Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winscomrssrv.dll and StartupCheckLibrary.dll [Solved]


  • This topic is locked This topic is locked

#16
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

The only thing that surprised me for getting detected is the last one, which is related to Windows Defender. Probably a false positive, but let's leave it there, since it was located in the Windows.old folder which is related with a previous Windows version.
 
Now...
 
Let's check your services:

  • Please download Farbar Service Scanner and save it on your Desktop. IMPORTANT.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

  • 0

Advertisements


#17
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Farbar Service Scanner Version: 03-11-2021
Ran by Marie (administrator) on 26-05-2022 at 17:31:05
Running from "C:\Users\Marie\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Windows Security:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#18
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Everything seems fine.

 

Let me now check fresh FRST logs, please: Addition and FRST. 


  • 0

#19
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Okay, no problem

Attached Files


  • 0

#20
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thanks.
 
I still see AVG Secure Search in Chrome Profile 1. Can you please delete it?
 
 

After that:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://capitadiscovery.co.uk/gsa","hxxp://www.google.co.uk/","hxxps://www.google.com/","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com/"
2022-05-26 11:41 - 2021-04-24 17:40 - 000000000 ____D C:\Users\Marie\Downloads\Clip_Studio_Paint_EX_1.8.2.fix
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#21
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

AVG Secure Search doesn't appear on the Chrome "Extensions" page (under "More tools"), so I can't remove it from there. I haven't tried running the script you provided yet. What should I do?


  • 0

#22
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

See here how to switch to Profile 1.

 

Share Chrome with others - Computer - Google Chrome Help (Switch profiles)


  • 0

#23
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I tried that, but couldn't see AVG on the other profile.


  • 0

#24
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Question: Do you need Profile 1? If not, you can remove it. Instructions in the link I gave you before. Let me know, so we can try something else in case you want that profile. 


  • 0

#25
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

No, I don't need it anymore, I've deleted it now. What should I do now?


  • 0

Advertisements


#26
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

After you remove that profile, go for Step 2 here.

 

Then, give me a fresh FRST log. I don't need Addition this time. 


  • 0

#27
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

No problem.

Attached Files


  • 0

#28
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Good. Let's see the FRST log now. 


  • 0

#29
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Ah, sorry, I misread what you were asking for. Here's the FRST log:

Attached Files

  • Attached File  FRST.txt   54.79KB   58 downloads

  • 0

#30
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

This entry insists to be there:
 
CHR StartupUrls: Default -> "hxxp://capitadiscovery.co.uk/gsa","hxxp://www.google.co.uk/","hxxps://www.google.com/","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com/"
 
Let's go for a clean Chrome's install. You may write down your extensions, so you can add them at the end.

 

To proceed (note that due to Chrome's updates, instructions may differ a bit from what you actually seeing in your Chrome):

1. Backup your Bookmarks

If your Chrome Bookmarks are important do this first:
Go to this link: http://www.wikihow.c...rks-from-Chrome follow the instructions and Export your Bookmarks from Chrome and save them to your Desktop. Note the instructions can also be used to Import the bookmarks.

2. Get ready - Download Chrome installer

Download Chrome installer and save to install later: https://www.google.c...ktop/index.html https://www.google.c...ktop/index.html

3. Reset Sync

  • Open Chrome and sign into your account.
  • Open a new tab and type or copy paste chrome://settings/syncSetup
  • Press Enter.
  • Select Sync and Google services.
  • Select Review your synced data.
  • Scroll down the Data from Chrome sync page and select Reset Sync that will clear synced data from Google Server. OK.

4. Completely uninstall Chrome

5. Install Google Chrome

  • Install Google Chrome using the installer you have already downloaded.
  • Import your Bookmarks.
  • Add the extensions you need/use (not AVG Secure Search)

 

After the above, let me check a fresh FRST log. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP