1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How do i get bonzi buddy and gator completely OFF

Discussion in 'Web & Email' started by Frezeboogz, Oct 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Frezeboogz

    Frezeboogz Thread Starter

    Joined:
    Aug 29, 2003
    Messages:
    114
    How do i get bonzi buddy and gator completely OFF my computer...and all those stupid "gmt" files...they are very annoying...and what else do i need running when i check my start up configuration?
     
  2. Bruce319

    Bruce319

    Joined:
    May 14, 2003
    Messages:
    379
    Have you tried using Spybot Search & Destroy?
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Freze........We hosed your machine out last week.
    Click the link at the bottom of my post and get some protection.

    ;)
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,149
    First Name:
    Derek
    If it's come back then

    go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,378
    First Name:
    Frank
    Freezeboogz:

    You need to download and install AD-AWARE 6.0.181 and SPYBOT - SEARCH & DESTROY 1.2.0. Click the link below and read the article on spyware. It will provide you with links to download these programs from, along with instructions on how to set them up and use them(which you might want to print off).


    Frank's Windows 95/98 Tips (Also a XP user)
     
  6. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    At the risk of sounding like a broken record, you need to run an anti-trackware application.

    Also, if this thing is coming back, it might be useful to have whatever is found submitted for further evaluation and possible inclusion in updated reference files. Once we see what is found, we can help you with that issue.

    Download the free Ad-Aware 6 Personal Build 181 and have it do a thorough cleaning of your unwanted files: http://www.lavasoft.de/support/download/

    Launch the program ... on the start-up screen, you will need to first run the Webupdate Feature (globe at the top), or click "check for updates" to get the Reference File up to date.

    Please use the Custom Scan with Memory and Both registry scans ON. Also.... make sure that you activate IN-DEPTH scanning before you proceed.

    Then see that you have these options checked:
    Under Ad-Aware 6 Settings, Tweaks, Scanning Engine:
    "Unload recognized processes during scanning."
    Under Ad-Aware 6 Settings, Tweaks, Cleaning Engine:
    "Let Windows remove files in use after reboot."

    Next ...

    Run Ad-Aware 6.
    Mark the objects you wish to eliminate for removal. There are many options available with a right-click.
    Make a Quarantine only if you do not have the Auto-Quarantine option ON.
    Then choose "Next" to remove the chosen objects.
    Finally ... Reboot

    Please read http://forums.techguy.org/t164245/s.html for further instructions, settings , etc.

    Once you are cleaned up, you might want to visit http://www.wilderssecurity.net/index.html and download the following:

    SpywareBlaster v2.6.1
    SpywareGuard v2.2

    These will prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection.

    Lastly, consider installing IE-SPYAD, a registry file that adds a long list of known crapware to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Looks like another T.S.G season ticket holder:D
     
  8. Frezeboogz

    Frezeboogz Thread Starter

    Joined:
    Aug 29, 2003
    Messages:
    114
    well yeah we did go thru this last week.....but that was my home computer i am in school now...this is a diffrent computer...i am running Xp on this computer and i dont know much about Xp i am too use to 98
     
  9. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,378
    First Name:
    Frank
    I still have my 6-year old 98SE desktop. I got a XP laptop almost 2 years ago. It helps to keep me proficient with both operating systems. 98SE wasn't much of a learning curve over 95 OSR2, but XP was a big learning curve over 98SE.

    Frank's Windows 95/98 Tips
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,149
    First Name:
    Derek
    freeze use the same tools as you did for your home 98 computer

    go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    then download adaware & spybot ready to use after we have given the log a quick check to make sure nothing more sinister is lurking
     
  11. Frezeboogz

    Frezeboogz Thread Starter

    Joined:
    Aug 29, 2003
    Messages:
    114
    Logfile of HijackThis v1.97.3
    Scan saved at 1:48:24 PM, on 10/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Francisco\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,149
    First Name:
    Derek
    the only baddie I can see is gator, so I assume you ran adaware & spybot first

    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    then
    Download and run LSPFix to correct the O10 entry Broken internet access because of LSP provider ' spsublsp.dll' missing
    www.cexx.org/lspfix.zip
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/170650

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice