Need help with Hijackthis log

Hi. My PC has been weird whenever i try to open some websites. It seems to happen randomly, but i am not sure: sometimes it even freezes my computer for a few seconds before it actually opens the webpage, and sometimes it also acts as if i wasnt connected at all - even when trying to update avast or any other program. One could say this could be a ISP problem, but i dont think so because it works just fine on my laptop. It feels as if a part of my connection was being ‘used’ for something else, i dont know…

So i decided to check it out with hijackthis and see if it could give out any clues:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:13, on 10/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Joao\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip..{0B649DDB-CF54-44BA-AA29-D91AABB84F75}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip..{0B649DDB-CF54-44BA-AA29-D91AABB84F75}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


End of file - 5141 bytes

The lines

O17 - HKLM\System\CCS\Services\Tcpip..{0B649DDB-CF54-44BA-AA29-D91AABB84F75}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip..{0B649DDB-CF54-44BA-AA29-D91AABB84F75}: NameServer = 200.204.0.10 200.204.0.138

DO NOT show up if im disconnected.

Could someone help please?

-= The 2 entries you just mentioned are safe…

-= Some other things to consider:

(1) XP SP3

Windows Update for Windows XP’s service pack 3…

(2) No firewall process detected…

A better firewall would probably solve the problem… Windows XP Firewall has no outbound protection…

(3) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Seems to be deactivated already…

http://forum.avast.com/index.php?topic=45961.0

Jao , you’re using Windows SP2 that has several security vunerablilities and Windows SP3 has been available for a year that has perfomance enhancements and several Critical Security Updates so in IE go to Tools then Windows Update then download and install all updates.

Go to Control Center then Security Center then set it to Automatic Updates (Recommended) or at least Notify me about updates but do not download nor install them.

Do not run HijackThis from the Desktop as it will have the backups all over the Desktop so un-unstall it and let it install in its default Folder:
C:\Program Files\Trend Micro\HijackThis

It looks like you are running multiple malware scanners that can cause system conflicts so choose one:
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe <== redundant
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe <== this one is good
C:\Arquivos de programas\a-squared Free\a2service.exe <== too many false positives

Close all browser windows then start HijackThis (not from the Desktop but from its default installation Folder) then select the following and click Fix checked:
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp <== ISP default

O17 - HKLM\System\CCS\Services\Tcpip..{0B649DDB-CF54-44BA-AA29-D91AABB84F75}: NameServer = 200.204.0.10 200.204.0.138 <== is this your ISP’s DNS?
O17 - HKLM\System\CS1\Services\Tcpip..{0B649DDB-CF54-44BA-AA29-D91AABB84F75}: NameServer = 200.204.0.10 200.204.0.138 is this your ISP’s DNS?

Jao, posting your log in two different topics http://forum.avast.com/index.php?topic=45961.0 only duplicates the effort of those trying to help.

Okay, thanks for the help.

Sorry about the double posts, david, just thought it would be easier to get a response since the other topic was all the way down in the list. Wont happen again.

No problem - By posting your log in the other topic brings it to the top of the list as it is chronologically ordered.