3doz

Senior Member
Joined
Jun 6, 2010
Messages
310
see attachment for the information on my computer and the highjack problems
see the lower section missing files in the sevice areas .
the reason I tries this was to see why the computer went real slow in loading and running all of a sudden
have chaecked for virus and other problems spy ware , nothing showing up
removed the last program I installed , no change
memory tested OK (ram)
opens and clossed down about normal time
would appreciate any assistence

previous problem was having trouble in loading in programs using 32 so I installed the 64 on a different drive .. after settting it up < I removed the 32 windows using easy bcd without a problem
this 64 ran well untill last week , Yes I have used a restore without any difference as this problem remains
 


Attachments

  • system.webp
    system.webp
    41.1 KB · Views: 284
  • hijackthis.txt
    hijackthis.txt
    6.7 KB · Views: 310
Solution
How does one get rid of them
Most if not all are programs responsible for critical Microsoft services
lsass.exe is a process the Local Security Authentication Server
vds.exe is a process for Virtual Disk Service
vssvc.exe is a process for Volume Shadow Copy Service
watadminsvc.exe is a process for Windows Activation Technologies Service
Wbengine.exe is a process for Windows Block Level Backup Engine Service
wmiapsrv.exe is a process for Windows Management Instrumentation Performance Adapter Service
And on a properly updated and patched machine should not be managed or manipulated in any fashion unless there is reason to suspect that they are corrupt or otherwise causing problems with the computer.
These services often start...
Don't know if anyone here is versed at reading the Hijackthis logs, but most of the things depend on what you might recognize. Have you gone through the log and looked to something that looks out of place?

You have many Google entries..these will probably take up time, but not sure if they are the problem. One I noticed I did not recognize was

Link Removed - Invalid URL quicksales .com .au /WebResource.axd?d=jUnCE
which looks like it might not belong.

Also, the numbers on the left of the log will, in some cases, highlight which entries might be suspicious. I do not remember what the numbers are, but you can check using HijackThis definitions.
 


Last edited:
You can try some upload sites where you can have your hijackthis log analyzed for you. DO NOT do anything in hijackthis that you're not absolutely sure about!!

http://www.2-spyware.com/hjt.php

Link Removed - Invalid URL

There are many more. Google it.
 


Good shout Dave. Bleeping are, in my opinion, the experts in that type of thing.
 


hi all thanks for the assistance
I have been working though it and have some results . but these are a pain in the ***
if the files are missing and the services are stopped why have them running in the first place
How does one get rid of them
23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 


I show all of those files on my system. Have you checked yours?

I think it might be a case of temp files being created in a virtual system, but not sure.

Does the O23 number indicate a hazard in Hijackthis?
 


How does one get rid of them
Most if not all are programs responsible for critical Microsoft services
lsass.exe is a process the Local Security Authentication Server
vds.exe is a process for Virtual Disk Service
vssvc.exe is a process for Volume Shadow Copy Service
watadminsvc.exe is a process for Windows Activation Technologies Service
Wbengine.exe is a process for Windows Block Level Backup Engine Service
wmiapsrv.exe is a process for Windows Management Instrumentation Performance Adapter Service
And on a properly updated and patched machine should not be managed or manipulated in any fashion unless there is reason to suspect that they are corrupt or otherwise causing problems with the computer.
These services often start and stop and I suspect that perhaps what you are seeing is a limitation in HiJackThis as to how it is reporting these specific items.
It has been months if not a year or more since I have seen any of these identified as a possible problem, the last one being a lsass.exe exploit which I believe has faded (due to hotfixes, patches, updates and malware protection) into oblivion.
Regards
Randy
 


Solution
hi all thanks for the assistance
I have been working though it and have some results . but these are a pain in the ***
if the files are missing and the services are stopped why have them running in the first place
How does one get rid of them
23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

You're running a 64 bit system aren't you? HJT is not fully 64 bit compliant. Those (file missing) entries are "errors". Do not attempt to be doing anything with those.

O23 = NT Services
 


Last edited:
Back
Top