some help please?

[racerchick189]

Hey everybody! i am new here and i was hoping you guys could check my hijack this! log for me. i am kinda new to this so i hope you can help me out!

Logfile of HijackThis v1.99.1
Scan saved at 7:32:24 PM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\PEOPLEPC\ISP6130\BROWSER\BARTSHEL.EXE
C:\PROGRAM FILES\PEOPLEPC\ISP6130\BROWSER\PPSHARED.EXE
C:\PROGRAM FILES\PEOPLEPC\ISP6130\BROWSER\BARTSHEL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6130\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx

[AnnMarie]

Welcome to CTH racerchick189. Your log looks fine. Could you tell us what your problem is please.

[racerchick189]

Thanks for checking it for me. My computer has been sooooo slow lately. Recently, the font size on my desktop went bigger and I didn't change a thing! I use Avast Antivirus and it says I have several adware and trojans,but I also have used several of the freescans on the internet and they say I don't have anything. I am almost positive I have something because my computer acts so stupid! I really hope you can help me out.

Avast says these paths are infected:
C:\_RESTORE\ARCHIVE\FS85.CAB\A0034324.CPY
C:\_RESTORE\ARCHIVE\FS133.CAB\AOO53029.CPY
C:\_RESTORE\ARCHIVE\FS133.CAB\AOO53031.CPY

[AnnMarie]

Those files are in your System Restore Folder and are not active on your drive now. They will not be reactivated, unless you restore your PC to an earlier time. To get rid of them, you will have to disable System Restore and then re-enable it. See instructions here

Quote:

Recently, the font size on my desktop went bigger and I didn't change a thing!

Were you able to change the the font to normal size (Control Panel > Display > Appearance)? If not, your video card driver may have corrupted. What video card do you have?

Transferring to the Windows Millenium Forum.

[racerchick189]

ok,so either i didn't do it right, or it just didn't work because when i restarted they system restore was enabled...don't i have to re-enable it?maybe i just didn't do it right...i dont know. I'll keep trying.

[AnnMarie]

Yes you do have to re-enable it as far as I know (you have to re-enable it in XP). Have another try.

[racerchick189]

I have tried several more times to disable it and everytime I restart,it's always enabled again! And, my computer is never able to restart on its own after I disabel the system restore. (i have to push the button to restart it) Is there some other way to get rid of them? Have the infections corrupted the system restore?? I'll keep trying....

[AnnMarie]

Hi racerchick189. Are you checking Apply and OK after removing the checkbox? Do you get a prompt telling you to reboot? If not wait for the prompt before rebooting (it may take a minute or two).

Quote:

Have the infections corrupted the system restore??

I would doubt it.

[racerchick189]

ah ha!! I finally got it to work! I did a scan with my avast anitvirus and it said there were no infections! However,when I went to reboot,on the start up screen there was a command saying "Boot and Select proper Boot Device or Insert Boot Media in selected Boot Device" this has come up several times and I thought it would go away when the infections were removed. Is this a sign of another virus? Thank you so much for all your help!!