Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Service Integrity Issues


  • Please log in to reply
6 replies to this topic

#1 Chillum

Chillum

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 06 July 2016 - 04:46 AM

Hi I'm not really sure of where to post this to get a reply but I ran sfc /scannow and it didn't find any violations but when I ran Rkill it has flagged up some possible issues.Would someone please be able to make sense of this Rkill log and if I need to fix anything how I can do it..thanks and my apologies for reposting this and if this has been posted in the incorrect sub-forum.

 

Win 10 x64

 

Attached File  Rkill.txt   3.39KB   5 downloads


Edited by Chillum, 06 July 2016 - 04:47 AM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:18 PM

Posted 06 July 2016 - 09:12 AM

What is wrong with your system?  Why are you running RKill?

As RKill is used for resolving infections, I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:12:18 PM

Posted 06 July 2016 - 04:34 PM

Hi I'm not really sure of where to post this to get a reply but I ran sfc /scannow and it didn't find any violations but when I ran Rkill it has flagged up some possible issues.Would someone please be able to make sense of this Rkill log and if I need to fix anything how I can do it..thanks and my apologies for reposting this and if this has been posted in the incorrect sub-forum.

Win 10 x64


I think I know you are confused.
 

In the RKill log

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* fcvsc [Missing Service]
* HdAudAddService [Missing Service]
* HyperVideo [Missing Service]
* netvsc [Missing Service]
* wfpcapture [Missing Service]

* CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
* NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
* swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]

In Windows Service Integrity it checks to see if the services are not being hijacked by malware, etc

 

But sfc (System File Checker) basically checks to see if system files are corrupt. It is a completely different thing!

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#4 Chillum

Chillum
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 08 July 2016 - 04:57 PM

Ok thanks but are there any problem within the log that need to be fixed?

 

Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.


#5 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:12:18 PM

Posted 08 July 2016 - 05:00 PM

Were you trying to run RKill because you suspected malware? You should Am I Infected just to be sure.

 

Which Antivirus do you use? Does it come with a firewall?

Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#6 Chillum

Chillum
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 09 July 2016 - 02:56 PM

Hi thanks for your reply,no I didn't suspect any malware as I scan regularly with eset online scanner and malwarebytes it was more of a case of trying out the program without understanding first how it works.

My anti-virus and firewall is ZoneAlarm.Is there anything apart from my windows firewall and anti-virus being disabled that you think needs looking into regarding that log?.  



#7 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:12:18 PM

Posted 09 July 2016 - 03:00 PM

I don't think there is anything else to worry about.

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users