Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy problems


  • This topic is locked This topic is locked
3 replies to this topic

#1 x2bad4u

x2bad4u

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 03 December 2014 - 03:51 AM

Hello people,

 

Lately we get allot more people in our shop with a proxy wich keeps on resetting itself, i hope you can help me along to find a fix for it and we can fix it everytime. So far i`ve looked at several threads on this forum and found no universal solution for this problem, scanning with Mbam and SSpy and Adwcleaner doesnt seem to do the trick neither does scanning it with different virusscanners. The virusscanners we tried so far are: MSE / Kaspersky / Norton / Avast (with bootscan) but no luck on that either.

 

As we read trough all the threads on this forum the most common responds (and solution in most cases) was to scan it with FRST, i did a scan on a recent pc wich came in and i was hoping someone would be so kind to give me a hand with it to make a fixthis.txt for it?

 

Here is the log.txt (with aditional.txt)

 

start

() C:\Program Files (x86)\Opgaziness\Opgaziness.exe
() C:\Program Files (x86)\Opgaziness\HttpsProxy.exe
() C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe
HKLM
-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S
-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-4097084883-1507480385-1203561815-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4097084883-1507480385-1203561815-1000] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S
-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4097084883-1507480385-1203561815-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Firefox\Extensions: [{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}] - C:\Program Files (x86)\DealsCompare\150.xpi
FF Extension: No Name - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [Not Found]
FF Extension: No Name - antiphishing@bullguard [Not Found]
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_keyd_14_24&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0D0BtCyDtDyC0BzzyD0EtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1Q1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyByE0EyE0C0A0CzytG0C0E0A0FtG0E0FyB0AtGtDyD0FtAtGyCtDtD0FyCtAyByByDyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzztByEtCtB0B0CtG0FyB0A0EtGyEtDyCyBtGzytC0A0EtGtByDtByBzytDyB0A0AtC0B0E2Q&cr=1894481732&ir="
CHR Extension: (Google Wallet) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [ebmnknjbkjpocngafnmdlgndlmlifeio] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944\ch\WebexpEnhancedV1alpha9944.crx [2011-02-11]
R2 Opgaziness; C:\Program Files (x86)\Opgaziness\Opgaziness.exe [4383192 2014-10-27] ()
S4 LMIRfsClientNP; No ImagePath
R4 AFW; system32\DRIVERS\afw.sys [X]
R4 afwcore; system32\DRIVERS\afwcore.sys [X]
R4 BdSpy; system32\drivers\BdSpy.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\DealsCompare
C
:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944
C
:\Program Files (x86)\Opgaziness

End

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by Gebruiker at 2014-12-03 09:45:29
Running from F:\Gebruiker\Bureaublad\PROXY
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Albelli Fotoboeken (HKU\S-1-5-21-3435596311-2168446984-4163756284-1002\...\{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1) (Version:  - Albelli)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl (HKLM\...\HomeStudentRetail - nl-nl) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3435596311-2168446984-4163756284-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 nl)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Servicetool (HKLM-x32\...\Servicetool) (Version: 1.0.0.46 - KPN)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3435596311-2168446984-4163756284-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3435596311-2168446984-4163756284-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

02-12-2014 16:51:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4CE6DC2E-4E9A-4A17-837C-0168B2F55F5C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-16] (Microsoft Corporation)
Task: {726E04F5-CACB-4D82-82F8-739E125C849A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GCS-20140201-Gebruiker GCS-20140201 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-19] (Microsoft Corporation)
Task: {94CF6CE3-2A72-4006-A682-81DC81073D95} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3435596311-2168446984-4163756284-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {96358375-F835-425F-B438-3A998E2A96CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {A4B49EE8-5FD7-4E66-9620-BD330CA100A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {DAD4CC20-A272-4E61-81D1-2A7D3CB2B342} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA798F08-9B0B-418D-9021-DA18F621B265} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-10-22 21:48 - 2014-10-22 21:48 - 00129061 _____ () C:\Users\Gebruiker\AppData\Local\CGIClassRegister\CGIClassRegister.exe
2014-12-01 21:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-22 21:48 - 2014-10-22 21:48 - 00310309 _____ () C:\Users\Gebruiker\AppData\Local\CGIClassRegister\EncondingFunctionProgram.exe
2014-10-19 17:25 - 2014-10-19 17:25 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-04-11 21:49 - 2014-11-19 21:39 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-19 17:24 - 2014-10-19 17:24 - 00960000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-10-19 17:25 - 2014-10-19 17:25 - 00337920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2014-10-27 20:03 - 2014-10-27 20:03 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2013-12-20 10:45 - 2013-04-11 15:29 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-3435596311-2168446984-4163756284-1002\...\StartupApproved\StartupFolder: => "StormWatchApp.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-3435596311-2168446984-4163756284-500 - Administrator - Disabled)
Gast (S-1-5-21-3435596311-2168446984-4163756284-501 - Limited - Disabled)
Gebruiker (S-1-5-21-3435596311-2168446984-4163756284-1002 - Administrator - Enabled) => C:\Users\Gebruiker
Temp (S-1-5-21-3435596311-2168446984-4163756284-1001 - Administrator - Enabled) => C:\Users\Temp

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 09:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Naam van module met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000017719
Id van proces met fout: 0x1f0
Starttijd van toepassing met fout: 0xigfxCUIService.exe0
Pad naar toepassing met fout: igfxCUIService.exe1
Pad naar module met fout: igfxCUIService.exe2
Rapport-id: igfxCUIService.exe3
Volledige pakketnaam met fout: igfxCUIService.exe4
Relatieve toepassings-id van pakket met fout: igfxCUIService.exe5

Error: (12/02/2014 06:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Naam van module met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000017719
Id van proces met fout: 0x1e8
Starttijd van toepassing met fout: 0xigfxCUIService.exe0
Pad naar toepassing met fout: igfxCUIService.exe1
Pad naar module met fout: igfxCUIService.exe2
Rapport-id: igfxCUIService.exe3
Volledige pakketnaam met fout: igfxCUIService.exe4
Relatieve toepassings-id van pakket met fout: igfxCUIService.exe5

Error: (12/02/2014 05:58:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3844) WindowsMail0: Het maken van de back-up is gestopt, omdat deze door de client is gestopt of omdat de verbinding met de client is mislukt.

Error: (12/02/2014 05:58:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3796) WindowsMail0: Het maken van de back-up is gestopt, omdat deze door de client is gestopt of omdat de verbinding met de client is mislukt.

Error: (12/02/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Naam van module met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000012bb8
Id van proces met fout: 0x1f0
Starttijd van toepassing met fout: 0xigfxCUIService.exe0
Pad naar toepassing met fout: igfxCUIService.exe1
Pad naar module met fout: igfxCUIService.exe2
Rapport-id: igfxCUIService.exe3
Volledige pakketnaam met fout: igfxCUIService.exe4
Relatieve toepassings-id van pakket met fout: igfxCUIService.exe5

Error: (12/02/2014 03:47:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Naam van module met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000017719
Id van proces met fout: 0x208
Starttijd van toepassing met fout: 0xigfxCUIService.exe0
Pad naar toepassing met fout: igfxCUIService.exe1
Pad naar module met fout: igfxCUIService.exe2
Rapport-id: igfxCUIService.exe3
Volledige pakketnaam met fout: igfxCUIService.exe4
Relatieve toepassings-id van pakket met fout: igfxCUIService.exe5

Error: (12/02/2014 03:32:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Naam van module met fout: igfxCUIService.exe, versie: 6.15.10.3960, tijdstempel: 0x54299ab0
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000017719
Id van proces met fout: 0x1f0
Starttijd van toepassing met fout: 0xigfxCUIService.exe0
Pad naar toepassing met fout: igfxCUIService.exe1
Pad naar module met fout: igfxCUIService.exe2
Rapport-id: igfxCUIService.exe3
Volledige pakketnaam met fout: igfxCUIService.exe4
Relatieve toepassings-id van pakket met fout: igfxCUIService.exe5

Error: (12/02/2014 03:14:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma WWAHost.exe, versie 6.3.9600.17031 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: a98

Starttijd: 01d00e3a10e1a2a2

Eindtijd: 4294967295

Toepassingspad: C:\Windows\System32\WWAHost.exe

Rapport-id: 6aafc290-7a2d-11e4-8419-74d43533a547

Volledige pakketnaam met fout: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Relatieve toepassings-id van pakket met fout: Windows.Store

Error: (12/02/2014 03:13:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: GCS-20140201)
Description: Het pakket winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store is beëindigd omdat het onderbreken te lang duurde.

Error: (12/02/2014 02:51:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: GCS-20140201)
Description: Het pakket winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store is beëindigd omdat het onderbreken te lang duurde.


System errors:
=============
Error: (12/03/2014 09:29:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Intel® HD Graphics Control Panel Service-service is gestopt met de volgende foutcode:
%%2147500037.

Error: (12/03/2014 09:29:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: De CGIClassRegister.exe-service is bij het starten vastgelopen.

Error: (12/03/2014 09:28:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Print Spooler-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (12/03/2014 09:28:09 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De Spooler-service kan niet als NT AUTHORITY\SYSTEM met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%50

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (12/03/2014 09:28:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Dynamic Application Loader Host Interface Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/03/2014 09:28:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Rapid Storage Technology-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/03/2014 09:28:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Management and Security Application Local Management Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/03/2014 09:28:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/03/2014 09:28:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De iPod-service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/03/2014 09:28:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.


Microsoft Office Sessions:
=========================
Error: (12/03/2014 09:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191f001d00ed3195a4985C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe76b56f92-7ac6-11e4-841e-74d43533a547

Error: (12/02/2014 06:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191e801d00e52de0efc45C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe3b046958-7a46-11e4-841d-74d43533a547

Error: (12/02/2014 05:58:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3844WindowsMail0:

Error: (12/02/2014 05:58:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3796WindowsMail0:

Error: (12/02/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c00000050000000000012bb81f001d00e511a428cf9C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe76cf44bd-7a44-11e4-841c-74d43533a547

Error: (12/02/2014 03:47:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771920801d00e3ec3122cacC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe208670fb-7a32-11e4-841b-74d43533a547

Error: (12/02/2014 03:32:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191f001d00e3ca5325b20C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe02c6e1bf-7a30-11e4-841a-74d43533a547

Error: (12/02/2014 03:14:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17031a9801d00e3a10e1a2a24294967295C:\Windows\System32\WWAHost.exe6aafc290-7a2d-11e4-8419-74d43533a547winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (12/02/2014 03:13:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: GCS-20140201)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (12/02/2014 02:51:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: GCS-20140201)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store


CodeIntegrity Errors:
===================================
  Date: 2014-03-01 14:24:55.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-01 14:22:18.794
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-01 14:22:12.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-01 14:21:37.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-01 13:40:04.557
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-22 22:34:41.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-22 22:34:40.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-22 22:34:40.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-22 22:34:40.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-17 14:38:01.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3420 @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 3979.73 MB
Available physical RAM: 2771.3 MB
Total Pagefile: 4683.73 MB
Available Pagefile: 3376.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:76.97 GB) NTFS
Drive f: (Opslag) (Fixed) (Total:931.39 GB) (Free:816.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 46AA1C7B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Who can help me out, and is there a way to make a universal fix or can someone show me how to make my own fixthis.txt per brought in pc? since i work in a pc shop this would be great to learn so we dont have to go over this process over and over again. Hope you guys dont mind me asking so many questions and can help me out on this. i do understand this process can be harmfull for the integrity of the system itself but we made a backup and the client is told there is a 99% chance of a reinstall so he`ll be happy when this could be fixed.

 

Hope to hear from you soon!



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 08 December 2014 - 03:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/558472 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 x2bad4u

x2bad4u
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 09 December 2014 - 04:01 AM

Good news, its fixed.

 

we did some fiddling around with FRST in a attempt to fix it (altho its not recommended to do that) and almost fixed it, it did come back after 2 reboots. in safemode we did a scan with Hitman pro and that seemed to

get rid of the last bit. many reboots later its still not reapearing. we did find the info on this forum so i would like to thank BC for being a awesome community!

 

Just to make sure, DONT DO WHAT WE DID!!!! we continued because its a clients pc, wich has to be done within a certain timeframe, so we had to find a fix within a week. DONT do this when you havent got an idea

what you are doing!

 

If an admin can close this that would be fine!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 AM

Posted 09 December 2014 - 09:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users