Home > General > C:\Docume~1\Owner\APPLIC~1\System~1\1sass.exe


I can't stop them for some reason. If you check task manager, the lsass.exe process should be under the user name "SYSTEM". Back to top #4 Blade81 Blade81 Advanced Member Volunteer Security Advisor 6582 posts Posted 10 December 2007 - 08:06 AM Since this issue appears to be resolved ... Back to top #4 HoverCraft HoverCraft TEG Forum Member Members 54 posts Posted 04 August 2010 - 09:47 PM Hello HoverCraft ... Check This Out

If you are asked to reboot the machine choose Yes. Tried to scan with f_secure but could not accept the licsence, The button did not come on. If you wish to show your appreciation, then you may Donate Back to top #7 sdanders sdanders Member Members 85 posts Gender:Male Posted 22 December 2012 - 03:17 PM Thanks. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! http://www.bleepingcomputer.com/forums/t/336489/cdocume1ownerapplic1system11sassexe/

Please re-enable javascript to access full functionality. E: is CDROM (No Media)F: is CDROM (No Media)G: is Removable (Unformatted)-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.AV: AVG 7.5.446 v7.5.446 (GRISOFT)-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Open dir Windows NT 6. should i try to restore from that disc?

You're welcome Please read through these instructions to familiarize yourself with what to expect when this tool runs Refer to the ComboFix User's Guide Download ComboFix from one of these locations: RP1496: 12/19/2012 3:01:55 PM - Software Distribution Service 3.0 RP1497: 12/19/2012 9:13:27 PM - Removed Ad-Aware Antivirus. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.File move failed. I assume you will want DDS and GMER logs posted as well.Working on it; be back in touch.Thanks Back to top #4 garreck garreck Topic Starter Members 20 posts OFFLINE

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Owner at 23:59:17 on 2012-12-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1249 [GMT -8:00] . Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. http://ccm.net/forum/affich-223574-cannot-find-c-documents-on-startup If asked, allow the gmer.sys driver load.

Event Record #/Type5349 / Success Event Submitted/Written: 04/27/2008 00:15:35 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 13:54:18 Tracking cookies.8) THREE days later and browser hijacked again. 9) ran ESET online scan with repair unchechecked found:C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-737a7174 multiple threatsC:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-1eb5086c a variant of Java/Exploit.Agent.NAC Trojan10) Download TFC to your desktop Close any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to

Event Record #/Type5161 / Success Event Submitted/Written: 04/22/2008 06:07:51 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log No http://www.lavasoftsupport.com/index.php?/topic/14313-computer-very-slow/ Local Service Temporary Internet Files folder emptied. I also noticed that the date of lsass.exe was the same date that I got the trojan ! Several functions may not work.

in the opened dialog box, copy and paste the following: helpasst -mbrtClick OK or press Enter... We might need it later. Notifies about vulnerabilities in installed programs and connected network services.Multi-platform support for: Windows, Linux, Solaris. save this to your desktop.Copy and paste the contents of that log into your next reply.Step 2.Please include in your next reply:Any problem executing the instructions?HelpAsst report.How is the computer behaving?Thanks,

Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]R3 avast! Several functions may not work. Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. this contact form Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one.

BTW, Symantec Endpoint found the trojan which apparently put a file called "lsass.exe" in the dir " C:\documents and settuings\administrator\application data\** " and an associated registry entry to run the executable. Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! The file version of the system file is 5.1.2600.5512. 12/19/2012 11:08:31 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could

Attached Files hijackthis.log 7.83KB 8 downloads Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 suebaby41 suebaby41 W.A.M. (Women Against Malware) Malware Response Team 6,248

Click Continue at the disclaimer screen. Please use "Reply to this topic" -button while replying. File move failed. Will do on the RSIT.I also read "Preparation Guide for use before posting about your potential Malware problem".

Here is log MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000d Kernel Drivers (total 118): 0x804D7000 C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ace\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. Report attached.Deckard's System Scanner v20071014.68Run by Owner on 2007-12-01 13:01:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --40: 2007-12-01 21:01:53 Mail Scanner;avast!

Provided removal instructions are meant to be used in the correspondent user's case only. File delete failed. Please post the contents of both log.txt (<>- Feb 5, 2013 at 10:33 AM Thanx It worked Report Courtney- Jan 16, 2015 at 11:48 AM Thank you.

there is one key labeled "ASK.Nero" which makes me think maybe this toolbar came bundled with nero freeware. Heya Wingman!