• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
dfedewa

cant get rid of ECPE.exe

9 posts in this topic

Hello - very greatful if anyone can help

 

Have run adaware and spybot - still having a problem with porn lists that launch themselves. I suspect a file called ECPE.exe- when I end it with the task manager it somehow starts back up. I deleted it using hijack this and it comes back

 

Here is the log file:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:30:33 AM, on 7/19/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\msmon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\System32\00THotkey.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\WINDOWS\System32\TFNF5.exe

C:\WINDOWS\System32\mcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\crypserv.exe

C:\program files\lotus\notes\ntmulti.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\Microsoft IntelliPoint\Point32.exe

C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\javaw.exe

C:\WINDOWS\System32\wuauclt.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\Program Files\iTunes\iTunes.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Documents and Settings\David Fedewa\Desktop\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 53.122.34.115:80

R3 - URLSearchHook: (no name) - _{FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file)

R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 16

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Xerox WorkCentre 470cx Monitor] RUNDLL32.EXE C:\WINDOWS\System32\X470SHLL.DLL,AutoUpdatePnPValue

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Msmon] c:\windows\system32\msmon.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: ECPE.EXE

O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

 

Any help is highly appreciated

Share this post


Link to post
Share on other sites

Hello. I will process this request. But I will have to run it past one of the more experienced volunteers before I post my recommendations. Please bear with me as we go through the process.

 

Thanks,

Sensei

Share this post


Link to post
Share on other sites

Hello dfedewa,

 

Sorry for the long delay. If you still have your concerns, let's do this:

 

 

:alarm: You need to get to Windows Update to get SP1 and all the latest security patches that apply to your PC.

_ _ _ _ _ _

 

Please download and run a Free Trial of Trojan Hunter

 

Next, take a free Online Virus scan at HouseCall or eTrust or both.

_ _ _ _ _ _

 

Go to Task Manager (Ctrl + Alt + Delete) and click on "Processes" then "End Process" for these files:

 

mcc.exe

msmon.exe

 

Then close task manager.

_ _ _ _ _ _ _ _

 

Open Hijackthis, click Scan, then put a check next to the following entries:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

 

R3 - URLSearchHook: (no name) - _{FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file)

R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll

 

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll

 

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

O4 - HKLM\..\Run: [Msmon] c:\windows\system32\msmon.exe

O4 - Global Startup: ECPE.EXE

 

 

Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".

 

 

Then, reboot to Safe mode

Tap F8 while restarting, and delete these files:

 

C:\WINDOWS\System32\mcc.exe

c:\windows\system32\msmon.exe

C:\WINDOWS\System32\wins32t.dll

 

And this folder:

 

C:\DOCUME~1\ALLUSE~1

 

Note: Under no circumstances remove the All Users folder:lpp

 

Make sure you can view hidden and system files: hidden files

 

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Then, reboot normally and please post a new HJT log.

There has been an update to hijackthis (V1.98.1)

Open HJT, click Config... then Misc Tools, then Check for Update online, and get v1.98.1

Or you can get it here: HijackThis.zip

Edited by LoPhatPhuud

Share this post


Link to post
Share on other sites

Autodad,

 

You told him to delete ALLUSE~1\ that would be bad. Thats for all user accounts..you want him to delete the IESERVICE folder.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0