1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pgate in progams

Discussion in 'Virus & Other Malware Removal' started by herbajones, Apr 26, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. herbajones

    herbajones Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    10
    I cannot remove Pgate from my add/remove programs screen without it coming back 10 minutes later. Please tell me how to remove this permantly
     
  2. herbajones

    herbajones Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    10
    Please tell me how to remove Pgate from my add/remove programs.Once I feel I've removed it, 10 minutes later, i'ts back. Windows XP.
     
  3. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, you'll need to post a hijack this log for us to see what's going on in your system, please download these tools below, update them, run them and then post a hijack this log, save hijack this to it's own folder anywhere in C:\

    go to this site and download these tools and once you get both
    adaware and spybot, update both of them.Set adaware to deep scan and
    Delete everything adaware finds and delete what spybot finds marked in red.

    adaware6.181
    spybot search and destroy
    CWShreddder
    hijack this.

    run the first three, but with cwshredder, close all programs
    and browsers and click the fix button.

    then do a hijack this log, click save the log and post it on
    here so we can have a look at it for ya.

    All programmes can be downloaded here at this link!

    http://www.majorgeeks.com/downloads31.html

    cwshredder can be got here

    http://www.merijn.org/downloads.html

    khaz
     
  4. herbajones

    herbajones Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    10
    After reboot, at startup I'm getting error messages (2 of same) that says
    C:\windows\image.dll. The specified module could not be found. I can click them off', but will show up again the next time I reboot. How can I get rid of these permantly?? Help and thanks. The name on the error box is RUNDLL.
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Download and unzip HijackThis to a permanent folder. Then run it and select "Scan". Save the scanlog and copy/paste the results to a reply here. I will move this thread to the Security forum for follow-ups.

    http://www.spywareinfo.com/~merijn/downloads.html
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  7. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Please don't post three times, let me merge all your threads into one.
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Yes, no doubt; I missed the name identity. Don't know why, I've merged threads on this new format before, but this one is resisting me; when I include t224102.html after the = sign I get an invalid url :rolleyes:
     
  11. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Just use the number after the =

    224102.......much easier. I merged for you.
     
  12. herbajones

    herbajones Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    10
    Thanks guys, CWshredder took care ok my problems. Both of them.
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You should really post a HijackThis Scanlog anyway. Typically these problems run in packs and you may not be aware of all of them.
     
  14. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    herbajones, I'd still post a scanlog for a check over.


    LOL Rog, twice today :D
     
  15. herbajones

    herbajones Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    10
    Logfile of HijackThis v1.97.7
    Scan saved at 8:17:06 PM, on 4/26/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\documents and settings\herb\local settings\temp\kVgANugjG.exe
    C:\DOCUME~1\Herb\LOCALS~1\Temp\bundle.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Herb\Local Settings\Temp\Temporary Directory 5 for hijackthis[1].zip\HijackThis.exe
    C:\Documents and Settings\Herb\Local Settings\Temp\Temporary Directory 7 for hijackthis[1].zip\HijackThis.exe
    C:\Documents and Settings\Herb\Local Settings\Temp\Temporary Directory 8 for hijackthis[1].zip\HijackThis.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Herb\Local Settings\Temp\Temporary Directory 9 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [kVgANugjG] C:\documents and settings\herb\local settings\temp\kVgANugjG.exe
    O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Herb\LOCALS~1\Temp\bundle.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\RunServices: [Windows Explorer] LSAS.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud15.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01049abd63cf0e25ca05/netzip/RdxIE601.cab
    O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38017.6643981481
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/ac4sbc.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F42FD20E-61E1-483A-9181-D78D03B5F5B7}: NameServer = 151.164.1.8 151.164.11.201

    {edited to remove multiple instances of the Scanlog}
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224081

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice