Jump to content

Lsass.exe


rikkkki

Recommended Posts

No, what you just explained is all new to me, ie, objects and keys, etc. Where can I find this file????????????

You don't want to find the file.  (The filename extension should be .acl if I remember correctly) .  NT based operating systems, of which XP is a member, has a whole security system involved with system, process, and disk access.  98, ME and below have none of this (that's worth mentioning).  The NTFS hard disk file system, which is what XP uses by default, allows for file and directory level protection through the use of permissions.  If you right mouse click on a folder and select the Properties option, there should be a security Tab.  This is where the permissions (access) to that directory is changed.  Your "Key" ,when checked by the security system, either grants you access to that directory or denies you access.  This is why it is possible you don't have permission to run a particular program or open a certain document file.  The Administrators group has access to most everything but there is an Administrator account that has special access that the Administrators group (of which your account is a member) doesn't have. 

BTW:  Did you assign a password when you first installed XP?  The true Administrator Account will not show unless you are in safe mode and if you didn't assign a password to it, go into safemode and add one (can be a security problem if no password exists, but just never lose it or forget it).

More than you ever probably wanted to know, and I'm sorry if this is confusing, but the case o' beer you mentioned earlier is kickin' in........ :haha: :haha: :haha::occasion14:

Link to comment
Share on other sites

  • Replies 615
  • Created
  • Last Reply

Top Posters In This Topic

HA :haha: :haha: :haha: That explains why I just saw a news flash on TV that the east coast was running low on beer and there was a appeal to all western cities to ship some of their suds in that direction :twisted: :twisted:

Anyhow, I did not put in a password when XP was installed. I actually paid a guy (shop) to put in Home cause it would not go in for me :cry: :cry: Then when I put in Pro I didn't put one in either/ just now I checked user accts again and when  I clicked on me, administrator, one of my choices to do was to "create a password" not "change my password". I will check it out tomorrow when I boot up in safe mode. But for now, I have to sign off, I have a really bad headache, damndest thing, I only get them on the weekends!!!!!!!!! Bad puter chair maybe. Thank you so much, will yak again-Cheers-Dave :wave: :wave: :wave:

Link to comment
Share on other sites

cak46 I tried to PM you but it didn't show up in my outbox.So I thought I would put some of what I thought here so 99 RAT could look at it.

I believe you are on the right track with the passwords & keys.99RAT do you have the correct key for your XP Home? You may have to make sure that's in your OS then an administrator password for the XP Home.Then the right key for the XP Pro probably the same administrator password.I think both keys will be necessary because the XP Pro was an update type install.

That should get you permission to do what you want to  in your OS.

The problem started with 99RAT installing Silent Hunter 3 the result was a partial bad install.

Thats when the Lsass.exe error message started.Probably because the install was attempted with the user password so it didn't have permission to do a complete install for things that required administrator permission.The uninstall was probably tried the same way.So it was incomplete also.Parts of Silent Hunter 3 are probably still in 99RAT's OS.

What I would try once you're sure all keys are in the OS & you have administrator level access.

Is install Silent Hunter 3 with administrator password;reboot & then uninstall it;reboot.See if the error stops.If it doesn't try the install & uninstall 2 or 3 times(rebooting in between) to see if it will remove all of the Silent Hunter 3. If it does then you can install Silent Hunter 3 with the administrator password & see if the error shows back up.

Link to comment
Share on other sites

cak46 I tried to PM you but it didn't show up in my outbox.So I thought I would put some of what I thought here so 99 RAT could look at it.

I believe you are on the right track with the passwords & keys.99RAT do you have the correct key for your XP Home? You may have to make sure that's in your OS then an administrator password for the XP Home.Then the right key for the XP Pro probably the same administrator password.I think both keys will be necessary because the XP Pro was an update type install.

That should get you permission to do what you want to in your OS.

The problem started with 99RAT installing Silent Hunter 3 the result was a partial bad install.

Thats when the Lsass.exe error message started.Probably because the install was attempted with the user password so it didn't have permission to do a complete install for things that required administrator permission.The uninstall was probably tried the same way.So it was incomplete also.Parts of Silent Hunter 3 are probably still in 99RAT's OS.

What I would try once you're sure all keys are in the OS & you have administrator level access.

Is install Silent Hunter 3 with administrator password;reboot & then uninstall it;reboot.See if the error stops.If it doesn't try the install & uninstall 2 or 3 times(rebooting in between) to see if it will remove all of the Silent Hunter 3. If it does then you can install Silent Hunter 3 with the administrator password & see if the error shows back up.

Cholla, no, not the prduct activation key.  That is not what I'm talking about.  I'm using "key" as a metaphor because that best describes the acl that you are assigned when you logon to an NT based machine. (XP, NT4.0, Win2000).  ACL is Access Control List.  It is presented to the NT authority services (I believe) when you try to run, access, view, etc. anything on your nt-based machine.  I'm thinking if 69 Rat re-writes his ACL there might be an off chance that this is causing the access error.  Doubtful, but worth a try.  I would hold off on messing with silent hunter at this point so as not to potentially increase the existing issues further.  I would wait until most all other options have been attempted.  It is a good idea  :), but I'd wait at this point.  Have a few other things up my sleeve and am waiting for 69 Rat to return with results from other fix attempts.

Link to comment
Share on other sites

HI guys :!: :!: Hey cak46, I did do a couple things to no avail. I noticed that although I had Windows Update turned off that it was still listed as auto in the services/changed to manual/no results. Also, whenever I start TUT UltimateTroubleshooter I get a bright red warning that"Microsoft Windows Scripting Host not found. Hardware info will be limited in it's scope". I did also find some interesting items concerning SilentHunter III still in my system like a complete "Windows Installer Pakage" INSIDE my Postal 2 game folder :!: :!: :!: I also went to my registry and got rid of all things SilentHunter. Today I also decided to run Paul Ramsey's fix one more time and when I got into " safe mode with command Prompt" a screen came up with 2 choices-click on Administrator or Martine ( which of course, both are me) to get in. I have also checked "permissions" in the reg editor and I'm listed as "Administrators( Dave/Administrators)" and" "Martine( DAVE/Martine)" as having full control. I don't know why there are two like that. Also below these two entries are two other ones titled "Restricted" and "System". That's about it for now. :?::?:

edit: Whoa, I just noticed something. You want me to go into safe mode and add a password (create a password) in my Administrator account? Does this mean I would have to log in every time I boot up? :?::?: :?: Cause I can if that would help

Link to comment
Share on other sites

HI guys :!: :!: Hey cak46, I did do a couple things to no avail. I noticed that although I had Windows Update turned off that it was still listed as auto in the services/changed to manual/no results. Also, whenever I start TUT UltimateTroubleshooter I get a bright red warning that"Microsoft Windows Scripting Host not found. Hardware info will be limited in it's scope". I did also find some interesting items concerning SilentHunter III still in my system like a complete "Windows Installer Pakage" INSIDE my Postal 2 game folder :!: :!: :!: I also went to my registry and got rid of all things SilentHunter. Today I also decided to run Paul Ramsey's fix one more time and when I got into " safe mode with command Prompt" a screen came up with 2 choices-click on Administrator or Martine ( which of course, both are me) to get in. I have also checked "permissions" in the reg editor and I'm listed as "Administrators( Dave/Administrators)" and" "Martine( DAVE/Martine)" as having full control. I don't know why there are two like that. Also below these two entries are two other ones titled "Restricted" and "System". That's about it for now. :?::?:

edit: Whoa, I just noticed something. You want me to go into safe mode and add a password (create a password) in my Administrator account? Does this mean I would have to log in every time I boot up? :?::?: :?: Cause I can if that would help

There will always be an Administrator Account on your machine.  This account has special properties and full absolute control of your machine is done thru this account.  Your id, Martine, is a member of the Administrators Group, which is different than using the Administrator Id.  You would only have to supply the password if you use the Administrator Id.  Hackers, etc. can access your system with trojans and obtain Administrative access with that account, in some instances.  Always a good idea to add a password to that account.  (This is not related to the problem at hand, just a good idea)

We might get a bit more information from the error if scripting is running.

Check your registry for the following entries.  If they are there, go ahead and delete them.  We can always rewrite them later.  Always make a backup of your registry prior to editing it.  Do a restore point before deleting the entries, if they are there.

http://www.microsoft.com/technet/scriptcenter/guide/sas_sbp_lhak.mspx

If the entries weren't there, go here and download the windows script install at this link then install it.  I Wonder what disabled or removed it?

http://www.microsoft.com/downloads/details.aspx?FamilyId=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en

EDIT:  To add the password, if you want to, Go to Start>controlPanel>users and Passwords and add it there.  You will need to do this thru safe mode and you may have to log in as Administrator to do it.

Link to comment
Share on other sites

Hey cak46. I just got back from safe mode, added a password under Administrator and just for kicks I ran stinger /no results.BTW, I have never had to click on either choice when going to safe mode until I added Pro. It always just went right to safe mode. I will now check out those links you posted,,,,,,,,,,,,,,,,,,,,,,,,,

Link to comment
Share on other sites

Hey cak46. I just got back from safe mode, added a password under Administrator and just for kicks I ran stinger /no results.BTW, I have never had to click on either choice when going to safe mode until I added Pro. It always just went right to safe mode. I will now check out those links you posted,,,,,,,,,,,,,,,,,,,,,,,,,

Sounds good.

BTW:  Headache is just subsiding now.......  Had to have been the computer chair, not the beers last night for me, anyways.  :haha: :haha: :haha:

Link to comment
Share on other sites

Sounds like the western states came to your aid :haha: :haha: This is a strange happening for me as I only get the headaches on weekends only and they start sometimes before I have any beers :( :( :( The only difference between the weekends and a work day is that I sit at this desk for longer periods of time, and the floor is also not level so I really think it has something to do with the fact that I'm actually not sitting straight. So far today I am OK. It comes up the back of my neck and puts a strain throughout my neck area and is just like a migraine. I readjusted my chair a while ago, maybe that will help. :? :? :?

Definitly sounds like it's caused by the way you sit at the desk.  Hopefully the adjustments will help.  Good reason to go buy one of those leather desk chairs I read about, though. :) I usually sit sideways to mine.  Makes it easier to use the mouse but my  hand goes numb on occasion because of the angle (Not OSHA recommended). Sometimes the numbness travels to my brain as well.    :haha: :haha:

Link to comment
Share on other sites

Now THAT I can relate to :haha: :haha: :haha: HeHe. BTW I was looking at the first link info and those values seem to be there already/ re-dword, etc. Unless I'm not looking at it right. I'll check the other one out right now.

Yeah, if they are there, that is why your scripting is not working.  No need to download the script host SW.  You can go ahead and delete it so that when you reboot, scripting will be running.  Hopefully we'll get a bit more info. on the errors in the system/app logs or even with an application popup message.

Link to comment
Share on other sites

I'm going to have to sign off in a few minutes. Big Thunderstorm coming my way, and no trustworthy surge suppressor...... :(

OK Dude!! Understood. I have to process and order/product I just sold on Ebay. Auction closed at 6:00 and the guy paid already :!: :!: Cheers

Link to comment
Share on other sites

Okay, you've got to be kidding me with that cloud... *points to location*

Say what? :angry5:

Check out www.wunderground.com.  'nuff said here.........  :roll:

***********************

69 Rat.  Back on line but for a short time.  Had to haul home some work today.  :cry:

If you could, don't run TUT until we've seen if the scripting will help us after changing the registry entry.  Try it again, if you would.  I'm hoping it's not a Service pack 2 issue.  Will be checking periodically to see whats happening.  Hope your sale went well........  Gotta love Ebay :)

Link to comment
Share on other sites

Hi Stormy :haha: :haha: :haha: I mean cak46. Good to see you back. I'll also be on for awhile. Last night I tried all combos of the keys(the way they were or took them out or changed them to no avail) and rebooted between each change. Now here's a good one, I just got a fresh reply from MS :!: :!: New guy, an Escalation Engineer :haha: I am going to post it here before I do anything so you guys can read it and see what you think BTW: check out my original message at the bottom

Dear Dave,

Thank you very much for your update. 

Please understand that I have received this Email and provided my suggestions. Would you please check it as below?

===================

Dear Dave,

Thank you for contacting Microsoft Online Support. My name is Charles, and I am an Escalation Engineer for the Windows Support Team. In order to better serve you and resolve this issue more efficiently, I have taken ownership of your Service Request. I appreciate the time and effort you have taken on this service request.

Going forward, I will be working with you to address the issue as soon as possible. To contact me, you may directly send emails to my account: [email protected] with the case ID SRZ050612001361.

As I understand, you received Lsass.exe-system error in Windows XP and the recent update is: it does not appear until you click on any item. If I have misunderstood, please feel free to correct me.

Dave, I sincerely apologize for the inconvenience that you have experienced. Please understand that our issue may be related to many factors and we may have to repair Windows XP to resolve it. However, please be assured that I will try my best to help you and preventing reinstallation.   

Firstly, please send some event logs to me for research. To do so:

Event Log

---------------------------

1. Click Start and choose Run. Then input: "eventvwr" (without the quotation marks).

2. Right click Application Log and choose Save Log file As. Save the log file as app.evt file.

3. Right click System Log and choose Save Log file As. Save the log file as sys.evt file.

4. Send me all the files. (My Email Address is [email protected])   

Please also follow these steps to troubleshoot the issue:

1. Download ShellExView v1.10 from the following link <http://www.nirsoft.net/utils/shexview.zip>

Note: The third-party products discussed here are manufactured by vendors independent of Microsoft. We make no warranty, implied or otherwise, regarding these products' performance or reliability.

2. Right-click the "shexview.zip" file, select "Extract All", the Extraction Wizard will prompt.

3. Click Next, input "C:ShellExView" (without the quotation marks) in the "Files will be extracted to this directory" textbox.

4. Click Next and click Finnish.

5. Open the "C:ShellExView" folder and double-click the "shexview.exe" file. It will scan the registry for all the shell extensions.

6. Select all the non-Microsoft extensions in pink by press "Ctrl" in the keyboard.

7. Click the "Disable Selected Items" on the toolbar and click Yes.

8. Restart your computer and check if the issue is resolved.

Please try the suggestions above on your side and provide me with the results at your earliest convenience. If anything in my e-mail is unclear or you need further help, don't hesitate to let me know. It is my pleasure to be of assistance.

I am looking forward to your reply.

Best Regards, 

Charles Zhang

mailto:[email protected] 

Microsoft Windows Support Professional

Satisfied customers are my top priority. Please let either myself or my manager know what you think of the level of service provided. You can send feedback to Microsoft Management at mailto:[email protected]?subject=WindowsOnlineSupportIncident or directly to my manager, Johney Wang at mailto:[email protected]

--------------------------------------------------------------------------------From:

riki [mailto:[email protected]]

Sent: Sunday, June 26, 2005 9:52 AM

To: Charles Zhang

Subject: CASE_ID_NUM: SRZ050612001361

Hi. I sent a message on the 21st. Maybe it didn't get there. I'll send it now. hope you get it-Dave

HI Wayne. Well, the clean boot came up with the error. Now, here's where it gets a little interesting. Safe Mode (today) did not produce the error BUT last week when I ran a full system virus scan, it did!! Hmm, and with Paul Ramsey's fix he even tells you that "when you get the error go ahead and wait 5 or 10 minutes and then click OK to get rid of it" Well both times that I ran this "fix" the error never came up!! (this is in safe mode with comnmand prompt) Now today when I first booted up the error never showed up until I started clicking on stuff. Before it always came up with the startup process but now it's waiting untill I click on something. This is really getting puzzeling. I also tried to capture a screen shot of the task manager processes in safe mode to send to you but when I went to copy and paste into this mail the pic was blank!! Everything  looked normal, though. Well that's it for now, what a mess. I do not think it is a virus at all, I think it is a real live system error. Any ideas? Dave

Link to comment
Share on other sites

Hi Stormy :haha: :haha: :haha: I mean cak46. Good to see you back. I'll also be on for awhile.

:haha: :haha: :haha:

The storm fizzled to nothingness around 10:00pm................

I would guess that sp2 might be disallowing the scripting change.......

Looks like he wants you to send him copies of the logs we've been looking at (good idea) and wants you to disable all non-Microsoft software, processes, etc.  Interesting tool.  :cool:  Gonna hold on to that one.....  Ran it on my 98se machine and looks harmless... of course I didn't disable all the non-microsoft stuff either.....  Back up your registry before you do it, just in case....

BTW, to select the ones to disable, click on the first one that you want to disable, THEN hold the Ctrl key while you click each one of the others that you want to disable.  He was a bit vague on that instruction.  :whaa:

Sounds ok to me, but it's not my machine.....  I don't know what will happen on reboot with only ms related software,  is what I'm saying I guess.

BTW:  If he does thrash your system and your not online for a coupla days, at least we have his email address so we can spam him to D  :haha: :haha: :haha:

Link to comment
Share on other sites

Do NOT try this :!: :!: :!: :!: :!: I just deleted about six non MS listings and it completely blew away my desktop pic!!!!!!!. and it's gone from the choices in my display props!!!!!!!!!!!!!!!!!! It also ADDED all OTHER pics from my

Link to comment
Share on other sites

Disable, don't delete.  Let me look a bit closer at the program..... hold on a sec....

EDIT:  After selecting a few of them, let the Ctrl key go, then click on "File" menu then click "disable selected items".  For heavens sake, DON'T hit the delete key again, please..................

Link to comment
Share on other sites

Do NOT try this :!: :!: :!: :!: :!: I just deleted about six non MS listings and it completely blew away my desktop pic!!!!!!!. and it's gone from the choices in my display props!!!!!!!!!!!!!!!!!! It also ADDED all OTHER pics from my

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...