How do i get bonzi buddy and gator completely OFF

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Frezeboogz

Thread Starter
Joined
Aug 29, 2003
Messages
114
How do i get bonzi buddy and gator completely OFF my computer...and all those stupid "gmt" files...they are very annoying...and what else do i need running when i check my start up configuration?
 
Joined
Oct 9, 2001
Messages
9,396
Freze........We hosed your machine out last week.
Click the link at the bottom of my post and get some protection.

;)
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
If it's come back then

go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

flavallee

Trusted Advisor
Joined
May 12, 2002
Messages
81,359
First Name
Frank
Freezeboogz:

You need to download and install AD-AWARE 6.0.181 and SPYBOT - SEARCH & DESTROY 1.2.0. Click the link below and read the article on spyware. It will provide you with links to download these programs from, along with instructions on how to set them up and use them(which you might want to print off).


Frank's Windows 95/98 Tips (Also a XP user)
 
Joined
Aug 18, 2003
Messages
2,438
At the risk of sounding like a broken record, you need to run an anti-trackware application.

Also, if this thing is coming back, it might be useful to have whatever is found submitted for further evaluation and possible inclusion in updated reference files. Once we see what is found, we can help you with that issue.

Download the free Ad-Aware 6 Personal Build 181 and have it do a thorough cleaning of your unwanted files: http://www.lavasoft.de/support/download/

Launch the program ... on the start-up screen, you will need to first run the Webupdate Feature (globe at the top), or click "check for updates" to get the Reference File up to date.

Please use the Custom Scan with Memory and Both registry scans ON. Also.... make sure that you activate IN-DEPTH scanning before you proceed.

Then see that you have these options checked:
Under Ad-Aware 6 Settings, Tweaks, Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-Aware 6 Settings, Tweaks, Cleaning Engine:
"Let Windows remove files in use after reboot."

Next ...

Run Ad-Aware 6.
Mark the objects you wish to eliminate for removal. There are many options available with a right-click.
Make a Quarantine only if you do not have the Auto-Quarantine option ON.
Then choose "Next" to remove the chosen objects.
Finally ... Reboot

Please read http://forums.techguy.org/t164245/s.html for further instructions, settings , etc.

Once you are cleaned up, you might want to visit http://www.wilderssecurity.net/index.html and download the following:

SpywareBlaster v2.6.1
SpywareGuard v2.2

These will prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection.

Lastly, consider installing IE-SPYAD, a registry file that adds a long list of known crapware to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm
 

Frezeboogz

Thread Starter
Joined
Aug 29, 2003
Messages
114
well yeah we did go thru this last week.....but that was my home computer i am in school now...this is a diffrent computer...i am running Xp on this computer and i dont know much about Xp i am too use to 98
 

flavallee

Trusted Advisor
Joined
May 12, 2002
Messages
81,359
First Name
Frank
I still have my 6-year old 98SE desktop. I got a XP laptop almost 2 years ago. It helps to keep me proficient with both operating systems. 98SE wasn't much of a learning curve over 95 OSR2, but XP was a big learning curve over 98SE.

Frank's Windows 95/98 Tips
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
freeze use the same tools as you did for your home 98 computer

go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

then download adaware & spybot ready to use after we have given the log a quick check to make sure nothing more sinister is lurking
 

Frezeboogz

Thread Starter
Joined
Aug 29, 2003
Messages
114
Logfile of HijackThis v1.97.3
Scan saved at 1:48:24 PM, on 10/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Francisco\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
the only baddie I can see is gator, so I assume you ran adaware & spybot first

run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
then
Download and run LSPFix to correct the O10 entry Broken internet access because of LSP provider ' spsublsp.dll' missing
www.cexx.org/lspfix.zip
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top