I NEED HELP TO!!!

binxgook · 2005-12-27, 03:04 PM

Seems like Dareutwo isnt the only one having problems. I dont know what the fuck happened tp my pc but thier is definately something wrong. O.k. heres the deal I keep getting a message theat " SYSTEM IS SHUTTING DOWN" something to the effect of authurized by NT/AUTHO
and that WIN/32system/Sass.exe has encountered a fatal error no. 128.

My system shuts down and restarts again??? I have reformatted my harddrive (twice now) and nothing is working. I have run several spyware programs and removed a few thing here and thier but it has not helped.
If my screen saver pops on and I come back on to the computer it then freezes up.

Any ideas would be greatly appreciated as I have battling with this for about a week

Corection its lsass.exe

Cleo · 2005-12-27, 03:10 PM

Have you tried this www.apple.com

plateman · 2005-12-27, 03:12 PM

I havent ran into that did you try and google it and search microsoft's site.. I just ran Sass.exe and found stuff about it.. did you format the whole drive or just a partition?

binxgook · 2005-12-27, 03:15 PM

Quote:

Originally Posted by Cleo

Have you tried this www.apple.com

Thanks Cleo

stuveltje · 2005-12-27, 03:31 PM

ha i had that months ago, my only sulution was, whipe out all on my puter and reininstal all my shit, sorry cant help you here

N J · 2005-12-27, 03:55 PM

Use hijackthis.exe to find those programs

Linkster · 2005-12-27, 06:57 PM

I would get something like hijackthis and run it from a safe boot on the admin account and then on every other account you have on the computer - assuming its XP

Make sure you are disconnected from the net when you do it in safe mode and then post the report it generates - it will give an idea of which trojan/virus/hijacker you are dealing with and we can go from there

binxgook · 2005-12-28, 01:02 AM

Linkster this is what Hijackthis came up with:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

plateman · 2005-12-28, 01:42 AM

I'll play a little without researching the entries - get rid of everything that says http://srch-us4.hpwis.com/

see if this is a legit program - Program Files\Zero Knowledge\Freedom\FreeBHOR.dll if not get rid of it, all entries to it

and anything your not sure of google it and see if its a legit program..

and you should be doing this in safe mode with sys restore off, so I would take out everthing with this http://srch-us4.hpwis.com/ reboot and run everything again and post another log and see if your ok - and also dont surf unless you download all the ms patches

Linkster · 2005-12-28, 05:52 AM

With that log - do what plateman suggested - run the hijackthis and check "fix" on all of those entries - then go get yourself a copy of the newest spysweeper and run a full sweep to get it out of your registry entries.
Once spysweeper has cleaned it all out - if you are an affiliate of ARS, you will have to go into your hosts file and delete the line entry for adultrevenueservice if you want to be able to see your ARS stats

Otherwise - you might also look at MS's new spy program as well but spysweeper will keep you clean from these types of infections.

The hpwis stuff is a hijack - the FreeBHOR is legitimate if you run the Freedom privacy suite - if not its also a hijack made to look like the protection suite

N J · 2005-12-28, 08:47 AM

Easy log analysers:

http://www.hijackthis.de/
http://hjt.networktechs.com/

or search google for hijackthis analyser for more.

Useless · 2005-12-28, 08:50 AM

Quote:

Originally Posted by N J

Easy log analysers:

http://www.hijackthis.de/
http://hjt.networktechs.com/

or search google for hijackthis analyser for more.

http://www.greenguysboard.com/board/...94&postcount=8

RIF

N J · 2005-12-28, 09:32 AM

Quote:

Originally Posted by Useless Warrior

http://www.greenguysboard.com/board/...94&postcount=8

RIF

HUH? what I posted was log analysers, so he could copy/paste his log into them and see what they mean - easier than waiting for Linkster

Useless · 2005-12-28, 09:55 AM

Quote:

Originally Posted by N J

HUH? what I posted was log analysers, so he could copy/paste his log into them and see what they mean - easier than waiting for Linkster

Oh, my bad. You have my sincerest apologies.

I thought you were resuggesting hijackthis eventhough you were the first person to suggest using it. I'm glad I didn't respond with my normal "Read the fucking thread before you post". Then I'd look even dumber. (though I do have a lot of practice)

N J · 2005-12-28, 10:15 AM

hehe, no hard feelings

ronnie · 2005-12-28, 10:30 AM

I had the NT Auth thing before, while back. There was a pretty easy fix if I remember right, seems it was a MS patch. Google it, thats how I found the fix.

ronnie

binxgook · 2005-12-28, 11:12 AM

Thanks for the help guys

binxgook · 2005-12-29, 01:57 PM

Think I finally managed to get things fixed up right. It's taken about a week now but I think my pc is probably running better than it ever has. Thanks for the all the advice guys

2005-12-27, 03:04 PM	#1
binxgook My big ole' fat baby loves to eat Join Date: Nov 2004 Location: Minnesota Posts: 689	I NEED HELP TO!!! Seems like Dareutwo isnt the only one having problems. I dont know what the fuck happened tp my pc but thier is definately something wrong. O.k. heres the deal I keep getting a message theat " SYSTEM IS SHUTTING DOWN" something to the effect of authurized by NT/AUTHO and that WIN/32system/Sass.exe has encountered a fatal error no. 128. My system shuts down and restarts again??? I have reformatted my harddrive (twice now) and nothing is working. I have run several spyware programs and removed a few thing here and thier but it has not helped. If my screen saver pops on and I come back on to the computer it then freezes up. Any ideas would be greatly appreciated as I have battling with this for about a week Corection its lsass.exe Last edited by binxgook; 2005-12-27 at 03:17 PM..

2005-12-27, 03:10 PM	#2
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Have you tried this www.apple.com __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2005-12-27, 03:12 PM	#3
plateman What can I do - I was born this way LOL Join Date: Oct 2003 Location: ohio Posts: 3,086	I havent ran into that did you try and google it and search microsoft's site.. I just ran Sass.exe and found stuff about it.. did you format the whole drive or just a partition? __________________ Submit to: Porn O Plenty XXX Links Reality Here

2005-12-27, 03:31 PM	#5
stuveltje Live and learn. And take very careful notes! Join Date: Apr 2003 Location: Sunny Holland Posts: 6,157	ha i had that months ago, my only sulution was, whipe out all on my puter and reininstal all my shit, sorry cant help you here __________________ Canadian Sexlinks - submit Erotica search -submit

2005-12-27, 06:57 PM	#7
Linkster NO! Im not a female - but being a dragon, I do eat them. Join Date: Mar 2003 Location: Sex Delta Posts: 5,084	I would get something like hijackthis and run it from a safe boot on the admin account and then on every other account you have on the computer - assuming its XP Make sure you are disconnected from the net when you do it in safe mode and then post the report it generates - it will give an idea of which trojan/virus/hijacker you are dealing with and we can go from there __________________ Pussy Chompers Porn Links NSCash

2005-12-27, 03:55 PM	#6
N J Trying is the first step towards failure Join Date: Oct 2004 Posts: 128	Use hijackthis.exe to find those programs

2005-12-28, 01:02 AM	#8
binxgook My big ole' fat baby loves to eat Join Date: Nov 2004 Location: Minnesota Posts: 689	Linkster this is what Hijackthis came up with: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

2005-12-28, 01:42 AM	#9
plateman What can I do - I was born this way LOL Join Date: Oct 2003 Location: ohio Posts: 3,086	I'll play a little without researching the entries - get rid of everything that says http://srch-us4.hpwis.com/ see if this is a legit program - Program Files\Zero Knowledge\Freedom\FreeBHOR.dll if not get rid of it, all entries to it and anything your not sure of google it and see if its a legit program.. and you should be doing this in safe mode with sys restore off, so I would take out everthing with this http://srch-us4.hpwis.com/ reboot and run everything again and post another log and see if your ok - and also dont surf unless you download all the ms patches __________________ Submit to: Porn O Plenty XXX Links Reality Here Last edited by plateman; 2005-12-28 at 01:46 AM..

2005-12-28, 05:52 AM	#10
Linkster NO! Im not a female - but being a dragon, I do eat them. Join Date: Mar 2003 Location: Sex Delta Posts: 5,084	With that log - do what plateman suggested - run the hijackthis and check "fix" on all of those entries - then go get yourself a copy of the newest spysweeper and run a full sweep to get it out of your registry entries. Once spysweeper has cleaned it all out - if you are an affiliate of ARS, you will have to go into your hosts file and delete the line entry for adultrevenueservice if you want to be able to see your ARS stats Otherwise - you might also look at MS's new spy program as well but spysweeper will keep you clean from these types of infections. The hpwis stuff is a hijack - the FreeBHOR is legitimate if you run the Freedom privacy suite - if not its also a hijack made to look like the protection suite __________________ Pussy Chompers Porn Links NSCash Last edited by Linkster; 2005-12-28 at 05:55 AM..

2005-12-28, 08:47 AM	#11
N J Trying is the first step towards failure Join Date: Oct 2004 Posts: 128	Easy log analysers: http://www.hijackthis.de/ http://hjt.networktechs.com/ or search google for hijackthis analyser for more.

2005-12-28, 10:15 AM	#15
N J Trying is the first step towards failure Join Date: Oct 2004 Posts: 128	hehe, no hard feelings

2005-12-28, 10:30 AM	#16
ronnie Wheither you think you can or you think you can't, Your right. Join Date: Jun 2004 Location: midwest Posts: 2,274	I had the NT Auth thing before, while back. There was a pretty easy fix if I remember right, seems it was a MS patch. Google it, thats how I found the fix. ronnie

2005-12-28, 11:12 AM	#17
binxgook My big ole' fat baby loves to eat Join Date: Nov 2004 Location: Minnesota Posts: 689	Thanks for the help guys

2005-12-29, 01:57 PM	#18
binxgook My big ole' fat baby loves to eat Join Date: Nov 2004 Location: Minnesota Posts: 689	Succcess....I think Think I finally managed to get things fixed up right. It's taken about a week now but I think my pc is probably running better than it ever has. Thanks for the all the advice guys

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: