cluberti

And thanks for pointing that out - rule 5 says you can have a max 4 lines in your sig. I count a fair bit more, so please clean it up or I'll be forced to delete it.

Very interesting. Honestly, I'm not sure why it would be popping up, and if autoruns doesn't show you why I'm not sure you'll find out for sure without debugging it. However, try autoruns from sysinternals to see if it pops anything up of value.

A mod specifically asked that this thread be kept on target, and it has not. It is obvious these arguments are not to be resolved, and since a mod has once been ignored, I expect to be as well. Closing thread. [Closed].

The EU wanted WMP and all it's input into the OS removed, thus Windows "N". Removing the windows media player binaries also removed the .dlls responsible for the runtime, and like the others said to get it back you must install the runtimes. However, I've heard of many instances of people complaining the runtimes don't install on the N version due to the expectation that certain WMP .dll files will exist (and don't on N), thus the failure. If you need the WMP components (even if you're simply using them to play WMx in another player), I would strongly suggest the full-blown version of Windows. I believe you save less than 15MB of disk space with the removal of WMP versus full-blown versions of Windows (and you can always tell XP to remove the traces of the app from the shell/menus and still leave everything behind).

And statements like this are ones the OP should definitely be sure to avoid. Trolling for trolling's sake will find you banned here on short notice.

Well, that may be, but that's a good reason (but a software design problem). UAC in general keeps the masses from doing stupid things, although in Vista it's too obtrusive. I've yet to disable it in Win7, which I guess is a win considering I am a power user like almost everyone else here, and it's not bothered me yet.

I've not been a fan of disabling it under Win7, although I understood Vista somewhat. It's a relatively good security mechanism, with no real detractions on Win7.

np - always better to be safe than sorry

alg.exe is the Application Layer Gateway Service. You would see that if an app was trying to make a request via a hook into the firewall (which most torrent clients do install). It's likely your bittorrent client was trying to bypass the firewall via an alg plugin.

Actually, you are correct - it was out of order. Fixed, sort of (I moved Server 2008 down a bit to align more with NT/2000/2003 forum) - so not quite in order, but close. If anyone has any further ideas, let me know.

If you run process explorer and watch the iexplore.exe process during the high CPU, what does it say is happening inside the process (bottom frame, showing thread/function call info)?

Tools like vLite may be able to at some point, but otherwise no, SP2 will be just like SP1 was with regards to RTM Vista. You should be able to slipstream it using MS tools on an SP1 install (straight SP1, not slipstreamed SP1 over RTM) by SP2's release.

Could you perhaps upload the .dmp file somewhere for us to look? Also, did you upgrade any device drivers (either manually or via Windows Update) within the last 3 months (specifically, around the time the problem started occurring)?

Agreed - it sounds more like changes had been made in the last 6 months or so and the HDD swap was the last straw, so to speak, thus triggering the WPA warning. You are correct though, the user should just call MS, explain the situation, and will have little trouble getting re-activated. He may need to provide proof of ownership with a COA sticker though.

True, but removing WMP and then asking why the WMP codecs or plugins aren't working is just plain silly. Which is what most of these questions boil down to - "I removed <x> and now <some subcomponent of x> doesn't work! Why!?", and why we've gotten somewhat jaded over the years answering it. It's fairly obvious in most cases as to why (for example) the WMP codecs or plugins don't work, because the OP removed them. Hence the answers.

1 - Experience, and no. 2 - I know how IE works - looking at the other threads (actually, specifically thread 4) let me know that there was a worker thread, meaning someone had to spawn it (and from what it was doing, this would have been done as the result of a browse event meaning it comes from thread "0" (again, experience) 3 - No 4 - because it's doing work 5 - This is the x86 side of the wow64 CPU thread - you can't see what it's doing without private (internal) symbols, but rest assured this is normal

You are welcome. Also, a public "thank-you" to DerSnoezie for keeping the heat on Seagate for our users (and others, of course). Very good work indeed. I have pinned all Seagate discussions, for others to find.

Pinned.

Actually, you will see 3389 and then at least two other RPC channel traffic (port will be dynamic). *cap is fine for the format.

I'm using avir's antivirus and it works just fine, and is free for home (non-commercial) usage.

Double-post fixed.

That's a good question - I would suggest deleting the printer driver (and printer) from the system, then delete those keys, then add the (non-broken) print driver back. That way anything you deleted necessary will be replaced. Then, it should be safe.

Yes, you can - but it's not as easy. You will need to do .effmach x86; .load wow64exts to see the x86 threads - then, you have to know that there are some differences in debugging x86 in x64 windbg. I'd rather people new at this use the right debugger architecture for the bitness of the app they're debugging first, until you're comfortable, before doing x86 debugging in x64 windbg. Anyway, onto the fun: Thread 0 (remember how I said x86 on x64 is different? I'm looking at this in x64 windbg - note that the x86 "thread 0" is really thread 3 under wow64, for example) is waiting for a worker thread to complete, which means the browser is going to appear "hung" until the worker thread returns: // x86 Thread 0 - the "UI" thread, is waiting: 0:003:x86> k ChildEBP RetAddr 03fef62c 774adcea ntdll_77af0000!NtWaitForMultipleObjects+0x15 03fef6c8 77648f76 kernel32!WaitForMultipleObjectsEx+0x11d 03fef71c 6e906071 user32!RealMsgWaitForMultipleObjectsEx+0x14d WARNING: Frame IP not in any known module. Following frames may be wrong. 03fef73c 6e90af93 ieui+0x6071 03fef770 6e90b4ea ieui+0xaf93 03fef790 6e90b447 ieui+0xb4ea 03fef7e4 76052cce ieui+0xb447 03fef81c 76052deb msvcrt!_endthreadex+0x44 03fef824 7751e3f3 msvcrt!_endthreadex+0xce 03fef830 77b6cfed kernel32!BaseThreadInitThunk+0xe 03fef870 77b6d1ff ntdll_77af0000!__RtlUserThreadStart+0x23 03fef888 00000000 ntdll_77af0000!_RtlUserThreadStart+0x1b // The worker thread - it looks like you browsed away from a page, and IE is waiting for the flash plugin to unload: 0:004:x86> k ChildEBP RetAddr 043af478 774a1270 ntdll_77af0000!ZwWaitForSingleObject+0x15 043af4e8 774a11d8 kernel32!WaitForSingleObjectEx+0xbe 043af4fc 69b3f74f kernel32!WaitForSingleObject+0x12 WARNING: Stack unwind information not available. Following frames may be wrong. 043af50c 699ffdbf Flash10a!DllUnregisterServer+0x3055c 043af51c 69ad01e8 Flash10a+0x1fdbf 043af608 69b1dc0a Flash10a+0xf01e8 043af688 69b1e4f8 Flash10a!DllUnregisterServer+0xea17 043af6d4 6e94e095 Flash10a!DllUnregisterServer+0xf305 043af700 6e94de5e jscript!GcAlloc::ReclaimGarbage+0x76 043af71c 6e94dedc jscript!GcContext::Reclaim+0x93 043af730 6e95a62e jscript!GcContext::Collect+0x9a 043af73c 6e9443fd jscript!GcContext::ExhaustiveCollect+0x1c 043af754 6e944cd2 jscript!CSession::Close+0x10b 043af774 6f7f44b0 jscript!COleScript::Close+0x82 043af7a4 6f84d2cd mshtml!DllCanUnloadNow+0x14f 043af7b0 6f84d2b4 mshtml!MatchExactGetIDsOfNames+0x1822f 043af7cc 6f84d29b mshtml!MatchExactGetIDsOfNames+0x18216 043af848 6f84d4d2 mshtml!MatchExactGetIDsOfNames+0x181fd 043af860 6f84d438 mshtml!MatchExactGetIDsOfNames+0x18434 043af888 6f7f4991 mshtml!MatchExactGetIDsOfNames+0x1839a // The version of flash, for reference: 0:004:x86> lmvm flash10a start end module name 00000000`699e0000 00000000`69e55000 Flash10a (export symbols) Flash10a.ocx Loaded symbol image file: Flash10a.ocx Image path: C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx Image name: Flash10a.ocx Timestamp: Sat Oct 04 23:16:05 2008 (48E83175) CheckSum: 003AB626 ImageSize: 00475000 File version: 10.0.12.36 Product version: 10.0.12.36 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Adobe Systems, Inc. ProductName: Shockwave Flash InternalName: Adobe Flash Player 10.0 OriginalFilename: Flash.ocx ProductVersion: 10,0,12,36 FileVersion: 10,0,12,36 FileDescription: Adobe Flash Player 10.0 r12 LegalCopyright: Adobe® Flash® Player. Copyright © 1996-2008 Adobe Systems Incorporated. All Rights Reserved. Protected by U.S. Patent 6,879,327; Patents Pending in the United States and other countries. Adobe and Flash are either trademarks or registered trademarks in theҽﻯ LegalTrademarks: Adobe Flash Player Note that adobe flash is probably the biggest offender in IE crashes and hangs, so if you can live without it, disable it.

I would actually suggest using process monitor whilst installing, specifically watching what msiexec.exe is doing, during the time it appears to be looking at your registry ("MSI (s) (04:60) [11:57:09:141]: Opening Terminal Server registry propogation window."). I would guess procmon will shed far more light on this than the MSI log ever will.

Without using a network sniffer, probably not .