Computer running too slow,HIJACK THIS log

[guestolo]

Can you do the following
Right click on Avast icon by the clock
Select to "Stop on access protections"
I just don't want Avast interfering

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus, AntiSpyware and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

[borracho]

absolutely i will do that when i get back...have a house issue,be back in 20 minutes

thank you immensely

[borracho]

ok heres the combofix log..

ComboFix 08-12-26.03 - Owner 2008-12-27 22:28:31.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.286 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081227-0] *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\hpowiax3.dll

.
(((((((((((((((((((((((((   Files Created from 2008-11-28 to 2008-12-28  )))))))))))))))))))))))))))))))
.

2008-12-27 21:53 . 2008-12-27 21:53   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-27 10:52 . 2008-12-27 19:25   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-12-27 10:13 . 2008-12-27 10:13   <DIR>   d--------   C:\rsit
2008-12-23 15:48 . 2008-12-27 11:59   <DIR>   d--------   c:\documents and settings\LocalService\Application Data\SACore
2008-12-23 15:17 . 2008-12-23 15:17   <DIR>   d--------   c:\program files\Common Files\McAfee
2008-12-23 15:16 . 2008-12-27 09:58   <DIR>   d--------   c:\program files\McAfee
2008-12-13 15:28 . 2008-12-13 15:28   <DIR>   d--------   c:\program files\Java
2008-12-08 10:32 . 2008-12-27 11:37   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Antispyware
2008-12-07 14:30 . 2008-12-07 14:30   8,192   --ahs----   c:\windows\system32\Thumbs.db
2008-12-02 17:37 . 2008-12-02 17:37   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Apple Computer
2008-12-02 08:20 . 2004-08-04 04:00   15,360   --a--c---   c:\windows\system32\dllcache\ctfmon.exe.backup
2008-12-02 08:20 . 2004-08-04 04:00   15,360   --a------   c:\windows\system32\ctfmon.exe.backup
2008-12-01 17:18 . 2008-12-01 17:18   <DIR>   d--------   c:\documents and settings\All Users\Application Data\WEBREG
2008-12-01 17:05 . 2008-12-01 17:05   <DIR>   d--------   c:\documents and settings\Owner\Application Data\HPAppData
2008-12-01 17:05 . 2008-12-01 17:05   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-12-01 16:58 . 2008-12-01 16:58   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-01 16:58 . 2008-12-01 17:01   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HP
2008-12-01 16:57 . 2008-12-01 16:57   <DIR>   d--------   c:\program files\Common Files\HP
2008-12-01 16:56 . 2008-12-01 16:56   <DIR>   d--------   c:\program files\Hewlett-Packard
2008-12-01 16:55 . 2008-12-01 16:55   <DIR>   d--------   c:\program files\Common Files\Hewlett-Packard
2008-12-01 16:52 . 2007-03-07 20:20   49,920   -ra------   c:\windows\system32\drivers\HPZid412.sys
2008-12-01 16:52 . 2007-03-07 20:20   21,568   -ra------   c:\windows\system32\drivers\HPZius12.sys
2008-12-01 16:52 . 2007-03-07 20:20   16,496   -ra------   c:\windows\system32\drivers\HPZipr12.sys
2008-12-01 16:51 . 2008-12-01 16:51   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-01 16:51 . 2007-03-30 07:07   267,864   -ra------   c:\windows\system32\hpzids01.dll
2008-12-01 16:51 . 2007-03-28 14:01   117,760   --a------   c:\windows\system32\hpzll5ha.dll
2008-12-01 16:50 . 2007-03-17 08:11   569,344   -ra------   c:\windows\system32\hpotscl3.dll
2008-12-01 16:50 . 2007-03-07 20:20   364,544   -ra------   c:\windows\system32\hppldcoi.dll
2008-12-01 16:50 . 2007-03-07 20:20   309,760   -ra------   c:\windows\system32\difxapi.dll
2008-12-01 16:50 . 2007-03-17 08:11   303,104   -ra------   c:\windows\system32\hpovst10.dll
2008-12-01 16:49 . 2008-12-01 16:50   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-01 16:48 . 2008-12-01 17:05   <DIR>   d--------   c:\program files\HP
2008-12-01 16:43 . 2008-12-01 17:18   141,199   --a------   c:\windows\hpoins14.dat
2008-12-01 16:43 . 2007-06-05 15:07   2,000   ---------   c:\windows\hpomdl14.dat
2008-11-29 15:04 . 2008-12-23 10:27   54,156   --ah-----   c:\windows\QTFont.qfn
2008-11-29 15:04 . 2008-11-29 15:04   1,409   --a------   c:\windows\QTFont.for
2008-11-29 11:56 . 2008-11-29 11:56   15,544   --a------   c:\windows\system32\drivers\sbhr.sys
2008-11-29 11:53 . 2008-11-29 11:53   <DIR>   d--------   c:\program files\Common Files\Sunbelt
2008-11-29 11:53 . 2008-11-29 11:53   <DIR>   d--------   c:\program files\Common Files\RuleSpace
2008-11-29 11:52 . 2008-11-29 11:52   <DIR>   d--------   c:\program files\Common Files\Authentium
2008-11-29 11:51 . 2008-11-29 11:51   <DIR>   d--------   c:\program files\Clearwire
2008-11-29 11:31 . 2008-12-27 19:23   <DIR>   d--------   c:\program files\Common Files\Authentium Shared
2008-11-29 11:27 . 2008-11-30 00:07   <DIR>   d--------   c:\windows\system32\CatRoot_bak
2008-11-29 11:26 . 2008-06-13 05:10   272,128   ---------   c:\windows\system32\drivers\bthport.sys
2008-11-29 11:26 . 2008-06-13 05:10   272,128   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-11-29 11:08 . 2004-08-04 00:56   21,504   --a------   c:\windows\system32\hidserv.dll
2008-11-29 11:08 . 2004-08-04 00:56   21,504   --a--c---   c:\windows\system32\dllcache\hidserv.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 03:15   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 23:01   ---------   d-----w   c:\program files\Soulseek
2008-12-26 08:36   ---------   d-----w   c:\program files\Winamp
2008-12-24 00:12   ---------   d-----w   c:\program files\Lavasoft
2008-12-24 00:12   ---------   d-----w   c:\documents and settings\Owner\Application Data\Lavasoft
2008-12-23 23:43   ---------   d-----w   c:\documents and settings\Owner\Application Data\SiteAdvisor
2008-12-23 23:18   ---------   d-----w   c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 16:20   24,064   ----a-w   c:\windows\system32\ctfmon.exe
2008-12-02 00:37   ---------   d-----w   c:\program files\Yahoo!
2008-12-02 00:37   ---------   d-----w   c:\program files\QuickTime
2008-12-02 00:24   ---------   d-----w   c:\program files\Dl_cats
2008-11-24 20:00   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-24 20:00   ---------   d-----w   c:\program files\ZyDAS Technology Corporation
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 22:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 20:38   267,776   ----a-w   c:\windows\system32\iertutil(2).dll
2008-10-03 10:15   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-01 00:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2008-11-29 15544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-01 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-01 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-23 206096]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2007-09-24 20608]
S3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-28 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 21:27]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/cw/bin/wizard.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ngxc0hkp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 22:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2008-12-27 22:31:22
ComboFix-quarantined-files.txt  2008-12-28 06:31:04

Pre-Run: 51,706,216,448 bytes free
Post-Run: 51,743,600,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

181   --- E O F ---   2008-12-28 05:01:51

[guestolo]

Is startup fine on the computer?
It is only Online it seems slow?


Are things now running better?
Which browser(s) are you experiencing slow speeds, just Firefox?

[borracho]

no,it seems better..thank you

i only use firefox,i have internet explorer installed but dont use it

its just page loads,program starts and responses are lagging,but after doing the last clean it seems more responsive...i just made it a private computer (up to this week it was shared),so hopefully thatll help

did you see anything in the logs that was out of wack at all?

[borracho]

i was doing a spybot scan today,and the avast virus warning went off like 6 times,the bottom of the screen was showing the name of the virus,i kept trying to move it to the chest,but it kept coming and coming..i immediately shut off all power

im pretty sure the microsoft security warning thing is fake (the red shield on the bottom right)

[guestolo]

and the avast virus warning went off like 6 times,the bottom of the screen was showing the name of the virus

The path to the file and the name would help
Also post a fresh Hijackthis log

[cheste]

if you local disk C is full you need to delete some of the unwanted file's or software.if you do not want to do that just partition your hard disk and send all of you music\movie files on the partition where your window is not installed on.