Bonzi Buddy and Hi wire

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

thyatt169

Thread Starter
Joined
Sep 4, 2004
Messages
9
Hi, I'm new here and having a lot of problems. I have a hp pavillion 7855 running ME. Strange things started happening with my computer. Ran Nortons virus check and they showed nothing ran adware and showed 2 different things. Hi-wire and Bonzi Buddy. Have no Idea how these got on my computer but there their. What do I do to get ride of them? Ran spyware and it shows that I have adware on my regestry. how do I get ride of this and the other problems that I'm having. Also is there something better than nortons for virus, trogens, worms or anything else. What Items should I be running to prevent things like this from happening again. Any help would be greatly appreciated. Thanks in advance, Tom :( :confused:
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi Tom You have the basic right idea- you generally use SpyBot Search and Destroy and AdAware to get rid of ad-based junk that has either been installed by clicking on ads, bundled with some other free gift programs...Like Bonzi Buddy. Bonzi Buddy has a small trick> you must click on the tray icon and say "goodbye" to that purple ape before running the uninstall or it stays, partly, in the computer. HiWire networks may still show in Add/Remove Programs, but I am not sure it will work, since you have used spyware removers already...there is help for that, though. If you have not let SpyBot or AdAware actually remove anything, try to uninstall Bonzi and Hiwire networks from Add/Remove...remember to say goodby to Bonzi by right click (I am fairly sure it was that) on his tray icon lower right...before you uninstall Bonzi Buddy and the other related items to it.
There are some other uninstallers you should look for in Add/Remove----NewdotNet, WebHancer--- do those if they appear.

NEXT:

First> get Hijackthis.exe below

You MUST make a new folder to hold it, I usually just make one like this: C:\HJT. The desktop will be OK only IF you right click an empty spot and create a New Folder>name this folder HJT and have the download saved there.

http://tools.radiosplace.com/HijackThis.exe---> use this version, it is a direct download, the file download box will pop up so be ready with that HJT folder....

I would like to see an HJT log before you do anything else!
Stop here and post that.

Directions for posting the log can be found here:

http://mjc1.com/mirror/hjt/

Please do NOT use Hijackthis yourself to fix anything...someone here will advise what should be removed...

_________________________

AdAware or SpyBot may completely remove it I am not sure, but we can try.
Do you have the latest version of AAW (SE Personal edition) and SpyBot (v.1.3) >>> and, have you updated each program?
AdAware> if you do have the older v.6.0 you can just download the newer one here:

http://www.lavasoftusa.com/

[You must run the web updates before you scan the system...check this below for some settings also: the AdAware info is for the NEWER edition> advise you get that, since the older 6.0 will be retired and no longer updated soon.]

LDTate said:
Spybot:
Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Before restart, Empty Recycle Bin.

Restart your computer..
Then please post a new Hijackthis log.
 

thyatt169

Thread Starter
Joined
Sep 4, 2004
Messages
9
Hi Byteman,
Sorry It took so to get back to you. I did the hjt thing and this is what it said--

Logfile of HijackThis v1.98.2
Scan saved at 10:13:24 PM, on 9/4/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Tour] C:\WINDOWS\wincool.exe /30m
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab



So now what do I do. Sorry but I'm a newby at this and completely lost at this time. Thanks for your help, Thyatt169 :eek:
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi Tom

Apparently the Bonzi Buddy amd Hiwire has already been removed!

You have some things to fix:

Uninstall SpywareBegone--- it is not your friend.
Rather, it is listed as a knock-off or rogue spyware removal tool, it does aggresive advertising and has false positives as incentive for purchasing. Sorry if you spent money on it. Normally, all the ad-spy-malware related problems can be fixed for free using a few free programs. SpyBot and AdAware are only two of those. However> you have to know the difference between good and bad free programs, as there are a great number of not so good ones being pushed on the Internet. It's hard to tell the difference, so don't hurt yourself banging your head on the keyboard...
Here is one place to look up what you may see advertised:


http://www.spywarewarrior.com/rogue_anti-spyware.htm

Next: You do not want this as your start or home page:

search.hpwis.com= Lycos sidesearch.

Run Hijackthis.exe again, you must have ALL browser windows closed, not just minimized, nothing open but HJT Now put checks next to the items, click "Fix checked"
You probably will not see all the items if you uninstall SpywareBegone, no problem.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/

O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
________________________

If you see a video each time the computer starts up...
this is a feature of ME that you can turn off, usually, after you watch it once...there may be a very small checkbox on your lower left of screen to uncheck this, unless you would like to watch it some more. If this Tour is not running, fix the item with HJThis.

O4 - HKLM\..\Run: [Tour] C:\WINDOWS\wincool.exe /30m

Reboot your computer.

I would like you to use AdAware and Spybot Search and Destroy. Both are free and two of the best friends you will ever have. I gave you the directions for using them, here are the download sites:

AdAware SE personal edition> if you have this, fine, but you have to use the update feature "Search for Updates" while you are connected to the Internet, follow the directions I posted.
SpyBot is the same> even though you are just now installing it, there will be some updates and you must get them, same "Search for Updates" feature is built into SS&D, just do them before you run the program to remove anything.
When you run either: it is safe to let them remove what they find, as the directions tell you.
Hope this helps- just take your time with it, ask any questions you need to.

You do not show any trojan worms or other serious malware running> so you should relax. The bits and pieces of ad-related junk will be removed by AAW or SpyBot and manual removal with HJThis.
If you have the older 6.0 version of AdAware> better to download the newer SE personal edition, as the 6.0 one will be retired soon.

Here for AdAware SE:
http://www.majorgeeks.com/download506.html
SpyBot:

http://www.majorgeeks.com/download2471.html
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
When you start the computer and are just at the desktop, offline> no browser pages open means you do not connect to your ISP, or have any email pages open, no Internet Explorer going, no dialup connection connected.
You are just going to start Hijackthis and fix the items as the directions say.
If you have an Internet page open, (browser page means the same), you close it by using the X at top right, just the same as closing a window...
 

thyatt169

Thread Starter
Joined
Sep 4, 2004
Messages
9
Ok since all of this I'm now missing my cdrom drives and having problems installing drivers for lexmark 6150 all in one printer, I get the following warning message when it tries to install "there is no valid INF file for this operating system. Unable to continue operaation". . what do I do now. Thanks in advance, Tom :eek:
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top