Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Little Suspicious About My Computer.


  • Please log in to reply
5 replies to this topic

#1 IllusionaryInnocence

IllusionaryInnocence

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 05 January 2014 - 05:01 PM

Okay, when I updated to Rkill 2.6.3.0, I got an interesting log message. Now I typically run Rkill on occassion just out of suspicion cause of my paranoia that my computer is infected. It spoke of missing services and the WSService and SystemEventsBroker having incorrect Image Paths along with a lot of services missing. However I am running Windows 8 (not 8.1) 32 bit in Legacy Boot Mode, and those services are listed in the services section but they aren't running. I use Kaspersky Internet Security 2013 (not updating to 2014 due to all the issues I hear about it and am waiting for a stable version before I upgrade to it), and have run rootkit scans and full scans multiple times along with rkill and TDSSKiller and have found no problems, as well as a Malware Bytes Anti-Malware full scan as well. In addition I have my Full Scan and Critical Areas scans set to Deep Scan in the Kaspersky settings and run a Critical Areas scan every day at 6PM.

Here is the log from Rkill.

Rkill 2.6.4 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/05/2014 06:12:29 PM in x86 mode.
Windows Version: Windows 8 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * AppReadiness [Missing Service]
 * AppXSvc [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * lfsvc [Missing Service]
 * MsKeyboardFilter [Missing Service]
 * NcbService [Missing Service]
 * ScDeviceEnum [Missing Service]
 * smphost [Missing Service]
 * vmicguestinterface [Missing Service]
 * WdNisSvc [Missing Service]
 * WEPHOSTSVC [Missing Service]
 * workfolderssvc [Missing Service]
 * ADP80XX [Missing Service]
 * ahcache [Missing Service]
 * b06bdrv [Missing Service]
 * bcmfn2 [Missing Service]
 * E1G60 [Missing Service]
 * ebdrv [Missing Service]
 * iaLPSSi_GPIO [Missing Service]
 * iaLPSSi_I2C [Missing Service]
 * iaStorAV [Missing Service]
 * intelpep [Missing Service]
 * kbldfltr [Missing Service]
 * ksthunk [Missing Service]
 * LSI_SAS3 [Missing Service]
 * NdisVirtualBus [Missing Service]
 * netvsc [Missing Service]
 * SerCx2 [Missing Service]
 * stornvme [Missing Service]
 * storvsp [Missing Service]
 * UEFI [Missing Service]
 * Vid [Missing Service]
 * vm3dmp [Missing Service]
 * vmbusr [Missing Service]
 * vmhgfs [Missing Service]
 * vpci [Missing Service]
 * vpcivsp [Missing Service]
 * WdNisDrv [Missing Service]
 
 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 * WSService => %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/05/2014 06:13:48 PM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)

 

 

Is there anything wrong with my computer or is it a issue with rkill itself?


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:02 AM

Posted 05 January 2014 - 07:18 PM

This issue has already been reported - see here. Grinler, the developer, is investigating.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 IllusionaryInnocence

IllusionaryInnocence
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 05 January 2014 - 07:25 PM

Fair enough. Guess I'm a little impatient. ^^; I just get butterflies in my stomach when I think my computer is acting wierdly. o3o Is it possible to request that the thread be locked? Or deleted?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:02 AM

Posted 05 January 2014 - 07:28 PM

We do not close topics in this forum unless a member has been asked to post a log in the Malware Removal Logs forum. Please be patient...we are just coming out of a busy time of year but Grinler will get to your issue as soon as he can.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 IllusionaryInnocence

IllusionaryInnocence
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 05 January 2014 - 07:40 PM

Thank you. ^^;;



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:02 AM

Posted 05 January 2014 - 08:03 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users