Recommended Tests

I finally got the lsass.exe plague Saturday!!!!!!!!!!!!! The little window that pops up and tells you "Object Name Not Found" If clicked OK or X it out it will reboot. I did find out that if you wait maybe ten minutes or so that when you close the window it will not reboot. Still a pain. Sunday I went down and bought XP Pro and installed it and guess what? It's still there!!!!!!!!!!!!!!!!! Any ideas on how to rid myself of this pest??????????????

Well, I have scanned my puter every which way but sideways including in safe mode. Can't find any virus. If I could just get rid of the dialogue box and not the lsass.exe for sure, then I would be in good shape!!!!!!!!!!!!!!

If you are using Windows XP you can disable all of the start up programs (using msconfig) without harming anything.

I should of said that a bit diffrent but still think the same. If your not sure what you are doing I really really dont recomend playing with msconfig. While yes chaning the startup will not hurt a thing. Some may tend to think they need to play with the boot files. That could turn into a bad thing. That is why I always try to stear thoes that are unsure away from msconfig.

Wow!!!! So much info!!!! Thank you all!!!!!!!  A little recap- I do have the latest S-t-i-n-g-e-r from McAfee and no virus, I have run all virus removal tools from McAfee and no virus. I ran a full system scan in safe mode-nothing. The weird thing is that this started on Saturday when I had XP Home and was still there on Sunday AFTER installing XP Pro!!!!! I also have a great utility called TUT (The Ultimate Troubleshooter) from Answers That Work.com, I think that's the URL. Anyhow, this program explains almost all tasks and services and startups that you have going on at any given time. It then suggests what to do, like delete or disable or don't touch, etc. I can't live without it!!!!!!!!!!!!!!! You do not need to go to Msconfig when you have this. There are tons of other things you can do from this utility. Check it out. In the meantime, I will keep everybody informed as I have just started a case right now with Microsoft on this Lsass.exe issue and they will getting back to me within 24 hrs. PS: Boot INI files, aw, no thanks not a place for me to go!!!!!!!!!!!!!!!   Cak46-I checked and I do not have Avserve2.exe, not in windows or my registry :

Thought I already said that....

If you want, download and run a scan with hijackthis then post the results.  Might be able to see something running at start up.
Edit:  Link to download hijackthis.... http://www.majorgeeks.com/download3155.html

StartupList report, 6/14/2005, 8:49:37 PM I already got rid of "House Call Control" It is not something that I'm familiar with at all 
StartupList version: 1.52.2
Started from : C:\Program Files\HIJACK\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACK\hijackthis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Logitech Utility = Logi_MwX.Exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (DAVE-Martine).job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[{13E23C9E-3018-4AC1-B998-C08BF1814DB0}]
CODEBASE = http://ftp.gurunet.com/pub/cabs/GNInstaller.cab

[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

[{3334504D-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Microsoft.WinRep]
InProcServer32 = C:\WINDOWS\System32\Winrep.dll
CODEBASE = https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 6,920 bytes
Report generated in 0.016 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only