Windows 7 Highjack this solution please

3doz · Jan 16, 2012

see attachment for the information on my computer and the highjack problems
see the lower section missing files in the sevice areas .
the reason I tries this was to see why the computer went real slow in loading and running all of a sudden
have chaecked for virus and other problems spy ware , nothing showing up
removed the last program I installed , no change
memory tested OK (ram)
opens and clossed down about normal time
would appreciate any assistence

previous problem was having trouble in loading in programs using 32 so I installed the 64 on a different drive .. after settting it up < I removed the 32 windows using easy bcd without a problem
this 64 ran well untill last week , Yes I have used a restore without any difference as this problem remains

Saltgrass · Jan 17, 2012

Don't know if anyone here is versed at reading the Hijackthis logs, but most of the things depend on what you might recognize. Have you gone through the log and looked to something that looks out of place?

You have many Google entries..these will probably take up time, but not sure if they are the problem. One I noticed I did not recognize was

Link Removed - Invalid URL quicksales .com .au /WebResource.axd?d=jUnCE

which looks like it might not belong.

Also, the numbers on the left of the log will, in some cases, highlight which entries might be suspicious. I do not remember what the numbers are, but you can check using HijackThis definitions.

zvit · Jan 21, 2012

You can try some upload sites where you can have your hijackthis log analyzed for you. DO NOT do anything in hijackthis that you're not absolutely sure about!!

http://www.2-spyware.com/hjt.php

Link Removed - Invalid URL

There are many more. Google it.

davehc · Jan 21, 2012

This is one I have belonged to for a while now. They really get into it!
Am I infected? What do I do? - BleepingComputer.com

Elmer · Jan 21, 2012

Good shout Dave. Bleeping are, in my opinion, the experts in that type of thing.

3doz · Jan 21, 2012

hi all thanks for the assistance
I have been working though it and have some results . but these are a pain in the ***
if the files are missing and the services are stopped why have them running in the first place
How does one get rid of them
23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

Saltgrass · Jan 21, 2012

I show all of those files on my system. Have you checked yours?

I think it might be a case of temp files being created in a virtual system, but not sure.

Does the O23 number indicate a hazard in Hijackthis?

Trouble · Jan 21, 2012

3doz said:
How does one get rid of them

Most if not all are programs responsible for critical Microsoft services

lsass.exe is a process the Local Security Authentication Server
vds.exe is a process for Virtual Disk Service
vssvc.exe is a process for Volume Shadow Copy Service
watadminsvc.exe is a process for Windows Activation Technologies Service
Wbengine.exe is a process for Windows Block Level Backup Engine Service
wmiapsrv.exe is a process for Windows Management Instrumentation Performance Adapter Service

And on a properly updated and patched machine should not be managed or manipulated in any fashion unless there is reason to suspect that they are corrupt or otherwise causing problems with the computer.
These services often start and stop and I suspect that perhaps what you are seeing is a limitation in HiJackThis as to how it is reporting these specific items.
It has been months if not a year or more since I have seen any of these identified as a possible problem, the last one being a lsass.exe exploit which I believe has faded (due to hotfixes, patches, updates and malware protection) into oblivion.
Regards
Randy

Elmer · Jan 21, 2012

3doz said:
hi all thanks for the assistance
I have been working though it and have some results . but these are a pain in the ***
if the files are missing and the services are stopped why have them running in the first place
How does one get rid of them
23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

You're running a 64 bit system aren't you? HJT is not fully 64 bit compliant. Those (file missing) entries are "errors". Do not attempt to be doing anything with those.

O23 = NT Services

Search

Navigation section

Windows 7 Highjack this solution please

3doz

Senior Member

Attachments

Trouble

Saltgrass

Excellent Member

zvit

Honorable Member

davehc

Essential Member

Elmer

Extraordinary Member