Win 95 Spyware Removal Help Needed

[TheNelsons]

Hello,
Hoping someone out there can give me VERY simple help...I'm NOT computer savy.
I have an old sony pc running with windows 95. I would like to bring this computer somewhat up-to-date so my 7 year old son can use it for some old games and occasionally get it on the internet.
This PC hasn't been used on the internet for 2 years (and then it was only briefly when my newer PC was down) and not full-time for 4 years. I KNOW that there is spyware in the system (my browser has been hijacked) and I'd like to get rid of it.
Yesterday I spent all day and most of the night trying to find a free spyware removal tool that I could download. I still haven't found anything that works.
I used Spybot S&D and AdAware on my newer PC. I was thrilled to hear that I could still use SpyBot 1.3 (I have it on a disc) so I tried to install it. I ran the suggested updates (phew...brutal on a 56.6 dial-up and a slow moving machine) the best that I could. I spent hours re-booting after each update (no I never did the updates as they came out)...in the end it was a failure.
I get two error messages saying Spybot cannot be run because of missing files....I'm done...stick a fork in me...done!
I've uninstalled SpyBot, re-installed SpyBot...nothing works. I must've done something wrong or out of order in the updates I ran.
I did some reading on here about some advanced way of making some of the newer spyware programs work...it's all gibberish to me! I'm sorry but I'm just not able to figure all this out.
What I was hoping to find is a really simple, small, spyware REMOVER tool that I can download and use safely. It would be a blessing if it were also free...but I'll pay if it truly works. NOW~ I don't think I need a really aggressive spyware program...remember this PC hasn't been on the internet really for 4 years (so newer spyware isn't an issue) and it won't be on the internet much now. I did download the free version of WinPatrol just to be sure...but that program won't scan and remove spyware already installed.
So if anyone out there can respond with a great idea for me...I would really appreciate it.
Thanks!
Helen in Minnesota

[Jawsh]

Welcome to virtualdr!

I recommend downloading ewido, but you can find several in a link in my signature (see Spyware and Virus removal freeware). Also check the link for "How do we get all those viruses??". the latter is very good for the non-savvy.

After you have scanned, reboot your machine and run HiJackThis (also in my signature). Save a log and post it in the Hijack This logfile forum of VirtualDR

[TheNelsons]

Hello and thank you for your response. I did some checking on your list of spyware tools...there wasn't anything there I felt I could use.
Perhaps I'm wrong but I couldn't find any software by "Ewido"
that is compatible with Win 95
The problem remains: All the spyware I've looked at in the provided links:
1) It wasn't compatible with Win95
2) It would stop spyware from startin... but not search your system and get rid of it.
3) The only one that would have worked said that it was good at finding but not able to remove spyware.
After reading about "HiJackThis" I'm a little afraid to try and run it...sounds as if I could do some real damage!
I did find a program called "Free Spyware Scanner 9.6" that promoted itself as being able to use it with Win 95. I was very hopeful.
After a 45 MN download...it wouldn't install due to a Win32 issue (?) that I can't even think about right now.
Perhaps it's time to take a sledge hammer to this old thing????
Anyone else have any ideas for me?
I know my old PC has spyware...besides my browser being hijacked...it also has the delayed typing issue and other odd behaviors with the icons.
HELP.

[crunchie]

TheNelsons. Running hijackthis to create a log will not do anything at all to your PC. You need to direct it to delete files/entries for anything to happen. Under guidance, hijackthis is an invaluable tool to rid PC's of malware. Make certain that it is in a permanent folder before posting it's log though.
Unfortunately, Ewido cannot be used on 95, 98 or ME.

[TheNelsons]

Logfile of HijackThis v1.99.1
Scan saved at 7:49:03 AM, on 5/8/06
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\CPIEXE.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
H:\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\DMI\SIA\BIN\CSERVICE.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\DMI\sia\bin\os_ac.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\DMI\sia\bin\pnp_ac.exe
H:\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\DMI\sia\bin\swi_ac.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\DMI\sia\bin\dmib_ac.exe
C:\DMI\sia\bin\logic_ac.exe
C:\DMI\sia\bin\sprof_ac.exe
C:\DMI\win16\bin\WINSL.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\PROGRAM FILES\PLUS!\MICROSOFT INTERNET\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allcybersearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msnmember.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MSN
F1 - win.ini: load=srsapp.exe
F1 - win.ini: run=cservice.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [sp] regedit -s C:\WINDOWS\sp.reg
O4 - HKLM\..\Run: [AVG_CC] H:\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] H:\Avgserv9.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me"
O4 - HKLM\..\RunOnce: [0001 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt"
O4 - HKLM\..\RunOnce: [0002 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k"
O4 - HKLM\..\RunOnce: [0003 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers"
O4 - HKLM\..\RunOnce: [0004 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu"
O4 - HKLM\..\RunOnce: [0005 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\util] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\util"
O4 - HKLM\..\RunOnce: [0006 - C:\WINDOWS\Start Menu\Programs\Hewlett-Packard] C:\WINDOWS\command.com /c rmdir "C:\WINDOWS\Start Menu\Programs\Hewlett-Packard"
O4 - HKLM\..\RunOnce: [0007 - C:\Program Files\hp deskjet 940c series\images] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 940c series\images"
O4 - HKLM\..\RunOnce: [0008 - C:\Program Files\hp deskjet 940c series\ir documentation] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 940c series\ir documentation"
O4 - HKLM\..\RunOnce: [0009 - C:\Program Files\hp deskjet 940c series] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 940c series"
O4 - HKLM\..\RunOnce: [0010 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me"
O4 - HKLM\..\RunOnce: [0011 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt"
O4 - HKLM\..\RunOnce: [0012 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k"
O4 - HKLM\..\RunOnce: [0013 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers"
O4 - HKLM\..\RunOnce: [0014 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu"
O4 - HKLM\..\RunOnce: [0015 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\util] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\util"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: {C0B4D721-15FA-11D2-B838-00C04FA3426D} (MSNChatHistoryCtl) - http://fdl.msn.com/public/chat/ChatCtls.Cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www114.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometc...zone/comet.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.microgaming.com/r...le/FlashAX.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://sc.communities.msn.com/contro...t/msnchat4.cab

[crunchie]

Hi. Please go to Jotti's and have these files scanned. Post the results back here.

cservice.exe
srsapp.exe

You will have to do a system search for them.

==

Can you tell me what these entries are;

C:\DMI\sia\bin\os_ac.exe
C:\DMI\sia\bin\pnp_ac.exe
C:\DMI\sia\bin\swi_ac.exe
C:\DMI\sia\bin\dmib_ac.exe
C:\DMI\sia\bin\logic_ac.exe
C:\DMI\sia\bin\sprof_ac.exe
C:\DMI\win16\bin\WINSL.EXE

==

Can you please do the following.

===============

Scan with HiJackThis, then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [sp] regedit -s C:\WINDOWS\sp.reg

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O13 - WWW. Prefix: http://

O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www114.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/comet...tzone/comet.cab


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

==

Now manually delete the following file;

C:\WINDOWS\sp.reg

==

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

[TheNelsons]

Item #1
I tried to do a search by copy/pasting the two items you asked me to search on Jott's site. It came up with nothing and said the items had zero bytes and was perhaps being blocked by spyware? Maybe I should've used the whole file name to search with instead of cutting/pasting?
Also, is Jotti's site searching my system for issues? I'm not familiar with that site. If so, the scan may have found something...see the data below.
Helen
I'll be working on the next few suggestions you made.
Oh...the files you asked me if I knew what they were??? NOPE, I have no clue what they are...sorry
Helen
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

Status: Unknown
Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: AVP_-_AntiVirus_Key_Generator.msh, detected by:

Scanner Malware name
AntiVir X
ArcaVir Heur.VBS.Generic.24
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Email-Worm.Win32.Skowor.h
NOD32 X
Norman Virus Control X
UNA X
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

[TheNelsons]

Hello again Crunchie~
Thanks for all your help. I have now "fixed" the items you told me to "check" on the HJT log file. I immediatley noticed when I went to use my internet explorer, my home page was no longer being hijacked! Very cool. The IE icons are still don't look right to me though. They look like little windows flag icons with red lines through them?
I also installed "SpyBlaster" and updated the database...everything is covered there.
Also, I'm downloading the latest version of AVG Anti-Virus (free version).
(which on this slow computer has 2 hours 3 minutes remaining to complete download!).
I will wait to hear from you on your opion regarding the notes I posted on the Jotti's site and on the files you asked me if I knew anything about (I still have no clue what they are). Considering this PC has no USB capabilities (I was hoping to use my home high speed 3mg service via a ethernet connector we have but since it has no usb port and the OS won't allow one) and we don't even have a printer that will work with this system anymore....I'm doubting it will go on the internet much other than as a back-up should something happen to my newer PC.
For now, I would just like to make this old relic run better so that the programs my son would like to use, run better. Even though it is an old PC and OS system...it has been running WAY too slow for something not to be wrong.
Helen

[crunchie]

Item #1
I tried to do a search by copy/pasting the two items you asked me to search on Jott's site. It came up with nothing and said the items had zero bytes and was perhaps being blocked by spyware? Maybe I should've used the whole file name to search with instead of cutting/pasting?
Also, is Jotti's site searching my system for issues? I'm not familiar with that site. If so, the scan may have found something...see the data below.
Helen
I'll be working on the next few suggestions you made.
Oh...the files you asked me if I knew what they were??? NOPE, I have no clue what they are...sorry

Hi again. Did you manage to locate the two files on your pc before attempting to upload them to Jotti's? If so, when you get to Jotti's site you just need to hit the 'choose' button and browse to the file(s). Once you get that done and are in full swing, you may as well upload those other unknown files too .

[TheNelsons]

Ok,
I found the files on my computer but not with Jotti's "browse" button...I had no idea where to tell it to look for that file!
I did it by using "find" on my PC. Do I just type the file name into Jotti's search box...or do I have to actually get the file in there?
Sorry.
Helen
UPDATE:
I found the first file (cservice.exe) which I think is part of an old program in my Win 95 called "Medi Kit". Jotti reports that it's "OK"
I don't what the other file is bu Jotti reports it as being OK.
I'm going to work on the others now
Will let you know what I find.
Thank you~

[TheNelsons]

Hello Crunchie!
I finished searching all those files on Jotti...they were all "OK" !
My IE screen isn't being hijacked anymore, but my Icons still don't look right (windows flags with a line through them).
Also, none of this has seemed to help my system speed at all...don't suppose there is much I can do about that? I did use Ccleanup to get rid of all unused items and cache...but that didn't improve anything either.
Could you give me some advice on the AVG anti-virus issue I posted in the other posting? I've tried to re-download the .com package required and then reinstall AVG...again....the files say they unzip but yet AVG still says I need those files before it can install the new version. Would it matter that I don't have winzip on this PC?

Here is the new log-file from HJT after I deleted the items you suggested...and rebooted my system. Did I miss anything?
Helen
Logfile of HijackThis v1.99.1
Scan saved at 5:18:43 PM, on 5/8/06
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\CPIEXE.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
H:\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\DMI\SIA\BIN\CSERVICE.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\DMI\sia\bin\os_ac.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\DMI\sia\bin\pnp_ac.exe
H:\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\DMI\sia\bin\swi_ac.exe
C:\DMI\sia\bin\dmib_ac.exe
C:\DMI\sia\bin\logic_ac.exe
C:\DMI\sia\bin\sprof_ac.exe
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\DMI\win16\bin\WINSL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msnmember.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MSN
F1 - win.ini: load=srsapp.exe
F1 - win.ini: run=cservice.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG_CC] H:\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] H:\Avgserv9.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me"
O4 - HKLM\..\RunOnce: [0001 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt"
O4 - HKLM\..\RunOnce: [0002 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k"
O4 - HKLM\..\RunOnce: [0003 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers"
O4 - HKLM\..\RunOnce: [0004 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu"
O4 - HKLM\..\RunOnce: [0005 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\util] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\util"
O4 - HKLM\..\RunOnce: [0006 - C:\WINDOWS\Start Menu\Programs\Hewlett-Packard] C:\WINDOWS\command.com /c rmdir "C:\WINDOWS\Start Menu\Programs\Hewlett-Packard"
O4 - HKLM\..\RunOnce: [0007 - C:\Program Files\hp deskjet 940c series\images] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 940c series\images"
O4 - HKLM\..\RunOnce: [0008 - C:\Program Files\hp deskjet 940c series\ir documentation] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 940c series\ir documentation"
O4 - HKLM\..\RunOnce: [0009 - C:\Program Files\hp deskjet 940c series] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 940c series"
O4 - HKLM\..\RunOnce: [0010 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me"
O4 - HKLM\..\RunOnce: [0011 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt"
O4 - HKLM\..\RunOnce: [0012 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k"
O4 - HKLM\..\RunOnce: [0013 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers"
O4 - HKLM\..\RunOnce: [0014 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu"
O4 - HKLM\..\RunOnce: [0015 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\util] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\util"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: {C0B4D721-15FA-11D2-B838-00C04FA3426D} (MSNChatHistoryCtl) - http://fdl.msn.com/public/chat/ChatCtls.Cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.microgaming.com/r...le/FlashAX.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://sc.communities.msn.com/contro...t/msnchat4.cab

[crunchie]

Hello Crunchie!
I finished searching all those files on Jotti...they were all "OK" !
My IE screen isn't being hijacked anymore, but my Icons still don't look right (windows flags with a line through them).
Also, none of this has seemed to help my system speed at all...don't suppose there is much I can do about that? I did use Ccleanup to get rid of all unused items and cache...but that didn't improve anything either.
Could you give me some advice on the AVG anti-virus issue I posted in the other posting? I've tried to re-download the .com package required and then reinstall AVG...again....the files say they unzip but yet AVG still says I need those files before it can install the new version. Would it matter that I don't have winzip on this PC?

I reckon those files would be self-extracting zip files so winzip shouldn't be necessary.
There are some other free AV's here http://www.thefreecountry.com/security/antivirus.shtml but I am not sure which, if any, support 95.
If you go into quick time preferences, you can set it to not start with Windows. That will save a little of the system resources.
If you right click on the red X's and go to properties you will be able to see the file format of the missing icon. Find an icon on your hard drive of the same format and right click on it. Choose the 'open with' option and choose to open it with internet explorer. Does the icon show now?