Highjack this solution please

3doz

Senior Member
#1
see attachment for the information on my computer and the highjack problems
see the lower section missing files in the sevice areas .
the reason I tries this was to see why the computer went real slow in loading and running all of a sudden
have chaecked for virus and other problems spy ware , nothing showing up
removed the last program I installed , no change
memory tested OK (ram)
opens and clossed down about normal time
would appreciate any assistence

previous problem was having trouble in loading in programs using 32 so I installed the 64 on a different drive .. after settting it up < I removed the 32 windows using easy bcd without a problem
this 64 ran well untill last week , Yes I have used a restore without any difference as this problem remains
 


Attachments

Saltgrass

Excellent Member
Microsoft Community Contributor
#2
Don't know if anyone here is versed at reading the Hijackthis logs, but most of the things depend on what you might recognize. Have you gone through the log and looked to something that looks out of place?

You have many Google entries..these will probably take up time, but not sure if they are the problem. One I noticed I did not recognize was

/ quicksales .com .au /WebResource.axd?d=jUnCE
which looks like it might not belong.

Also, the numbers on the left of the log will, in some cases, highlight which entries might be suspicious. I do not remember what the numbers are, but you can check using HijackThis definitions.
 


Last edited:

Elmer

Extraordinary Member
#5
Good shout Dave. Bleeping are, in my opinion, the experts in that type of thing.
 


3doz

Senior Member
#6
hi all thanks for the assistance
I have been working though it and have some results . but these are a pain in the ***
if the files are missing and the services are stopped why have them running in the first place
How does one get rid of them
23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 


Saltgrass

Excellent Member
Microsoft Community Contributor
#7
I show all of those files on my system. Have you checked yours?

I think it might be a case of temp files being created in a virtual system, but not sure.

Does the O23 number indicate a hazard in Hijackthis?
 


Trouble

Noob Whisperer
#8
How does one get rid of them
Most if not all are programs responsible for critical Microsoft services
lsass.exe is a process the Local Security Authentication Server
vds.exe is a process for Virtual Disk Service
vssvc.exe is a process for Volume Shadow Copy Service
watadminsvc.exe is a process for Windows Activation Technologies Service
Wbengine.exe is a process for Windows Block Level Backup Engine Service
wmiapsrv.exe is a process for Windows Management Instrumentation Performance Adapter Service
And on a properly updated and patched machine should not be managed or manipulated in any fashion unless there is reason to suspect that they are corrupt or otherwise causing problems with the computer.
These services often start and stop and I suspect that perhaps what you are seeing is a limitation in HiJackThis as to how it is reporting these specific items.
It has been months if not a year or more since I have seen any of these identified as a possible problem, the last one being a lsass.exe exploit which I believe has faded (due to hotfixes, patches, updates and malware protection) into oblivion.
Regards
Randy
 


Elmer

Extraordinary Member
#9
hi all thanks for the assistance
I have been working though it and have some results . but these are a pain in the ***
if the files are missing and the services are stopped why have them running in the first place
How does one get rid of them
23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
You're running a 64 bit system aren't you? HJT is not fully 64 bit compliant. Those (file missing) entries are "errors". Do not attempt to be doing anything with those.

O23 = NT Services
 


Last edited:
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top