|
-
August 20th, 2004, 02:29 PM
#1
Is khpgq.exe spyware or somthing else
My firewall keeps blocking this program called khpgq.exe when I go to windows task manager to end process it just turns itself on again in a few seconds. I looked it up on goolge bot wasn’t able to find anything about it.
-
August 20th, 2004, 07:59 PM
#2
Registered User
Given the suspicious random name and the fact there is no results for it make me think it's spyware...do you happen to know where the location of the file it? Download HijackThis and post a log...also download SpyBot 1.3 and update and scan if you haven't already.
-
August 21st, 2004, 02:18 PM
#3
ok. here is my hijackthis scan.
Logfile of HijackThis v1.97.7
Scan saved at 2:10:55 PM, on 8/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\system32\rundll32.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Documents and Settings\Brian\Application Data\iptl.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\WINDOWS\system32\khpgq.exe
D:\Program Files\Hotline Communications Ltd\Hotline Client 1.8.5\Downloads\bitteet\BitTornado\btdownloadgui.e xe
D:\Program Files\Hotline Communications Ltd\Hotline Client 1.8.5\Downloads\bitteet\BitTornado\btdownloadgui.e xe
D:\Program Files\Hotline Communications Ltd\Hotline Client 1.8.5\Downloads\bitteet\BitTornado\btdownloadgui.e xe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\my games\patches\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {49AA3C2F-B53B-23C5-8752-605505D9283E} - C:\WINDOWS\system32\aqvk.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - D:\Program Files\EarthLink Toolbar\Pnel.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - D:\Program Files\EarthLink Toolbar\Pnel.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VetTray] D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\my games\Formats\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VZT] C:\WINDOWS\VZT.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\Spybot - Search & Destroy\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Brian\Application Data\iptl.exe
O4 - HKCU\..\Run: [Onjf] C:\WINDOWS\system32\khpgq.exe
O4 - Startup: Webshots.lnk = D:\Program Files\
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program
-
August 22nd, 2004, 06:08 AM
#4
Driver Terrier
iptl.exe
These need to be fixed in safe mode, then find the files to which they refer and nuke them
C:\WINDOWS\system32\khpgq.exe
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {49AA3C2F-B53B-23C5-8752-605505D9283E} - C:\WINDOWS\system32\aqvk.dll
O4 - HKLM\..\Run: [VZT] C:\WINDOWS\VZT.exe
O4 - HKCU\..\Run: [Onjf] C:\WINDOWS\system32\khpgq.exe
O4 - Startup: Webshots.lnk = D:\Program Files\
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 22nd, 2004, 08:00 PM
#5
Similar Threads
-
By NEPATEC in forum Tech-To-Tech
Replies: 19
Last Post: May 13th, 2005, 02:43 AM
-
By NooNoo in forum Spyware & Antivirus - Security
Replies: 15
Last Post: June 3rd, 2004, 02:46 AM
-
By JungleMan1 in forum Tech Lounge & Tales
Replies: 6
Last Post: July 30th, 2001, 10:36 PM
-
By MacGyver in forum Tech Tips
Replies: 35
Last Post: April 22nd, 2001, 12:05 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks