Lsass.exe

[rikkkki]

Hello again!

[cak46]

Yeah, things get fixed and better with age, supposedly....   Very good idea to look at the other machine and compare!  :)! 

Try running advapi.dll thru the depends tool.  That executes at about the same time as the lsass error.  May want to check each module that runst at the same time period.  See if it might be an unrelated but causal factor of the lsass.exe error? advapi is part of the security system, I believe.  Also, save the log on the kit. computer from depends for lsass.exe and check the 'known dll's" and compare with the log on the other machine.  It could be that a needed dll is not registred but should be.    Here is the old log:

The system's "KnownDLLs" list

  [F ] c:windowssystem32ADVAPI32.DLL

  [F ] c:windowssystem32APPHELP.DLL

  [F ] c:windowssystem32COMCTL32.DLL

  [F ] c:windowssystem32COMDLG32.DLL

  [F ] c:windowssystem32CRYPT32.DLL

  [F ] c:windowssystem32CRYPTUI.DLL

  [F ] c:windowssystem32GDI32.DLL

  [F ] c:windowssystem32IMAGEHLP.DLL

  [F ] c:windowssystem32KERNEL32.DLL

  [F ] c:windowssystem32LZ32.DLL

  [F ] c:windowssystem32MPR.DLL

  [F ] c:windowssystem32MSASN1.DLL

  [F ] c:windowssystem32MSVCRT.DLL

  [F ] c:windowssystem32NETAPI32.DLL

  [F ] c:windowssystem32NTDLL.DLL

  [F ] c:windowssystem32OLE32.DLL

  [F ] c:windowssystem32OLEAUT32.DLL

  [F ] c:windowssystem32OLECLI32.DLL

  [F ] c:windowssystem32OLECNV32.DLL

  [F ] c:windowssystem32OLESVR32.DLL

  [F ] c:windowssystem32OLETHK32.DLL

  [F ] c:windowssystem32RPCRT4.DLL

  [F ] c:windowssystem32SHDOCVW.DLL

  [F ] c:windowssystem32SHELL32.DLL

  [F ] c:windowssystem32SHLWAPI.DLL

  [F ] c:windowssystem32URL.DLL

  [F ] c:windowssystem32URLMON.DLL

  [F ] c:windowssystem32USER32.DLL

  [F ] c:windowssystem32USERENV.DLL

  [F ] c:windowssystem32VERSION.DLL

  [F ] c:windowssystem32WININET.DLL

  [F ] c:windowssystem32WINTRUST.DLL

  [F ] c:windowssystem32WLDAP32.DLL

  [F ] c:windowssystem32WOW32.DLL

The application directory

  [  ] C:WINDOWSsystem32

The 32-bit system directory

  [  ] C:WINDOWSsystem32

The 16-bit system directory (Windows NT/2000/XP only)

  [  ] C:WINDOWSsystem

The system's root OS directory

  [  ] C:WINDOWS

The application's registered "App Paths" directories

The system's "PATH" environment variable directories

  [  ] C:WINDOWSsystem32

  [  ] C:WINDOWS

  [  ] C:WINDOWSsystem32WBEM

  [  ] C:Program FilesCommon FilesUlead SystemsMPEG

  [  ] C:Program FilesSupport Tools

[rikkkki]

Well, I'm a little embarassed  :oops: Both systems are version 5.1.2600 build 2600 with my main machine having SP2. The K/Pc has no SP's. Will check the advapi.dll now.

[cak46]

Well, I'm a little embarassed :oops: Both systems are version 5.1.2600 build 2600 with my main machine having SP2. The K/Pc has no SP's. Will check the advapi.dll now.

No reason to be    It does not necessarily mean the lsass's are different versions. 

I like to start general then get specific.  Found in the long run things work out better that way.  find the lsass file on each machine, rioght mouse click then select properties.  Now, compare the version numbers on the version tab of each.  If they are the same, it may still be a viable route to travel.  If not, so what?  Still a damn good idea in my book. 

[rikkkki]

No reason to be

[rikkkki]

The lsass file is the same version on my slave drive.(5.1.2600.2180.) Remember, I copied and pasted it right over my main drive lsass file awhile back with no success. Now in my Security Event Log these are the .dll's that "load" just before the error pops up.

Starting at 5:51:37 PM:

Kerberos.dll

LSASRV.dll

O.dll NTLM

schannel.dll:Schannel

wdigest.sll:WDigest

5:51:48 Lsass popup

These are not perfect, but should give you an idea. Advapi is involved but not as a .dll

I don't know if I'm doing this right or what. Does this mean anything at all?

[rikkkki]

I must have left a few brain cells more than I thought at that last concert I went to at the Fillmore Auditorium when Jefferson Airplane was there  :haha: The only boot.ini I can find is a backup which is worthless for us. Where do I find the right one? 

[cak46]

The lsass file is the same version on my slave drive.(5.1.2600.2180.) Remember, I copied and pasted it right over my main drive lsass file awhile back with no success. Now in my Security Event Log these are the .dll's that "load" just before the error pops up.

Starting at 5:51:37 PM:

Kerberos.dll

LSASRV.dll

O.dll NTLM

schannel.dll:Schannel

wdigest.sll:WDigest

5:51:48 Lsass popup

These are not perfect, but should give you an idea. Advapi is involved but not as a .dll

I don't know if I'm doing this right or what. Does this mean anything at all?

No, looks good to me.  With advapi, its showing its given name, not the name of the actual file....  if that makes any sense.

Check the dependencies for each of these.  the first two Kerberos and lsasrv are related to security, the second (I assume as IO.dll and if it isn't, let me know) is related to input/output devices (maybe a possibility?) the fifth is part of security as well.  schannel is the secure socket layer provider for Internet explorer. 

Got your other post.  I believe its a hidden file in the root  (C:) directory.  Copy it by right mouse clicking on it once, then select Copy, then paste it onto your desktop.  Email it to me instead of posting if you want. 

[cak46]

I must have left a few brain cells more than I thought at that last concert I went to at the Fillmore Auditorium when Jefferson Airplane was there :haha: The only boot.ini I can find is a backup which is worthless for us. Where do I find the right one?

Must have been a great concert!

Left a few myself for AC/DC, Nugent, Styx.......    Would have liked to have seen JA in concert. 

BTW:  Youre a Regular now (Note your stars....) 

[rikkkki]

Must have been a great concert!

Left a few myself for AC/DC, Nugent, Styx.......

[cak46]

Great groups, those guys. I don't think Gracie Slick was singing "White Rabbit" for herself. I think she was singing it for us :haha:

Is there a more direct route to this boot.ini. I'm having a complete meltdown here. I know what's wrong. I'm sober :haha:

That must have been sweeeeet!

Ah, I have that same problem... occasionally!  :haha:  

go to My Computer, double click on the c: drive.  Should be listed right there. 

[rikkkki]

Can't find it anywhere. I checked everything, like application data all users, etc, anything branching from C. Nothing is listed on the C drive page, either. I wonder where it would be, or would I have it at all? 

[cak46]

Double click on the c: drive.  Now, go to the top of the window and select view>folder options a new windows will open.  Click on the View tab, then uncheck the option that says something like hide system files and uncheck hide hidden files.  Can't remember the exact statements but what you want to do in there is unhide the hidden files and the system files.  It will pop up a warning, but just tell it ok.  Click ok on that screen and the hidden files should appear.  Must sign out.  If you have trouble, pm me and will catch up with you tomorrow!! :)   

[rikkkki]

i'm on hidden files. bye bye for now

[rikkkki]

I just un- clicked on "Hide protected operating system files" and still nothing

[rikkkki]

This is all I can find. Very small to say the least. They won't let me upload it. I'll have to mail ya

[xs1]

Holy bejeezus.. this threads still going?!

[rikkkki]

Hi .s1. Ya, it's just like the Energizer Bunny  Somewhere in here is the answer(my machine). I just don't want to do the clean install, it would be too "easy" so to speak. Then we would NEVER know the answer. But there has to be some sort of limit I suppose. 

[cak46]

You can try to boot into the VGA mode.  This will show the driver names as they load on startup.  Things will get very big on the screen when windows comes up, but just reboot and all will reset to normal.  This option activates the /sos switch in boot.ini along with using the standard vga mode instead of the installled mode.  Keep a close eye on the drivers as they load.  If the error comes up during this period of time, note the last driver that initialized.

.S1  Yeah, it's been a bear.

Edit:  VGA Mode:  Hit F8 as though your going to boot into safemode but instead select vga mode.

[rikkkki]

Well, that didn't work. It just loaded normally into Windows 

Was that the right boot.ini? That's the only one I could find: it's in the "protected operating system files" which is another option listed down from the "hidden files" option. Enable that one and TONS of files start showing, I mean all over the place.

[cak46]

Well, that didn't work. It just loaded normally into Windows

Was that the right boot.ini? That's the only one I could find: it's in the "protected operating system files" which is another option listed down from the "hidden files" option. Enable that one and TONS of files start showing, I mean all over the place.

Yeah, there are alot of hidden system directories and files.  Wanted to see what options were set for your boot.ini.  It was the right one.  Virus files are sometimes hidden as well.  I always run with system files and hidden files exposed.  Can you refresh my memory and tell me what screen the error occurs on now.  I know its at boot, but is it on the login screen or the WinXP splash screen (where the flag is waving, and the bar at the bottom is moving?

Edit:  Have to shutdown for about 15min.  Back in a jiffy....

[rikkkki]

No, it's after that splash screen. First it was the desktop. Now it's the two tone blue one with a very small logo and the text "windows is starting up". After a few, the error pops up. And then a few more, then I get desktop.

I forgot what I did that changed the time the error pops up, but it was a deliberate change, not an accident

[cak46]

No, it's after that splash screen. First it was the desktop. Now it's the two tone blue one with a very small logo and the text "windows is starting up". After a few, the error pops up. And then a few more, then I get desktop.

I forgot what I did that changed the time the error pops up, but it was a deliberate change, not an accident

I thought that this happened when you installed the new xpsp2, but that was a while ago......

Here is an idea, but it will take a while to do.  Check these 4 keys in your registry http://support.microsoft.com/?kbid=314866&sd=RMVP and write down the subkeys that are listed within each (click once on each entry and the program filename should show in the righthand screen)..  Now, check each subkey program with depends to see if there are any missing modules for any of them.  If you want, list them in a post first so I can take a peeky at them to see if there is anything that stands out. 

Not going to be able to be on long tonite.  I'm like Kentucky Fried Chicken..... EXTRA CRISPY! 

Edit:  I'm off for the Eve.....  Will be back tomorrow! 

[rikkkki]

:haha: Oh, I like that Kentucky Fried 46  :haha: Great metaphor. I've been, I mean ah, I've used "fried" before but not "extra crispy" !!!  Looks like you just gave me my "homework" Doing the reg is no prob, but I'm still learning about Depends as far as trying to save something to post. I guess it's time for another learning curve,    but hey, I'm a regular now, right? So I better get regular(speaking of regular, I know this great prune juice product, really smooth)  :haha:

[rikkkki]

I don't where to start. I went to my reg and there were only entries in the local machine-run. All the others were blank(default). Soooo, I noticed that the entries(4) were stuff that I have installed recently(3) the other one is gcasServe, which I read up on and it's supposed to be there. My 3 are Avast, my new mouse, and ZoneAlarm. So, for kicks anyhow, I went to Depends and noticed that one Red file that's always red no matter what I look at is the MPR.dll. Sooooooooooooo, I thought that it might be the culprit, maybe, so I found it on that site I told you about and downloaded it and tried to copy and paste into system32 and it will not. "Being used by another program" type stuff(excuse) So, I grew a brain cell or two and went into safe mode and I still couldn't do it . Then I went into sys32 and tried to delete mpr.dll from there and it wouldn't let me