lsass.exe infected, no internet

[dreamz]

ok, finally got limited access on a guest account. main owner account not loading, still no internet. just to save time im going to run another scan for you in case you are going to ask, lol. i am so glad someone knows what they doing. when i log into my account (owner) it reverts back to the first screen. i dont know the techy name for that first screen that slides up when you click left mouse, but when i log into owner account screen, it just goes back. and when i am in guest account no access to start button, sooooo, no prompt, nada. heres new scan for you

jenn

 

[dreamz]

finally got owner acct to load. no desktop, internet, nada. do i need to restore? i dont have original disk. the original account microsoft live acct, that had admin privies i cant login to without internet. awaiting your reply. i can see if i can start any of the services?

 

[TwinHeadedEagle]

It would help if you could run FRST from Normal windows boot account and post both logs for me.

Can you access Command Prompt in Administrator account?

 

[dreamz]

no i tried several times. only thing i could access was trashcan. then to files. i can get to bios and hard boot to security....i have a boot thumb i made from this chromebook...been sending that way. this laptop cant get infected, can it? sorry took so long, live in caregiver so i get pulled away in the middle of stuff and been staying up late. been tempted to d/l windows from site and try that way, but wanted to ask first

 

[dreamz]

is there a way to hard boot to cmd promt, if so tell me only what to type as i still dont understand all the characters in between what to actually put in, or if you could kindly tell me how to read it, would greatly appreciate it. thanks a bunch, you're a doll for all your help

 

[dreamz]

not sure how soon you will get back so im researching ways to boot to cmd prompt. ive played around some in there in the past, but not in a few years and on different os, soooo i'm not sure what to type in. i will pull up cmd to see what to use to run frst for you tonight. wish me luck

 

[TwinHeadedEagle]

If you can get to CMD, please type this command and try to execute Check Disk on reboot.

chkdsk C: /r

 

[dreamz]

ok, was able to run check disk at cmd prompt.

failed to transfer logged messages to the event log with status 50.

i am unable to boot from usb. i was in bios and where i should be able to change options in windows boot manager, its locked me out. i can see when booting up a quick dos screen and a little cursor like flash in the upper left corner of laptop, or it's i've been researching while you've been studying, and i realize im not your only lost soul. im trying to find a way to get into the hidden admin, i dont have one now, in order to make changes. im not downloading any fixes without your approval. this been going on for weeks now and my pile gets bigger and bigger. when i open the usb drive with window iso on it, no files are loading. i saved some pages with cmds and going to try to open windows. its just been a while and this aint windows 98 for sure, lol. its after 3 am, my 4th night in a row doing this and being up for work in few hours. im off tomorrow so i hope to be on. i try to remain on in the event we could connect and i wouldn;t be so afraid to do something in dos. ill let you know if i can get windows open and run a new frst.exe for you along with text log. or you will just see the logs. gonna try for another 30 then out. thanks again, and if you have anything regarding cmd for me to run, send em, please. have a great day.

jenn

 

[TwinHeadedEagle]

Where did you start CMD from? Recovery mode?

 

[dreamz]

i noticed that it did show it was from recovery...still. i can't get into boot manager. which after all my researching, realized thats where it starts. that being said, i really thot i had it, lol. im just exhausted and my time is running short for me to fix it, i am moving by end of month and won't even begin to tell you how many straws are on my camels back lol. im "off" today, but have paperwork to deal with and packing and a home to secure, which is why ive been up so late at night till wee hours trying to find something. bios is standard and no matter how many times, ive learned, i change values, nothing is happening until i get that boot mode changed. i will say, im learning, but do not trust many sites. i have given you cudos word of mouth to several people as one of the very few sites that i consider reputable. so is this have something to do with a rootkit> i keep coming across this term, but again, trusting you and some of the links on your site. i haven't left any messages in other forums, however have looked. i don't know how to open up the new windows, figured from what i've read that it should start and me asked questions. im afraid to deleted in bios (boot sequences). especiacially boot manager. but boy how i'd like to get in there. i left laptop at g:\> with blinking cursor. have not restarted yet. i have plenty of book marked sites and pages with information on how to boot to cmd prompt. going into explorer is one of them, but i dont know....yet, how to make the iso program open. ill be in front of laptop off n on today since im off. i wish i could just give you my phone number and make it go faster, but that pretty selfish of me as you have so many others and your time if not just free, but very valuable..can't get that back. awaiting your reply.

jenn

 

[TwinHeadedEagle]

In Recovery command prompt, please type this (and enter after each command):

bootrec.exe /FixMbr

bootrec.exe /FixBoot

Then reboot and try to boot your computer.

If that fails boot again into recovery and follow the steps on picture below (ask if something is not clear)




You will find your system drive by opening it and see where you have Program Files and Windows folder.

Right click on that drive > properties > tools > check now.

Here check all boxes and click Start. Follow all prompts after that. There should be Checking Local Disk etc.

Let me know if you have more questions.

 

[dreamz]

i had actually tried to open properties on several files, won't allow it. i get no error, nothing happens. i did as you asked at prompt and it booted to a black blinking screen and cursor. when i bring up task man if i click task it goes back to blinking again. i am keeping battery unplugged and have had the casing open. i am going to leave it that way, but screw the casing back on so i don't break any hardware. i need to somehow get into boot manager, but i cant. im sure you know that needs to be resolved first. as i said, ive been researching as well, and have found only 1 or 2 that seem reputable with some good info. they ask to perform steps before even a mention of software. i have added passwords to boot although i doubt this will change anything at this point. while i have your ear...ummm eye, my chromebook could use a checking up, but honenestly dont know much about it. should i just go to their official site or do you have any suggestions? ive been switching the two thumbs back and forth and dont want to infect this one or i will have no way to research or stay in touch with you. please let me know if you do actual phone calls and if so, what time is good for you? my time is running out as i dont know where i will be by the end of the month and dont want all this to go to waste, i need to follow through. i will try to check this throughhout the day. ebven booting from usb wont work as boot manager has priority.

 

[TwinHeadedEagle]

Can you try to follow my latest instructions?

 

[dreamz]

i did...exactly as you wrote it. waited 30 minutes after it rebooted to blinking black/cursor, then again. i cannot get into a file, not even after running commands. i am currently at R/E awaiting for instructions.

 

[TwinHeadedEagle]

Can you run Check Disk procedure?

 

[dreamz]

only in r/e. i did that earlier, see above message. i cant seem to do anything bc of boot manager. im gonna try to stay up again one more night, but im running on empty, lol. how do i get boot manager to open. ive seen different programs, but dont want to go against your advice. ive seen work arounds, read about the hidden admin, which would be great if i could override with that. ive found codes to change user p/w, but like i said, i need your help. i need to get into bm and i need to get to cmd prompt. i am unable to do anything without these, but you know this. thanks again for your ongoing hard work. awaiting reply.

jenn

 

[TwinHeadedEagle]

Please no need to answer in thousand words, you are writing something that doesn't help. Please let me ask the questions and you answer to them.

Have you done both bootrec command?

Have you done check disk procedure successfully?

What happens now when you try to boot your system?

 

[dreamz]

yes in re
yes in re
black blinking screen/cursor

 

[TwinHeadedEagle]

Can you see Windows boot logo? Can you enter BIOS?

 

[dreamz]

no
yes
i am in recovery now.
reboot into bios?