Hello Antivirus immediately after starting the computer, informed me that he removed some virus. It surprised me a bit and for sure I scanned it all but found nothing. After reboot I started getting a message that appears every time. I tried several ways for similar problems, including...

Poprawny Fixlist.txt: CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\UtilspAdobeAAMDetect64.dll => Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku Task: {63818197-652F-449D-BD13-CB5967D85AFB} - System32\Tasks\Opera scheduled Autoupdate 1542652055 => C:\Users\Z\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software) Task: {AC35CF5F-8159-4ED4-98FB-9B437E35B289} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost GroupPolicy: Ograniczenia ? Microsoft Corporation) Microsoft Corporation)

Most likely, the antivirus has found winscomrssrv.dll as a virus and removed / moved it.

Possible. Only how to get rid of this annoying message?

Download, scan and delete everything (from quarantine as well): Uninstall unnecessary programs Execute the fixlist - download, put it in the folder next to FRST and click Repair I can not find more mistakes.

I would not be doing this fixlist above! It will remove entries from the software from the AIM SC808 card, running the software from the MS mouse / keyboard (although it is optional), a lot of codecs from the system, and crack, thanks to which pirate Windows and / or Office Author works. It will generally remove little of harmful things.

Spoiler: Show () [No digital signature] C: \ Windows \ System \ GfsMgr64.exe () [No digital signature] C: \ Windows \ SysWOW64 \ GfsMgr.exe () [No digital signature] C: \ Windows \ SysWOW64 \ ExMgr.exe HKLM \ ... \ Run: [GFS64] => C: \ Windows \ system \ GfsMgr64.exe [286720 2013-04-25] () [No digital signature] HKLM \ ... \ Run: [GFS] => C: \ Windows \ syswow64 \ GfsMgr.exe [204800 2013-04-25] () [No digital signature] HKLM \ ... \ Run: => C: \ Windows \ syswow64 \ ExMgr.exe [204800 2011-02-26] () [No digital signature] HKLM \ SOFTWARE \ Policies \ Microsoft \ Windows Defender: Limitations Fraunhofer Institut Integrierte Schaltungen IIS) FF Plugin: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature] FF Plugin: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll [No file] FF Plugin-x32: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files (x86) \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect32.dll [No file] FF Plugin HKU \ S-1-5-21-374170528-3039333091-3245006288-1001: wacom.com/WacomTabletPlugin -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [None digital signature] S3 ATLOISAService; C: \ Windows \ system \ ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [No digital signature] S3 wuauserv; C: \ Windows \ system32 \ svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) Microsoft Corporation) C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll (Wacom ) [No digital signature] CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {e8c77137-e224-5791-b6e9-ff0305797a13} \ InprocServer32 -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll => No file ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file ContextMenuHandlers1: [FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers6: -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku Task: {34EEEC33-8B1C-4056-A3A3-DEC9B57D40FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [TCP Query User{89662DC9-7117-4B72-9D36-AE44E52F2D43}D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe] => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku FirewallRules: => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku Co jeszcze? Dodasz, odejmiesz?

Yes, I am waiting for an answer @ dt1 what it should look like.

Now, if the fixlist has already been executed, it is worth re-scanning and uploading new logs.

Delete the C: \ FRST folder and that's all.

Antivirus-Removed Virus & Persistent Winscomrssrv.dll Message: Troubleshooting Tips

Zajonc753 13371 11

This content has been translated

View the original version here

Report a violation of the law

| New topic

#1 17805932 26 Feb 2019 13:32

Zajonc753 Zajonc753

Level 6
» | Topic author

Post #1
17805932 26 Feb 2019 13:32

Hello
Antivirus immediately after starting the computer, informed me that he removed some virus. It surprised me a bit and for sure I scanned it all but found nothing.
After reboot I started getting a message that appears every time.

I tried several ways for similar problems, including AdwCleaner but the message appears after each reboot.

Attachments:

Addition.txt (45.45 KB) You must be logged in to download this attachment.

FRST.txt (18.72 KB) You must be logged in to download this attachment.
ADVERTISEMENT
#2 17806100 26 Feb 2019 14:51

adamegah adamegah

Level 21

» | Helpful post? (+2)

Post #2
17806100 26 Feb 2019 14:51

Most likely, the antivirus has found winscomrssrv.dll as a virus and removed / moved it.
#3 17806114 26 Feb 2019 14:59

Zajonc753 Zajonc753

Level 6

» | Topic author Helpful post? (0)

Post #3
17806114 26 Feb 2019 14:59

Possible. Only how to get rid of this annoying message?
ADVERTISEMENT
#4 17806132 26 Feb 2019 15:06

Anonymous Anonymous

Level 1
» |

Post #4
17806132 26 Feb 2019 15:06

Download, scan and delete everything (from quarantine as well):
https://pl.malwarebytes.com/

Uninstall unnecessary programs

Execute the fixlist - download, put it in the folder next to FRST and click Repair
I can not find more mistakes.

Moderated By dt1:
Fixlist from this attachment will cause several problems, an explanation below.

Attachments:

fixlist.txt (8.13 KB) You must be logged in to download this attachment.
#5 17806187 26 Feb 2019 15:28

dt1 dt1

Admin of Computers group

» | Helpful post? (+1)

Post #5
17806187 26 Feb 2019 15:28

I would not be doing this fixlist above!
It will remove entries from the software from the AIM SC808 card, running the software from the MS mouse / keyboard (although it is optional), a lot of codecs from the system, and crack, thanks to which pirate Windows and / or Office Author works.

It will generally remove little of harmful things.
ADVERTISEMENT
#6 17806203 26 Feb 2019 15:32

Anonymous Anonymous

Level 1

» |

Post #6
17806203 26 Feb 2019 15:32

Spoiler:
() [No digital signature] C: \ Windows \ System \ GfsMgr64.exe
() [No digital signature] C: \ Windows \ SysWOW64 \ GfsMgr.exe
() [No digital signature] C: \ Windows \ SysWOW64 \ ExMgr.exe
HKLM \ ... \ Run: [GFS64] => C: \ Windows \ system \ GfsMgr64.exe [286720 2013-04-25] () [No digital signature]
HKLM \ ... \ Run: [GFS] => C: \ Windows \ syswow64 \ GfsMgr.exe [204800 2013-04-25] () [No digital signature]
HKLM \ ... \ Run: [SC808HDEX] => C: \ Windows \ syswow64 \ ExMgr.exe [204800 2011-02-26] () [No digital signature]
HKLM \ SOFTWARE \ Policies \ Microsoft \ Windows Defender: Limitations Fraunhofer Institut Integrierte Schaltungen IIS)
FF Plugin: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature]
FF Plugin: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll [No file]
FF Plugin-x32: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files (x86) \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect32.dll [No file]
FF Plugin HKU \ S-1-5-21-374170528-3039333091-3245006288-1001: wacom.com/WacomTabletPlugin -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [None digital signature]
S3 ATLOISAService; C: \ Windows \ system \ ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [No digital signature]
S3 wuauserv; C: \ Windows \ system32 \ svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) Microsoft Corporation) C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll (Wacom ) [No digital signature]
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {e8c77137-e224-5791-b6e9-ff0305797a13} \ InprocServer32 -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll => No file
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file
ContextMenuHandlers1: [FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku
Task: {34EEEC33-8B1C-4056-A3A3-DEC9B57D40FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{89662DC9-7117-4B72-9D36-AE44E52F2D43}D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe] => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku
FirewallRules: [UDP Query User{84ABE8A5-7EA0-4856-BBC0-A7C762E414D2}D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe] => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku

Co jeszcze? Dodasz, odejmiesz?
#7 17808198 27 Feb 2019 13:06

Zajonc753 Zajonc753

Level 6

» | Topic author Helpful post? (0)

Post #7
17808198 27 Feb 2019 13:06

Tomequ123 wrote:

Spoiler:
() [No digital signature] C: \ Windows \ System \ GfsMgr64.exe
() [No digital signature] C: \ Windows \ SysWOW64 \ GfsMgr.exe
() [No digital signature] C: \ Windows \ SysWOW64 \ ExMgr.exe
HKLM \ ... \ Run: [GFS64] => C: \ Windows \ system \ GfsMgr64.exe [286720 2013-04-25] () [No digital signature]
HKLM \ ... \ Run: [GFS] => C: \ Windows \ syswow64 \ GfsMgr.exe [204800 2013-04-25] () [No digital signature]
HKLM \ ... \ Run: [SC808HDEX] => C: \ Windows \ syswow64 \ ExMgr.exe [204800 2011-02-26] () [No digital signature]
HKLM \ SOFTWARE \ Policies \ Microsoft \ Windows Defender: Limitations Fraunhofer Institut Integrierte Schaltungen IIS)
FF Plugin: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature]
FF Plugin: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll [No file]
FF Plugin-x32: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files (x86) \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect32.dll [No file]
FF Plugin HKU \ S-1-5-21-374170528-3039333091-3245006288-1001: wacom.com/WacomTabletPlugin -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [None digital signature]
S3 ATLOISAService; C: \ Windows \ system \ ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [No digital signature]
S3 wuauserv; C: \ Windows \ system32 \ svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) Microsoft Corporation) C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll (Wacom ) [No digital signature]
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file
CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {e8c77137-e224-5791-b6e9-ff0305797a13} \ InprocServer32 -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll => No file
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku
Task: {34EEEC33-8B1C-4056-A3A3-DEC9B57D40FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{89662DC9-7117-4B72-9D36-AE44E52F2D43}D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe] => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku
FirewallRules: [UDP Query User{84ABE8A5-7EA0-4856-BBC0-A7C762E414D2}D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe] => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku

Co jeszcze? Dodasz, odejmiesz?

Nie pomogło.
#8 17808411 27 Feb 2019 15:14

Anonymous Anonymous

Level 1

» |

Post #8
17808411 27 Feb 2019 15:14

Yes, I am waiting for an answer @ dt1 what it should look like.
#9 17808638 27 Feb 2019 17:15

dt1 dt1

Admin of Computers group

» | Helpful post? (0)

Post #9
17808638 27 Feb 2019 17:15

Now, if the fixlist has already been executed, it is worth re-scanning and uploading new logs.
Helpful post

#10 17808804 27 Feb 2019 18:22

Kolobos Kolobos

IT specialist

» | Helpful post? (+2)

Helpful post
Post #10
17808804 27 Feb 2019 18:22

Poprawny Fixlist.txt:
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
Task: {63818197-652F-449D-BD13-CB5967D85AFB} - System32\Tasks\Opera scheduled Autoupdate 1542652055 => C:\Users\Z\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {AC35CF5F-8159-4ED4-98FB-9B437E35B289} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
GroupPolicy: Ograniczenia ? Microsoft Corporation) Microsoft Corporation)
#11 17810207 28 Feb 2019 11:44

Zajonc753 Zajonc753

Level 6

» | Topic author Helpful post? (0)

Post #11
17810207 28 Feb 2019 11:44

It's ok now (:
ADVERTISEMENT
#12 17811636 28 Feb 2019 22:12

RADU23 RADU23

VIP Meritorious for electroda.pl

» | Helpful post? (0)

Post #12
17811636 28 Feb 2019 22:12

Delete the C: \ FRST folder and that's all.
Create an account, log in here. You will receive points by participating in discussions.
Join this discussion.

Install Elektroda application

Didn't find an answer? Ask Artificial Intelligence

*I agree to send the question to OpenAI, Anthropic PBC, Perplexity AI, Inc., Kagi Inc., Google LLC - owners of language models in order to prepare the best response. The companies may monitor and log information entered into the form.

*I agree to publicly display my question and answer. The question and answer will be publicly available to everyone. The process may take a few minutes. Upon completion, you will be redirected to the page with the answer.

Wait...(2min)

| New topic

Report a violation of the law

Topic summary

✨ The discussion revolves around a user experiencing persistent error messages related to the winscomrssrv.dll file after an antivirus program removed a virus upon startup. Despite scanning with various tools, including AdwCleaner and Malwarebytes, the issue persisted. Suggestions included uninstalling unnecessary programs, executing a fixlist, and re-scanning for malware. A specific fixlist was provided, which ultimately resolved the issue for the user. The conversation highlighted the risks of using certain fixlists that could remove essential software components.
Generated by the language model.

FAQ

TL;DR: One scheduled task caused the startup error; "rundll32.exe winscomrssrv.dll,SrvMainHost" exposed persistence. Use FRST with the correct Fixlist.txt to remove that task and clean leftovers. [Elektroda, Kolobos, post #17808804]

Why it matters: This FAQ helps Windows users whose antivirus removed malware but still see winscomrssrv.dll popups at boot, and shows the safe fix.

Quick Facts

Persistence location: Task Scheduler path Microsoft\Windows\WDI\SrvHost executes rundll32.exe winscomrssrv.dll,SrvMainHost at startup. [Elektroda, Kolobos, post #17808804]
Remediation method: Run FRST with a proper Fixlist.txt placed next to FRST.exe, then click Repair/Fix. [Elektroda, Anonymous, post #17806132]
Risk note: A wrong fixlist can remove AIM SC808 drivers, Microsoft mouse/keyboard software, codecs, or an activation loader. [Elektroda, dt1, post #17806187]
Outcome: After applying the correct Fixlist.txt, the user reported, "It's ok now." [Elektroda, Zajonc753, post #17810207]
Cleanup: Delete the C:\FRST folder after finishing to remove tools and logs. [Elektroda, RADU23, post #17811636]

What triggers the winscomrssrv.dll error at startup?

A scheduled task named Microsoft\Windows\WDI\SrvHost calls rundll32 to load winscomrssrv.dll at boot. When the DLL is missing, Windows shows an error. In this case, one task entry invoked that DLL. [Elektroda, Kolobos, post #17808804]

Did my antivirus actually remove winscomrssrv.dll?

Yes. A helper confirmed the antivirus identified winscomrssrv.dll as malicious, then removed or moved it. [Elektroda, adamegah, post #17806100]

How do I apply an FRST fixlist safely?

Use FRST only with a trusted Fixlist.txt.

Download FRST and the specific Fixlist.txt.
Place Fixlist.txt in the same folder as FRST.exe.
Run FRST and click Repair (Fix). This applies the cleanup precisely. [Elektroda, Anonymous, post #17806132]

What exactly did the correct Fixlist.txt change?

It targeted broken shell extensions and the malicious startup task. The list included CustomCLSID entries and a context menu handler cleanup. It also removed the Microsoft\Windows\WDI\SrvHost task calling "rundll32.exe winscomrssrv.dll,SrvMainHost." [Elektroda, Kolobos, post #17808804]

Is it safe to run any fixlist someone posts?

No. As one expert warned, "I would not be doing this fixlist above!" It could remove audio drivers, input software, codecs, or an activator. Always request a tailored fixlist for your logs. [Elektroda, dt1, post #17806187]

I already ran a bad fixlist—what now?

Rescan the system and provide fresh diagnostic logs. The helper recommended re-scanning and uploading new logs after running an incorrect fixlist. [Elektroda, dt1, post #17808638]

Should I run Malwarebytes and empty quarantine?

Yes. Download Malwarebytes, run a full scan, and remove detected items. Then open Quarantine and delete everything kept there. [Elektroda, Anonymous, post #17806132]

AdwCleaner didn’t fix it—what should I do next?

Use a targeted FRST cleanup. The correct Fixlist.txt removed the startup task that invoked winscomrssrv.dll, resolving the boot error. [Elektroda, Kolobos, post #17808804]

How do I confirm the issue is resolved?

Reboot and watch for the popup. Success means no winscomrssrv.dll message at startup. The original poster confirmed, "It's ok now" after applying the fix. [Elektroda, Zajonc753, post #17810207]

What risks come with incorrect fixlists?

A wrong fixlist can remove legitimate components. Examples include AIM SC808 audio software, Microsoft mouse/keyboard tools, codecs, and an activation loader. That can break audio or licensing. [Elektroda, dt1, post #17806187]

Should I delete the FRST folder after finishing?

Yes. Remove the C:\FRST folder when cleanup is complete. This discards the tool and its logs safely. [Elektroda, RADU23, post #17811636]

Should I also uninstall unnecessary programs?

Yes. The helper advised uninstalling unnecessary software during remediation. This complements malware removal and reduces clutter. [Elektroda, Anonymous, post #17806132]

Generated by the language model.