If The lsass.exe (Local Security Authority) process is blowing up
after a system restore to a point where the SAM was
before it was blown up with the bootdisk then the problems with lsass must be unrelated to whatever happened when the bootdisk was run, which is usually the SAM since that's where you're writing the new hashes to. There is a vulnerability in the lsass.exe process; my thought is that when you restored the system it was restored back to a point where this patch had not been installed yet. Just a theory...so test it out. Disconnect your internet connection and go into the
Control Panel then
Add/Remove Programs and see if "Windows XP Hotfix (KB835732)" is installed. If that's all it is then download the patch from MS on a floppy and go over and install it on the problem machine:
http://www.microsoft.com/downloads/d...displaylang=en
You probably blew up the SAM (Security Accounts Manager) when you mounted it with the Linux boot disk, it's the chance you take with those bootdisks. At one point I was appointed "Almighty Hackerish Puba" at my company because I was the only one in the IT department who didn't cringe at the mention of anything related to Linux or any other non-MS operating system...I had been messing around with the Offline NT password bootdisk and we had all these machines that nobody knew the Admin pw for so I was given "carte blanche" go around hacking up machines all day long with that bootdisk...it was pretty common to blow up the OS in some fashion when using that utility, I don't think XP is exempt to the bootdisk's capabilities or it's imperfections - you simply run a risk when you mess around with the SAM.
Unsolved 
