HijackThis log... help?

Can someone please tell me if there is anything wrong with this log? My system is getting quite slow as of late, and I'm not sure why... TIA

Logfile of HijackThis v1.99.1
Scan saved at 06:06:35, on 25/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\apache\mysql\bin\mysqld-nt.exe
c:\apache\APACHE.EXE
C:\WINNT\system32\regsvc.exe
c:\apache\APACHE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\gsicon.exe
C:\WINNT\system32\dslagent.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LabtecMouse\moffice.exe
I:\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\BTVOYA~2\oamSender.exe
C:\Program Files\LabtecMouse\MOUSE32A.DAT
C:\Program Files\BigFix\BigFix.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
I:\Motherboard Monitor 5\DLL\display.dll
C:\WINNT\explorer.exe
C:\Documents and Settings\Boris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bt.com/btbroadbandstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\LabtecMouse\moffice.exe
O4 - HKLM\..\Run: [MBM 5] "I:\Motherboard Monitor 5\MBM5.EXE "
O4 - HKLM\..\Run: [Booster] C:\PROGRA~1\BTVOYA~2\oamSender.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [EPSON Stylus C44 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /M "Stylus C44 "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Msikeubdfa - Netropa Corporation - (no file)
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

 

Hello Jimmy,

Go thru the various data bases linked to in this thread and compare your startups http://www.windowsbbs.com/showthread.php?t=39425

A great many startups can be disabled and used as needed instead of having them running constantly in the background.

Regards - Charles

 

High Jimmy. I am new to this board, but have been doing these logs for quite some time now.
First off
C:\Documents and Settings\Boris\Desktop\HijackThis.exe
Is not safe. Hijackthis needs to make backup files when it works and they will clutter your desktop if you proceed. Please make a FOLDER and put it in there.
Example
C:\Documents and Settings\Boris\Desktop\Hijackthis\HijackThis.exe
or
C:\Program Files\hijackthis\Hijackthis.exe (Then just right click on hijackthis.exe and send to desktop as shortcut)



I see no obvious malware, but I do see some things worth checking out

O23 - Service: Msikeubdfa - Netropa Corporation - (no file)
Probably this is just that Hijackthis is being prevented from reading the file; but it may be an indication that you need to either disable this service by going to start/ run and type Services.msc and locate it and change to stopped and disable start with windows; or you may want to reinstall your netropa keyboard software.


O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
Again, this is probably just a case of Hijackthis not seeing the file . However. I am rather concerned that you have an apache server running on your computer. Could you clarify this? Finding much info on this particular phpgeekutil is difficult to say the least.

I recommend using code stuff starter
http://www.snapfiles.com/get/starter.html
As a startup manager and process viewer.
I prefer advising you to use the programs own options and preferences if possible, but starter is a very stable startup manager.


Is your slowdown system related or internet realted?
I see a lot of things which you do not need to have running all the time (like big fix)

Have you defragged recently? Done the usuall cleanup first?

 

And doing them well from what I can read.

Welcome to the forum. We are very glad to have you. Our security experts (which DOES NOT include me) have gotten sorta thin on the ground so you are twice welcome.

 

tbh I haven't defragged in a while, so I guess I'll give that a go...


system + net usage is slow...


yes I have apache installed (phptriad + full manual updates).



big fix and a few other things aren't usually left running, but I had just restarted my machine and forgot to disable them... I don't restart often so there is usually something I forget..

 

Well, Win2k and XP are not as bad about needing restarts as Win98, but I still think occaisional restarts are good.

Based on your statement
"system + net usage is slow... "
I would bet that you are getting a lot of traffic on your server and it is using most of you upload bandwidth.
You can try disabling it before you disable other things to see if this is true.
It could be fragmentation or just a need for more RAM. How much do you have?

 

Apache is just for my localhost, no outside access, and it hasn't been used that much over the past couple of weeks as I've been on holiday.

RAM is half a gig...

When I say I don't restart much, its usually restarted at least once a week with full system checks and virus/spyware/etc. scans. Partial virus scans are done daily though.

Thanks for your help btw, I'll try a defrag tonight with a bit of luck

Edit: Web browsing isnt so bad speed-wise, but Firefox takes a little longer to load and Outlook crawls at startup.

 

Here is a tweak to speed up firefox

Another neat thing to do in Firefox is to go to the address bar and type
about:mozilla
and hit enter

 

Yup, I got this info from the mozilla help forums a while ago