Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Error massage saing c\windows\config\lsass.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 23rd, 2009, 8:47 pm

Hi
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter
  • At the C:\Windows prompt, type the following bolded text, and press Enter:
BATCH CFRECOVERY.BAT

  • At the next prompt, type the following bolded text, and press Enter:
CD \

  • At the next prompt, type the following bolded text, and press Enter:
DIR C:\

Write down everything you see on the screen after the last command & post it here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 25th, 2009, 8:22 pm

HI

When I enter the BATCH CFRECOVERY.BAT commando I got (the system cannot find the file ore directory) so nothing there.)

When I entered DIR C:\ I got all this..
69120 atm.dll
78 autoexec.bat
0 autoexec.nav
211 boot.bak
281 boot.ini
4952 bootfont.bin
0 cakewalk projects
0 cmdcons
260272 cmldr
0 combofix
0 config.sys
39 debug.txt
0 documents and settings
0 downloads
519 hpfr3420.xml
52037 hpfr3425.log
0 io.sys
0 msdos.sys
0 msocache
47564 ntdetect.com
250576 ntldr
0 nvidia
0 program files
0 programmer
0 qoobox
0 recycler
0 rooter$
0 system volume information
0 tlog.log
45056 unace.dll
0 windows
0 winfast workarea
0 ~mssetup.t

33 files(s)
730705 bytes
82806870016 bytes free..
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 26th, 2009, 10:39 am

Hi
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter
  • At the C:\Windows prompt, type the following bolded text, and press Enter:
set AllowAllPaths = true

  • At the next prompt, type the following bolded text, and press Enter:
CD C:\COMBOFIX

  • At the next prompt, type the following bolded text, and press Enter:
TYPE DREV.DAT (copy down on a piece of paper ALL that's displayed on screen)

  • At the next prompt, type the following bolded text, and press Enter:
TYPE SVCTARGET.DAT (copy down on a piece of paper ALL that's displayed on screen)

  • At the next prompt, type the following bolded text, and press Enter:
TYPE NDIS_LOG.DAT (copy down on a piece of paper ALL that's displayed on screen)

  • At the next prompt, type the following bolded text, and press Enter:
EXIT

Let me know what happens & post the information that you wrote down after the relevant command prompts.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 26th, 2009, 1:34 pm

Hi

when i typed the set AllowAllPaths = true commando i got this message.
The SET command is currently disabled. The SET command is an optional Recovery Consol command that can only be enabled by using the the security Configuration and Analysis snap-in.

and when i typed the combofix i still got the message access is denied..
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 27th, 2009, 9:00 am

Hi
We'll give these commands a go but if this doesn't work then I think we may have to try something else.

  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter
  • At the C:\Windows prompt, type the following bolded text, and press Enter:
CD C:\Windows\System32\Config

  • At the next prompt, type the following bolded text, and press Enter:
REN Software Software.Erunt

  • At the next prompt, type the following bolded text, and press Enter:
REN Software.bak Software

  • At the next prompt, type the following bolded text, and press Enter:
EXIT

Reboot your computer.
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter
  • At the C:\Windows prompt, type the following bolded text, and press Enter:
CD C:\Windows\ERDNT

  • At the next prompt, type the following bolded text, and press Enter:
BATCH CFRECOVERY.BAT

  • At the next prompt, type the following bolded text, and press Enter:
CD C:\ComboFix

  • At the next prompt, type the following bolded text, and press Enter:
TYPE DREV.DAT (copy down on a piece of paper ALL that's displayed on screen)

  • At the next prompt, type the following bolded text, and press Enter:
TYPE SVCTARGET.DAT (copy down on a piece of paper ALL that's displayed on screen)

  • At the next prompt, type the following bolded text, and press Enter:
TYPE NDIS_LOG.DAT (copy down on a piece of paper ALL that's displayed on screen)

  • At the next prompt, type the following bolded text, and press Enter:
EXIT

Let me know what happens & post the information that you wrote down after the relevant command prompts.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 28th, 2009, 4:12 pm

hi

This will take some time the command works and I’m trying to write it all down..
I’ll try to post some of it tomorrow
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 28th, 2009, 7:50 pm

OK... no worries :)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 29th, 2009, 11:45 am

HI

the type drev.dat commando

C:\windows\downloade program files\popcaploader.dll
C:\windows\downloade program files\popcaploader.inf
C:\windows\installer\358c101.msp
C:\windows\installer\a3e95b.msi
C:\windows\installer\e35798.msi
C:\windows\system32\bin\filesystem_steam.dll
C:\windows\system32\bin\friendsui.dll
C:\windows\system32\bin\mss32_s.dll
C:\windows\system32\bin\nattypeprobe.dll
C:\windows\system32\bin\p2pcore.dll
C:\windows\system32\bin\p2pvoice.dll
C:\windows\system32\bin\serverbrowser.dll
C:\windows\system32\bin\shaders\d3d10overlay.fxo
C:\windows\system32\bin\steamservice.dll
C:\windows\system32\bin\steamservice.exe
C:\windows\system32\bin\vaudio_speex.dll
C:\windows\system32\bin\vgui2.dll
C:\windows\system32\cks\rasmus@ad.yieldmanager[1].txt
C:\windows\system32\cks\rasmus@ad.yieldmanager[2].txt
C:\windows\system32\cks\rasmus@blockbuster.112.2o7[1].txt
C:\windows\system32\cks\rasmus@content.yieldmanager[2].txt
C:\windows\system32\cks\rasmus@content.yieldmanager[3].txt
C:\windows\system32\cks\rasmus@danskebank.112.2o7[1].txt
C:\windows\system32\cks\rasmus@danskebank[1].txt
C:\windows\system32\cks\rasmus@danskevank[2].txt
C:\windows\system32\cks\rasmus@divx.112.2o7[1].txt
C:\windows\system32\cks\rasmus@doubleclick[1].txt
C:\windows\system32\cks\rasmus@doubleclick[2].txt
C:\windows\system32\cks\rasmus@eaeacom.112.2o7[1].txt
C:\windows\system32\cks\rasmus@msnportal.112.2o7[1].txt
C:\windows\system32\cks\rasmus@msnportal.112.2o7[2].txt
C:\windows\system32\cks\rasmus@netbank.danskebank[2].txt
C:\windows\system32\cks\rasmus@statistik-gallup[1].txt
C:\windows\system32\cks\rasmus@track.adform[1].txt
C:\windows\system32\cks\rasmus@track.adform[2].txt
C:\windows\system32\cks\rasmus@www-2.danskebank[2].txt
C:\windows\system32\dtw5d\iexplore_was013.dat
C:\windows\system32\ijl11.dll
C:\windows\system32\korlg.ini
C:\windows\system32\ldshyr.old
C:\windows\system32\nwklr.ini
C:\windows\system32\nwpp.ini
C:\windows\system32\nwwint.ini
C:\windows\system32\ppdnp.ini
C:\windows\system32\pporlg.ini
C:\windows\system32\srvblock.tmp
C:\windows\system32\uas\acrord32_uas001.dat
C:\windows\system32\uas\askhomepage_uas001.dat
C:\windows\system32\uas\askinstallchecher_uas001.dat
C:\windows\system32\uas\azureus_uas001.dat
C:\windows\system32\uas\azureus_uas002.dat
C:\windows\system32\uas\azureus_uas003.dat
C:\windows\system32\uas\azureus_uas004.dat
C:\windows\system32\uas\azureus_uas005.dat
C:\windows\system32\uas\bitcomet_uas001.dat
C:\windows\system32\uas\bitcomet_uas002.dat
C:\windows\system32\uas\bitcomet_uas003.dat
C:\windows\system32\uas\bitcomet_uas004.dat
C:\windows\system32\uas\cometbrowser_uas001.dat
C:\windows\system32\uas\cometbrowser_uas002.dat
C:\windows\system32\uas\crashreporter_uas001.dat
C:\windows\system32\uas\dwwin_uas001.dat
C:\windows\system32\uas\excel_uas001.dat
C:\windows\system32\uas\farcry2_uas001.dat
C:\windows\system32\uas\firefox_uas001.dat
C:\windows\system32\uas\firefox_uas002.dat
C:\windows\system32\uas\firefox_uas003.dat
C:\windows\system32\uas\firefox_uas004.dat
C:\windows\system32\uas\firefox_uas005.dat
C:\windows\system32\uas\flashutil9f_uas001.dat
C:\windows\system32\uas\gameroverlayui_uas001.dat
C:\windows\system32\uas\gameroverlayui_uas002.dat
C:\windows\system32\uas\garena_uas001.dat
C:\windows\system32\uas\googletoolbarnotifier_uas001.dat
C:\windows\system32\uas\googletoolbarnotifier_uas002.dat
C:\windows\system32\uas\googletoolbarnotifier_uas003.dat
C:\windows\system32\uas\gtb33.tmp_uas001.dat
C:\windows\system32\uas\gtb33.tmp_uas002.dat
C:\windows\system32\uas\gtb38.tmp_uas001.dat
C:\windows\system32\uas\gtb38.tmp_uas002.dat
C:\windows\system32\uas\gtb79.tmp_uas001.dat
C:\windows\system32\uas\h5_game_uas001.dat
C:\windows\system32\uas\helpctr_uas001.dat
C:\windows\system32\uas\helphost_uas001.dat
C:\windows\system32\uas\hl2_uas001.dat
C:\windows\system32\uas\hl2_uas002.dat
C:\windows\system32\uas\hl2_uas003.dat
C:\windows\system32\uas\hl2_uas004.dat
C:\windows\system32\uas\hl2_uas005.dat
C:\windows\system32\uas\hl2_uas006.dat
C:\windows\system32\uas\hlsw_uas001.dat
C:\windows\system32\uas\iexplore_uas001.dat
C:\windows\system32\uas\iexplore_uas002.dat
C:\windows\system32\uas\iexplore_uas003.dat
C:\windows\system32\uas\iexplore_uas004.dat
C:\windows\system32\uas\iexplore_uas005.dat
C:\windows\system32\uas\iexplore_uas006.dat
C:\windows\system32\uas\iexplore_uas007.dat
C:\windows\system32\uas\iexplore_uas008.dat
C:\windows\system32\uas\iexplore_uas009.dat
C:\windows\system32\uas\iexplore_uas010.dat
C:\windows\system32\uas\iexplore_uas011.dat
C:\windows\system32\uas\iexplore_uas012.dat
C:\windows\system32\uas\iexplore_uas013.dat
C:\windows\system32\uas\javaw_uas001.dat
C:\windows\system32\uas\jre-6u12-windows-i586-p-iftw_uas001.dat
C:\windows\system32\uas\jre-6u12-windows-i586-p-iftw_uas002.dat
C:\windows\system32\uas\jre-6u13-windows-i586-p-iftw-13974002_uas001.dat
C:\windows\system32\uas\jre-6u13-windows-i586-p-iftw-13974002_uas002.dat
C:\windows\system32\uas\jucheck_uas001.dat
C:\windows\system32\uas\jucheck_uas002.dat
C:\windows\system32\uas\jusched_uas001.dat
C:\windows\system32\uas\jusched_uas002.dat
C:\windows\system32\uas\launchpad_uas001.dat
C:\windows\system32\uas\left4dead_uas001.dat
C:\windows\system32\uas\lucoms~1_uas001.dat
C:\windows\system32\uas\lucoms~1_uas002.dat
C:\windows\system32\uas\mathtype_uas001.dat
C:\windows\system32\uas\mirc_uas001.dat
C:\windows\system32\uas\mirc_uas002.dat
C:\windows\system32\uas\msiexec_uas001.dat
C:\windows\system32\uas\msnmsgr_uas001.dat
C:\windows\system32\uas\msnmsgr_uas002.dat
C:\windows\system32\uas\msnmsgr_uas003.dat
C:\windows\system32\uas\msnmsgr_uas004.dat
C:\windows\system32\uas\msnmsgr_uas005.dat
C:\windows\system32\uas\msnmsgr_uas006.dat
C:\windows\system32\uas\msnmsgr_uas007.dat
C:\windows\system32\uas\msnmsgr_uas008.dat
C:\windows\system32\uas\msnmsgr_uas009.dat
C:\windows\system32\uas\msnmsgr_uas010.dat
C:\windows\system32\uas\msnmsgr_uas011.dat
C:\windows\system32\uas\msnmsgr_uas012.dat
C:\windows\system32\uas\msnmsgr_uas013.dat
C:\windows\system32\uas\msnmsgr_uas014.dat
C:\windows\system32\uas\msnmsgr_uas015.dat
C:\windows\system32\uas\msnmsgr_uas016.dat
C:\windows\system32\uas\msnmsgr_uas017.dat
C:\windows\system32\uas\msnmsgr_uas018.dat
C:\windows\system32\uas\msnmsgr_uas019.dat
C:\windows\system32\uas\npswf32_flashutil_uas001.dat
C:\windows\system32\uas\ose_uas001.dat
C:\windows\system32\uas\partygamingnet_uas001.dat
C:\windows\system32\uas\plantsvszombies_uas001.dat
C:\windows\system32\uas\powerpnt_uas001.dat
C:\windows\system32\uas\questviewer_uas001.dat
C:\windows\system32\uas\rnarcade_uas001.dat
C:\windows\system32\uas\setup_uas001.dat
C:\windows\system32\uas\setup_uas002.dat
C:\windows\system32\uas\setup_uas003.dat
C:\windows\system32\uas\signupshield_uas001.dat
C:\windows\system32\uas\signupshield_uas002.dat
C:\windows\system32\uas\signupshield_uas003.dat
C:\windows\system32\uas\simcity 4_uas001.dat
C:\windows\system32\uas\sims3launcher_uas001.dat
C:\windows\system32\uas\sims3launcher_uas002.dat
C:\windows\system32\uas\softwareupdate_uas001.dat
C:\windows\system32\uas\ssupdate_uas001.dat
C:\windows\system32\uas\ssupdate_uas002.dat
C:\windows\system32\uas\steam_uas001.dat
C:\windows\system32\uas\steam_uas002.dat
C:\windows\system32\uas\steam_uas003.dat
C:\windows\system32\uas\steam_uas004.dat
C:\windows\system32\uas\steam_uas005.dat
C:\windows\system32\uas\steam_uas006.dat
C:\windows\system32\uas\superantispyware_uas001.dat
C:\windows\system32\uas\svchost_uas001.dat
C:\windows\system32\uas\svchost_uas002.dat
C:\windows\system32\uas\svchost_uas003.dat
C:\windows\system32\uas\svchost_uas004.dat
C:\windows\system32\uas\swhelp~2_uas001.dat
C:\windows\system32\uas\swhelp~2_uas002.dat
C:\windows\system32\uas\swhelp~2_uas003.dat
C:\windows\system32\uas\swhelp~2_uas004.dat
C:\windows\system32\uas\swhelper_1150596_uas001.dat
C:\windows\system32\uas\uas001.dat
C:\windows\system32\uas\uas002.dat
C:\windows\system32\uas\uas003.dat
C:\windows\system32\uas\uas004.dat
C:\windows\system32\uas\uas005.dat
C:\windows\system32\uas\uas006.dat
C:\windows\system32\uas\uas007.dat
C:\windows\system32\uas\uas008.dat
C:\windows\system32\uas\uas009.dat
C:\windows\system32\uas\uas010.dat
C:\windows\system32\uas\uas011.dat
C:\windows\system32\uas\uas012.dat
C:\windows\system32\uas\uas013.dat
C:\windows\system32\uas\wgatray_uas001.dat
C:\windows\system32\uas\winword_uas001.dat
C:\windows\system32\uas\winword_uas002.dat
C:\windows\system32\uas\winword_uas003.dat
C:\windows\system32\uas\winword_uas004.dat
C:\windows\system32\uas\winword_uas005.dat
C:\windows\system32\uas\wmplayer_uas001.dat
C:\windows\system32\uas\wmplayer_uas002.dat
C:\windows\system32\uas\wmplayer_uas003.dat
C:\windows\system32\uas\wmplayer_uas004.dat
C:\windows\system32\uas\wmplayer_uas005.dat
C:\windows\system32\uas\windmlp.ini
C:\windows\system32\uas\worlg.ini
c:\xdfe47.dll

the type svctarget.dat commando

c:\combofix>type svctarget.dat
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< drivers\services >>>>>>>>>>>>>>>>>>>>>

.
-------\service_restore

the type ndis_log.dat commando

c:\combofix>type ndis_log.dat

infected copy of c:\windows\system32\wininet.dll was found and disinfected
restored copy from - C:\windows\system32\worlg.ini
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 29th, 2009, 1:22 pm

Hi let's see how we go with this:
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter
  • At the C:\Windows prompt, type the following bolded text, and press Enter:
CD C:\Windows\ERDNT

  • At the next prompt, type the following bolded text, and press Enter:
BATCH CFRECOVERY.BAT

  • At the next prompt, type the following bolded text, and press Enter:
CD ..\System32

  • At the next prompt, type the following bolded text, and press Enter:
REN Wininet.dll Wininet.OLD

  • At the next prompt, type the following bolded text, and press Enter:
COPY C:\QooBox\Quarantine\C\Windows\System32\Wininet.dll.vir Wininet.dll

  • At the next prompt, type the following bolded text, and press Enter:
EXIT

Let me know what happens & post any error messages that you may get.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 29th, 2009, 2:41 pm

Hi

I have written the message I got when I typed the commandoes in the ()

BATCH CFRECOVERY.BAT (no text)

REN Wininet.dll Wininet.OLD (the system cannot find the file ore directory specified)

COPY C:\QooBox\Quarantine\C\Windows\System32\Wininet.dll.vir Wininet.dll (1 file(s) copied)
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 29th, 2009, 9:33 pm

Hi
So I take it there is still problems booting normally?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 31st, 2009, 12:05 pm

hi

the computer starts up juste like normale when you turn it on and still restarting when i get the glimpt og the desktop
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 31st, 2009, 12:12 pm

Hi
Do you have your XP Installation Disc?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » August 1st, 2009, 2:44 am

yes
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » August 1st, 2009, 6:17 am

Hello Rasmus1112

I'm totally out of ideas on how to fix this so I think it might be time to consider either a Repair Installation or a Reformat & Re-installation of your operating system. Personally I think you should Reformat as we don't know what type of malware, if any, may still be on board so there is no guarantee that a Repair Install will fix the problem.

Let me know what you decide to do.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware