Ok, does it pop up any error messaging when it crashes? And also does it do it with any PDF of some particular files?
Kind Regards,
Elise
Malware infection on Windows .dll files might be causing OneNote to crash when inserting pdf printout. How to solve?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi.
Recently my Microsoft OneNote crashed (after updating Windows) when inserting pdf, leading me to search about the resolution, in which I later saw an article online saying this might be due to corrupted system file.
I also saw 2 dialog boxes saying my StartupCheckLibrary.dll and winscomrssrv.dll is having problem everytime I restart my computer.
Then, I proceed to use Windows Defender and saw that there are 3 Trojan which are detected few days ago, affecting these .dll files.
After I saw these malware detections, I ran a full scan on my computer using Windows Defender and discovered another malware.
However, even after I block the new malware, I still can see the .dll file error on startup. (Maybe because Windows disabled them)
Hence, I downloaded Malwarebytes and ran a scan, only discovering that there are another 21 malwares and 1 potential-unwanted program in my pc.
Below are the scan details of Malwarebytes:
===========================================-Scan Details-===================================
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 12
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, Quarantined, 503, 780231, 1.0.33344, , ame, , ,
Registry Value: 5
Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{5FEC48C2-B8AD-4764-9EF3-151676F950BF}, Quarantined, 943, 840273, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}|PATH, Quarantined, 503, 780232, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{320A7A0D-A208-4B4F-903A-3E6F13E752B3}|PATH, Quarantined, 503, 782993, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{94ACB16B-0DB5-472C-940A-27C755BB60DC}|PATH, Quarantined, 503, 784920, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{DE2C3868-F32D-4B19-9835-D95C6D8547A1}|PATH, Quarantined, 503, 780528, 1.0.33344, , ame, , ,
Registry Data: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-2774254989-1650552144-2002851637-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 240, 292990, 1.0.33344, , ame, , ,
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 4
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 503, 735770, 1.0.33344, , ame, , DEA456F460781902A6EDB31CA9A96DC9, EC91DFE21206FF8313556A0124B9D1D97BC80B2A825B1B9AA93CDA08349373D6
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 503, 780529, 1.0.33344, , ame, , C93DAD9E123D108F11F2AFC72464F3A9, EBB1F78E2A6B796D94CFCDD65524BE6C700C51D2E9CB29280761077DCF17A4DC
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WDI\SRVHOST, Quarantined, 503, 735769, 1.0.33344, , ame, , C0BA5C27FC06432C8096FDAF68380A96, 79D6C9C41A2602C3E962CDA1F8135BB74E2C4C6FA7967F599FC5C421546C5EA7
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 503, 780231, , , , , 75D3AC02E91DFC310210F54F7260EF58, 625FC0A0BAAB1B513E29AED5824308BB78A43E558AC18A418354304379F1749E
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
===========================================-End Of Scan Details-===================================
After quarantining the malwares detected using Malwarebytes, now I do not see the StartupUpdateLibrary.dll error anymore.
However, I suspect my computer has been infected. And those system files that are quarantined cannot be quarantine forever and I will need to use them some day.
And also, my OneNote still crash when inserting pdf.
When I use OneNote web client, I can see the pdf being inserted, but the content is not shown either.
I would like to remove these malwares, but I afraid I will damage my computer. Could anyone help me? Thank you so much.
Windows for home | Windows 10 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
5 answers
Sort by: Most helpful
-
Anonymous
2020-11-24T14:55:11+00:00 -
Anonymous
2020-11-24T14:42:45+00:00 Hi _AW_,
Thank you for your reply and help. :-)
I have deleted the malwares. I will probably do some further check when I am free. I will be extra careful in future when downloading things or accessing websites over the internet.
Regards,
JY
-
Anonymous
2020-11-24T14:38:17+00:00 Hi Elise, thank you for your advice. :-)
I have deleted the malwares. I will probably do some further check when I am free. I will be extra careful in future when downloading things or accessing websites over the internet.
I have tried to repair OneNote using Windows 10 app features but it still crash when inserting pdf. I also tried to reset app (clear data) and repair. But it still crashes.
-
Anonymous
2020-11-24T13:57:04+00:00 Hi, I'm Elise, an independent advisor and I'd be happy to help with your issue.
You should be safe to now remove these, but they have already been prevented from being accessing by the quarantine process.
For your OneNote issue, I would suggest running an office repair to resolve your issue, please see this article for full instructions: https://support.microsoft.com/en-us/office/repa...
Please let me know if you need any further assistance.
Kind Regards,
Elise
-
_AW_ 67,431 Reputation points Volunteer Moderator2020-11-24T13:49:37+00:00 The files quarantined are malware not system files and will never need to be used. From the look of the detections it appears that most of the infection has been removed.
You could also scan with ESET Online Scanner. Set it to scan everything including PUAs