in there. It also came up with nothing.
    Last edited: Jul 2, 2004
  2. snapdragin

    snapdragin Administrator

    Feb 16, 2002
    Southern Ont., Canada
    Hi Seedlebug,

    Before you start, create a permanent folder for Hijackthis and move HijackThis.exe into the permanent folder.

    Place a check beside the following items in HijackThis.
    Close all windows except HijackThis, and click *Fix checked:

    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    (This is Broadband troubleshooting software and not needed at start up. You may want to consider removing it through the through the Add/Remove Programs.
    For more information see: )

    O4 - HKLM\..\Run: [Winsock2 driver] hvmnmdp.exe

    (this one is not bad, but it is a resource hog and recommended to be fixed)
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    Make sure you have all files and folders viewable:
    How to Show Hidden Files and Folders

    Reboot your computer into Safe Mode by tapping the F8 key just before windows begins to load.

    Locate the hvmnmdp.exe file in the C:\Windows\System32 folder, zip up a copy of it (password protect it and use the word infected as the password) and email the zipped copy of the file to (replace the AT with an @) for analysis. In the body of the email message, state that the password is "infected" and include a link to this thread, so Pieter will be able to find it easily. Can you also submit a zipped copy to

    Also, upload the file to Kaspersky for a scan, and post back here what the scan results are.

    Then delete the hvmnmdp.exe file.

    Use the Disk cleanup Utility to clean out your Temp folders. Disk Cleanup Utility

    Reboot your computer normally, and do a FULL system scan at one of these on-line scan sites: Free Services

    Once your computer is clean, remember to reset a new Restore Point.

    Post a new log here to be checked.



    Symantec Reference for more information: sdbot.t
    Last edited: Jul 2, 2004
Thread Status:
Not open for further replies.