Hi, I have been trying to fix a laptop for a friend. The laptop boots slowly into XP then just stops at a black screen with a mouse pointer and comes up with an lsass.exe application error warning. I click ok twice and that’s it the laptop just stays with a black screen and mouse pointer.
It does this in normal and safe boot modes so I cannot get into Windows to run any programs. I took out the hard drive and plugged it into my desktop pc and ran a full avast scan which found many problems which I moved to the chest as suggested.
When I put the hard drive back into the laptop the same problem with the lsass.exe error persisted.
Does anyone have any ideas how to fix this ? The only thing I can think of at the minute is reinstalling XP but the guy who’s laptop it is would rather save the data on there if possible.
Any advice appreciated, thanks.
hey and welcome to the forum.
i have Google the problem you menaced in your post. and this link might be the help for the problem.
http://www.geekstogo.com/forum/topic/32803-lsassexe-system-error/. im no expert but give that a shot and let us know how it goes or if you need more support.
good luck
Hi, thanks for the reply. I saw that page via googling too but unfortunately there were no answers for the situation of not being able to get into Windows.
Thanks .
Do you have access to a cd burner ?
If so …
Please print these instruction out so that you know what you are doing
OTLPENet.exe
MD5=C2629B6D6FA189EA92FF6FD1FFA2A81D
127,353,979bytes / 121.4MB
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Download the attached scan.txt to a USB
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Double click the Custom scans and fixes box
[*]In the dialogue locate the scan.txt you have on the USB
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Thanks essexboy, I have given that a try and attached is the OTL.txt
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[*]Insert your USB drive with fix.txt on it
[*]Start OTLPE
[*]Drag and drop fix.txt into the Custom scans and fixes box
[*]If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done to normal mode if possible
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Thanks again essexboy. I did the fix as you said above and I can now boot into Windows XP on the laptop.
[Quote]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
[/quote]
For the new OTL log do you mean boot from the cd again and repeat the first step ?
Do you think it was a virus/worm as there doesn’t seem to be any anti-virus software on here at all.
Thanks again for the help, much appreciated.
No lets try out normal version. You can keep the disc in case you ever need it again, but I am finished with it ;D
OOps I forgot you won’t have a copy in normal mode
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP
CREATERESTOREPOINT
[/b]
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
OK, that’s now finished and here are the resulting files.
Yep no sign of any AV (apart from Avast setup on the desktop). I will remove the rest of what I can see and then use MBAM to sweep for orphans. Once done can you let me know of any problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O20 - AppInit_DLLs: (c:\windows\system32\rtipxmib32.dll catres.dll regrgwiz.dll) - File not found [2011/01/06 16:59:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\377369900 [2011/01/06 16:59:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\5BB1D092963C49CBD601CD07238F0A28 [2011/01/06 16:59:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Application Data\SysWin [2011/01/06 16:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Winferno [2011/01/06 16:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winferno [2011/01/06 16:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winferno [2011/01/14 17:49:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job [2010/11/24 16:53:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\atechloc.ini [2010/11/24 16:52:35 | 000,000,083 | ---- | C] () -- C:\WINDOWS\atech.ini [2010/11/24 14:56:31 | 000,012,558 | ---- | C] () -- C:\WINDOWS\gstcore.dll [2010/11/24 14:56:30 | 000,038,982 | ---- | C] () -- C:\WINDOWS\rsczsys.dll [2010/11/24 14:56:30 | 000,006,017 | ---- | C] () -- C:\WINDOWS\assys.dll [2010/11/24 14:56:29 | 000,040,177 | ---- | C] () -- C:\WINDOWS\ffnsys.dll [2010/11/24 14:56:29 | 000,013,277 | ---- | C] () -- C:\WINDOWS\snsys.dll [2010/11/24 14:56:28 | 000,030,559 | ---- | C] () -- C:\WINDOWS\mfnsys.dll [2010/11/24 14:56:27 | 001,430,386 | ---- | C] () -- C:\WINDOWS\uawin.dll [2010/11/23 22:25:03 | 000,040,448 | ---- | C] () -- C:\WINDOWS\regobj.dll:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Ok done all that mate, here are the files.
That revealed the last ones to kill - once done could you let me know how it is running
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O2 - BHO: (no name) - {016FE973-70FA-4CDA-868A-3C9F1DFA04C8} - C:\WINDOWS\system32\batmeter32.dll (Borland Software Corporation) O2 - BHO: (d43f021e) - {6EF293C6-D75D-4749-7DBC-0FD282F8B510} - C:\WINDOWS\system32\rtipxmib32.dll (Borland Software Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Owner\Application Data\SysWin\lsass.exe O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - File not found O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - File not found [2011/01/06 16:59:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32 [2011/01/06 16:59:06 | 000,258,560 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\rtipxmib32.dll [2011/01/06 16:59:03 | 000,405,504 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\batmeter32.dll [2011/01/06 16:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Registry Helper:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Thanks, thats done now. Laptop still boots fine into xp and no obvious problems I can see when just flicking around windows. I can get online with it ok too.
To be honest I’m not entirely sure what we’ve just done but it seems to be a lot better than it was
Was the cause of all the problems a worm/virus then ?
Thanks for all your help, just installing Avast Home for him now.
It probably came down with Winferno or something like that - It entered a lot of appint entries and the file that it was related to was deleted, hence no boot
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll catres.dll regrgwiz.dll) - File not foundAs to what it was it may have been traceur trojan downloader, which can turn the system into a spambot or DOS machine
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\rtipxmib32.dll regrgwiz.dll) - File not found
Other elements are possible password stealing
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
SPRING CLEAN
Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
http://i1224.photobucket.com/albums/ee362/Essexboy3/Bootdefrag.jpg
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe 
hello Essexboy,
I have the same problem, and I was wondering if you could please help?
Start a new topic here and he will help you http://forum.avast.com/index.php?board=4.0
see button at top right, just over the orange line “NEW TOPIC”