|
Click to See Complete Forum and Search --> : Is khpgq.exe spyware or somthing else Twinson August 20th, 2004, 03:29 PM My firewall keeps blocking this program called khpgq.exe when I go to windows task manager to end process it just turns itself on again in a few seconds. I looked it up on goolge bot wasn’t able to find anything about it. InTheWayBoy August 20th, 2004, 08:59 PM Given the suspicious random name and the fact there is no results for it make me think it's spyware...do you happen to know where the location of the file it? Download HijackThis and post a log...also download SpyBot 1.3 and update and scan if you haven't already. Twinson August 21st, 2004, 03:18 PM ok. here is my hijackthis scan. Logfile of HijackThis v1.97.7 Scan saved at 2:10:55 PM, on 8/21/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\WINDOWS\system32\rundll32.exe c:\progra~1\Support.com\client\bin\tgcmd.exe D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Documents and Settings\Brian\Application Data\iptl.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe C:\WINDOWS\system32\khpgq.exe D:\Program Files\Hotline Communications Ltd\Hotline Client 1.8.5\Downloads\bitteet\BitTornado\btdownloadgui.e xe D:\Program Files\Hotline Communications Ltd\Hotline Client 1.8.5\Downloads\bitteet\BitTornado\btdownloadgui.e xe D:\Program Files\Hotline Communications Ltd\Hotline Client 1.8.5\Downloads\bitteet\BitTornado\btdownloadgui.e xe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe D:\my games\patches\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {49AA3C2F-B53B-23C5-8752-605505D9283E} - C:\WINDOWS\system32\aqvk.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - D:\Program Files\EarthLink Toolbar\Pnel.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - D:\Program Files\EarthLink Toolbar\Pnel.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" O4 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VetTray] D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [CloneCDTray] "D:\my games\Formats\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [VZT] C:\WINDOWS\VZT.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\Spybot - Search & Destroy\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Brian\Application Data\iptl.exe O4 - HKCU\..\Run: [Onjf] C:\WINDOWS\system32\khpgq.exe O4 - Startup: Webshots.lnk = D:\Program Files\ O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Get It With Kontiki - res://C:\Program NooNoo August 22nd, 2004, 07:08 AM iptl.exe (http://www.pcpitstop.com/spycheck/SWDetail.asp?fn=iptl.exe) These need to be fixed in safe mode, then find the files to which they refer and nuke them C:\WINDOWS\system32\khpgq.exe R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll O2 - BHO: (no name) - {49AA3C2F-B53B-23C5-8752-605505D9283E} - C:\WINDOWS\system32\aqvk.dll O4 - HKLM\..\Run: [VZT] C:\WINDOWS\VZT.exe O4 - HKCU\..\Run: [Onjf] C:\WINDOWS\system32\khpgq.exe O4 - Startup: Webshots.lnk = D:\Program Files\ O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Twinson August 22nd, 2004, 09:00 PM ok thank you windrivers.com
Copyright WebMediaBrands Inc., All Rights Reserved. |
|