search

dragokas / hijackthis

A free utility that finds malware, adware and other security threats
http://hjt.sf.net
GNU General Public License v2.0
683 stars 108 forks source link

PC acting funny after history of undocumented tweaks #152

Closed loopoofoo closed 3 years ago

loopoofoo commented 3 years ago

Hi, my Windows 7 Ultimate installation, now aged 3 and a half years, is acting up. probably Hardware issues from an outdated system but I want to be sure.

Little Info about my habits: I use the Admin account as default because it makes things easier with many progs I often use. I use to carry my Firefox History, Cookies and Bookmarks to the next installation. I have a history of tweaks to install some progs from unsafe sources. I consider myself a pro user, I choose to install incredible stuff, I don't do it by accident or out of naivety. The last time I had openly malicious software installed is like 15 years ago. I often install programs and games and deinstall them again when finished. Sometimes I will install varying antivirus or antimalware, check the system, and deinstall it again. One after another of course. So far only files I knowingly choose to install were detected but I trust the sources enough to not consider them a threat. I run a virtual CD/DVD-Drive because of the loading time and the sound real drives have.

Problems I have: Windows Defender isn't starting anymore. Probably due to a key I added in either the Registry or Windows Group policy to avoid problems with unsafe programs, but I am not sure about that and I can't get it run again. I had the Mcafee Stinger installed and followed some guide to deinstall the Real Protect which came with it. Their own deinstaller didn't work then but somehow at a much later point, when I needed Stinger because of the not working Windows Defender, their deinstaller worked fine. I can't install some essential and optional Windows Updates, most certainly because I somehow blocked some Updates due to the Windows 10 nagging from Microsoft. 2019-09 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4516048). Code 80092004 2019-07 Update for Windows 7 for x64-based Systems (KB4493132). Code 80092004 2020-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 and Server 2008 R2 for x64 (KB4535102). Code 80092004 2019-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4516065). Code 80092004 Security Intelligence Update for Microsoft Security Essentials - KB2310138 (Version 1.337.111.0). Code 80070666

What I want to do: I should put up a new Installation but with Windows 7 being unsafe I should switch to either Windows 10 or an easy Linux build. The problem is that I don't want to take the time for investigating any of those options and until then I need an uncompromised system. I already use my outdated laptop and a safe Linux built on a USB-Stick for high security stuff like kripto so there's no need to rush it.

I already ran HJT [v2.7.0.24] and saved the log: `Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.7.0.24

Platform: x64 Windows 7 (Ultimate), 6.1.7601.24355, Service Pack: 1 Time: 03.05.2021 - 17:40 (UTC+02:00) Language: OS: English (0x409). Display: German (0x407). Non-Unicode: German (0x407) Elevated: Yes Ran by: home (group: Administrator) on HOMER, FirstRun: no

Firefox: 88.0.0.7775 Internet Explorer: 11.0.9600.19236 Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes: Number | Path 1 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1 C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe 1 C:\Program Files\AMD\CNext\CNext\amddvr.exe 1 C:\Program Files\AMD\CNext\CNext\amdow.exe 1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 1 C:\Program Files\Microsoft Security Client\MsMpEng.exe 1 C:\Program Files\Microsoft Security Client\NisSrv.exe 1 C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe 1 C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe 1 C:\Program Files\Windows Media Player\wmpnetwk.exe 1 C:\Users\home\Downloads\hijackthis.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\atieclxx.exe 1 C:\Windows\System32\atiesrxx.exe 1 C:\Windows\System32\audiodg.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\dwm.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\lsm.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 1 C:\Windows\System32\sppsvc.exe 12 C:\Windows\System32\svchost.exe 2 C:\Windows\System32\taskeng.exe 1 C:\Windows\System32\taskhost.exe 1 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\explorer.exe 1 C:\Windows\servicing\TrustedInstaller.exe

O2 - HKLM..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll O2 - HKLM..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll O2 - HKLM..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2-32 - HKLM..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKU.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 O4 - MSConfig\startupreg: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount (HKCU) (2019/04/03) O4 - MSConfig\startupreg: [Bloody2] C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe Minimum (HKCU) (2018/07/19) O4 - MSConfig\startupreg: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey (HKLM) (2020/12/16) O4 - MSConfig\startupreg: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (HKLM) (2020/12/16) O4 - MSConfig\startupreg: [Steam] C:\Program Files (x86)\Steam\steam.exe -silent (HKCU) (2018/08/29) O4 - MSConfig\startupreg: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2018/03/14) O4 - MSConfig\startupreg: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (file missing) (HKLM) (2019/04/03) O4 - MSConfig\startupreg: [svchost.exe] C:\Users\home\AppData\Roaming\Microsoft\svchost.exe (file missing) (HKCU) (2018/03/14) O17 - DHCP DNS - 1: 192.168.0.1 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft) O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O22 - Task: Adobe Flash Player NPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe -check plugin (file missing) O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\dvrcmd.exe O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file) O22 - Task: \Microsoft\Windows\End Of Support\Notify1 - C:\Windows\system32\sipnotify.exe -LogonOrUnlock (Microsoft) O22 - Task: \Microsoft\Windows\End Of Support\Notify2 - C:\Windows\system32\sipnotify.exe -Daily (Microsoft) O22 - Task: \Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v (Microsoft) O22 - Task: \Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe (Microsoft) O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe; "ServiceDll" = C:\Windows\system32\diagtrack.dll O23 - Service R2: Microsoft Antimalware Service - (MsMpSvc) - c:\Program Files\Microsoft Security Client\MsMpEng.exe O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service R2: SAMSUNG Mobile Connectivity Service V2 - (ss_conn_service2) - C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe O23 - Service R2: StarWind AE Service - (StarWindServiceAE) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service R3: Microsoft Network Inspection - (NisSrv) - c:\Program Files\Microsoft Security Client\NisSrv.exe O23 - Service S2: Alcohol Virtual Drive Auto-mount Service - (AxAutoMntSrv) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service S3: Windows Defender - (WinDefend) - C:\Windows\System32\svchost.exe; "ServiceDll" = C:\Program Files\Windows Defender\mpsvc.dll

-- End of file - Time spent: 9 sec. - 14450 bytes, CRC32: FFFFFFFF. Sign: 峰⯏`

dragokas commented 3 years ago

Hi, We only deal with malware-related issues. It is not likely the case. We recommend you to ask for help on the forums that provide assistance in resolving general operating system issues, like:

loopoofoo commented 3 years ago

Hi, can I assume you looked over the logs and found nothing pointing towards malware?

dragokas commented 3 years ago

We don't. If I correctly understand you, Windows Defender is blocked by tweaks you applied manually. If you still sure it may be caused by malware, collect and provide logs according to the rules:

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

dragokas commented 3 years ago

Closed. Reason: no answer for 10 days. If you still need our help, please, execute the last steps, requested by a helper.