rikkkki

Cool :!:

Got rid of teminal services, switched diskeeper to manual and checked out shmgrate in sys 32. It's there and listed as "windows nt user data migration tool" dated 8/4/2004 Well I must not be running multiple logons. I'm not really sure what that ensues. The switch thing I no nothing about. Oh BTW you may want to get an extra case or two

No, but a drink a few beers now and then :haha: :haha: HeHe, little humor there. Note the edit above last post. I will check services now

Hi cak46: Yes I reinstalled Diskeeper Lite last night. I went to install my full version #9 Pro and it wouldn't work cause it's not for XP Pro :!: So, I had a free copy of lite lying around, soooooooooooooooo, I put it in. Works fine alright for now. Edit:I went to do a manual reg key remove(with the shmgrate.exe) and the keys don't exist :!: Wouldn't that mean that this "cootie" wouldn't run??

Here's one for ya. I get this everytime I log off for the night. Now, the userenv is not listed in my services, so I can't config it the way they're saying to.

Whew :!: This is alot, with the other stuff. Here goes Edit by RTB: Made the log an attachment. Looks better that way

OK. Here goes cak46. This is the main scan. I'll post the startup with the minor and empty settings in the next post. Oh by the by, the 127.0.0.1 is the only "local host" listed. I thought this was the dreaded "loop around IP?" Logfile of HijackThis v1.99.1 Scan saved at 6:33:48 PM, on 6/24/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:PROGRA~1mcafee.comvsomcvsshld.exe C:PROGRA~1mcafee.comagentmcagent.exe c:progra~1mcafee.comvsomcvsescn.exe C:Program FilesLogitechMouseWaresystemem_exec.exe C:WINDOWSSystem32svchost.exe c:PROGRA~1mcafee.comvsomcvsrte.exe C:WINDOWSsystem32svchost.exe c:PROGRA~1mcafee.comvsomcshield.exe C:Program FilesOutlook Expressmsimn.exe C:Program FilesInternet Exploreriexplore.exe C:WINDOWSsystem32mmc.exe C:Program FilesHIJACKhijackthisHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/ R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Dave's Search Results O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe" O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O23 - Service: Diskeeper - Executive Software International, Inc. - C:Program FilesExecutive SoftwareDiskeeperDkService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe

Details Product: Windows Operating System ID: 7023 Source: Service Control Manager Version: 5.0 Component: System Event Log Symbolic Name: EVENT_SERVICE_EXIT_FAILED Message: The %1 service terminated with the following error: %2

Hey Cholla; thanks for the interest. Somehow I think this can be taken care of without me having to reinstall :!: In some ways, that's too easy!!!!!!!. It won't tell us what causes this and I think we would all like to know, at least for future reference, like the next guy that comes up with the same problem!!!!!!!!!!!!!!!!!!!

Ya, Windows Firewall is now enabled since I took out McAfee last night. Still got the error, though. I really like McAfee, but I can put it back in anytime.Windows does not have near the amount of tweaks that McAfee does. Trouble is, when I'm running their virus and firewall scan, I have about 8 processes/tasks running at any given time, but I guess that's what it takes :!: :!: Edit; Ya I thought it was getting a little late for you, thanks for hanging out like you did. Somehow I think there is an answer out there that doesn't require reinstalling :!: The dirver problem is something that I don't know anything about. MS is talking like we are supposed to know what the driver is,or what it belongs to. I have PC Rescue and I use it every day to clean out dead reg keys, etc. When I have the choice of cleaning or deleting I read all entries before doing so, but of course there's always the slight chance that maybe I'm getting rid of something I wasn't supposed to :!: I'm quite sure that I did not run PC Rescue on Sat. Until tomorrow :icon_salut: :wave:

Yes, this new version of XP Pro comes with SP. 2 I will try your link right now :( Edit, Well no luck there. I

Ah yes, print screen, thank you. The only thing I was trying to install was Silent Hunter about 6 times up to that point including on Sat. Will check your links right now Thanks, I'm getting a little excited. It's so cool to get something "almost mystical" fixed, not to mention perplexing :!: :!: edit; ya I'm the comptuer administrator,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, editX 2; The trouble with their "fix" is that they are saying I need to reinstall the drivers to fix the error but they aren't telling anybody what the drivers are for :!:

Details Product: Windows Operating System ID: 615 Source: Security Version: 5.0 Component: Security Event Log Symbolic Name: SE_AUDITID_IPSEC_POLICY_CHANGED Message: IPSec policy agent changed: %1 PolicySource: %2 %3 -------------------------------------------------------------------------------- Related Knowledge Base articles You can find additional information on this topic in the following Microsoft Knowledge Base articles:

Details Product: Windows Operating System ID: 26 Source: Application Popup Version: 5.2 Symbolic Name: STATUS_LOG_HARD_ERROR Message: Application popup: %1 : %2 Explanation The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt. User Action To correct this problem: Ensure that the program user has sufficient privileges to access the directory in which the driver is installed. Reinstall the program to restore the driver to the correct location. If these solutions do not work, contact Product Support Services. Version: 5.0 Symbolic Name: status_log_hard_error Message: Unable to Load Device Driver : device driver could not be loaded. Explanation The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt. User Action To correct this problem: Reinstall the program to restore the driver to the correct location. If these solutions do not work, contact Product Support Services. -------------------------------------------------------------------------------This is what I get when I click on the App Popup entry. I'm still trying to figure out how to send you some of these warnings so that they are in English................this is the "object name not found"

cak46 just read your note, I will look at the logs right now,,,,,,,,,,,,,,,,,,,,stay tuned

resi3js. I think you nailed it right on the head. So far, MS has not mailed me for two days now :!: It's a puzzle alright, I mean, everything works just fine, all I do is wait a few and click OK and it's gone without any problems. And to be present in two OS's , Home and Pro, tells me that the "faulty" file was there and not removed after I installed Pro. This was an upgrade only so all my files and settings were saved. Sooooooooooooo, I have several formatted cd's, UDF style, that I can use as floppy discs with 539Mb's each and I can start the old transfering process. :cry: :cry: The sad thing is, that if I do this, we will never really learn how to fix it in a more basic way. I went to some of your link suggestions and many others and this is a big problem but a "simple" solution doesn't seem to exist. There are forums all over the place talking about lsass.exe. If nothing comes up by the weekend, I'll go ahead and do the clean install.

Good questions Cak46 I did get Silent Hunter installed on Sunday after I installed XP Pro. Unfortunately, the error problem started on Sat., when I still had XP Home

Cholla, I did look at all sites and tried Symantecs removal tool with no results. One of the sites talked about the 60 second doom and that's not my problem right now. Cak46, I tried drwtsn.exe and it works fine except it comes up way before the error pops up :!: Therefore it can't "catch" the error cause it's already run boo hoo :( The error isn't coming up now until I click on a few icons. I think my memory banks are good enough now to explain how this all came about. When I tried to install Silent Hunter III it wouldn't cause it kept getting 'interrupted' So I mailed to support and they said to end all processes in task manager except sys tray and explorer. Well, one or two went away and then several came up and said 'cannot delete'. Well then came Lsass.exe and I clicked on that to end process and got the 60 second doom window and my system shut down :!: After that everything was fine (for awhile) At that point I started 'studying online' everything I could find out about lsass. I ran my clean-up utilities and finally went back to experiment with lsass and clicked on it to 'end process' and guess what? It now came up with 'cannot delete this,,,,,,,,,,' No 60 sec doom :!: :!:So I now thought everything was fine. But that same weekend( I think it was Saturday) all of a sudden the lsass error started popping up on my screen :!: It's weird cause when you get the 60 sec doom it just keeps coming back till you fix it. It only happened to me once. The next day (Sun) I installed XP Pro but the error stayed :( As far as I can tell I have a clean system and it is a legitimate system error. The lsass file path is is just as it supposed to be. I'm sending info to MS today and see what they say. (again) Cheers, the saga continues some more,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Oh ya, and then some. I ran both versons of stinger, all 5 McAfee virus removal tools, twice ran Symantec's removal tool, a complete virus scan in safe mode and I even ran the old Klez removal tool. When I was in safe mode the other day, it popped up. Today, it did not pop up in safe mode at all. Also today it didn't pop up at all until I started clicking on different icons. Paul Ramsey said it would pop up when I was in "safe mode with com prompt" and it didn't. Course his "fix" didn't work either :!: The saga continues,,,,,,,,,,,,,,,,,,,,,,,,,, Sorry guys, I just now saw your posts, my email link took me to page four instead of five. :!: I will try Dr. Watson,,,,,,,,,,,,,,,,,,,

Hi all :!: Well I just ran Paul Ramsey's "fix" twice and it didn't work :cry: For those of you are not familiar with this, the link is on page three about half way down.I typed it in exactly as written but no results. I tried disabeling one of the rpc's in my services, one that looked suspicious, and that got rid of it (the error) and my task tray and 90% of my services stopped working as well :!: So back to square one. I'm very sure it's not a virus, I do not get the 60 second countdown and I can still do all of my puter needs and after a few I can just delete the error and it goes away,,,,,,,,,, till next boot. I now have XP Pro. It started when I had Home the day before I updated to Pro. No word from MS today but yesterday they told me ( believe this or not) to go ahead and RUN Paul Ramsey's fix :!: and see if it helps :!: Hummmmmmmmmmmm. I wonder if they have anything else up their sleeve? Except the dreaded " Well, we suggest that we make a clean install" :lol:

Ya dead end there.

Well I cleaned the system earlier today with HJT and selected FIX and it went away. For some reason it did not save to backup :!: Wait a minute. I might be able to find it in a log file and select and paste it in the search box although I think I did this already but forgot. I shall try and see...................... Back again. I did try it before. No dice. "Not a valid file",,,,,,,,,,,,,,,,,,,

Yes, I just cleared the last registry key a minute ago. This was the one thing that MS told me to do. That dll entry thing is gone. :D

Boy, you got it :!: I'm right now trying to get a clean copy of Paul's fix into an email and send it to MS. Some of the symbols are changing in the translation so I think I'll just send them the link so they can read it for themselves. :haha: I hope I don't have to show them how to do that :D :D

You're right Cholla, they look identical. I caught it myself and edited my previous post. I wonder if our systems could misread this : Naaaa do ya think? I'm going to try it right now with another system search using Isass.exe (I just typed that with a cap i :icon_study: Update: didn't work, when I typed in a cap i the actual type that showed was a typical i ya know like an i beam. Got no results at all :!:I'm going to go ahead and send MS this batch file change and see what they say.