Jump to content


Photo

EFPI.exe


  • Please log in to reply
6 replies to this topic

#1 Anthony

Anthony

    Member

  • New Member
  • Pip
  • 4 posts

Posted 23 May 2004 - 09:18 PM

Hijack This won't get rid if it.

Logfile of HijackThis v1.97.7
Scan saved at 9:27:18 AM, on 24/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\EFPI.EXE
C:\Documents and Settings\epic\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O4 - Global Startup: EFPI.EXE

#2 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 23 May 2004 - 09:36 PM

Anthony is this your whole HijackThis log? Have you fixed anything using HijackThis?

If so please restore all items that you have fixed so that we can properly clean your computer.

Then post a new log

#3 Anthony

Anthony

    Member

  • New Member
  • Pip
  • 4 posts

Posted 23 May 2004 - 10:00 PM

Actually, yes. That is my whole log. I run 8 pc's for piblic access - kind of a mini internet cafe - in my one hour photo shop, so I keep them pretty empty.

#4 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 23 May 2004 - 10:08 PM

To get rid of that file press control alt delete, then click the processes tab then find efpi.exe click it once then click end process.


Next run hijack this again and place a check beside

O4 - Global Startup: EFPI.EXE

Can you also email me a copy of that file I would like to analize it.

email

edit Also rename that file on your computer to efpi.old

Reboot and post a fresh log

Edited by Atribune, 23 May 2004 - 10:11 PM.


#5 Anthony

Anthony

    Member

  • New Member
  • Pip
  • 4 posts

Posted 23 May 2004 - 10:14 PM

Sure

Thanks for your interest Atribune

#6 Anthony

Anthony

    Member

  • New Member
  • Pip
  • 4 posts

Posted 23 May 2004 - 10:49 PM

Atribune

Hotmail won't let me attach it. Says its a virus. Still want to look at it? I can send it via my pay email account.

I ended the program in Task Manager. Ran Hijack This. It goes but comes back whenever I start IE.

I changed the name to efpi.old.

Here are the logs (before & after starting IE)

Logfile of HijackThis v1.97.7(BEFORE IE)
Scan saved at 11:35:47 AM, on 24/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\epic\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

Logfile of HijackThis v1.97.7 (AFTER IE)
Scan saved at 11:37:27 AM, on 24/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\EFPI.EXE
C:\Documents and Settings\epic\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O4 - Global Startup: EFPI.EXE

#7 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 24 May 2004 - 01:08 AM

Try zipping the file with winzip or another compression program and sending it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button