virus called RtkBtMnt? or is comp just slow?trouble checking.

Discussion in 'Networking and Computer Security' started by ilaila, Jan 16, 2010.

  1. ilaila

    ilaila Geek Trainee

    Likes Received:
    Trophy Points:
    Hello, sorry for long thread...
    i don't often post threads, so sorry if wrong subject area..

    for the last few days, i've been running such programs as

    malwarebytes anti malware
    mcaffee security scan
    avg scan
    spybot search and destroy

    and hijack this helped me delete a lot of dodgy files by researching them on the net, treesize was great but very quickly the space i easily created was taken up again. i've just run a little sp1 cleaner in 'run' i think it clears up old service pack old stored stuff,,,didn't make a lot of difference.
    in my research to find the answer to my comp running slower than it used to (its a year old acer laptop vista)(not fancy vista) i came across files i couldn't work out if they were viruses, for example
    seems to be genuine but it hangs around in
    and i read that it can sometimes be a fake, although i do seem to have realtek audio but i don't know how or if i need it, it seems to be useful when recording tracks if i put in my mike and usb preamp for recording. (it just defaults to use that for external mikes)

    the other thing was i'm not sure about all the details in my Hjt log, it looks pretty good but i don't really know for sure. it was full of stuff that i had to find other ways of deleting, like making a notepad of anti 'qwave' and another file i can't remember now!:-( but that worked..i just wondered if there's still more

    mainly because i can't see what's using up all the space, i'm not so hot with treesize as don't want to delete important files. I have run misconfig and unchecked as many programs as i can, and just using the essentials, but even when i turn them off (spybot resident teatimer) it still seems slow and lacking in space. i've just uninstalled as many programs as i can...and although i don't have as much space as most people, this comp used to be clean and fast, now when windows open for explorer, i wait a four to five seconds for them to complete. plus can't run as many programs simultaneously as i used to i think.

    spybot and all the other scanners never found anything.

    here's my hjt log, can you see anything bad in there? and can you suggest any more tips to remove unecessary files or check for anything eating away at my space?
    thankyou very very much for any effort. :)

    yours confusedly

    p.s occasionally when i go to a wrongly addressed site link, it looks a tiny bit hijacked but again, not sure.


    Logfile of HijackThis v1.99.1
    Scan saved at 22:08:11, on 16/01/2010
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)

    Running processes:
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Browser Hijack Blaster\bhblaster.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8

    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\agh\Acrobat 8.0

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\agh\Acrobat 8.0

    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Append to existing PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\agh\Acrobat 8.0

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-

    58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering

    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

    Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program

    Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


Share This Page