Old Computer Help [Win 95 - HJT log]

Old Computer Help

I am on my older computer (Windows 95) and recently noticed popups, constant noises as if the CPU is processing something, and when I start it up I get a bunch of errors about missing dll files and such. I downloaded adaware and spybot, but neither run on Windows 95. So I downloaded HJT, and ran it, and found I have a lot of stuff in there, but dont know if its good or bad. If someone could help me, please reply. Ill post my HJT log also.Logfile of HijackThis v1.99.1
Scan saved at 8:54:10 PM, on 3/3/05
Platform: Windows 95 a (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\180AX.EXE
C:\WINDOWS\SIXTYPOPSIX.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\PRUTSCT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
D:\CREATEACARD\FMREMIND.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\PRUTSCT.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\INSTALL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\ANTI-SPYWARE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jethomepage.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jethomepage.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bst.bls.com:8080
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Program Files\Matrox MGA PowerDesk\Color\Hgcctl95.exe
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\SIXTYPOPSIX.exe
O4 - HKLM\..\Run: [afcfwxch] C:\WINDOWS\afcfwxch.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\RunServices: [] .exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PRUTSCT] C:\WINDOWS\SYSTEM\PRUTSCT.exe
O4 - HKCU\..\RunOnce: [PRUTSCT] C:\WINDOWS\SYSTEM\PRUTSCT.exe
O4 - Startup: MGA QuickDesk.lnk = C:\Program Files\Matrox MGA PowerDesk\QDESK\mgaqdesk.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = D:\CreateACard\FMRemind.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\NetMeeting\CB32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: America Online 6.0 Tray Icon.pif = C:\WINDOWS\CTCM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab

 

Hi

SpyBot is compatible with win 95, more on that further down.

You Will need to Boot into Safe Mode.
Windows 95/98/ME http://support.microsoft.com/default.aspx?scid=kb;EN-US;180902

Once in safe mode find and delete these files and folders. be carefull.
C:\WINDOWS\afcfwxch.exe << This file
C:\Program Files\E2G << This folder
C:\PROGRAM FILES\INTERNET OPTIMIZER << This folder
C:\WINDOWS\SYSTEM\PRUTSCT.EXE << This file
C:\WINDOWS\SIXTYPOPSIX.EXE << This file
C:\WINDOWS\180AX.EXE << This file

Reboot back to a normal windows session, disregard the errors about files missing (if any)

Have hijackthis fix only these items.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jethomepage.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jethomepage.com/ie/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\SIXTYPOPSIX.exe
O4 - HKLM\..\Run: [afcfwxch] C:\WINDOWS\afcfwxch.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\RunServices: [] .exe
O4 - HKCU\..\Run: [PRUTSCT] C:\WINDOWS\SYSTEM\PRUTSCT.exe
O4 - HKCU\..\RunOnce: [PRUTSCT] C:\WINDOWS\SYSTEM\PRUTSCT.exe
O4 - Startup: PowerReg Scheduler.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti...iveLauncher.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
=====================

Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html
How did that go ?

Read the FAQ's and get SpyBot working
Are there any problems using Spybot-S&D 1.3 under Windows 95
http://www.safer-networking.org/en/faq/11.html

Did you get it working ?

Go Get all available critical updates at windows update, it will take more than one trip, http://v4.windowsupdate.microsoft.com/en/default.asp
Always restart the PC when prompted.

Only after that post a fresh hiajckthis log

 

Got SpyBot working, didnt install spyware blaster (not enough free space on my computer) and the windows update says it dosent support windows 95

But heres a HJT log-

Logfile of HijackThis v1.99.1
Scan saved at 1:29:12 AM, on 3/5/05
Platform: Windows 95 a (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
D:\CREATEACARD\FMREMIND.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\PRUTTCT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\PRUTTCT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SNDVOL32.EXE
C:\WINDOWS\DESKTOP\ANTI-SPYWARE\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bst.bls.com:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Program Files\Matrox MGA PowerDesk\Color\Hgcctl95.exe
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [afcfwxch] C:\WINDOWS\afcfwxch.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PRUTTCT] C:\WINDOWS\SYSTEM\PRUTTCT.exe
O4 - HKCU\..\RunOnce: [PRUTTCT] C:\WINDOWS\SYSTEM\PRUTTCT.exe
O4 - Startup: MGA QuickDesk.lnk = C:\Program Files\Matrox MGA PowerDesk\QDESK\mgaqdesk.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = D:\CreateACard\FMRemind.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\NetMeeting\CB32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

===============================================


I also have 9 invisible files in my recycle bin that cant be deleted, any ideas on how to remove those?

 

Was there any problems with the instructions given ?
That Log Doesnt appear any differant

 

Uh...yea

 

"Uh...yea" doesnt help at all, be more descriptive



Download the attachment to your desktop, rightclick rename to
removeit.reg, dont use it just yet.

Download Pocket Killbox.version 2.0.0.76
If you already have Killbox ensure it is this version
Unzip the contents of KillBox.zip to a convenient location.


Double-click on KillBox.exe.
Click "Delete on Reboot"
Copy/Paste this file into the top "Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM\PRUTSCT.EXE

Click the "Delete File" button which looks like a stop sign.
[8]Click "Yes" at the prompt.

Do that for each of these files one at a time.

C:\WINDOWS\afcfwxch.exe
C:\Program Files\E2G\IeBHOs.dll
C:\WINDOWS\SIXTYPOPSIX.EXE
C:\WINDOWS\180AX.EXE

Exit KillBox restart the PC then run that registry script. answer yes to the prompt.

Post a new log, Hopefully another of our forum members can suggest a fix for that trashbin problem.

 

I did, when I quoted this

there was not enough space on my computer to install psyware blocker. I got spybot working. Windows update dosent support windows 95.

Those are the problems. And Ill try the stuff ya just posted

 

The attachment didnt get downloaded so i assume your not going to use it.

IF you do let us know if it merges successfully, i might have to edit it slightly for win 95.

I believe you can get IE 5.5 out on the net somewhere, if you can cleanup/uninstall some un-needed programs perhaps there will be enough room.

Franky this was a rude comment > "Uh...yea" doesnt help at all, if you continue i will not help again and the thread will be closed.

 

Im working on deleting some stuff on my computer so I have room for the attachment, so once I have space Ill let you know how it works. Do I need IE 5.5? Didnt mean to be rude, sorry, just re-stating the problems I posted in the previous post.

 

OK I'm kinda outta options here, so I'm thinking of deleting spybot. If I uninstall that, will it resote everything that I got rid of?

 

I cannot help you if you even consider putting back crappware/spyware

 

As I said before, there is not much else I can do. Although I am open to suggestions, it is a very old computer and dosent have much memory.Spybot in itself is a large program, and when combined with backups, updates, quarantines, and immunizations, it takes up a lot of space. I would like to leave it on my computer, but I dont know if I can. Any ideas?

 

Pocket Killbox is a small download (36.2 KB), and the attachment is less than 1 KB. Are you saying your drive doesn't have 37 KB of free space? You could get rid of 1 picture and free up twice that space, or 1 two minute song and free up 100 times that much space.

 

OK I deleted some old games I didnt realize were still installed and some screensavers, then installed the killbox and removeit. I deleted those files using killbox and added the removeit to the registry. Heres a new log
=========================================================
Logfile of HijackThis v1.99.1
Scan saved at 11:15:07 PM, on 3/9/05
Platform: Windows 95 a (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\PRUTTCT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
D:\CREATEACARD\FMREMIND.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\PRUTTCT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\ANTI-SPYWARE\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bst.bls.com:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Program Files\Matrox MGA PowerDesk\Color\Hgcctl95.exe
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PRUTTCT] C:\WINDOWS\SYSTEM\PRUTTCT.exe
O4 - HKCU\..\RunOnce: [PRUTTCT] C:\WINDOWS\SYSTEM\PRUTTCT.exe
O4 - Startup: MGA QuickDesk.lnk = C:\Program Files\Matrox MGA PowerDesk\QDESK\mgaqdesk.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = D:\CreateACard\FMRemind.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\NetMeeting\CB32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - http://download.abetterinternet.com/download/cabs/BANDLL58/banner.cab

 

Not any part of the spyware removal but you can help this system run a little better without losing anything of value.

Use Hijackthis and check the following for deletion then let HJT get rid of it

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

Then delete the findfast.exe file.

This is a part of MS Office that builds an index of office files & documents. That process adds to the load on your system and the index takes valuable space. It does not speed searches which was the original purpose.

Then you can probably free up some additional space as well as optimize your system some with the following. If you can find a copy of scanreg, running it as shown below will really help things.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

General clean-up instructions for Win95/98/ME

• Open a browser window and dump all TIF (temporary internet files) and cookies. Close.
• Open windows explorer and
  .. delete the contents of all temp folders
  .. delete any files in c:\ with a name filennnn.chk (where nnnn is any number so file0001.chk, file1034.chk, etc)
• verify that you have fewer than 500 files & folders directly under c:\. If you are close to that number, remove or move some files.
• empty the recycle bin
• boot to DOS
• from the command prompt do the following
  .. scanreg /fix <ENTER> (press the ENTER key)
  .. scanreg /opt <ENTER>
  ****note that 95 does not have scanreg.exe but a copy from 98 or ME will run fine if you can get one
  .. scandisk c:\ /nosave /autofix /surface <ENTER>
  .. Win /D:M (forces a safe mode windows start)
• Run another scandisk (start~programs~accessories~system tools) and check for a standard scan and to fix all errors found. The DOS scan couldn't check for long file name issues.
• Run a defrag
• Reboot to normal Windows.

 

Thank you! I did a scandisk and deleted those filennnn files, and also cleaned up some more.

 

Scan again with HJT and fix the following.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKCU\..\Run: [PRUTTCT] C:\WINDOWS\SYSTEM\PRUTTCT.exe
O4 - HKCU\..\RunOnce: [PRUTTCT] C:\WINDOWS\SYSTEM\PRUTTCT.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - http://download.abetterinternet.com...LL58/banner.cab


Use the Killbox to tag this file for deletion and reboot.

C:\WINDOWS\SYSTEM\PRUTTCT.EXE

Scan again and post a new HJT log.

You really need to install an AntiVirus program.