Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 wont start or repair


  • This topic is locked This topic is locked
13 replies to this topic

#1 DomBhoy

DomBhoy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 14 October 2013 - 02:25 PM

Hi

 

I am trying to fix a laptop for a friend and think there is some malware that is preventing it from starting and unable to repair by going to an earlier restore point. I have read similar topics on this forum on this and it looks like the first thing to do is run frst.exe to get some information on what is installed on the machine. I have ran this on the laptop with the issue and have attached the output. Any help with this issue would be greatly appreciatted.

 

Thanks

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 15 October 2013 - 03:23 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Search for files with FRST (Recovery Environment)


In Vista or Windows 7: Boot to System Recovery Options and run FRST.

In Windows XP: Please boot to BartPe and run FRST.



Type the following in the edit box after "Search:"

LPK.dll

Click Search button and post the log (Search.txt) it makes to your reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 DomBhoy

DomBhoy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 15 October 2013 - 04:48 AM

Hi Marius

 

Thanks for helping with this issue. I dont have access to the laptop just now but will do later this evening and will post the results you are looking for then.

 

Thanks again for you help.

 

Cheers



#4 DomBhoy

DomBhoy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 15 October 2013 - 02:32 PM

Hi Marius

 

Here is the output from search.txt:

 

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-15 20:00:08
Running from G:\
Boot Mode: Recovery

================== Search: "LPK.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_12ab04c4bec5c79d\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_11f44f93a5ca31a7\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_10f9b8f6c177b3cc\lpk.dll
[2013-01-13 07:36] - [2012-12-16 11:34] - 0025600 ____A (Microsoft Corporation) BF6CDA72E4112DAC01E2ED8911C3FD74

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21362_none_10b8d788c1a85e4b\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_10b128c0c1ad9e63\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_10e33734c188ad52\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_10e23504c18996d4\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_1010c9a7a8a147db\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17159_none_10410ac9a87c56ca\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_1051cb5ba870757e\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_100de90fa8a3d3f8\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_106e3811a85bbf28\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll
[2009-07-13 18:25] - [2009-07-13 20:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_08565a728a6505a2\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_079fa54171696fac\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_06a50ea48d16f1d1\lpk.dll
[2013-01-13 07:36] - [2012-12-16 12:19] - 0041472 ____A (Microsoft Corporation) 838BF2634A38B344B27AC080D76B28C2

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21362_none_06642d368d479c50\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_065c7e6e8d4cdc68\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_068e8ce28d27eb57\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_068d8ab28d28d4d9\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_05bc1f55744085e0\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17159_none_05ec6077741b94cf\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_05fd2109740fb383\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_05b93ebd744311fd\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_06198dbf73fafd2d\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

====== End Of Search ======



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 16 October 2013 - 02:59 AM

Fix with FRST (Recovery Environment)

 

  • Download the the attached fixlist.txt and save it to the usb device where FRST is located.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Now please enter System Recovery Options again.

 

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 DomBhoy

DomBhoy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 17 October 2013 - 05:42 PM

Hi Marius

 

Thanks for your swift reply. Here is the output from the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-17 23:39:17 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [IWONGIE Browser Plugin Loader] - C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbrmon.exe [20480 2010-07-26] (IWON)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe [1683456 2013-01-16] (Bandoo Media Inc)
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe [42536 2012-06-13] (MindSpark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2012-06-13] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [InboxToolbar] - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe [1661152 2012-09-19] (Inbox.com, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [YSearchProtection] - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\Jas\...\Run: [Search Protection] - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll        [1531256 2013-01-16] (Bandoo Media Inc)
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [2212304 2013-01-16] ()

S2 IWONGIEService; C:\PROGRA~2\IWONGIE\bar\1.bin\vrbarsvc.exe [28766 2010-07-26] (IWON)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 VideoDownloadConverter_4zService; C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2012-06-13] (COMPANYVERS_NAME)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

c:\Users\ADMINI~1\AppData\Local\Temp\DX9
C:\Program Files (x86)\McAfee Security Scan
c:\progra~3\browse~1
C:\PROGRA~2\SEARCH~2
C:\Program Files (x86)\Yahoo!\Search Protection
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Inbox Toolbar
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\Search Results Toolbar
C:\Program Files (x86)\IWONGIE
C:\Users\Jas\AppData\Local\Temp\APNStub.exe
C:\Users\Jas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jas\AppData\Local\Temp\BADriveSetup.exe
C:\Users\Jas\AppData\Local\Temp\chutil.dll
C:\Users\Jas\AppData\Local\Temp\comver.dll
C:\Users\Jas\AppData\Local\Temp\contentDATs.exe
C:\Users\Jas\AppData\Local\Temp\installhelper.dll
C:\Users\Jas\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Jas\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Jas\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Jas\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Jas\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Jas\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Jas\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jas\AppData\Local\Temp\nsyAFB1.tmp.ConduitEngineEmbbed.exe
C:\Users\Jas\AppData\Local\Temp\ofw7tyxe.dll
C:\Users\Jas\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Jas\AppData\Local\Temp\SIntf16.dll
C:\Users\Jas\AppData\Local\Temp\SIntf32.dll
C:\Users\Jas\AppData\Local\Temp\SIntfNT.dll
C:\Users\Jas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jas\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Jas\AppData\Local\Temp\sqlite3.dll
C:\Users\Jas\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Jas\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jas\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Jas\AppData\Local\Temp\tbedrs.dll
C:\Users\Jas\AppData\Local\Temp\tbWise.dll
C:\Users\Jas\AppData\Local\Temp\VirtualBox-3.1.8-61349-Win.exe
C:\Users\Jas\AppData\Local\Temp\YontooSetup-S.exe
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT

Replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll C:\Windows\System32\LPK.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll C:\Windows\SysWOW64\LPK.dll
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IWONGIE Browser Plugin Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxToolbar => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YSearchProtection => Value deleted successfully.
HKU\Jas\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
IWONGIEService => Service deleted successfully.
McComponentHostService => Service deleted successfully.
VideoDownloadConverter_4zService => Service deleted successfully.
SessionLauncher => Service deleted successfully.
"c:\Users\ADMINI~1\AppData\Local\Temp\DX9" => File/Directory not found.
C:\Program Files (x86)\McAfee Security Scan => Moved successfully.
c:\progra~3\browse~1 => Moved successfully.
C:\PROGRA~2\SEARCH~2 => Moved successfully.
C:\Program Files (x86)\Yahoo!\Search Protection => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\Inbox Toolbar => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z => Moved successfully.
"C:\Program Files (x86)\Search Results Toolbar" => File/Directory not found.
C:\Program Files (x86)\IWONGIE => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\BADriveSetup.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\chutil.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\comver.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\nsyAFB1.tmp.ConduitEngineEmbbed.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\ofw7tyxe.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SmartbarExeInstaller.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\tbWise.dll => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\VirtualBox-3.1.8-61349-Win.exe => Moved successfully.
C:\Users\Jas\AppData\Local\Temp\YontooSetup-S.exe => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLdw.DAT => Moved successfully.
Could not find C:\Windows\System32\LPK.dll.
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll copied successfully to C:\Windows\System32\LPK.dll
Could not find C:\Windows\SysWOW64\LPK.dll.
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll copied successfully to C:\Windows\SysWOW64\LPK.dll

==== End of Fixlog ====

 

What is the next step? Thanks again for your help with this issue.

 

Thanks



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 18 October 2013 - 02:12 AM

Boot into windows!

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 DomBhoy

DomBhoy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 18 October 2013 - 04:19 AM

Hi Marius

 

When I restart Windows just goes into Startup repair again. Should Windows start OK or should I do System restore or something?

 

Thanks



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 18 October 2013 - 05:51 AM

Let it proceed and report what happens.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 DomBhoy

DomBhoy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 18 October 2013 - 06:13 AM

Hi

 

When I proceed it just takes me down the 'Launch Startup Repair' route. And I get eventually to the screen that lets me do a System Restore, command prompt etc.

 

Thanks



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 20 October 2013 - 12:09 PM

Do a system restore to a point where the computer worked fine.

Report what happened.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 DomBhoy

DomBhoy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 20 October 2013 - 02:15 PM

Hi

 

The system restore fails. It progresses for a while but finishes with an error and mentions that no changes were made. I have tried this a few times with different restore points.

 

Thanks



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 21 October 2013 - 04:20 AM

rats!

 

We´re running out of options here - the safest thing in your case is to reinstall windows.

I´m sorry I have no better news for you... :(


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 28 October 2013 - 05:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users