Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C0000135 %HS Windows 7 32-Bits (user32.dll)


  • This topic is locked This topic is locked
4 replies to this topic

#1 ortizjuanm

ortizjuanm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2015 - 10:12 AM

Could someone please provide me with guidance, I'm in the dark here! 
 
I get a blue screen with this text "C0000135 %HS" the report says user32.dll is missing, don't know why!
 
Thanks!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015
Ran by SYSTEM on MININT-9DIBV3L on 11-02-2015 10:54:55
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11877448 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3158584 2013-02-14] (ESET)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [360448 2009-07-14] (Microsoft Corporation)
HKU\CONSERJERÍA\...\Policies\system: [LogonHoursAction] 2
HKU\CONSERJERÍA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\pc\...\Policies\system: [LogonHoursAction] 2
HKU\pc\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1415027732-3221573097-2130510708-1001\User: Group Policy restriction detected <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-24] (Intel Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [33136 2013-02-14] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1020304 2013-02-14] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [183944 2013-02-14] (ESET)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18512 2013-02-19] ()
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [175288 2013-02-04] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [124848 2013-02-04] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [108344 2013-02-04] (ESET)
S0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [538608 2013-04-30] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-04-30] (Intel Corporation)
S0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation)
S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation)
S3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-04-11] (Intel Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [19536 2013-05-06] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 10:54 - 2015-02-11 10:54 - 00000000 ____D () C:\FRST
2015-02-11 07:18 - 2015-02-11 07:18 - 00003288 ____N () C:\bootsqm.dat
2015-02-11 06:38 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-02-11 06:38 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-02-11 06:38 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-02-11 06:38 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-02-11 06:38 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-02-11 06:38 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-02-11 06:38 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-02-11 06:38 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-02-11 06:38 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-02-11 06:38 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-02-11 06:38 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-02-11 06:38 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-02-11 06:38 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-02-11 06:37 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-02-11 06:37 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-02-11 06:37 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-02-11 06:37 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-02-11 06:37 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-02-11 06:37 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-02-11 06:37 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-02-11 06:37 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2015-02-11 06:37 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2015-02-11 06:37 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-02-11 06:37 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-02-11 06:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-02-11 06:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-02-11 06:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-02-11 06:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-02-11 06:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-02-11 06:37 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-02-11 06:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-02-11 06:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-02-11 06:37 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-02-11 06:37 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-02-11 06:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-02-11 06:37 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-02-11 06:37 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-02-11 06:37 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-02-11 06:37 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-11 06:37 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-02-11 06:37 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-11 06:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-02-11 06:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-02-11 06:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-02-11 06:37 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-02-11 06:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-02-11 06:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-02-11 06:37 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-02-11 06:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-02-11 06:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-02-11 06:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-02-11 06:37 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-02-11 06:37 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-02-11 06:37 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-02-11 06:37 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-02-11 06:35 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-02-11 06:35 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-02-11 06:35 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-02-11 06:35 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-02-11 06:34 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-01-29 09:58 - 2015-01-29 09:58 - 00000000 ____D () C:\Users\CONSERJERÍA\AppData\Roaming\TeamViewer
2015-01-14 11:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-14 11:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-14 11:57 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-14 11:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 07:19 - 2014-12-10 07:18 - 00000000 ____D () C:\Windows\System32\appraiser
2015-02-11 07:19 - 2014-07-15 08:23 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-02-11 07:01 - 2014-07-15 02:31 - 02029148 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 03:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-02-06 15:12 - 2009-07-14 05:39 - 00030174 _____ () C:\Windows\setupact.log
2015-02-05 08:04 - 2009-07-14 05:34 - 00031888 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 08:04 - 2009-07-14 05:34 - 00031888 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 15:10 - 2010-11-20 22:01 - 01681640 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-30 07:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 07:01 - 2014-07-15 16:09 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-15 07:00 - 2014-07-15 16:09 - 110348472 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\OfficeSetup.exe
C:\Users\pc\AppData\Local\Temp\_isC208.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!.
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-24 19:53] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-12-30 09:16:04
Restore point made on: 2015-01-02 09:58:42
Restore point made on: 2015-01-06 09:21:27
Restore point made on: 2015-01-13 14:28:12
Restore point made on: 2015-01-15 07:00:16
Restore point made on: 2015-01-20 09:02:19
Restore point made on: 2015-01-27 09:40:28
Restore point made on: 2015-01-30 07:00:20
Restore point made on: 2015-02-03 07:03:54
Restore point made on: 2015-02-06 09:17:18
Restore point made on: 2015-02-09 09:28:41
Restore point made on: 2015-02-11 07:00:22
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 3983.71 MB
Available physical RAM: 3464.78 MB
Total Pagefile: 3981.99 MB
Available Pagefile: 3457.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:437 GB) NTFS
Drive f: () (Removable) (Total:1.86 GB) (Free:1.71 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A61558E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2015-02-03 04:41
 
==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 11-02-2015
Ran by SYSTEM at 2015-02-11 11:08:07
Running from f:\
Boot Mode: Recovery
 
================== Search Files: "user32.dll" =============
 
X:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-20 10:06][2010-11-20 13:21] 0811520 ____A (Microsoft Corporation) 
 
X:\Windows\System32\user32.dll
[2010-11-20 10:06][2010-11-20 13:21] 0811520 ____A (Microsoft Corporation) 
 
====== End Of Search ======

Edit: Topic moved from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 ortizjuanm

ortizjuanm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2015 - 11:12 AM

Fixed

 

Copied user32.dll from this location "X:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll" to "c:\windows\system32\"

 

Now is working as usual.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 AM

Posted 15 February 2015 - 10:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Good work.

Now I suggest you fix these

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

GroupPolicyUsers\S-1-5-21-1415027732-3221573097-2130510708-1001\User: Group Policy restriction detected <======= ATTENTION
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

=====

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 AM

Posted 21 February 2015 - 09:57 AM

Are you still with me?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 AM

Posted 27 February 2015 - 08:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users