1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved StartupCheckLibrary.dll and winscomrssrv.dll issue

Discussion in 'Virus & Other Malware Removal' started by Luxuas, Dec 16, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. Luxuas

    Luxuas Thread Starter

    Joined:
    Dec 16, 2019
    Messages:
    5
    Hello, like many others I have the same problem with these two windows popping up everytime I turn on my laptop. The problem has started 2 days ago when I noticed my ESET Antivirus is not working anymore. I was not able to run the antivirus and I wasn't able to uninstall it. So I uninstalled it via ESETUninstaller.exe from the official ESET support site, installed it again and scanned the computer. The scan has found some threats once and since then, these two windows are popping up. Scanned my computer again, and nothing was found.

    Thank you for your help!
    post-429077-0-36243600-1562178306.png wvG95s6YpA--2Sw0O328XtyzZcX9M0vBMBR6Qk1-z0A.jpg
    [​IMG]
    [​IMG]
     
    Last edited: Dec 16, 2019
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    781
    Hi Luxuas, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.
    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  3. Luxuas

    Luxuas Thread Starter

    Joined:
    Dec 16, 2019
    Messages:
    5
    Here are the logs.
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    781
    Hi Luxuas,

    It appears that the logs are incomplete. There may have been a problem with FRST when it was running.
    Delete the current copies of FRST.txt and Addition.txt from your Downloads folder, run a new scan with FRST, and copy/paste both reports to your reply.
     
  5. Luxuas

    Luxuas Thread Starter

    Joined:
    Dec 16, 2019
    Messages:
    5
    Alright, used the scan tool once again and at the end it said "Scan completed", as it has before. Logs should be complete.
     

    Attached Files:

  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    781
    Hi Luxuas,

    Going over your logs I noticed that you have ĀµTorrent installed.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
    • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
    It is pretty much certain that if you continue to use P2P programs, you will get infected again.
    I would recommend that you uninstall ĀµTorrent, however that choice is up to you. If you choose to remove it, you can do so via Start > Settings icon > Apps.
    If you wish to keep it, please do not use it until your computer is cleaned.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      CloseProcesses:
      HKLM\...\Policies\Explorer: [HideSCAHealth] 1
      Task: {90E513A8-AA7E-41E2-88D5-C40679E7671B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
      Task: {BE1533B1-92CB-4323-8E46-50DFC68AC4BE} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
      2019-11-20 21:34 - 2019-11-25 11:47 - 000000024 _____ C:\Windows\system32\WinUpdates105.dat
      2019-11-20 21:34 - 2019-11-25 11:47 - 000000003 _____ C:\Windows\system32\wdbcache.tmp
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
      ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
      ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
      ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
      ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
      ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
      ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
      FirewallRules: [{B7E16833-4516-4F84-BFE0-99B6C481872C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
      FirewallRules: [{9A951C4D-D5C8-4ED9-A84B-75383F55C82E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
      FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe No File
      FirewallRules: [{A5C4D408-D14F-44ED-B70C-69F55560674E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe No File
      FirewallRules: [{5551D45A-D6F3-4A63-BE76-26358DD0FF65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe No File
      EmptyTemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Search

    • Double-click FRST.exe/FRST64.exe to run it.
    • Copy and paste the following into the Search: box:
      Code:
      winrmsrv.exe;winlogui.exe
    • Press the Search Files button.
    • When complete, FRST will generate a log in the same location it was run from (Search.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    Farbar Service Scanner

    Download Farbar Service Scanner and save it to your desktop.
    • Right-click FSS.exe and select Run as Administrator.
    • Check the following boxes:
      Code:
      Internet Services
      Windows Firewall
      System Restore
      Security Center/Action Center
      Windows Update
      Windows Defender
      
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Search.txt
    • FSS.txt
    • Let me know how the computer is doing.
     
  7. Luxuas

    Luxuas Thread Starter

    Joined:
    Dec 16, 2019
    Messages:
    5
    My computer seems to run fine now. Thank you.
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    781
    Hi Luxuas,

    ---------------------------------------------------
    Registry Script

    Download the following files and save them to your desktop.

    WinDefend.reg
    wuauserv.reg
    • Double-click WinDefend.reg
    • Allow the information to be merged into the registry if prompted. (click Yes)
    • Restart the computer.
    • Repeat the process for wuauserv.reg, then restart the computer.

    ---------------------------------------------------
    Re-scan with FSS

    • Right-click FSS.exe and select Run as Administrator.
    • Check the following boxes:
      Code:
      Internet Services
      Windows Firewall
      System Restore
      Security Center/Action Center
      Windows Update
      Windows Defender
      
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    ---------------------------------------------------

    In your next reply, please include:
    • FSS.txt
     
  9. Luxuas

    Luxuas Thread Starter

    Joined:
    Dec 16, 2019
    Messages:
    5
    Hello, I am sorry it took me this long, I had no time at all. Here is the FSS log:
     

    Attached Files:

    • FSS.txt
      File size:
      2.6 KB
      Views:
      4
  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    781
    Hi Luxuas,

    No problem.

    ---------------------------------------------------
    ESET Online Scanner

    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • eset.txt
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    781
    Thread abandoned due to lack of feedback.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1237232

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice