• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Missing Files?

D

D3DAiM

#1
Hello, I am running Vista Ultimate x64.

I seem to have quite a few missing files of what seem to be important
windows executables. Corruption? I cannot seem to delete these from my log,
they continue to reappear.

Logfile of HijackThis v1.99.1
Scan saved at 5:16:51 PM, on 3/20/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files\Samurize\Client.exe
C:\Users\Administrator\Desktop\LCD Smartie\LCDSmartie.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\Assorted
Files\Cleaning\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files
(x86)\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: LCD Smartie.lnk = C:\Users\Administrator\Desktop\LCD
Smartie\LCDSmartie.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files
(x86)\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files
(x86)\bonjour\mdnsnsp.dll' missing
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner -
C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program
Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FAH@C:+Program Files+FAH+FAH504-Console.exe - Stanford
University - C:\Program Files\FAH\FAH504-Console.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown
owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -
Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown
owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner
- C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner
- C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown
owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner -
C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
Software - C:\Program Files\Alcohol Soft\Alcohol
120\StarWind\StarWindService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -
C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -
C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown
owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -
Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)

What can I do? I've tied memory fixes, defragments, error checks, system
file checker, spyware and virus scans. The whole bit.

Thanks!
 

My Computer

J

Jane C

#2
Look in your Windows\System32 folder. Do you see the 'missing files' there?
If you do, they are not missing.

I suspect that HiJackThis is not fully 64bit-aware. Out of curiosity, I ran
the latest version 2 of HiJackThis and had the exact same files listed as
'missing' in the scan result. I have no issues whatsoever with my Vista
x64.

HiJackThis should only be run if you suspect you have been 'hijacked' by
malware. I see no reason to run it on a regular basis unless you suspect
there is something wrong that has been caused by malware.

--
Jane, not plain ;) 64 bit enabled :-)
Batteries not included. Braincell on vacation ;-)
"D3DAiM" <D3DAiM@discussions.microsoft.com> wrote in message
news:11912B0C-7B1C-43C8-83DE-45C48D061B68@microsoft.com...
> Hello, I am running Vista Ultimate x64.
>
> I seem to have quite a few missing files of what seem to be important
> windows executables. Corruption? I cannot seem to delete these from my
> log,
> they continue to reappear.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:16:51 PM, on 3/20/2007
> Platform: Unknown Windows (WinNT 6.00.1904)
> MSIE: Internet Explorer v7.00 (7.00.6000.16386)
>
> Running processes:
> C:\Program Files (x86)\AIM6\aim6.exe
> C:\Program Files\Samurize\Client.exe
> C:\Users\Administrator\Desktop\LCD Smartie\LCDSmartie.exe
> C:\Program Files\Xfire\xfire.exe
> C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
> C:\Program Files\Grisoft\AVG7\avgcc.exe
> C:\Program Files (x86)\AIM6\aolsoftware.exe
> C:\Program Files (x86)\Mozilla Firefox\firefox.exe
> C:\Users\Administrator\Desktop\Assorted
> Files\Cleaning\hijackthis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://google.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> F2 - REG:system.ini: UserInit=userinit.exe
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files
> (x86)\Java\jre1.6.0\bin\jusched.exe"
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
> O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d
> locale=en-US ee://aol/imApp
> O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
> O4 - Startup: LCD Smartie.lnk = C:\Users\Administrator\Desktop\LCD
> Smartie\LCDSmartie.exe
> O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files
> (x86)\Java\jre1.6.0\bin\npjpi160.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
> O10 - Broken Internet access because of LSP provider 'c:\program files
> (x86)\bonjour\mdnsnsp.dll' missing
> O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
> O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner -
> C:\Windows\System32\alg.exe (file missing)
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT,
> s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
> O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program
> Files\Diskeeper Corporation\Diskeeper\DkService.exe
> O23 - Service: FAH@C:+Program Files+FAH+FAH504-Console.exe - Stanford
> University - C:\Program Files\FAH\FAH504-Console.exe
> O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
> C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
> C:\Windows\System32\msdtc.exe (file missing)
> O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -
> Unknown
> owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -
> Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown
> owner -
> %windir%\system32\svchost.exe (file missing)
> O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -
> Unknown
> owner - C:\Windows\system32\locator.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown
> owner
> - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown
> owner
> - C:\Windows\system32\SLsvc.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown
> owner - C:\Windows\System32\snmptrap.exe (file missing)
> O23 - Service: Print Spooler (Spooler) - Unknown owner -
> C:\Windows\System32\spoolsv.exe (file missing)
> O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
> Software - C:\Program Files\Alcohol Soft\Alcohol
> 120\StarWind\StarWindService.exe
> O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
> Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -
> C:\Windows\System32\vds.exe (file missing)
> O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown
> owner -
> C:\Windows\system32\vssvc.exe (file missing)
> O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -
> Unknown
> owner - C:\Windows\system32\wbengine.exe (file missing)
> O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -
> Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
> O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
> (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
> Player\wmpnetwk.exe (file missing)
>
> What can I do? I've tied memory fixes, defragments, error checks, system
> file checker, spyware and virus scans. The whole bit.
>
> Thanks!
 

My Computer

D

D3DAiM

#3
"Jane C" wrote:

> Look in your Windows\System32 folder. Do you see the 'missing files' there?
> If you do, they are not missing.
>
> I suspect that HiJackThis is not fully 64bit-aware. Out of curiosity, I ran
> the latest version 2 of HiJackThis and had the exact same files listed as
> 'missing' in the scan result. I have no issues whatsoever with my Vista
> x64.
>
> HiJackThis should only be run if you suspect you have been 'hijacked' by
> malware. I see no reason to run it on a regular basis unless you suspect
> there is something wrong that has been caused by malware.
>
> --
> Jane, not plain ;) 64 bit enabled :-)
> Batteries not included. Braincell on vacation ;-)
> "D3DAiM" <D3DAiM@discussions.microsoft.com> wrote in message
> news:11912B0C-7B1C-43C8-83DE-45C48D061B68@microsoft.com...
> > Hello, I am running Vista Ultimate x64.
> >
> > I seem to have quite a few missing files of what seem to be important
> > windows executables. Corruption? I cannot seem to delete these from my
> > log,
> > they continue to reappear.
> >
> > Logfile of HijackThis v1.99.1
> > Scan saved at 5:16:51 PM, on 3/20/2007
> > Platform: Unknown Windows (WinNT 6.00.1904)
> > MSIE: Internet Explorer v7.00 (7.00.6000.16386)
> >
> > Running processes:
> > C:\Program Files (x86)\AIM6\aim6.exe
> > C:\Program Files\Samurize\Client.exe
> > C:\Users\Administrator\Desktop\LCD Smartie\LCDSmartie.exe
> > C:\Program Files\Xfire\xfire.exe
> > C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
> > C:\Program Files\Grisoft\AVG7\avgcc.exe
> > C:\Program Files (x86)\AIM6\aolsoftware.exe
> > C:\Program Files (x86)\Mozilla Firefox\firefox.exe
> > C:\Users\Administrator\Desktop\Assorted
> > Files\Cleaning\hijackthis\HijackThis.exe
> >
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> > http://go.microsoft.com/fwlink/?LinkId=54896
> > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> > http://google.com/
> > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> > F2 - REG:system.ini: UserInit=userinit.exe
> > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> > O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> > C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
> > O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files
> > (x86)\Java\jre1.6.0\bin\jusched.exe"
> > O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
> > O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d
> > locale=en-US ee://aol/imApp
> > O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
> > O4 - Startup: LCD Smartie.lnk = C:\Users\Administrator\Desktop\LCD
> > Smartie\LCDSmartie.exe
> > O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
> > O8 - Extra context menu item: E&xport to Microsoft Excel -
> > res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
> > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> > C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
> > O9 - Extra 'Tools' menuitem: Sun Java Console -
> > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files
> > (x86)\Java\jre1.6.0\bin\npjpi160.dll
> > O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
> > O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
> > O10 - Broken Internet access because of LSP provider 'c:\program files
> > (x86)\bonjour\mdnsnsp.dll' missing
> > O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
> > C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
> > O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner -
> > C:\Windows\System32\alg.exe (file missing)
> > O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
> > C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> > O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
> > C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> > O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT,
> > s.r.o. -
> > C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
> > O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program
> > Files\Diskeeper Corporation\Diskeeper\DkService.exe
> > O23 - Service: FAH@C:+Program Files+FAH+FAH504-Console.exe - Stanford
> > University - C:\Program Files\FAH\FAH504-Console.exe
> > O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
> > C:\Windows\system32\lsass.exe (file missing)
> > O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
> > C:\Windows\System32\msdtc.exe (file missing)
> > O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -
> > Unknown
> > owner - C:\Windows\system32\lsass.exe (file missing)
> > O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -
> > Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> > O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown
> > owner -
> > %windir%\system32\svchost.exe (file missing)
> > O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -
> > Unknown
> > owner - C:\Windows\system32\locator.exe (file missing)
> > O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown
> > owner
> > - C:\Windows\system32\lsass.exe (file missing)
> > O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown
> > owner
> > - C:\Windows\system32\SLsvc.exe (file missing)
> > O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown
> > owner - C:\Windows\System32\snmptrap.exe (file missing)
> > O23 - Service: Print Spooler (Spooler) - Unknown owner -
> > C:\Windows\System32\spoolsv.exe (file missing)
> > O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
> > Software - C:\Program Files\Alcohol Soft\Alcohol
> > 120\StarWind\StarWindService.exe
> > O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
> > Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
> > O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -
> > C:\Windows\System32\vds.exe (file missing)
> > O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown
> > owner -
> > C:\Windows\system32\vssvc.exe (file missing)
> > O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -
> > Unknown
> > owner - C:\Windows\system32\wbengine.exe (file missing)
> > O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -
> > Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
> > O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
> > (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
> > Player\wmpnetwk.exe (file missing)
> >
> > What can I do? I've tied memory fixes, defragments, error checks, system
> > file checker, spyware and virus scans. The whole bit.
> >
> > Thanks!

>
> Yup you a re right. They are there.


It must be HijackThis!'s incompatibility. Thanks!
 

My Computer

R

Rick Rogers

#4
Hi Jane,

Lack of permissions on the system folder is the most likely explanation. As
the user account would be denied access to the system folder, the HJT tool
cannot confirm that the file mentioned by the run entries exists, so
therefore lists it as missing.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org

"Jane C" <jellybean@NOSPAMxjgarage.org> wrote in message
news:umhbgLDdHHA.4684@TK2MSFTNGP06.phx.gbl...
> Look in your Windows\System32 folder. Do you see the 'missing files'
> there? If you do, they are not missing.
>
> I suspect that HiJackThis is not fully 64bit-aware. Out of curiosity, I
> ran the latest version 2 of HiJackThis and had the exact same files listed
> as 'missing' in the scan result. I have no issues whatsoever with my
> Vista x64.
>
> HiJackThis should only be run if you suspect you have been 'hijacked' by
> malware. I see no reason to run it on a regular basis unless you suspect
> there is something wrong that has been caused by malware.
>
> --
> Jane, not plain ;) 64 bit enabled :-)
> Batteries not included. Braincell on vacation ;-)
> "D3DAiM" <D3DAiM@discussions.microsoft.com> wrote in message
> news:11912B0C-7B1C-43C8-83DE-45C48D061B68@microsoft.com...
>> Hello, I am running Vista Ultimate x64.
>>
>> I seem to have quite a few missing files of what seem to be important
>> windows executables. Corruption? I cannot seem to delete these from my
>> log,
>> they continue to reappear.
>>
>> Logfile of HijackThis v1.99.1
>> Scan saved at 5:16:51 PM, on 3/20/2007
>> Platform: Unknown Windows (WinNT 6.00.1904)
>> MSIE: Internet Explorer v7.00 (7.00.6000.16386)
>>
>> Running processes:
>> C:\Program Files (x86)\AIM6\aim6.exe
>> C:\Program Files\Samurize\Client.exe
>> C:\Users\Administrator\Desktop\LCD Smartie\LCDSmartie.exe
>> C:\Program Files\Xfire\xfire.exe
>> C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
>> C:\Program Files\Grisoft\AVG7\avgcc.exe
>> C:\Program Files (x86)\AIM6\aolsoftware.exe
>> C:\Program Files (x86)\Mozilla Firefox\firefox.exe
>> C:\Users\Administrator\Desktop\Assorted
>> Files\Cleaning\hijackthis\HijackThis.exe
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://google.com/
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
>> F2 - REG:system.ini: UserInit=userinit.exe
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
>> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
>> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files
>> (x86)\Java\jre1.6.0\bin\jusched.exe"
>> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
>> O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d
>> locale=en-US ee://aol/imApp
>> O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
>> O4 - Startup: LCD Smartie.lnk = C:\Users\Administrator\Desktop\LCD
>> Smartie\LCDSmartie.exe
>> O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
>> O8 - Extra context menu item: E&xport to Microsoft Excel -
>> res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
>> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
>> C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
>> O9 - Extra 'Tools' menuitem: Sun Java Console -
>> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files
>> (x86)\Java\jre1.6.0\bin\npjpi160.dll
>> O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
>> O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
>> O10 - Broken Internet access because of LSP provider 'c:\program files
>> (x86)\bonjour\mdnsnsp.dll' missing
>> O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
>> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
>> O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner -
>> C:\Windows\System32\alg.exe (file missing)
>> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
>> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
>> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>> O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT,
>> s.r.o. -
>> C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
>> O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program
>> Files\Diskeeper Corporation\Diskeeper\DkService.exe
>> O23 - Service: FAH@C:+Program Files+FAH+FAH504-Console.exe - Stanford
>> University - C:\Program Files\FAH\FAH504-Console.exe
>> O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
>> C:\Windows\system32\lsass.exe (file missing)
>> O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
>> C:\Windows\System32\msdtc.exe (file missing)
>> O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -
>> Unknown
>> owner - C:\Windows\system32\lsass.exe (file missing)
>> O23 - Service: @%systemroot%\system32\psbase.dll,-300
>> (ProtectedStorage) -
>> Unknown owner - C:\Windows\system32\lsass.exe (file missing)
>> O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown
>> owner -
>> %windir%\system32\svchost.exe (file missing)
>> O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -
>> Unknown
>> owner - C:\Windows\system32\locator.exe (file missing)
>> O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown
>> owner
>> - C:\Windows\system32\lsass.exe (file missing)
>> O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown
>> owner
>> - C:\Windows\system32\SLsvc.exe (file missing)
>> O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -
>> Unknown
>> owner - C:\Windows\System32\snmptrap.exe (file missing)
>> O23 - Service: Print Spooler (Spooler) - Unknown owner -
>> C:\Windows\System32\spoolsv.exe (file missing)
>> O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
>> Software - C:\Program Files\Alcohol Soft\Alcohol
>> 120\StarWind\StarWindService.exe
>> O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
>> Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
>> O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown
>> owner -
>> C:\Windows\System32\vds.exe (file missing)
>> O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown
>> owner -
>> C:\Windows\system32\vssvc.exe (file missing)
>> O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -
>> Unknown
>> owner - C:\Windows\system32\wbengine.exe (file missing)
>> O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -
>> Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
>> O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
>> (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
>> Player\wmpnetwk.exe (file missing)
>>
>> What can I do? I've tied memory fixes, defragments, error checks, system
>> file checker, spyware and virus scans. The whole bit.
>>
>> Thanks!

>
 

My Computer

R

Rick Rogers

#5
Hi,

You're spinning your wheels for no reason. HJT reads and enumerates the
startup locations in the OS, then confirms that the executable exists. In
Vista (which to my knowledge HJT is not compatible with), the entries are
read, but it cannot confirm it as the normal user accounts do not have that
level of access to the system folder.

Are you actually experiencing an issue? Or just puzzled by the results?

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org

"D3DAiM" <D3DAiM@discussions.microsoft.com> wrote in message
news:11912B0C-7B1C-43C8-83DE-45C48D061B68@microsoft.com...
> Hello, I am running Vista Ultimate x64.
>
> I seem to have quite a few missing files of what seem to be important
> windows executables. Corruption? I cannot seem to delete these from my
> log,
> they continue to reappear.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:16:51 PM, on 3/20/2007
> Platform: Unknown Windows (WinNT 6.00.1904)
> MSIE: Internet Explorer v7.00 (7.00.6000.16386)
>
> Running processes:
> C:\Program Files (x86)\AIM6\aim6.exe
> C:\Program Files\Samurize\Client.exe
> C:\Users\Administrator\Desktop\LCD Smartie\LCDSmartie.exe
> C:\Program Files\Xfire\xfire.exe
> C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
> C:\Program Files\Grisoft\AVG7\avgcc.exe
> C:\Program Files (x86)\AIM6\aolsoftware.exe
> C:\Program Files (x86)\Mozilla Firefox\firefox.exe
> C:\Users\Administrator\Desktop\Assorted
> Files\Cleaning\hijackthis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://google.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> F2 - REG:system.ini: UserInit=userinit.exe
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files
> (x86)\Java\jre1.6.0\bin\jusched.exe"
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
> O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d
> locale=en-US ee://aol/imApp
> O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
> O4 - Startup: LCD Smartie.lnk = C:\Users\Administrator\Desktop\LCD
> Smartie\LCDSmartie.exe
> O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files
> (x86)\Java\jre1.6.0\bin\npjpi160.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
> O10 - Broken Internet access because of LSP provider 'c:\program files
> (x86)\bonjour\mdnsnsp.dll' missing
> O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
> O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner -
> C:\Windows\System32\alg.exe (file missing)
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT,
> s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
> O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program
> Files\Diskeeper Corporation\Diskeeper\DkService.exe
> O23 - Service: FAH@C:+Program Files+FAH+FAH504-Console.exe - Stanford
> University - C:\Program Files\FAH\FAH504-Console.exe
> O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
> C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
> C:\Windows\System32\msdtc.exe (file missing)
> O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -
> Unknown
> owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -
> Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown
> owner -
> %windir%\system32\svchost.exe (file missing)
> O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -
> Unknown
> owner - C:\Windows\system32\locator.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown
> owner
> - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown
> owner
> - C:\Windows\system32\SLsvc.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown
> owner - C:\Windows\System32\snmptrap.exe (file missing)
> O23 - Service: Print Spooler (Spooler) - Unknown owner -
> C:\Windows\System32\spoolsv.exe (file missing)
> O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
> Software - C:\Program Files\Alcohol Soft\Alcohol
> 120\StarWind\StarWindService.exe
> O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
> Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -
> C:\Windows\System32\vds.exe (file missing)
> O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown
> owner -
> C:\Windows\system32\vssvc.exe (file missing)
> O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -
> Unknown
> owner - C:\Windows\system32\wbengine.exe (file missing)
> O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -
> Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
> O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
> (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
> Player\wmpnetwk.exe (file missing)
>
> What can I do? I've tied memory fixes, defragments, error checks, system
> file checker, spyware and virus scans. The whole bit.
>
> Thanks!
 

My Computer

J

Jane C

#6
Hi Rick,

I think I had a momentary brainfade situation - yes, it could well be the
permissions. Even using 'Run as Administrator', HJT still listed those
files as missing though.

--
Jane, not plain ;) 64 bit enabled :-)
Batteries not included. Braincell on vacation ;-)
MVP Windows Shell/User

"Rick Rogers" <rick@mvps.org> wrote in message
news:OBuxRqIdHHA.2088@TK2MSFTNGP05.phx.gbl...
> Hi Jane,
>
> Lack of permissions on the system folder is the most likely explanation.
> As the user account would be denied access to the system folder, the HJT
> tool cannot confirm that the file mentioned by the run entries exists, so
> therefore lists it as missing.
>
> --
> Best of Luck,
>
> Rick Rogers, aka "Nutcase" - Microsoft MVP
> http://mvp.support.microsoft.com/
> Windows help - www.rickrogers.org
>
 

My Computer

R

Rick Rogers

#7
Yep, confirmed that as well. It may be due to the fact that the system32
folder is 'owned' by the TrustedInstaller, not the administrator.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org

"Jane C" <jellybean@NOSPAMxjgarage.org> wrote in message
news:e4G4LpOdHHA.2268@TK2MSFTNGP02.phx.gbl...
> Hi Rick,
>
> I think I had a momentary brainfade situation - yes, it could well be the
> permissions. Even using 'Run as Administrator', HJT still listed those
> files as missing though.
>
> --
> Jane, not plain ;) 64 bit enabled :-)
> Batteries not included. Braincell on vacation ;-)
> MVP Windows Shell/User
>
> "Rick Rogers" <rick@mvps.org> wrote in message
> news:OBuxRqIdHHA.2088@TK2MSFTNGP05.phx.gbl...
>> Hi Jane,
>>
>> Lack of permissions on the system folder is the most likely explanation.
>> As the user account would be denied access to the system folder, the HJT
>> tool cannot confirm that the file mentioned by the run entries exists, so
>> therefore lists it as missing.
>>
>> --
>> Best of Luck,
>>
>> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> http://mvp.support.microsoft.com/
>> Windows help - www.rickrogers.org
>>

>
 

My Computer