1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved winscomrssrv.dll not found

Discussion in 'Virus & Other Malware Removal' started by bigchalupa, Mar 28, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    Windows defender quarantined this file..

    [​IMG]

    And then I kept getting this message at startup...

    [​IMG]

    So I used Autoruns to prevent Windows from trying to start winscomrssrv.dll. Everything seemed OK after that.

    Defender quarantined this yesterday...

    [​IMG]

    Now I'm getting that other message at startup again. Should I just remove that entry with autoruns again? Is that the proper course of action? This is the first time defender ever found a threat on my computer so not sure if this is normal. What is winscomrssrv.dll, I can't find information on it?

    Thanks

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz, Intel64 Family 6 Model 158 Stepping 9
    Processor Count: 4
    RAM: 16287 Mb
    Graphics Card: Intel(R) HD Graphics 630, 1024 Mb
    Hard Drives: C: 225 GB (102 GB Free); D: 931 GB (886 GB Free);
    Motherboard: Alienware, 07HV66
    Antivirus: Windows Defender, Enabled and Updated
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    501
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen alert, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this, along with FRST.txt, to your reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    OK, thank you, here they are...
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    501
    Hi,

    Going over your logs I noticed that you have qBittorrent installed.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
    • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
    It is pretty much certain that if you continue to use P2P programs, you will get infected again.
    I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
    If you wish to keep it, please do not use it until your computer is cleaned.

    ----------------------------------------------------------------------------------

    We need to run a fix with FRST:

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

    ----------------------------------------------------------------------------------

    Download the right version of SystemLook for your operating system:

    SystemLook (64 bit)
    SystemLook (32 bit)

    and save it to your desktop.

    Right-click on SystemLook_x64.exe or SystemLook.exe and select Run as Administrator.

    Copy the contents of the below code box into the text window of SystemLook:

    Code:
    :filefind
    winscomrssrv.dll
    StartupCheckLibrary.dll
    
    :regfind
    winscomrssrv.dll
    StartupCheckLibrary.dll
    
    Click Look to begin the scan.

    When the scan is complete, the results will open in Notepad (SystemLook.txt)
    Copy and paste the contents of SystemLook.txt into your next reply.
     

    Attached Files:

  5. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:00 on 29/03/2019 by steve
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "winscomrssrv.dll"
    No files found.

    Searching for "StartupCheckLibrary.dll"
    C:\Windows\System32\StartupCheckLibrary.dll --a---- 2615296 bytes [19:17 15/12/2018] [19:17 15/12/2018] BBF0FF45510CF6EA849F593801E1C8D0

    ========== regfind ==========

    Searching for "winscomrssrv.dll"
    No data found.

    Searching for "StartupCheckLibrary.dll"
    No data found.

    -= EOF =-

    I had to turn off protected folder access in Windows security to get System Look to run...

    I rarely use qtorrent and I'm usually very careful when I do but I'll keep your advice in mind, thanks.
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    501
    Hi,

    Thanks for the SystemLook log.

    After the FRST fix, there should be a file called fixlog.txt saved in the same location as FRST.
    Please attach it to your reply.
     
  7. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    Attached
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    501
    Hi,

    Please run this FRST fix:

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
     

    Attached Files:

  9. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    This message keeps popping up in notification center...

    Unauthorized changes blocked
    Controlled folder access blocked C\...
    \DDVDataCollector... from making changes to
    memory.
     
  10. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    Should I turn off protected folder access before running FRST?
     
  11. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    I ran FRST with it off... still getting that message in notifications
     

    Attached Files:

  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    501
    Hi,

    This file is related to Dell.
    You can add an exclusion in Windows Defender for this file.
    https://support.microsoft.com/en-us/help/4028485/windows-10-add-an-exclusion-to-windows-security

    Add the exclusion for the file C:\Program Files\Dell\DellDataVault\DDVDatacollector.exe

    ----------------------

    Does the problem with winscomrssrv.dll persist?
     
  13. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    No, that seems fixed now...

    But why has Windows started blocking this now? I had to disable Protected folder access entirely because it started blocking other things it wasn't blocking before. Could this malware or whatever it was have been preventing protected access from working properly and I didn't realize it?

    Is this an important feature to have on or can I leave it off?
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    501
    Hi,

    What are the file names of the files Controlled Folder Access is blocking?
     
  15. bigchalupa

    bigchalupa Thread Starter

    Joined:
    Aug 1, 2004
    Messages:
    50
    Hi

    One was AMDRSServ.exe and the other was quadstick.exe which is accessibility software I use because I'm disabled. I suppose I can try and add exceptions for those and see what happens... I just don't understand why these weren't blocked earlier.
     
    Last edited: Mar 30, 2019
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1225077

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice