Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Incorrect image path question


  • Please log in to reply
11 replies to this topic

#1 herbman

herbman

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 04 April 2013 - 09:18 PM

Hi folks,  i ran RKill and i keep getting the below info. Anybody know how i would fix this Image path problem. Thank you very much.

 

 

 

 

Checking Windows Service Integrity: 
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost

Edited by hamluis, 05 April 2013 - 10:02 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:23 PM

Posted 05 April 2013 - 10:02 AM

First...what led you to run Rkill?  I don't believe using this tool is common, everyday practice for any user...since it is designed to assist in attempting to neutralize malware.

 

http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/

 

Louis



#3 herbman

herbman
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 April 2013 - 04:15 PM

No particular reason hamluis,  i had malware a long time ago and that program was the only one that found and corrected my issue.  I don't feel i have issues with malware now but l have  followed a routine that has worked great for me in keeping me malware free and i don't feel like changing.

 

Running R.Kill is a part of that routine ,  i know you may disapprove but it's worked great and i'm superstitious.  Now i am asking for help in taking care of the above image path issue ,  can you assist .

 

 

 

I can only imagine the beating i would take if i ran combofix lol.



#4 WhiskeyTango73

WhiskeyTango73

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 PM

Posted 07 April 2013 - 03:41 PM

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Same question here

Edited by WhiskeyTango73, 07 April 2013 - 03:42 PM.


#5 herbman

herbman
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 08 April 2013 - 01:03 AM

I have waited very patiently with this but i don't seem to be getting any assistance.  Can someone help me with the question i asked 5 days ago or not ?  I'll ask again, how do i correct the incorrect image path problem.

 

Thank you very much.



#6 Kujo24

Kujo24

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 April 2013 - 06:07 PM

Checking Windows Service Integrity: 
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

 

I also am getting this message from Rkill. As of 30 minutes of searching, there doesn't seem to be any helpful information of this error anywhere online. I ran Rkill because my internet had been very inconsistent for the past few days, and my svchost was taking up more memory than usual so I was suspicious. If anyone has ANY info on this Rkill error message I would love to know. Thanks.

 

 



#7 dalr21

dalr21

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:02:23 AM

Posted 09 April 2013 - 01:43 PM

http://blog.tune-up.com/myth-buster/the-case-of-the-mysterious-presentation-font-cache-cpu-hog/

#8 herbman

herbman
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 09 April 2013 - 11:51 PM

OK, i went though all the suggestions in the above link , even disabling what the link said to disable in option # 2 after option # 1 failed , but i still have the same problem.


Edited by herbman, 09 April 2013 - 11:51 PM.


#9 herbman

herbman
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 14 April 2013 - 08:07 PM

It's been 5 days and no response so i ran R.KILL again and got this

 

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/14/2013 08:59:37 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * Your %Temp% folder is set to C:\Windows\TEMP, which can be dangerous. Skipping termination for this folder.
 * No malware processes found to kill.
 
Possibly Patched Files.
 
 * C:\Windows\system32\csrss.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/14/2013 09:00:30 PM
Execution time: 0 hours(s), 2 minute(s), and 17 seconds(s)

Edited by herbman, 14 April 2013 - 08:08 PM.


#10 herbman

herbman
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 15 April 2013 - 07:27 PM

The rules section said after three days post, it's been 6 days,  i think i have been extremely patient. Can someone help with the above R.Kill results or not?  I don't want to be taking up space if i can't be helped .



#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:23 PM

Posted 29 April 2013 - 01:17 PM

Hello,

 

With all the replies to this topic, it appeared as though you were getting assistance.  If you still need help with this, please post a link to this topic in the topic here: http://www.bleepingcomputer.com/forums/t/400074/please-post-in-this-topic-if-you-have-not-received-help-after-three-days/

 

Orange Blossom :cherry:


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:23 PM

Posted 30 April 2013 - 07:24 PM

Hello to all..... this appears to be a possible MBR infection and should be removed carefully.
Each should start a new topic ...

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users