Solved Malware suspicion

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
136
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by Emmanuel (09-08-2020 17:54:56) Run:3
Running from C:\Users\Emmanuel\Desktop
Loaded Profiles: Emmanuel
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
virustotal: C:\Windows\System32\AgentActivationRuntimeStarter.exe

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
VirusTotal: C:\Windows\System32\AgentActivationRuntimeStarter.exe => https://www.virustotal.com/gui/file...e9f8b7a7fa64b81608736fc764ff210547-1596881031


The system needed a reboot.

==== End of Fixlog 17:55:31 ====
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
136
Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by Emmanuel (09-08-2020 18:04:10)
Running from C:\Users\Emmanuel\Desktop
Boot Mode: Normal

================== Search Files: "winscomrssrv.dll" =============


====== End of Search ======
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
589
Hi, Quacu.

I'm back.

Let's check if we can track winscomrssrv.dll with Autoruns. It is a small free utility that does not require installation.

Run Autoruns
  • Click HERE to download Autoruns.
  • Save it on your Desktop.
  • Right click Autoruns.exe and run it as administrator.
  • Click on Options and make sure Hide Microsoft and Windows Entries are checked.
  • Press F5 to refresh the startup list.
  • Click File and then Save .
  • Select Text File (.txt) under File Type and save the file to your Desktop.
  • Open the file, copy and paste the contents in your reply.
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
136
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "07/12/2019 10:15" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup" "" "" "" "12/08/2020 07:29" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup" "" "" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" "" "" ""
"HKCU\Environment\UserInitMprLogonScript" "" "" "" "25/06/2020 12:31" ""
"HKLM\Environment\UserInitMprLogonScript" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" "" "12/08/2020 07:29" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet" "" "" "" "12/08/2020 07:29" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" "" "" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon" "" "" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon" "" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff" "" "" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff" "" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" "" "" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" "" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" "" "22/07/2020 21:10" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" "" "12/08/2020 07:18" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" "" "24/06/2020 20:14" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" "" "12/08/2020 07:29" ""
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" "" "02/08/2020 21:47" ""
+ "cmd.exe" "Windows Command Processor" "(Verified) Microsoft Windows" "c:\windows\system32\cmd.exe" "08/06/1986 13:13" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" "" "12/08/2020 07:29" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells" "" "" "" "07/12/2019 10:15" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram" "" "" "" "07/12/2019 10:15" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/08/2020 07:23" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "(Verified) Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "11/04/2018 08:32" ""
+ "AdobeGCInvoker-1.0" "Adobe GC Invoker Utility" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\adobegcclient\agcinvokerutility.exe" "04/06/2020 15:38" ""
+ "RTHDVCPL" "Realtek HD Audio Manager" "(Verified) Realtek Semiconductor Corp." "c:\program files\realtek\audio\hda\rtkngui64.exe" "13/04/2017 09:19" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/07/2020 14:51" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/08/2020 04:22" ""
+ "Opera Browser Assistant" "Opera Browser Assistant" "(Verified) Opera Software AS" "c:\users\emmanuel\appdata\local\programs\opera\assistant\browser_assistant.exe" "10/08/2020 08:30" ""
"HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx" "" "" "" "12/08/2020 07:24" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx" "" "" "" "12/08/2020 07:22" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx" "" "" "" "07/08/2020 23:38" ""
"HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "25/07/2020 14:59" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "25/07/2020 14:59" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "12/08/2020 07:31" ""
"HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "" ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "07/12/2019 10:14" ""
"%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "" ""
"C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "30/06/2020 08:05" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" "" "13/07/2020 02:10" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run" "" "" "" "13/07/2020 02:10" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" "" "09/08/2020 17:55" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" "" "22/07/2020 21:10" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "04/07/2020 13:03" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "04/07/2020 13:03" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib" "" "" "" "12/08/2020 07:22" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx" "" "" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Filter" "" "" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "04/07/2020 13:03" ""
"HKCU\SOFTWARE\Classes\Protocols\Handler" "" "" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "12/08/2020 04:57" ""
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" "" "24/06/2020 20:45" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" "" "08/08/2020 22:06" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" "" "12/08/2020 08:22" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "07/12/2019 15:48" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "07/12/2019 15:48" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "12/08/2020 08:14" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" "" "07/12/2019 10:17" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" "" "07/12/2019 10:17" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" "" "07/08/2020 23:38" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "12/08/2020 04:20" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2020 14:51" ""
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2020 14:51" ""
"HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "07/12/2019 15:48" ""
"HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "07/12/2019 15:48" ""
"HKCU\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "24/06/2020 22:40" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "12/08/2020 04:20" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2020 14:51" ""
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2020 14:51" ""
"HKCU\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "24/06/2020 22:40" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "24/06/2020 22:40" ""
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "24/06/2020 22:40" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "12/08/2020 04:20" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "02/07/2020 01:44" ""
+ "ACE" "Radeon Software: Desktop Control Panel" "(Verified) Advanced Micro Devices, Inc." "c:\program files\amd\cnext\cnext\atiacm64.dll" "15/05/2020 20:35" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "02/07/2020 01:44" ""
"HKCU\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2020 14:51" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2020 14:51" ""
"HKCU\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "12/08/2020 08:14" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "27/06/2020 17:01" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "27/06/2020 17:06" ""
"HKCU\Software\Classes\Clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\Inprocserver32" "" "" "" "12/08/2020 08:13" ""
"HKCU\Software\Microsoft\Ctf\LangBarAddin" "" "" "" "24/06/2020 20:41" ""
"HKLM\Software\Microsoft\Ctf\LangBarAddin" "" "" "" "24/06/2020 20:13" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "29/07/2020 19:43" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "29/07/2020 19:43" ""
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" "" "24/06/2020 20:41" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "12/08/2020 07:20" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "12/08/2020 07:20" ""
"HKCU\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "25/07/2020 14:51" ""
"HKLM\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "12/08/2020 07:20" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "12/08/2020 07:20" ""
"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "25/07/2020 14:51" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "27/06/2020 17:01" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "27/06/2020 17:06" ""
"Task Scheduler" "" "" "" "" ""
+ "\AdobeGCInvoker-1.0" "Adobe GC Invoker Utility" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\adobegcclient\agcinvokerutility.exe" "04/06/2020 15:38" ""
+ "\Microsoft\Office\Office 15 Subscription Heartbeat" "" "" "File not found: C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe" "" ""
+ "\Microsoft\Windows\WDI\SrvHost" "" "" "File not found: winscomrssrv.dll" "" ""
+ "\Opera scheduled assistant Autoupdate 1593650517" "Opera Internet Browser" "(Verified) Opera Software AS" "c:\users\emmanuel\appdata\local\programs\opera\launcher.exe" "24/07/2020 06:09" ""
+ "\Opera scheduled Autoupdate 1593650468" "Opera Internet Browser" "(Verified) Opera Software AS" "c:\users\emmanuel\appdata\local\programs\opera\launcher.exe" "24/07/2020 06:09" ""
+ "\StartCN" "Radeon Software: Command Line Interface" "(Verified) Advanced Micro Devices, Inc." "c:\program files\amd\cnext\cnext\cncmd.exe" "15/05/2020 20:35" ""
+ "\StartDVR" "Radeon Settings: Command Line Interface" "(Verified) Advanced Micro Devices, Inc." "c:\program files\amd\cnext\cnext\rsservcmd.exe" "15/05/2020 20:21" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "12/08/2020 07:29" ""
+ "AGMService" "Adobe Genuine Monitor Service: Adobe Genuine Monitor Service" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\adobegcclient\agmservice.exe" "04/06/2020 15:39" ""
+ "AGSService" "Adobe Genuine Software Integrity Service: Adobe Genuine Software Integrity Service" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe" "04/06/2020 15:38" ""
+ "AMD External Events Utility" "AMD External Events Utility: AMD External Events Service Module" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\driverstore\filerepository\u0355311.inf_amd64_183b8d63847c90cf\b355199\atiesrxx.exe" "15/05/2020 20:04" ""
+ "RtkAudioService" "Realtek Audio Service: For cooperation with Realtek audio driver." "(Verified) Realtek Semiconductor Corp." "c:\program files\realtek\audio\hda\rtkaudioservice64.exe" "21/03/2017 10:11" ""
+ "SynTPEnhService" "SynTPEnh Caller Service: 64-bit Synaptics Pointing Enhance Service" "(Verified) Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenhservice.exe" "16/06/2018 04:39" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "12/08/2020 07:29" ""
+ "amdkmdag" "amdkmdag: ATI Radeon Kernel Mode Driver" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\driverstore\filerepository\u0355311.inf_amd64_183b8d63847c90cf\b355199\atikmdag.sys" "15/05/2020 20:25" ""
+ "amdkmdap" "amdkmdap: AMD multi-vendor Miniport Driver" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\driverstore\filerepository\u0355311.inf_amd64_183b8d63847c90cf\b355199\atikmpag.sys" "15/05/2020 20:07" ""
+ "amdkmpfd" "AMD PCI Root Bus Lower Filter: AMD PCI Root Bus Lower Filter" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\drivers\amdkmpfd.sys" "20/03/2019 14:28" ""
+ "amdlog" "AMD LOG Utility Driver: AMD LOG UTILITY DRIVER" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\drivers\amdlog.sys" "30/04/2020 18:24" ""
+ "amdpsp" "AMD PSP Service: amdpsp sys" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\drivers\amdpsp.sys" "19/06/2019 15:45" ""
+ "iaLPSSi_GPIO" "Intel(R) Serial IO GPIO Controller Driver: Intel(R) Serial IO GPIO Controller Driver" "(Verified) Intel Corporation - Client Components Group" "c:\windows\system32\drivers\ialpssi_gpio.sys" "02/02/2015 10:00" ""
+ "IntcAzAudAddService" "Service for Realtek HD Audio (WDM): Realtek(r) High Definition Audio Function Driver" "(Verified) Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "18/04/2017 13:08" ""
+ "RSP2STOR" "Realtek PCIE CardReader Driver - P2: Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8" "(Verified) Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsp2stor.sys" "14/04/2017 03:07" ""
+ "RTWlanE02" "Realtek Wireless LAN 802.11n PCI-E Network Adapter: Realtek PCIE NDIS Driver 78045 35786" "(Verified) Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtwlane02.sys" "26/05/2019 08:58" ""
+ "SynTP" "Synaptics TouchPad Driver: Synaptics Touchpad Win64 Driver" "(Verified) Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "16/06/2018 03:39" ""
+ "WirelessButtonDriver64" "HP Wireless Button Driver Service: HP Wireless Button Driver" "(Verified) HP Inc." "c:\windows\system32\drivers\wirelessbuttondriver64.sys" "05/06/2020 07:07" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "07/12/2019 10:17" ""
+ "Adobe Type Manager" "" "" "File not found: atmfd.dll" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "02/07/2020 22:36" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/08/2020 07:20" ""
"HKCU\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "02/07/2020 01:41" ""
"HKCU\Software\Classes\Filter" "" "" "" "12/08/2020 08:22" ""
"HKLM\Software\Classes\Filter" "" "" "" "11/08/2020 05:40" ""
"HKCU\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "" ""
"HKCU\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" "" ""
"HKCU\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "" ""
"HKCU\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" "" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "07/12/2019 15:48" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "07/12/2019 15:48" ""
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" "" ""
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "07/12/2019 15:48" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "07/12/2019 15:48" ""
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" "" "12/08/2020 07:22" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute" "" "" "" "12/08/2020 07:22" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\Execute" "" "" "" "12/08/2020 07:22" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand" "" "" "" "12/08/2020 07:22" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" "" "02/07/2020 04:00" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" "" "02/07/2020 04:00" ""
"HKLM\Software\Microsoft\Command Processor\Autorun" "" "" "" "07/12/2019 10:15" ""
"HKLM\Software\Wow6432Node\Microsoft\Command Processor\Autorun" "" "" "" "07/12/2019 10:15" ""
"HKCU\Software\Microsoft\Command Processor\Autorun" "" "" "" "12/08/2020 08:14" ""
"HKCU\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" "" "" ""
"HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" "" "07/12/2019 10:17" ""
"HKLM\Software\Classes\.exe" "" "" "" "07/12/2019 15:45" ""
"HKCU\Software\Classes\.exe" "" "" "" "12/08/2020 08:22" ""
"HKLM\Software\Classes\.cmd" "" "" "" "07/12/2019 10:17" ""
"HKCU\Software\Classes\.cmd" "" "" "" "12/08/2020 08:22" ""
"HKCU\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "24/06/2020 21:12" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" "" "12/08/2020 07:22" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" "" "07/12/2019 10:17" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls" "" "" "" "12/08/2020 07:22" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" "07/12/2019 10:15" ""
+ "_wow64cpu" "" "" "c:\windows\syswow64\wow64cpu.dll" "" ""
+ "_wowarmhw" "" "" "c:\windows\system32\wowarmhw.dll" "" ""
+ "_wowarmhw" "" "" "c:\windows\syswow64\wowarmhw.dll" "" ""
+ "_xtajit" "" "" "c:\windows\system32\xtajit.dll" "" ""
+ "_xtajit" "" "" "c:\windows\syswow64\xtajit.dll" "" ""
+ "wow64" "" "" "c:\windows\syswow64\wow64.dll" "" ""
+ "wow64win" "" "" "c:\windows\syswow64\wow64win.dll" "" ""
"HKLM\SYSTEM\Setup\CmdLine" "" "" "" "12/08/2020 07:23" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "07/12/2019 10:17" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" "" "07/12/2019 10:17" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" "" "" "" "07/12/2019 10:17" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" "" "12/08/2020 07:29" ""
"HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" "" "" "" "" ""
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" "" "12/08/2020 08:33" ""
"HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath" "" "" "" "12/08/2020 07:24" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions" "" "" "" "07/12/2019 10:17" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" "" "07/12/2019 10:18" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "07/12/2019 10:18" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" "" "07/12/2019 10:18" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "07/12/2019 10:18" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "07/12/2019 15:46" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers" "" "" "" "07/12/2019 10:15" ""
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" "" "07/12/2019 10:16" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" "" "12/08/2020 07:22" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" "" "12/08/2020 07:22" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" "" "12/08/2020 07:22" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages" "" "" "" "07/12/2019 10:15" ""
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "07/12/2019 10:16" ""
"WMI Database Entries" "" "" "" "" ""
"HKLM\Software\Microsoft\Office\Outlook\Addins" "" "" "" "" ""
"HKCU\Software\Microsoft\Office\Outlook\Addins" "" "" "" "02/07/2020 17:18" ""
+ "{5B7AB748-6D2E-4827-90A5-32B426DC61B7}" "" "" "" "02/07/2020 17:18" ""
+ "{EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}" "" "" "" "02/07/2020 17:18" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "27/06/2020 17:06" ""
"HKCU\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "" ""
"HKLM\Software\Microsoft\Office\Excel\Addins" "" "" "" "" ""
"HKCU\Software\Microsoft\Office\Excel\Addins" "" "" "" "02/07/2020 17:18" ""
+ "{509E7382-B849-49A4-8A3F-BEAB7E7D904C}" "" "" "" "02/07/2020 17:18" ""
+ "{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}" "" "" "" "02/07/2020 17:18" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Excel\Addins" "" "" "" "27/06/2020 17:06" ""
"HKCU\Software\Wow6432Node\Microsoft\Office\Excel\Addins" "" "" "" "" ""
"HKLM\Software\Microsoft\Office\PowerPoint\Addins" "" "" "" "" ""
"HKCU\Software\Microsoft\Office\PowerPoint\Addins" "" "" "" "02/07/2020 17:18" ""
X "{3A7CAEBB-C5C3-4EFF-ADDF-C32663BDF8DA}" "" "" "" "02/07/2020 17:18" ""
+ "{49DCCAF0-D245-4463-A290-4688A06D0486}" "" "" "" "03/07/2020 13:34" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\PowerPoint\Addins" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Office\PowerPoint\Addins" "" "" "" "" ""
"HKLM\Software\Microsoft\Office\Word\Addins" "" "" "" "" ""
"HKCU\Software\Microsoft\Office\Word\Addins" "" "" "" "02/07/2020 17:18" ""
+ "{5B24624D-9DD8-4B23-BFB2-A8A5E60CB019}" "" "" "" "02/07/2020 17:18" ""
X "{C580A1B2-5915-4DC3-BE93-8A51F4CAB320}" "" "" "" "02/07/2020 17:18" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Word\Addins" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Office\Word\Addins" "" "" "" "" ""
"HKLM\Software\Microsoft\Office\Access\Addins" "" "" "" "" ""
"HKCU\Software\Microsoft\Office\Access\Addins" "" "" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Access\Addins" "" "" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Office\Access\Addins" "" "" "" "" ""
"HKLM\Software\Microsoft\Office\Onenote\Addins" "" "" "" "27/06/2020 17:01" ""
"HKCU\Software\Microsoft\Office\Onenote\Addins" "" "" "" "02/07/2020 17:18" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Onenote\Addins" "" "" "" "27/06/2020 17:06" ""
"HKCU\Software\Wow6432Node\Microsoft\Office\Onenote\Addins" "" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Office test\Special\Perf\(Default)" "" "" "" "" ""
"HKCU\SOFTWARE\Microsoft\Office test\Special\Perf\(Default)" "" "" "" "" ""
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
589
Let's delete the task that produces this error and it missed our attention in the previous logs.
  • Double click Autoruns.exe again, and choose Scheduled Tasks tab.
  • In the list find this line:
Code:
+ "\Microsoft\Windows\WDI\SrvHost" "" "" "File not found: winscomrssrv.dll" "" ""
  • Right click on it and delete it.
  • Restart the computer.
Are you still getting the winscomrssrv.dll error?
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
589
Have you deleted the line above as instructed? Was the deletion successful? If you go now in the Scheduled tasks list, you see that line or not?
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
136
it has returned again. It didn't deleted as i saw it initially
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top