Super Slow System and SVChost with 50% CPU usage.
HiJack Log for review
- Thread starter frogman99123
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
I can`t see anything particularly nasty in your HJT log. However, I`d like you to run some checks for me.
Go HERE and follow the instructions for AVG Antispyware and Combofix.
Once you`ve done that, post a fresh HJT log as well as the Combofix and AVG Antispyware logs.
Regards Howard :wave: :wave:
This thread is for the use of frogman99123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I can`t see anything particularly nasty in your HJT log. However, I`d like you to run some checks for me.
Go HERE and follow the instructions for AVG Antispyware and Combofix.
Once you`ve done that, post a fresh HJT log as well as the Combofix and AVG Antispyware logs.
Regards Howard :wave: :wave:
This thread is for the use of frogman99123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Here are my new scans
howard_hopkinso
Posts: 21,238 +17
Your Combofix logs seems to have some missing info. I.E, there is no rootkit info at the bottom of the log.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
PartyGaming
PartyPoker
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
RunApp.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/141p/html/gtdownlr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bowmans/FlashAX.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\gtdownlr_118.ocx
C:\Program Files\PartyGaming<Delete the entire folder.
Reboot into normal mode.
Chek to see if the C:\WINDOWS\system32\gtdownlr_118.ocx file has gone. If it has, rehide your protected OS files. If it`s still there, let me know in your next post.
Post fresh HJT and Combofix logs. Let me know if you`re still having any problems.
Regards Howard
This thread is for the use of frogman99123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
PartyGaming
PartyPoker
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
RunApp.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/141p/html/gtdownlr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bowmans/FlashAX.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\gtdownlr_118.ocx
C:\Program Files\PartyGaming<Delete the entire folder.
Reboot into normal mode.
Chek to see if the C:\WINDOWS\system32\gtdownlr_118.ocx file has gone. If it has, rehide your protected OS files. If it`s still there, let me know in your next post.
Post fresh HJT and Combofix logs. Let me know if you`re still having any problems.
Regards Howard
This thread is for the use of frogman99123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
