Solved: lkssys64.dll is corrupt can't find on install disk

I can't find that file in my system and a search on the Internet doesn't find it either.

Check out which folder it is in, write down this folder name, and rename the folder to something like unknown. No dll extension.

Reboot and see if they system runs. If it doesn't then boot up in dos and rename it back.

When you boot up in safe mode you are still in the GUI and you run scandisk and then defrag.

No need to drop into DOS mode and run chkdsk.

To get into the various modes, Normal, Safe Mode and Dos (Command Prompt), tap the F8 key on startup until you are given a menu to choose from.

besthelp1

Sounds to me asif your windows cant recognise the file it could be there. Try reinstalling windows again make sure you back up your files

EdmondClay

ASKER

Here's the code from the file...maybe that will help...thanks.

MZ 8 @ H : 4      M!8LM!This program cannot be run in DOS mode.

$ 1Iu(hTu(hTu(hTu(iTb(hT,{T(hT_ nTt(hTu(hTq(hTRichu(hT PE L C8 ` # , 0
r
` Ua 7 d @ P p f2hV3BO6ff1LinB+lwxCA472YprCicWuHYAiK5EQ fFvqkVmXr9+EM6K9gqkMPRKwLfeXLhivCO0WueLm.data Hnn0hsHcVz9Eyq50SzUTCcfg1+hXir2dF1zIpOlT @ GUmnbzf8YIhr+525VUXaSbJcwG6ALOUhF7INIChK GUmnYcV7hX1hVh3P5psjLlXEedyEDSMeHr27DyQA4PD8O Gh2rEXftpiI9SnJWzv6Fv6QrLoxVbYUBXJ4Z7IhC32.dll KERNEL32.dll "Itwp#twStw+uwo+uwi/uw</uw}/uwEtwLtwptw `wxwL*xwhwIiw}*xw[ViwKViwIiw tGawHawaw axw 9+8 9+8 ! 9+8 " 9+8 ~'EnumDisplayDevicesW user32.dll D i s p l a y

r
r
r

rD$h tHuh 0
r8
rkh 0
r0
r0B UllP SVWjP\
rx      E|3[SSSh
rkqht
rD
rh`
rPH
r3[      Ex;Ct@3v9]|v99R 3@=0|Ss+0|G0|H PVSUx@tvt}u
F;u|rG3@_^[ICS4|SPS
rkit$
rB j|XB Ulll EM|SVW3h|        j@      8L
rp;w      ut uF4              ExPhK        @n EpPuxh1        @ WWWWWE`WPt PD P~Puxh| @Q Et      >j>( Y5$~s% , \      ( MxGD      l f0~Pf      x f,~f      z 4~      t hp @* utj$ Phk @ GH =D~w3@      Ck      GC 3@GC H~      KL~      KP~      K,~      K0~      K4~      K D~      C(f      C,f      C.      C0      C4      C8      C<      C@      CDE      K$      3@k4VhM ut3uxh? kGE||V<
rkGE|tE      8E|_^[IB GE||kGUll UVWj$ Y      E3@=|js+l ^      Eh|vH      ElE      EpP G|l       uGEd      utGEx@       E|t@tMhQP;Fu
}x uFk3@_^IB UllEGEx@ l vx      Mp$      Mt|      M|tItEpPQxu}x t3@IB j|XB( VW? 0
rW4
rjj@L
rp3@;ptL$      F      N      F      F!0
r            50
rW@
rF_^B SV; 0
rWS4
r!0
rt$;Fu      #0
rk@t;NtAkr      v=<
rWVWS@
r_^[B SVt$3[W9^tLSSv      ^      ^hw x;{t6F;CtP<
rWSL
r;C      FtPWvhJ ;Gt;{txkM      ~N3@9L$sAk;Ktv|$AjAis%HXas$_^[B D$@B VWt$3X
rpvtt$t$Vh Vxt$T
rG_^B V3@WPPPP
rpjVt$(
rt$t$V$
rVx
rG_^B 3@B Uljh
rh$
rd! Pd      % QQl@SVW      ehMX}7Lv3I      M|9tM|j}XiL F      E,$      E0GE4 ]      ]8E      E<US      U@UP      UD      MTh 0
r4
rE,P        }Lvtm}Lvu%j$ PhS !0
r      E\@tG@ knh 0
r@
r}Lvt }LBvulF      E(MdQPh @u      GEXpkOVh @u&Vhm|VhX|@tj$ PhZ @JG GEX}Vh:|@tu(h- }L u&fg, G /EMH+HG$Ah/C+H      O(GEX M|EXk
jXCehH      E|Mpd
_^[IB UllL VW3uWWWWWWWW4~WPFPh= @t<L        ;L~u.P        ;P~u T        ;T~uX        ;d~u3@kjX_^IB Uljh
rh$
rd! Pd      % QQlSVW      ehue| >Lv u,Pv      EXp~      E\? 0
rW4
rEXPVXW@
rff, f( kjXCehM|Mpd
_^[IB UllE@t[8Lv V0LvuCl GEx@ vx      Ep$      Et|      E|t@tMpQPxu      FPh} V<
r^IB j|XB j|XB j|XB j|XB LLLUlSVWUj j hD
ruh8 ]_^[e]CL$wA 8 tD$T$      8 CSVWD$Pj~hL
rd5 d      % D$ Xp~t.;t$$t(4v3      L$      H|3 uh D3h@ T3kCd D_^[C3@d
yL
ruQR9Qu8 CSQ; 0
rk
SQ; 0
rM      K      C      kY[B LLVC20XC00UllSVWU|]Ew@       ExE      E|Ex      C|s{~tav| tEVUkT]^]@t3x<{Sh)~DkVSh^~DvjDha      CT{v4k!8 k8 kUkjSh~D]8 ]_^[e]CUL$)APAPhy~D]B %d
r%
r%
r%
r%
r%
rh | d X N T 4 ~ 0 * 6 B P \ l | Z f r 4 N @ : F & p RtlUnwind ntdll.dll - CreateDCW Q DeleteDC W GdiEntry3 Z GdiEntry6 V GdiEntry2 O GdiEntry10 N GdiEntry1 T DeleteObject dGetRegionData bGetRandomRgn I CreateRectRgn GDI32.dll IGetSystemMetrics ReleaseDC GetDC USER32.dll Z DeleteCriticalSection EInitializeCriticalSection SGetProcAddress :GetModuleHandleA iLocalFree eLocalAlloc ^LeaveCriticalSection o EnterCriticalSection KERNEL32.dll }+8 8 X v R       % U # @
# u | X
- @ Q b m u
) ; M ] q + :

DCIMAN32.dll DCIBeginAccess DCICloseProvider DCICreateOffscreen DCICreateOverlay DCICreatePrimary DCIDestroy DCIDraw DCIEndAccess DCIEnum DCIOpenProvider DCISetClipList DCISetDestination DCISetSrcDestClip GetDCRegionData GetWindowRegionData WinWatchClose WinWatchDidStatusChange WinWatchGetClipList WinWatchNotify WinWatchOpen 0        H `@ @ @4 V S _ V E R S I O N _ I N F O =o~ ? S t r i n g F i l e I n f o | 0 4 0 9 0 4 B 0 L C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n @ F i l e D e s c r i p t i o n D C I M a n a g e r 8 F i l e V e r s i o n 5 . 0 0 . 2 1 8 0 . 1 2        I n t e r n a l N a m e d c i m a n 3 2 t ( L e g a l C o p y r i g h t C o p y r i g h t ( C ) M i c r o s o f t C o r p . 1 9 8 1 - 1 9 9 9 :        O r i g i n a l F i l e n a m e d c i m a n 3 2 ~ / P r o d u c t N a m e M i c r o s o f t ( R ) W i n d o w s ( R ) 2 0 0 0 O p e r a t i n g S y s t e m < P r o d u c t V e r s i o n 5 . 0 0 . 2 1 8 0 . 1 D V a r F i l e I n f o $ T r a n s l a t i o n       0 11$1(191?1F1L1e1w1~11      11p1|1)2O3[4b4l4      555&5.535B5_5k5#5+5656J6Y6h6q6667767M7S7 8%8e8l8z8989y9b:|::~;;
;;;;
dll\dciman32.dbg lib\i386\dciman32.dll

EdmondClay

ASKER

The experts at WinDrivers.com have suggested that the above corrupt code is perhaps a virus. Comparing the above code to the below file DCIMAN32.dll which is indicated in the corrupt file shows a whole lot of extra code. I plan to notify the appropriate authorities in the event that we conclude that there is virus behaviour here. Should I post this question at a different forum? Thanks guys!

MZ 8 @ : 4      M!8LM!This program cannot be run in DOS mode.

$ PE L _! 7 ` !<
~ ` l 0 ( @ P ` p0 H .text | `.data @ @.idata \ 0 0 @ @.rsrc @ @ @ @.reloc P P @ B 32-bit DCIMAN D$Vt$VPh ~h ~hn @u3@^B 8 ^B LLLVWjHj@t0~xu
8t_^B D$WPGH hk pv}W0~F_^B D$      8F_^B LLSVt$0WjTj@G t0~xu8t_^[B( D$0WL$0PT$0QD$0RL$0PT$0QD$0RL$0PT$0QRGT h
X[}W0~C_^[B( C      >_^[B( SVt$WjPj@G t0~xu8t_^[B D$WL$PQGP hq X[}W0~C_^[B C      >_^[B LLLVt$VhR V0~^B LLLLLLLLLL3@B LLLZh)~h ~Ri_ dcithk_ThunkData16 @ ~` ~1UlQl<<~7@IC1UlQl<fuhz P<~hs IB 1UlQl<fuuuuuuu u$u(E,h$      U,P<~M,h IB( 1UlQl<fuh Ph P<~h h
IB f9@~lfuuvuVk}8WMl@9 -f+b{uvuVk}0WMl9 -f+b{uuhs ?Xi} 1k1
UlQl<h} P<~hw IB 1
UlQl<h_ Pfufufufu<~hH IB 1      UlQl<h0 P<~h) IB 1UlQl<h Ph P<~h h IB f9@~luvtvvFuvtvvFhG PuvuVk}8WMl9 -f+b{uvuVk}0WMl9 -f+b{he ?Xh i^ f9@~luvtvvFuvtvvFhN PuvuVk}8WMl9 -f+b{uvuVk}0WMl9 -f+b{h4 Phf 7Xh h' i` 1UlQl<fu<~7@IB 1k1UlQl<fu<~IB f9@~luvtvvFfuuvuVk}8WMl9 -f+b{fuh# PhU 7Xh iT 1UlQl<fu<~IB 1 k1UlQl<fuuhS P<~A`,PhF IB %x0~%|0~%0~%0~%0~%0~%0~%p0~%0~%0~% 0~%$0~%(0~%,0~%00~LL ~F5 8 h k ~ @ p I m D 9 c \ z l ` ! 0 A T e v       . = O a o ! 9 M \ i

DCIMAN32.dll DCIBeginAccess DCICloseProvider DCICreateOffscreen DCICreateOverlay DCICreatePrimary DCIDestroy DCIDraw DCIEndAccess DCIEnum DCIOpenProvider DCISetClipList DCISetDestination DCISetSrcDestClip DllEntryPoint GetDCRegionData GetWindowRegionData WinWatchClose WinWatchDidStatusChange WinWatchGetClipList WinWatchNotify WinWatchOpen dcithk_ThunkData32 dciman.dll dciman32.dll LS01x% LB01 $ D LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL (0 3B7N1 p0 *1 D0 R0 ^0 j0 v0 1 1 1 80 >1 R1 h1 |1 1 &1 <1 ww?4Hw?`)w?,w?),w?A,w?w?w?7w?PIw?<w?|w?2w?rw?-w?mw?>.w? :LocalFree 6LocalAlloc FT_Thunk FT_Exit12 FT_Exit16 FT_Exit20 SMapLS $SUnMapLS #SMapLS_IP_EBP_8 -SUnMapLS_IP_EBP_8 SMapLS_IP_EBP_12 %SUnMapLS_IP_EBP_12 SMapLS_IP_EBP_16 &SUnMapLS_IP_EBP_16 SMapLS_IP_EBP_20 'SUnMapLS_IP_EBP_20 ThunkConnect32 KERNEL32.dll ~F5 ~F5 0 ~F5        H `@ @ @4 V S _ V E R S I O N _ I N F O =o~ N N ? 0 S t r i n g F i l e I n f o | 0 4 0 9 0 4 E 4 ` C o m p a n y N a m e I n t e l ( R ) C o r p . , M i c r o s o f t C o r p . J F i l e D e s c r i p t i o n D C I M a n a g e r 1 . 0 0 4
F i l e V e r s i o n 4 . 0 3 . 1 9 9 8 6 I n t e r n a l N a m e d c i m a n . d l l 5 L e g a l C o p y r i g h t C o p y r i g h t ( c ) 1 9 9 2 - 1 9 9 8 I n t e l / M i c r o s o f t C o r p o r a t i o n . > O r i g i n a l F i l e n a m e d c i m a n . d l l D P r o d u c t N a m e M i c r o s o f t W i n d o w s 8
P r o d u c t V e r s i o n 4 . 0 3 . 1 9 9 8 D V a r F i l e I n f o $ T r a n s l a t i o n       d ` 0!0H0v0#0z0#1W1~111<1@1O1m1.2Z2s2^23+3P3i3b3o444{4 565<5B5H5N5T5Z5`5f5l5r5x5~55
5

dbrunton

If you look carefully at the code you will see it has an internal name of dciman.dll.

This is a driver file for QuickTime Video.

Have you tried renaming the file and seeing what happens yet?

sh0e

Gh2rEXftpiI9SnJWzv6Fv6QrLoxVbYUBXJ4Z7IhC32.dll
hm.. it appears to have references to a dll with that name
perhaps it unpacks that and tries to execute it
its data section appears to be
fFvqkVmXr9+EM6K9gqkMPRKwLfeXLhivCO0WueLm.data
it appears to be a polymorphic virus..
DeleteCriticalSection ÅInitializeCriticalSection SGetProcAddress :GetModuleHandleA éLocalFree åLocalAlloc ÞLeaveCriticalSection o EnterCriticalSection
those calls seem to suggest that it injects itself into running processes
and attempts to initiate the code for that dll

EdmondClay

ASKER

I've forwarded the code to several virus check sites and should have some feedback in a day or two. I also noticed that when I loaded the code into an html format it showed a couple of links which are further curious. Here are the links:

mailto:ÌÌÌVWjHj@ÿt0~<ø.ÿu

mailto:t$0WjTj@Ç

curiouser, and curiouser....

sh0e

oh no thats only because of the @ signs
browsers like to define links for you :D

EdmondClay

ASKER

I dl'd an evaluation copy of vexira av and lo and behold we did find TR\FlashKiller.B virus which supposedly destroyed a file canonbj/itp.exe. I have forwarded the report to VAV for evaluation as it may only be a false positive...thanks for the feedback on the mailto:...

sh0e

i had a run in with that one too.. it took a liking to explorer.exe.. ick
flashkiller is a very nasty one.. hopefully its false positive heh

EdmondClay

ASKER

thanks. the file that it destroyed was canonbj\itp.exe I am wondering if any itp.exe file that is fresh and uninfected could be inserted back into the canonbj directory and be considered repaired. Canon is useless on support and I found a copy of ITP.EXE available from a site that makes it available for developers and database engineers. I understand that it is an "Intelligent Whatever I can't find nor remember the original information" executable. The infected file was 152kb and the fresh file is 34kb so I guess there is some, ahem, additional code in there...Well I stuck it in the canonbj file after extracting, av checking it, and I guess it will work, although I cannot tell what the problem was in the first place as my canon bj printer works just fine, ah well...whatever....thanks will get back when I have more in the next day or so...