Ran RKILL and results are not consistent

#1 Nickp71


Posted 14 July 2017 - 08:36 AM

U have a Surface Pro 4 running windows 10 pro and I am uncertain what all the missing services and incorrect image path lines mean- could someone offer me some advice?





Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:

Program started at: 07/14/2017 09:21:54 PM in x64 mode.
Windows Version: Windows 10 Pro Insider Preview

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Plug and Play (PlugPlay) is not Running.
   Startup Type set to: Disabled

 * Plug and Play (RpcSs) is not Running.
   Startup Type set to: Disabled

 * agp440 [Missing Service]
 * Browser [Missing Service]
 * DcpSvc [Missing Service]
 * Fax [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * mrxsmb10 [Missing Service]
 * NetTcpPortSharing [Missing Service]
 * nv_agp [Missing Service]
 * srv [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * workfolderssvc [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * wudfsvc [Missing Service]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * AppIDSvc => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * Appinfo => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * AppReadiness => %SystemRoot%\System32\svchost.exe -k AppReadiness -p [Incorrect ImagePath]
 * AppXSvc => %systemroot%\system32\svchost.exe -k wsappx -p [Incorrect ImagePath]
 * AudioEndpointBuilder => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * Audiosrv => %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * BDESVC => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * BFE => %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * BITS => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * BrokerInfrastructure => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * bthserv => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * CDPSvc => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * CertPropSvc => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * ClipSVC => %SystemRoot%\System32\svchost.exe -k wsappx -p [Incorrect ImagePath]
 * CoreMessagingRegistrar => %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * CryptSvc => %SystemRoot%\system32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * DcomLaunch => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * DeviceAssociationService => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * DeviceInstall => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * DevQueryBroker => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * Dhcp => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * DiagTrack => %SystemRoot%\System32\svchost.exe -k utcsvc -p [Incorrect ImagePath]
 * DmEnrollmentSvc => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * dmwappushservice => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * Dnscache => %SystemRoot%\system32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * DoSvc => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * dot3svc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * DPS => %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * DsmSvc => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * DsSvc => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * Eaphost => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * embeddedmode => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * EntAppSvc => %systemroot%\system32\svchost.exe -k appmodel -p [Incorrect ImagePath]
 * EventLog => %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * EventSystem => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * fdPHost => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * FDResPub => %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * fhsvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
 * hidserv => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * HomeGroupListener => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * HomeGroupProvider => %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * icssvc => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * IKEEXT => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * iphlpsvc => %SystemRoot%\System32\svchost.exe -k NetSvcs -p [Incorrect ImagePath]
 * KtmRm => %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p [Incorrect ImagePath]
 * LanmanServer => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * LanmanWorkstation => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * lfsvc => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * LicenseManager => %SystemRoot%\System32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * lltdsvc => %SystemRoot%\System32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * lmhosts => %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * LSM => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * MapsBroker => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * MpsSvc => %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * MSiSCSI => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * NcaSvc => %SystemRoot%\System32\svchost.exe -k NetSvcs -p [Incorrect ImagePath]
 * NcbService => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * NcdAutoSetup => %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * Netman => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * netprofm => %SystemRoot%\System32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * NetSetupSvc => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * NgcCtnrSvc => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * NlaSvc => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * nsi => %systemroot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * OneSyncSvc => %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup -p [Incorrect ImagePath]
 * PcaSvc => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * PimIndexMaintenanceSvc => %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup -p [Incorrect ImagePath]
 * pla => %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * PlugPlay => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * PolicyAgent => %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p [Incorrect ImagePath]
 * Power => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * ProfSvc => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * QWAVE => %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * RasAuto => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * RasMan => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * RemoteAccess => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * RemoteRegistry => %SystemRoot%\system32\svchost.exe -k localService -p [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * RpcEptMapper => %SystemRoot%\system32\svchost.exe -k RPCSS -p [Incorrect ImagePath]
 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss -p [Incorrect ImagePath]
 * SCardSvr => %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * ScDeviceEnum => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * Schedule => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * SCPolicySvc => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * seclogon => %windir%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * SENS => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * SensorService => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * SensrSvc => %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * SessionEnv => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * SharedAccess => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * ShellHWDetection => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * SmsRouter => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * SSDPSRV => %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * SstpSvc => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * StateRepository => %SystemRoot%\system32\svchost.exe -k appmodel -p [Incorrect ImagePath]
 * StorSvc => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * svsvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * SysMain => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch -p [Incorrect ImagePath]
 * TabletInputService => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * TapiSrv => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * TermService => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * Themes => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * tiledatamodelsvc => %systemroot%\system32\svchost.exe -k appmodel -p [Incorrect ImagePath]
 * TrkWks => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * UmRdpService => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * UnistoreSvc => %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup -p [Incorrect ImagePath]
 * upnphost => %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * UserDataSvc => %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup -p [Incorrect ImagePath]
 * UserManager => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * UsoSvc => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * vmicguestinterface => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * vmicheartbeat => %systemroot%\system32\svchost.exe -k ICService -p [Incorrect ImagePath]
 * vmickvpexchange => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * vmicrdv => %systemroot%\system32\svchost.exe -k ICService -p [Incorrect ImagePath]
 * vmicshutdown => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * vmictimesync => %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * vmicvmsession => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * vmicvss => %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * WalletService => %SystemRoot%\System32\svchost.exe -k appmodel -p [Incorrect ImagePath]
 * Wcmsvc => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * wcncsvc => %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation -p [Incorrect ImagePath]
 * WdiServiceHost => %SystemRoot%\System32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * WdiSystemHost => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * WebClient => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * Wecsvc => %SystemRoot%\system32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * wercplsupport => %SystemRoot%\System32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * WiaRpc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * WinHttpAutoProxySvc => %SystemRoot%\system32\svchost.exe -k LocalService -p [Incorrect ImagePath]
 * Winmgmt => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * WinRM => %SystemRoot%\System32\svchost.exe -k NetworkService -p [Incorrect ImagePath]
 * WlanSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * wlidsvc => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * WPDBusEnum => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * wscsvc => %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p [Incorrect ImagePath]
 * wuauserv => %systemroot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * WwanSvc => %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p [Incorrect ImagePath]
 * XblAuthManager => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * XblGameSave => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * XboxNetApiSvc => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * AppMgmt => %SystemRoot%\system32\svchost.exe -k netsvcs -p [Incorrect ImagePath]
 * CscService => %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/14/2017 09:22:44 PM
Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)

#2 quietman7


Posted 14 July 2017 - 03:40 PM

[Missing Service], [Incorrect ImagePath] and [Incorrect ServiceDLL] notations in the Checking Windows Service Integrity section when RKill is run on Windows 10 is a known glitch and has been previously reported.

You can report or read about that issue in the last few pages of this topic...RKill - What it does and What it Doesn't - A brief introduction to the program.

If you have any further questions, comments or issues to report, you should post them in the above topic.
