Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosts Hijack virus keeps coming back


  • Please log in to reply
6 replies to this topic

#1 ittiandro

ittiandro

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 30 January 2018 - 01:35 PM

My computer had been virus-free for a long time. A few days ago it went bezerk ( freezing,  pop ups in  Russian, with a "Miped" caption in Cyrillic, which I can read). Also, the   C drive suddenly disappeared from "My computer" and reappeared a few minutes after , etc.  

 

I got suspicious when I got a message saying that Windows Firewall had blocked a file called RUTSERV.exe. I did some search and found it was a malware.  I ran UnhackMe, Zemana, Malwarebytes , Windows Defender Offline. The system gets cleaned  but the malware reappears within 24 hours. I am on Windows 7.

 

How can I fix it? Somebody suggested Spy Hunter. An old friend ( or foe?) 

I suspect it plays a foul game: the first time I ran it, a few years ago, it found a ton of malware. I ran it  a first time and it did clean  the system, because when I ran it a 2nd time right after, there was no malware..  Then, I wanted to do a ..." keep it honest " test : I uninstalled the program and reinstalled it right after. Surprise Surprise, the same malware reappeared, inviting me to purchase the app... Something fishy!

 

Bottom line, how can I get rid of it?

 

Thanks for your help

 

Ittiandro



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 30 January 2018 - 02:01 PM

Hi, What is your Browser?

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
EDit

The process known as Remote Utilities or RMS belongs to software Remote Utilities - Host or Remote Manipulator System by Usoris Systems or TektonIT.
https://www.file.net/process/rutserv.exe.html

Edited by boopme, 30 January 2018 - 02:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ittiandro

ittiandro
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 30 January 2018 - 03:31 PM

Hi, What is your Browser?

MiniToolBox

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
EDit

The process known as Remote Utilities or RMS belongs to software Remote Utilities - Host or Remote Manipulator System by Usoris Systems or TektonIT.
https://www.file.net/process/rutserv.exe.html

 

My browser is Chrome. I ran the the MiniToolBox. I have the  MTB.Txt file ( Notepad). How do I post it? I see no File Attachment feature. I could copy and paste it in my reply, but it is very long. Please let me know.

 

Thanks 

 

Ittiandro



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 30 January 2018 - 05:01 PM

Copy/Paste Please
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ittiandro

ittiandro
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 30 January 2018 - 06:06 PM

Copy/Paste Please

 
 
 
 
Here it is
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.0 12finance.com
0.0.0.0 12kotov.ru
0.0.0.0 144.76.201.175
0.0.0.0 1dnscontrol.com
0.0.0.0 adsrvr.org
0.0.0.0 adsymptotic.com
0.0.0.0 advertising.com
0.0.0.0 akisho.ru
0.0.0.0 altocloudmedia.com
0.0.0.0 amtomil.ru
0.0.0.0 appchucklegift.com
0.0.0.0 asedownloadgate.com
0.0.0.0 atwola.com
0.0.0.0 backupcdn.com
0.0.0.0 bestapps4ever161.download
0.0.0.0 bet-booom.ru
0.0.0.0 bfmio.com
0.0.0.0 bywinners.men
0.0.0.0 cdndepot.com
0.0.0.0 celebritytrends.tv
0.0.0.0 champlaintechnology.com
0.0.0.0 chromesearch.win
0.0.0.0 clapflab.ru
0.0.0.0 click-now-on.me
0.0.0.0 corulu.com
0.0.0.0 coupplayoffgame.com
0.0.0.0 d3jx96othz2l8y.cloudfront.net
0.0.0.0 deloton.com
0.0.0.0 directadvert.ru
0.0.0.0 directdownloader.com
 
There are 226 entries.
 
========================= IP Configuration: ================================
 
D-Link DWA-160 Xtreme N Dual Band USB Adapter(rev.A2) = Wireless Network Connection 8 (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 9 (Media disconnected)
Spotflux Virtual Network Device Driver = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ittiandro-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Spotflux Virtual Network Device Driver
   Physical Address. . . . . . . . . : 00-FF-B6-1F-BF-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #7
   Physical Address. . . . . . . . . : BE-A3-86-8F-00-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : D-Link DWA-160 Xtreme N Dual Band USB Adapter(rev.A2)
   Physical Address. . . . . . . . . : B8-A3-86-8F-00-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::99be:72d1:aacb:7a25%19(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 30, 2018 3:15:48 PM
   Lease Expires . . . . . . . . . . : Tuesday, February 06, 2018 3:15:47 PM
   Default Gateway . . . . . . . . . : fe80::218:e7ff:fe8c:95a2%19
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 6C-62-6D-FA-D0-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial  = 1
refresh = 600 (10 mins)
retry   = 1200 (20 mins)
expire  = 604800 (7 days)
default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4020:807::200e
  172.217.13.206
 
 
Pinging google.com [172.217.13.206] with 32 bytes of data:
Reply from 172.217.13.206: bytes=32 time=11ms TTL=57
Reply from 172.217.13.206: bytes=32 time=12ms TTL=57
 
Ping statistics for 172.217.13.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::100d
  2001:4998:c:e33::53
  2001:4998:58:2201::73
  206.190.39.42
  98.139.180.180
  98.138.252.38
 
 
Pinging yahoo.com [98.138.252.38] with 32 bytes of data:
Reply from 98.138.252.38: bytes=32 time=45ms TTL=54
Reply from 98.138.252.38: bytes=32 time=40ms TTL=54
 
Ping statistics for 98.138.252.38:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 45ms, Average = 42ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...00 ff b6 1f bf e1 ......Spotflux Virtual Network Device Driver
 20...be a3 86 8f 00 76 ......Microsoft Virtual WiFi Miniport Adapter #7
 19...b8 a3 86 8f 00 76 ......D-Link DWA-160 Xtreme N Dual Band USB Adapter(rev.A2)
 11...6c 62 6d fa d0 f9 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.12     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.12    276
     192.168.0.12  255.255.255.255         On-link      192.168.0.12    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.12    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.12    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.12    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19    276 ::/0                     fe80::218:e7ff:fe8c:95a2
  1    306 ::1/128                  On-link
 19    276 fe80::/64                On-link
 19    276 fe80::99be:72d1:aacb:7a25/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/29/2018 07:06:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/29/2018 07:05:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (01/29/2018 07:05:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/29/2018 07:04:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (01/29/2018 06:28:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/29/2018 06:28:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/29/2018 06:28:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service CRMSvc since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/29/2018 06:28:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service NVDisplayContainer since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/29/2018 06:28:46 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3bf86277-05d6-4929-ab9a-281a15f9ca3d}
 
Error: (01/29/2018 03:04:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: 71ED.tmp.exe, version: 0.0.0.0, time stamp: 0x5a6f6bcf
Faulting module name: wdmaud.drv, version: 6.1.7601.17514, time stamp: 0x4ce7ba26
Exception code: 0xc0000005
Fault offset: 0x00010fe4
Faulting process id: 0x5e64
Faulting application start time: 0x71ED.tmp.exe0
Faulting application path: 71ED.tmp.exe1
Faulting module path: 71ED.tmp.exe2
Report Id: 71ED.tmp.exe3
 
 
System errors:
=============
Error: (01/30/2018 03:16:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx86
tib_mounter
UimBus
Uim_DEVIM
Uim_IM
 
Error: (01/30/2018 03:15:44 PM) (Source: Service Control Manager) (User: )
Description: The wifi support service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (01/30/2018 03:15:43 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.
 
Error: (01/29/2018 09:05:47 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{9f3a1794-e1d7-11e4-ae6d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{DBA823DD-6E5E-4069-8092-647804431D11}
 
Error: (01/29/2018 06:35:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx86
tib_mounter
UimBus
Uim_DEVIM
Uim_IM
 
Error: (01/29/2018 06:34:44 PM) (Source: Service Control Manager) (User: )
Description: The wifi support service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (01/29/2018 06:34:44 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.
 
Error: (01/29/2018 06:18:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/29/2018 06:18:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (01/29/2018 06:07:52 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
Error: (11/14/2017 08:08:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 80331 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/31/2017 10:09:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 88 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (07/21/2017 07:47:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 547934 seconds with 21360 seconds of active time.  This session ended with a crash.
 
Error: (02/23/2017 01:57:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/23/2017 01:56:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/24/2016 06:38:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/24/2016 06:37:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/24/2016 06:37:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/23/2016 03:56:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/04/2016 11:07:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 346633 seconds with 19020 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2018-01-28 18:02:42.828
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume4\Master exe prgrms ed\windows iso\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2018-01-28 18:02:42.809
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume4\Master exe prgrms ed\windows iso\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2018-01-26 14:38:13.936
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume4\Master exe prgrms ed\windows iso\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2018-01-26 14:38:13.905
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume4\Master exe prgrms ed\windows iso\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2018-01-25 22:34:22.833
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume4\Master exe prgrms ed\windows iso\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2018-01-25 22:34:22.817
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume4\Master exe prgrms ed\windows iso\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
=========================== Installed Programs ============================
 
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ACDSee Pro 3 (HKLM\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Acronis True Image 2015 (HKLM\...\{EC394A67-873F-4E6B-AD26-3AA71C7DDA4C}) (Version: 18.0.6055 - Acronis) Hidden
Acronis True Image 2015 (HKLM\...\{EC394A67-873F-4E6B-AD26-3AA71C7DDA4C}Visible) (Version: 18.0.6055 - Acronis)
Acronis Universal Boot Media Builder (HKLM\...\{8FAB072E-6028-4BCD-A6CD-D179E4860073}) (Version: 11.5.38938 - Acronis)
ActivePython 3.6.0 Build 3600 (HKLM\...\{34E37F37-7C59-42FA-B999-05E2BA1559F4}) (Version: 3.6.3600 - ActiveState Software Inc.)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Ashampoo WinOptimizer 11 v.11.0.1 (HKLM\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.0.1 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
AVG (HKLM\...\{39D67484-A153-4245-87BC-9E6FBBBD2A7D}) (Version: 16.4.7163 - AVG Technologies) Hidden
AVG (HKLM\...\{A937E511-F7B7-45F1-8C02-4A446E649529}) (Version: 16.141.7996 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.116.3.1052 - AVG Technologies)
AVG 2016 (HKLM\...\{BBD335B6-C665-4107-BC62-78DAE36926C5}) (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
AVG Zen (HKLM\...\{3D8C5CBA-DDCF-44CE-AD7D-B0AEF74E989E}) (Version: 1.116.2 - AVG Technologies) Hidden
Backup and Sync from Google (HKLM\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
calibre (HKLM\...\{C91787D1-574E-4367-A8D2-641532A78A5E}) (Version: 3.8.0 - Kovid Goyal)
Canon MF Toolbox 4.9.1.1.mf11 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf11 - Canon Inc.)
Canon MF4400 Series (HKLM\...\{4129CA8E-7E75-4eee-BAE5-AA7707AA7708}) (Version: 3.8.0.0 - Canon Inc.)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.3.1110 - CDBurnerXP)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version:  - )
D-Link DWA-160  (HKLM\...\{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}) (Version:  - D-Link Corporation)
EASEUS Data Recovery Wizard 4.0.1 (HKLM\...\{F8B5AA77-05D5-45BD-8FE3-F9E3631D72FB}) (Version: 4.0.1 - EASEUS)
Easy Drive Data Recovery (HKLM\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
ePUBee Magic (HKLM\...\ePUBee Magic) (Version: 1.0.0.11 - ePUBee)
Epubor Kindle DRM Removal (HKLM\...\Epubor Kindle DRM Removal) (Version: 3.0.15.1111 - Epubor Inc.)
ExtensionGoogleTranslate (HKLM\...\ExtensionGoogleTranslate) (Version:  - )
FMW 1 (HKLM\...\{A2B92392-DC17-416B-88F6-A6A55E053E32}) (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GSpot Codec Information Appliance (HKLM\...\GSpot) (Version:  - )
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IsoBuster 2.5.5 (HKLM\...\IsoBuster_is1) (Version: 2.5.5 - Smart Projects)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.111.14 - Oracle Corporation) Hidden
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Media Player Codec Pack 4.4.3 (HKLM\...\Media Player - Codec Pack) (Version: 4.4.3 - Media Player Codec Pack)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 57.0 (x86 en-US) (HKLM\...\Mozilla Firefox 57.0 (x86 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MPC-HC 1.7.11 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.11 - MPC-HC Team)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPrintScreen (HKCU\...\MyPrintScreen_is1) (Version: 3.3.0.0 - MyPrintScreen Company)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Hidden
Port Forwarding Wizard Lite 1.5 (HKLM\...\Port Forwarding Wizard Lite_is1) (Version:  - upredsun, Inc.)
Python 2.7 (HKLM\...\{20c31435-2a0a-4580-be8b-ac06fc243ca4}) (Version: 2.7.150 - Python Software Foundation)
Python 2.7 pycrypto-2.1.0 (HKLM\...\pycrypto-py2.7) (Version:  - )
RealDownloader (HKLM\...\{115CCDDD-8728-4789-983D-D041A8E02316}) (Version: 18.1.8.212 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM\...\{30f9b8e2-1723-49b3-a51a-6b1701314fd9}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealDownloader (HKLM\...\{4602B6EE-69EC-4548-B271-94D43CAA6C6F}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Mechanic 7.0 (HKLM\...\Registry Mechanic_is1) (Version: 7.0 - PC Tools)
Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2.10766 - Krzysztof Kowalczyk)
UnHackMe 9.50 (HKLM\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vibosoft ePub Converter (HKCU\...\Vibosoft ePub Converter) (Version: 2.1.10 - Vibosoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
WinSplit Revolution (v11.04) (HKLM\...\WinSplit Revolution) (Version: 11.04 - Raphael Lencrerot)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EC}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 64%
Total physical RAM: 3062.61 MB
Available physical RAM: 1086.75 MB
Total Virtual: 6123.53 MB
Available Virtual: 3208.62 MB
 
========================= Partitions: =====================================
 
1 Drive c: (W10EZEX ) (Fixed) (Total:203.93 GB) (Free:118.97 GB) NTFS
4 Drive g: (USB Seagate Drive) (Fixed) (Total:232.88 GB) (Free:26.16 GB) NTFS
7 Drive m: () (Removable) (Total:0.24 GB) (Free:0.18 GB) FAT
 
========================= Users: ========================================
 
User accounts for \\ITTIANDRO-PC
 
Administrator            Guest                    ittiandro                
vivona                   
 
 
**** End of log ****


#6 ittiandro

ittiandro
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 05 February 2018 - 03:46 PM

 

Copy/Paste Please

 
 
 
 

 

So, any clue what the problem is?

 

Ittiandro


Edited by boopme, 08 February 2018 - 11:45 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 08 February 2018 - 11:47 AM

Check for and remove/ disable any unknown /unwanted browser add ons...

Disabling Plugins in Google Chrome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users