Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Mar 2006
    Location
    upstate NY
    Posts
    5
    Points
    0

    Default Please check my HijackThis log

    Hello,

    I'm running Windows 98 SE -- don't laugh! -- on an IBM Thinkpad laptop and have just started experiencing a *noticeable* lag time when I'm on the Internet (running Firefox and occasionally IE). Specifically, when I do just about anything - try to switch from one browser window to another, click on a button or link, scroll down in a window, type info into a Web form or text box (it's happening right now as I type this), type messages in Google Chat etc. - there is a significant lag time while my cursor stops, all activity on the screen stops for about 10-12 seconds while the computer makes a "processing noise," then "releases" and finishes the action (typing, scrolling, etc.). For someone who works on the Internet about 50 hours a day, this is incredibly annoying - and worrisome if some evil entity is stealing my passwords and private info.

    I ran Housecall yesterday and it said it found something called TRAK_SE.118603 but that it couldn't delete/clean it. I then went through all the steps on the Help2Go spyware page, twice, and rebooted my computer each time, but the problem is still happening. This morning Help2Go Detective still says it detects "suspicious" entries. Can someone help by advising me how I can get rid of this little bugger? Or will I need to remove/ reinstall everything on my computer? And if I have to do that, how will I know I'm not taking the spyware with me? Also, am I passing the spyware along to anyone else in the form of email attachments or the like?

    Here is the logfile from my last pass through HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:34:34 AM, on 3/16/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
    C:\CFGSAFE\AUTOCHK.EXE
    C:\WINDOWS\SYSTEM\DAEMON.EXE
    C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
    C:\WINDOWS\SYSTEM\IBMBAY2M.EXE
    C:\PROGRAM FILES\THINKPAD\UTILITIES\TPONSCR.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\USBSTORAGE\USBDETECTOR.EXE
    C:\WINDOWS\IOMBG.EXE
    C:\PROGRAM FILES\IOMEGA\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\SYSTEM\E_S6I2E1.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE\REMOTE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
    O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
    O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
    O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
    O4 - HKLM\..\Run: [IBMUltraBayHotSwapCPLLoader] c:\windows\SYSTEM\IBMBAY2M.EXE
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [IOMBG] C:\WINDOWS\IOMBG.EXE
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\SYSTEM\E_S6I2E1.EXE /P26 "EPSON Stylus CX4200 Series" /O7 "EPUSB1:" /M "Stylus CX4200"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
    O4 - Startup: Shockwave Init.lnk = C:\WINDOWS\SYSTEM\MACROMED\Shockwave\SwInit.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O15 - Trusted Zone: http://www.shutterfly.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    I will appreciate any expert advice you folks can give, and THANK YOU!

    best wishes,
    Darlene

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    DarleneB:

    Not laughing at you still using Win98, millions of people still do.

    Would like to know a little more info on your PC. Size of Hard drive and the space available ?, size of RAM ? Have you run disk clean up and a defrag lately ?

    I think what the detective found as suspicious, are OK. However I am not finding anything about these file:

    C:\WINDOWS\SYSTEM\E_S6I2E1.EXE

    Do you have any idea what it is, if not please go here:

    http://virusscan.jotti.org/

    In the box that says: File to upload & scan, cut and paste this:

    C:\WINDOWS\SYSTEM\E_S6I2E1.EXE

    Click the "submit button"

    When it is done, please cut and paste the Statistics info, in your next post, by using the post replay button at the bottom of this page.

    As far as backing up everything and reloading 98, many people recommend that this should be done every year or so if you are using 98. It will make it run better.

    But since this sounds like a well used used PC, and I know it is an older PC, I would think seriously about replacing the HD. Hard drive will always fail, in time.

    BG

  3. #3
    Member
    Join Date
    Mar 2006
    Location
    upstate NY
    Posts
    5
    Points
    0

    Default Did the scan of E_S6I2E1.EXE at virusscan.jotti.org

    Hello, Basementgeek:

    Thank you for your fast reply.

    I haven't done a defrag lately, though I do a disk cleaup every day. I will do a defrag tonight. Re: reinstalling the OS etc, I just did a full reinstall two months ago.

    As for system resources: 6GB hard drive, only 400MB free space (I've been afraid to attach my external hard drive to copy off some big files for fear of infecting that drive, too), 192MB RAM. As I said, I've noticed a significant change in performance on the Internet, and that in just the past 24 hours; all other non-Internet programs operate as usual.

    I did as you suggested and scanned C:\WINDOWS\SYSTEM\E_S6I2E1.EXE on the jotti site, since I have no idea what that file could be, and these were the results:

    -----------------------------
    Last file scanned at least one scanner reported something about: pics.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus BackDoor.Delf.18.AK
    BitDefender BehavesLike:Win32.ExplorerHijack
    ClamAV X
    Dr.Web BackDoor.Pigeon.191
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus Backdoor.Win32.Delf.aka
    NOD32 a variant of Win32/Delf.AKA
    Norman Virus Control W32/Suspicious_N.gen
    UNA X
    VirusBuster X
    VBA32 Backdoor.Hupigon.41

    -----------------------------

    Looks like there are some bugaboos, yes? What should I do next? Thank you again for your help, I really appreciate it.

    DarleneB

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    please Download win32delfkil.exe from :-

    http://users.telenet.be/marcvn/tools/win32delfkil.exe

    1. Save it on your desktop.

    2. Double click on win32delfkil.exe and install it. (yes I know it's in a foreign language)

    3. This willcreate a new folder on your desktop called win32delfkil

    4. Close all windows, open the win32delfkil folder and double click on the fix.bat file

    5. Follow the prompts...

    6. It will ask you to shut down your system using the power button, please do so when asked. (if you shut down any other way, the fix will fail)

    7. After rebooting, post the contents of the logfile c\windelf.txt

    ---
    The amount of free space you have may well be causing the problem..

    Windows needs free space to open programs and move files around, as a very minimum, it is recommended you have at least 10% free space ... that would be 600MB on your drive...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Mar 2006
    Location
    upstate NY
    Posts
    5
    Points
    0

    Default

    Hi, Steamwiz,

    Thanks for your suggestion, but it didn't work. I followed your directions but when I double-click the fix.bat file, I get a message in a black window that says "Bad command or file name," and Notepad pops up with the message "Unsupported version."

    Any other ideas?

    I will clear off and delete a bunch of stuff off the computer to free up some space, as you suggested, but shouldn't I be concerned about those weird things the earlier scan turned up?

    Thanks!
    DarleneB

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Looks like win32delfkil is not compatible with win98...

    Delete the win32delfkil.exe file and folder it created ... you need the space...

    I'm not convinced that the file you uploaded to jotti is bad ... I believe it could be a case of multiple false positives

    I want you to send me the file so that I can have it pulled apart...

    I have a feeling if we delete that file, your printer will stop working...

    Please find the following file (zip it - this is important) and send it to me here for closer inspection...

    steamwizAThelp2go.com ... replace AT with @

    C:\WINDOWS\SYSTEM\E_S6I2E1.EXE

    Thanks

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Mar 2006
    Location
    upstate NY
    Posts
    5
    Points
    0

    Default

    Hi, Steam,

    OK, I'm sending you a copy of the file right after I post this message.

    Just for the record, I deleted a whole buncha stuff from the computer last night, did a disk cleanup and a defrag, and I've got more than 600MB of free space now -- BUT the time-lag problem is still happening when I scroll a browser page, click links or buttons, or type into text boxes on the Internet. As far as I can tell, I'm not running into any problems in my non-Internet apps, though (Word, Photoshop, etc.).

    I'm glad to hear you don't think I've got spyware, though -- I'll wait to hear back from you as to the results of pulling apart my C:\WINDOWS\SYSTEM\E_S6I2E1.EXE file.

    Thanks again!
    DarleneB

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI Darlene

    Your file is CLEAN...

    Your log is clean...

    You have plenty of RAM for win98...

    I'm pretty sure your problem has nothing to do with malware...

    Do you need eveything you have on the laptop ?

    Can you maybe transfer a gig of it to CD's ?

    How much system resources does it have ?

    If this only seems to happen with IE, have you done a repair of IE ?

    If you need to know how to do a repair, let me know.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Mar 2006
    Location
    upstate NY
    Posts
    5
    Points
    0

    Default

    Hi again, Steam,

    As I said in my first post, I use Firefox mostly, IE only occasionally, when I absolutely have to ... and I'm a bit embarrassed to tell you this ... but after your last message I decided to poke around a bit in Firefox. Finally I cleared the cache by going to Tools | Clear Private Data, and voila! The browser is back to working just fine! So I suspect that was the problem all along -- just too much gunk stuck in there. (Hope that's not getting too technical!)

    Thank you for all your advice and for reassuring me about the "problem" file; glad to hear it's clean. I'll be back to donate a little cash -- you guys are very helpful, and I do appreciate your efforts.

    Take care,
    DarleneB

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI Darlene

    you're very welcome

    I've just read your first post again...

    Please do another Housecall scan and see if it is still finding this :-

    TRAK_SE.118603

    Then make a note of it's location on your computer, if it has an extension after it like .exe or .dll we need to know that as well... and anything else Housecall says about it...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -