Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

winscomrssrv.dll and StartupCheckLibrary.dll [Solved]

Started by spiramirabilis , May 25 2022 09:31 AM

This topic is locked

#16
DR M

Posted 26 May 2022 - 08:36 AM

The Grecian Geek

Malware Removal
4,109 posts

The only thing that surprised me for getting detected is the last one, which is related to Windows Defender. Probably a false positive, but let's leave it there, since it was located in the Windows.old folder which is related with a previous Windows version.

Now...

Let's check your services:

Please download Farbar Service Scanner and save it on your Desktop. IMPORTANT.
Right click on the tool icon and run it as administrator.
Make sure all the options are checked.
Click on the Scan button.
It will create a log (FSS.txt) on your Desktop.
Copy and paste the log's content to your next reply.

#17
spiramirabilis

Posted 26 May 2022 - 10:31 AM

Member

Topic Starter
Member
22 posts

Farbar Service Scanner Version: 03-11-2021

Ran by Marie (administrator) on 26-05-2022 at 17:31:05

Running from "C:\Users\Marie\Desktop"

Microsoft Windows 10 Home (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Windows Security:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\Drivers\afd.sys => File is digitally signed

C:\Windows\System32\Drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\SecurityHealthService.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#18
DR M

Posted 26 May 2022 - 10:39 AM

The Grecian Geek

Malware Removal
4,109 posts

Everything seems fine.

Let me now check fresh FRST logs, please: Addition and FRST.

#19
spiramirabilis

Posted 26 May 2022 - 11:09 AM

Member

Topic Starter
Member
22 posts

Okay, no problem

Attached Files

FRST.txt 54.79KB 112 downloads
Addition.txt 37.14KB 113 downloads

#20
DR M

Posted 26 May 2022 - 11:41 AM

The Grecian Geek

Malware Removal
4,109 posts

Thanks.

I still see AVG Secure Search in Chrome Profile 1. Can you please delete it?

After that:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://capitadiscovery.co.uk/gsa","hxxp://www.google.co.uk/","hxxps://www.google.com/","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com/"
2022-05-26 11:41 - 2021-04-24 17:40 - 000000000 ____D C:\Users\Marie\Downloads\Clip_Studio_Paint_EX_1.8.2.fix
EmptyTemp:
End::

Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Please post the log in your next reply.

#21
spiramirabilis

Posted 26 May 2022 - 11:48 AM

Member

Topic Starter
Member
22 posts

AVG Secure Search doesn't appear on the Chrome "Extensions" page (under "More tools"), so I can't remove it from there. I haven't tried running the script you provided yet. What should I do?

#22
DR M

Posted 26 May 2022 - 11:50 AM

The Grecian Geek

Malware Removal
4,109 posts

See here how to switch to Profile 1.

Share Chrome with others - Computer - Google Chrome Help (Switch profiles)

#23
spiramirabilis

Posted 26 May 2022 - 11:55 AM

Member

Topic Starter
Member
22 posts

I tried that, but couldn't see AVG on the other profile.

#24
DR M

Posted 26 May 2022 - 12:06 PM

The Grecian Geek

Malware Removal
4,109 posts

Question: Do you need Profile 1? If not, you can remove it. Instructions in the link I gave you before. Let me know, so we can try something else in case you want that profile.

#25
spiramirabilis

Posted 26 May 2022 - 12:11 PM

Member

Topic Starter
Member
22 posts

No, I don't need it anymore, I've deleted it now. What should I do now?

#26
DR M

Posted 26 May 2022 - 12:13 PM

The Grecian Geek

Malware Removal
4,109 posts

After you remove that profile, go for Step 2 here.

Then, give me a fresh FRST log. I don't need Addition this time.

#27
spiramirabilis

Posted 26 May 2022 - 12:22 PM

Member

Topic Starter
Member
22 posts

No problem.

Attached Files

Fixlog.txt 1.84KB 115 downloads

#28
DR M

Posted 26 May 2022 - 12:23 PM

The Grecian Geek

Malware Removal
4,109 posts

Good. Let's see the FRST log now.

#29
spiramirabilis

Posted 26 May 2022 - 12:26 PM

Member

Topic Starter
Member
22 posts

Ah, sorry, I misread what you were asking for. Here's the FRST log:

Attached Files

FRST.txt 54.79KB 116 downloads

#30
DR M

Posted 26 May 2022 - 12:34 PM

The Grecian Geek

Malware Removal
4,109 posts

This entry insists to be there:

CHR StartupUrls: Default -> "hxxp://capitadiscovery.co.uk/gsa","hxxp://www.google.co.uk/","hxxps://www.google.com/","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com/"

Let's go for a clean Chrome's install. You may write down your extensions, so you can add them at the end.

To proceed (note that due to Chrome's updates, instructions may differ a bit from what you actually seeing in your Chrome):

1. Backup your Bookmarks

If your Chrome Bookmarks are important do this first:
Go to this link: http://www.wikihow.c...rks-from-Chrome follow the instructions and Export your Bookmarks from Chrome and save them to your Desktop. Note the instructions can also be used to Import the bookmarks.

2. Get ready - Download Chrome installer

Download Chrome installer and save to install later: https://www.google.c...ktop/index.html https://www.google.c...ktop/index.html

3. Reset Sync

Open Chrome and sign into your account.
Open a new tab and type or copy paste chrome://settings/syncSetup
Press Enter.
Select Sync and Google services.
Select Review your synced data.
Scroll down the Data from Chrome sync page and select Reset Sync that will clear synced data from Google Server. OK.

4. Completely uninstall Chrome

Uninstall Chrome: https://support.goog.../95319?hl=en-GB
Follow those instructions and ensure the option "Also delete your browsing data" is selected. <<--- Very important!!
Navigate to C:\Users\Your user name\Appdata\Local
From that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/