# Pgate Basic Spyware Removal



## jjlin (May 22, 2004)

Hi,

I just recently had the same unfortunate situation with the scumware known as bargain buddy and after removing it, more scumware came on my computer. One of them was pgate basic. I think I removed it but wasn't too sure if I have completely removed all the problems. Rather than start another topic, I am posting here in hopes of getting some help. Sorry if I am intruding in your topic newcal. Here is my Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 11:02:02 AM, on 5/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\documents and settings\win98\local settings\temp\ctUO3iRkJ.exe
C:\Program Files\ICQ\NDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DLHelperEXE.exe
O8 - Extra context menu item: Download with GetRight - C:\STEVE\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\STEVE\GETRIGHT\GRbrowse.htm
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: Instant Messenger (HKLM)
O11 - Options group: [!CNS] Chinese keywords
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\moo.mht!http://www.rarsoft.co.uk//M.CHM::/ISASS.EXE
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/6c1f950cb34796/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.affiliatetarget.com/webtwo/download.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38122.422974537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

If there's anything that needs to be removed, please let me know.

Thanks.


----------



## Cookiegal (Aug 27, 2003)

Hi jjlin and welcome to TSG,

This thread is a month old and you should always start a new thread of your own rather than tacking onto another one as it gets confusing for those who are trying to help you. I will ask that it be split into a thread of its own so you don't have to do anything, it will be done for you.

Please download and run the following programs:

*AD-AWARE*

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right-hand corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on -------ON=GREEN

From main window: Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right click the window and choose select all from the drop down menu and click Next)

Restart your computer

Download and run: *SPYBOT SEARCH & DESTROY*, here:

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems'', Put a check in every entry Spybot Search & Destroy flags with a red exclamation mark and click ''Fix Selected Problems'' , Then restart your computer.

Download both of these for added protection: *SPYWAREBLASTER & SPYWAREGUARD*, here:

http://www.javacoolsoftware.com/spywareblaster.html

When you're done, please post another Hijack This log.


----------

