Computer Security & Viruses/Result of HijackThis


Dear Brian,

My problems:
1. Computer gets very slow with "not responding" status from Firefox and Chrome when I try to open new tab or load new page.
2. Google said my computer is sending out automated queries.
3. Some other sites say my computer is sending out lots of traffic.
4. Awhile ago some hacker got my credit card info and stole some money (no, my computer is not shared with anyone).
5. I tried SpyShelter, PeerBlock, MalwareByte, and Bitdefender to no avail. They all scanned problem free but the problem is still there.

I did what you suggested with HijackThis and this is the saved log.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:11:36 PM, on 8/17/2015
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

FIREFOX: 38.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SpyShelter Premium\SpyShelter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpyShelter] C:\Program Files\SpyShelter Premium\SpyShelter.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD9} (CS Order Entry Control (MBB)) -
O16 - DPF: {3FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Management Control) -
O16 - DPF: {5EC2D418-1B2A-40E6-904C-CA8B7ADB3682} (csta Control) -
O16 - DPF: {7EC2D418-1B2A-40E6-904C-CA8B7ADB3682} (csta Control) -
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB113} (CyberStock 250) -
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB124} (CyberStock 300) -
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB125} (CyberStock 300) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -   - C:\Windows\system32\lxdncoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SpyShelterSrv - Datpol - C:\Program Files\SpyShelter Premium\SpyShelterSrv.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

End of file - 5926 bytes

Additionally, when I used the HijackThis, I got this in the beginning "For some reason your system denied write access to the Hosts file. Bla bla bla..." and it suggested me to go to Start and Run and type notepad C:\Windows\System32\drivers\etc\hosts etc etc in which I got this...

# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
#          # source server
#          # x client host

# localhost name resolution is handled within DNS itself.
#       localhost
#   ::1          localhost       localhost

... but I don't know how to proceed from here except to continue with the scanning and got the result you see above. It says find the line(s) HijackThis reports and delete them and save the file as 'hosts.' and reboot. I don't understand delete what reported line(s) so I just continue with the scanning.

Can you identify any problem?

Hi Choo

I'll be glad to help.  First, download and run RKill from here:

Then after completion, download and run ADWCleaner from here:

Copy and paste the log files from the scans to me in a reply and let me know if there are any improvements.


Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts


Brian Benosky


I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.


I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: I am also a Top Contributor of General Computing answers in Yahoo! Questions.

College Educated Self-taught Computer Skills

©2016 All rights reserved.