cluberti

It's only a relay, so you still need a mail server. There are free ones I can think of, but I've always used a linux box for a quick and dirty mailserver when Exchange wasn't required (I usually use Open Xchange in this scenario if I have the hardware).

Well, I hate to sound ornery, but you didn't accomplish disabling shell extensions or startup items as previously suggested. Your explorer "crashed" (and I use this lightly, because it wasn't actually a crash!) due to something using the FindAtom function to find a string, and then calling ExitProcess to kill explorer.exe after it failed - note that this is NOT a call to TerminateProcess, which would forcefully tear it down, but ExitProcess, a graceful exit (similar to clicking the X on a running Window to close it - a graceful process shutdown). Something on your machine is actually calling explorer.exe to crash. I looked at the loaded module list, and found that you have quite a few non-Microsoft modules loaded that I would consider unnecessary for operation, and should be disabled. I did find very interesting that part of the crash is indeed an exception in a binary (not explorer.exe, though) right before the crash. The eax register shows us this (eax is used as the register to store the return of a call to some function), and it looks like we're hitting an except block in something: // The registers at the time of the crash, some of which are very important: 0:000> r eax=77c280e4 ebx=00000000 ecx=77c112b0 edx=77c61a70 esi=7c90e88e edi=c0000005 eip=7c90eb94 esp=0119fea4 ebp=0119ffa0 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiFastSystemCallRet: 7c90eb94 c3 ret // Not good to see us doing this: 0:000> u 77c280e4 msvcrt!__CxxRestoreUnhandledExceptionFilter: 77c280e4 ff35fc17c677 push dword ptr [msvcrt!UnDecorator::fGetTemplateArgumentList+0x3 (77c617fc)] 77c280ea ff15b810c177 call dword ptr [msvcrt!_imp__SetUnhandledExceptionFilter (77c110b8)] 77c280f0 c3 ret 77c280f1 cc int 3 77c280f2 cc int 3 77c280f3 cc int 3 77c280f4 cc int 3 77c280f5 cc int 3 // This is definitely coming from the C runtimes, so we know someone linked this: 0:000> !object 77c280e4 No export object found 0:000> !address 77c280e4 77c10000 : 77c11000 - 0004c000 Type 01000000 MEM_IMAGE Protect 00000020 PAGE_EXECUTE_READ State 00001000 MEM_COMMIT Usage RegionUsageImage FullPath C:\WINDOWS\system32\msvcrt.dll // We can see the exit itself in edx: 0:000> u 77c61a70 msvcrt!_C_Exit_Done+0x1c: 77c61a70 e0c8 loopne msvcrt!__initenv+0x2 (77c61a3a) 77c61a72 97 xchg eax,edi 77c61a73 7cff jl msvcrt!_C_Exit_Done+0x20 (77c61a74) ... // esi should point to the NtTerminateProcess function, which it does: 0:000> u 7c90e88e ntdll!NtTerminateProcess: 7c90e88e b801010000 mov eax,101h 7c90e893 ba0003fe7f mov edx,offset SharedUserData!SystemCallStub (7ffe0300) 7c90e898 ff12 call dword ptr [edx] 7c90e89a c20800 ret 8 ... // edi should have the error code, c0000005: 0:000> !error c0000005 Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. So we know the FindAtomW function that was called by something inside explorer.exe tried to read the string from an invalid location (and thus excepted, causing explorer to crash - but we still don't know who caused this, however, we do now know why. // Looking at the stack pointer (esp), we can get an idea of what happened, // hopefully - there's the call, btw, and likely populated eax (the exception): 0:000> u 0119fea4 0119fea4 9ae8907c5eca81 call 81CA:5E7C90E8 0119feab 7cff jl 0119feac 0119fead ff ??? 0119feae ff ??? 0119feaf ff050000c000 inc dword ptr ds:[0C00000h] 0119feb5 0000 add byte ptr [eax],al 0119feb7 0000 add byte ptr [eax],al 0119feb9 0000 add byte ptr [eax],al // Looking at the memory structure of the stack, it looks like this wasn't // explorer.exe; rpc and remote threads usually mean something else is amiss: // stack pointer: 0:000> dds 0119fea4 0119fea4 7c90e89a ntdll!ZwTerminateProcess+0xc 0119fea8 7c81ca5e kernel32!_ExitProcess+0x62 0119feac ffffffff 0119feb0 c0000005 0119feb4 00000000 0119feb8 00000000 0119febc 00000000 0119fec0 00000000 0119fec4 00300014 0119fec8 00000002 0119fecc 00000a64 0119fed0 00000f84 0119fed4 0008088a 0119fed8 00000000 0119fedc 00000000 0119fee0 00010003 0119fee4 00000000 0119fee8 000d8590 0119feec c0000005 0119fef0 77f6952b shlwapi!ExecuteWorkItem 0119fef4 00000000 0119fef8 0119ff40 0119fefc 7c927545 ntdll!RtlpWorkerCallout+0x70 0119ff00 000dd0d0 0119ff04 7c97c3a0 ntdll!NumExecutingWorkerThreads 0119ff08 000dd0e8 0119ff0c 00000000 0119ff10 00000014 0119ff14 00000001 0119ff18 00000000 0119ff1c 00000000 0119ff20 00000010 // base pointer: 0:000> dds 0119ffa0 0119ffa0 0119ffb4 0119ffa4 7c81cab6 kernel32!ExitProcess+0x14 0119ffa8 c0000005 0119ffac 77e8f3b0 rpcrt4!SECURITY_CONTEXT::InitializeThirdLeg+0x18f 0119ffb0 ffffffff 0119ffb4 0119ffec 0119ffb8 7c83aa89 kernel32!CreateRemoteThread+0x56 0119ffbc c0000005 0119ffc0 00f8fce4 0119ffc4 00f8fce8 0119ffc8 00000000 0119ffcc 7ffd9000 0119ffd0 c0000005 0119ffd4 0119ffc0 0119ffd8 0119ef3c 0119ffdc ffffffff 0119ffe0 7c8399f3 kernel32!_except_handler3 0119ffe4 7c80b518 kernel32!`string'+0x88 0119ffe8 ffffffff 0119ffec 00000000 0119fff0 00000000 0119fff4 7c910760 ntdll!RtlpWorkerThread 0119fff8 00000000 0119fffc 00000000 011a0000 ???????? 011a0004 ???????? 011a0008 ???????? 011a000c ???????? 011a0010 ???????? 011a0014 ???????? 011a0018 ???????? 011a001c ???????? So it's not obvious what's going on, other than it looks like something outside of explorer.exe's code doing it. Here's the non-Microsoft modules loaded or unloaded at the time of the dump: 0:000> lm module name RarExt.dll TRshell.dll JetFlExt.dll Jccatch.dll pdfshell.dll NeroDigitalExt.dll WZSHLSTB.DLL NavShExt.dll ccL60U.dll ccVrTrst.dll Unloaded modules: WZCAB3.DLL wzshlex1.dll 0:000> lmvm rarext start end module name 018a0000 018cb000 RarExt (export symbols) RarExt.dll Loaded symbol image file: RarExt.dll Image path: C:\Program Files\WinRAR\RarExt.dll Image name: RarExt.dll Timestamp: Sun Dec 26 10:34:37 2004 (41CEDA0D) CheckSum: 00021AC9 ImageSize: 0002B000 File version: 0.0.0.0 Product version: 0.0.0.0 File flags: 0 (Mask 0) File OS: 0 Unknown Base File type: 0.0 Unknown File date: 00000000.00000000 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0 0:000> lmvm trshell start end module name 01cd0000 01cf8000 TRshell (export symbols) TRshell.dll Loaded symbol image file: TRshell.dll Image path: C:\Program Files\TagRename\TRshell.dll Image name: TRshell.dll Timestamp: Fri Jun 19 18:22:17 1992 (2A425E19) CheckSum: 0002D0CA ImageSize: 00028000 File version: 3.5.7.19 Product version: 3.5.7.19 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04e4 CompanyName: Softpointer Inc ProductName: InternalName: TRShell.dll OriginalFilename: ProductVersion: FileVersion: 3.5.7.19 FileDescription: Tag&Rename shell extension LegalCopyright: LegalTrademarks: Comments: 0:000> lmvm JetFlExt start end module name 01f00000 01f29000 JetFlExt C (export symbols) JetFlExt.dll Loaded symbol image file: JetFlExt.dll Image path: C:\Program Files\JetAudio\JetFlExt.dll Image name: JetFlExt.dll Timestamp: Wed May 09 15:52:42 2007 (4642268A) CheckSum: 00000000 ImageSize: 00029000 File version: 6.0.0.9751 Product version: 6.0.0.0 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: COWON America ProductName: JetFlExt Module InternalName: JetFlExt OriginalFilename: JetFlExt.DLL ProductVersion: 6, 0, 0, 0 FileVersion: 6, 0, 0, 9751 PrivateBuild: 6, 0, 0, 9751 SpecialBuild: 6, 0, 0, 9751 FileDescription: Shell Extension for jetAudio LegalCopyright: Copyright 2005-2006, All rights reserved. LegalTrademarks: Copyright 2005-2006, All rights reserved. Comments: Copyright 2005-2006, All rights reserved. 0:000> lmvm jccatch start end module name 02630000 02645000 Jccatch C (export symbols) Jccatch.dll Loaded symbol image file: Jccatch.dll Image path: C:\Program Files\FlashGet\Jccatch.dll Image name: Jccatch.dll Timestamp: Tue May 16 03:19:40 2006 (44697D0C) CheckSum: 00000000 ImageSize: 00015000 File version: 1.1.5.0 Product version: 1.1.5.0 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: FlashGet ProductName: jccatch Module InternalName: jccatch OriginalFilename: jccatch.DLL ProductVersion: 1, 1, 5, 0 FileVersion: 1, 1, 5, 0 PrivateBuild: 1, 1, 5, 0 SpecialBuild: 1, 1, 5, 0 FileDescription: jccatch Module LegalCopyright: Copyright 1999 by FlashGet LegalTrademarks: Copyright 1999 by FlashGet Comments: Copyright 1999 by FlashGet 0:000> lmvm pdfshell start end module name 03060000 030bb000 pdfshell (export symbols) pdfshell.dll Loaded symbol image file: pdfshell.dll Image path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll Image name: pdfshell.dll Timestamp: Mon Oct 23 03:28:04 2006 (453C6F04) CheckSum: 0005D45D ImageSize: 0005B000 File version: 8.0.0.0 Product version: 8.0.0.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Adobe Systems, Inc. ProductName: Adobe PDF Shell Extension InternalName: PDFShell OriginalFilename: PDFShell.dll ProductVersion: 8.0.0.0 FileVersion: 8.0.0.0 FileDescription: PDF Shell Extension LegalCopyright: Copyright 2000-2006 Adobe Systems, Inc. 0:000> lmvm NeroDigitalExt start end module name 030f0000 032a8000 NeroDigitalExt (export symbols) NeroDigitalExt.dll Loaded symbol image file: NeroDigitalExt.dll Image path: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll Image name: NeroDigitalExt.dll Timestamp: Fri Jul 20 05:26:38 2007 (46A07FCE) CheckSum: 001C3D6D ImageSize: 001B8000 File version: 3.1.0.8 Product version: 3.1.0.8 File flags: 0 (Mask 1F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04e4 CompanyName: Nero AG ProductName: Nero Digital Tools InternalName: NeroDigitalExt.dll OriginalFilename: NeroDigitalExt.dll ProductVersion: 3, 1, 0, 8 FileVersion: 3, 1, 0, 8 FileDescription: Nero Digital Shell Extension LegalCopyright: Copyright (c) 1995-2005 Nero AG and its licensors. 0:000> lmvm WZSHLSTB start end module name 16200000 16206000 WZSHLSTB C (export symbols) WZSHLSTB.DLL Loaded symbol image file: WZSHLSTB.DLL Image path: C:\Program Files\WinZip\WZSHLSTB.DLL Image name: WZSHLSTB.DLL Timestamp: Fri Nov 10 00:49:26 2006 (455412E6) CheckSum: 00000000 ImageSize: 00006000 File version: 4.1.0.0 Product version: 11.0.0.0 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04e4 CompanyName: WinZip Computing LP ProductName: WinZip InternalName: WZSTUBSE.DLL OriginalFilename: WZSTUBSE.DLL ProductVersion: 11.0 (6595) FileVersion: 4.1 (32-bit) FileDescription: WinZip Shell Extension DLL LegalCopyright: Copyright (c) WinZip International LLC 1991-2006 - All Rights Reserved LegalTrademarks: WinZip is a registered trademark of WinZip International LLC Comments: StringFileInfo: U.S. English 0:000> lmvm NavShExt start end module name 6a090000 6a0b9000 NavShExt (export symbols) NavShExt.dll Loaded symbol image file: NavShExt.dll Image path: C:\Program Files\Norton AntiVirus\NavShExt.dll Image name: NavShExt.dll Timestamp: Sun Jan 14 04:08:04 2007 (45A9F2F4) CheckSum: 0002D7B5 ImageSize: 00029000 File version: 14.2.0.29 Product version: 14.2.0.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Symantec Corporation ProductName: Norton AntiVirus InternalName: NavShExt OriginalFilename: NavShExt.dll ProductVersion: 14.2.0 FileVersion: 14.2.0.29 FileDescription: Norton AntiVirus Shell Extension Module LegalCopyright: Copyright © 2006 Symantec Corporation. All rights reserved. 0:000> lmvm ccL60U start end module name 6ae80000 6af05000 ccL60U (export symbols) ccL60U.dll Loaded symbol image file: ccL60U.dll Image path: C:\Program Files\Common Files\Symantec Shared\ccL60U.dll Image name: ccL60U.dll Timestamp: Wed Jan 10 00:56:27 2007 (45A4800B) CheckSum: 00089671 ImageSize: 00085000 File version: 106.2.0.21 Product version: 106.2.0.21 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Symantec Corporation ProductName: Symantec Security Technologies InternalName: ccLib OriginalFilename: ccL60.dll ProductVersion: 106.2.0.21 FileVersion: 106.2.0.21 FileDescription: Symantec Library LegalCopyright: Copyright (c) 2000-2006 Symantec Corporation. All rights reserved. 0:000> lmvm ccVrTrst start end module name 6b790000 6b7af000 ccVrTrst (export symbols) ccVrTrst.dll Loaded symbol image file: ccVrTrst.dll Image path: C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll Image name: ccVrTrst.dll Timestamp: Wed Jan 10 00:56:52 2007 (45A48024) CheckSum: 0002A0D1 ImageSize: 0001F000 File version: 106.2.0.21 Product version: 106.2.0.21 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Symantec Corporation ProductName: Symantec Security Technologies InternalName: ccVrTrst OriginalFilename: ccVrTrst.dll ProductVersion: 106.2.0.21 FileVersion: 106.2.0.21 FileDescription: Symantec Trust Validation Engine LegalCopyright: Copyright (c) 2000-2006 Symantec Corporation. All rights reserved. I also noticed you had Windows Media, DRM, and Messenger .dll files in the unloaded modules list as well. Seems odd, if explorer is just starting, to have Windows Media indexer and DRM files loaded. What exactly did you do just before this started? I see what you were running, and I do suspect something multimedia-related or MSN messenger related: 0 32 0 System Process Command Line: 0 32 4 System Command Line: 0 32 444 smss.exe Command Line: \SystemRoot\System32\smss.exe 0 32 508 csrss.exe Title: Command Line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 0 32 532 winlogon.exe Command Line: winlogon.exe 0 32 576 services.exe Svcs: Eventlog,PlugPlay Command Line: C:\WINDOWS\system32\services.exe 0 32 588 lsass.exe Svcs: ProtectedStorage,SamSs Command Line: C:\WINDOWS\system32\lsass.exe 0 32 740 svchost.exe Svcs: DcomLaunch,TermService Command Line: C:\WINDOWS\system32\svchost -k DcomLaunch 0 32 788 svchost.exe Svcs: RpcSs Command Line: C:\WINDOWS\system32\svchost -k rpcss 0 32 856 svchost.exe Svcs: AudioSrv,CryptSvc,Dhcp,dmserver,EventSystem,FastUserSwitchingCompatibility,helpsvc,lanmanworkst ation,Netman,Nla,RasMan,Schedule,ShellHWDetection,TapiSrv,Themes,TrkWks,winmgmt,WZCSVC Command Line: C:\WINDOWS\System32\svchost.exe -k netsvcs 0 32 908 svchost.exe Svcs: Dnscache Command Line: C:\WINDOWS\system32\svchost.exe -k NetworkService 0 32 1040 ccSvcHst.exe Svcs: ccEvtMgr,ccSetMgr,LiveUpdate Notice Ex Command Line: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon 0 32 1172 AppSvc32.exe Svcs: SymAppCore Command Line: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" 0 32 1444 svchost.exe Svcs: Alerter,WebClient Command Line: C:\WINDOWS\system32\svchost.exe -k LocalService 0 32 1524 AluSchedulerSvc.exe Svcs: Automatic LiveUpdate Scheduler Command Line: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" 0 32 1900 ccSvcHst.exe Svcs: CLTNetCnService Command Line: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon 0 32 360 AHQTbU.exe Title: Command Line: "C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE" 0 32 368 zlclient.exe Title: ZoneAlarm Security Alert Command Line: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" 0 32 376 ccApp.exe Title: Command Line: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 0 32 976 iemaximizer.exe Title: IE New Window Maximizer Command Line: "C:\Program Files\IE New Window Maximizer\iemaximizer.exe" 0 32 1044 USBSafelyRemove.exe Title: Command Line: "C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" /startup 0 32 1108 MsnMsgr.Exe Title: Le MoNsTrE HuSsAiNoOoOoO - Conversation Command Line: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 0 32 1204 ctfmon.exe Title: Command Line: "C:\WINDOWS\system32\ctfmon.exe" 0 32 1240 vsmon.exe Title: Command Line: vsmon.exe -status 0 32 2784 winamp.exe Title: 1. Keith Power - Dark Sector Theme - Winamp [Stopped] Command Line: "C:\Program Files\Winamp\winamp.exe" 0 32 928 symlcsvc.exe Svcs: Symantec Core LC Command Line: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" 0 32 4004 FIREFOX.EXE Title: Where is tlist.exe in Windows XP? - Mozilla Firefox Command Line: "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE" -requestPending -osint -url "http://www.youtube.com/watch?v=QWs9EvZhrwU" 0 32 3100 cmd.exe Title: C:\WINDOWS\system32\cmd.exe - cscript adplus.vbs -crash -pn explorer.exe -quiet -o c:\adplus Command Line: "C:\WINDOWS\system32\cmd.exe" 0 32 2064 dllhost.exe Svcs: COMSysApp Mts: System Application Command Line: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 0 32 3584 rsvp.exe Svcs: RSVP Command Line: C:\WINDOWS\system32\rsvp.exe 0 32 2660 Explorer.EXE Title: Program Manager Command Line: C:\WINDOWS\explorer.exe 0 32 2556 dwwin.exe Title: OfficeWatson Command Line: C:\WINDOWS\system32\dwwin.exe -x -s 896 0 32 3232 cscript.exe Title: Command Line: cscript adplus.vbs -crash -pn explorer.exe -quiet -o c:\adplus 0 32 1368 cmd.exe Title: C:\WINDOWS\system32\cmd.exe Command Line: "C:\WINDOWS\system32\cmd.exe" /c tlist.exe -v >"c:\adplus\Crash_Mode__Date_03-10-2008__Time_03-05-47AM\Process_List.txt" 0 32 2484 tlist.exe Command Line: tlist.exe -v Ultimately, I need you to disable things with shellextview and autoruns if you don't see anything obvious here that jogs your memory. Oh: Try tasklist.exe -v.

Yes, automatically. Please search the forums before posting sometimes, too - this has already been extensively covered and documented here and elsewhere. And stickied .

If it happens again, let us know. I for one would have liked to get a look at that file (and configuring your box for something more concrete, like a complete memory dump, would be better - just make sure the paging file is on the \Windows volume and it's at least RAM+64MB in size).

If you got a dump of explorer.exe, upload the whole "crash-mode-xxx...." folder after you compress it into a zip or a rar.

If you have the SATA drivers for your system, look in the nlite forums (or the other unattended forums) for how to integrate them. The 7B is telling you it can't find the bootable Windows disk, and bugchecks. If you had the drivers for the controller integrated, it should work. Make sure you delete that pirated copy if you haven't already, though. You know how we feel about pirated software here.

Exercise. Not heavy, just a quick jog for 5 minutes and a decent amount of water (always lowers hunger pangs). Did this for about 2 weeks, and I got my body to the point where I didn't feel hungry until regular meal times for me (early breakfast, afternoon lunch, later dinner). And, it didn't hurt that I had finally decided for good that I looked fat at 250lbs and wanted to slim down for real .

I agree with substitution - my bad habit was food. I ate way too much and when it came time to lose the weight, I found that substitution worked best in my situation. Once I subbed instead of eating, I was able to break the cycle, eat healthier, and lose the weight. The downside, of course, was having to buy new pants.... . Just my 2 cents.

It's possible to open the page from the gina, yes. However, you have to remember that you'll be running under the user LocalSystem (SYSTEM), and not a user. The web site you publish MUST not have any user security on it (not even basic), or the machine will not be able to authenticate (you can't auth at the logon screen to another box). Meaning your solution will work, but it won't be very secure (you CAN try SSL, but I've seen that fail too, so don't be surprised if it has to be HTTP). It'll be clear-text, so you better trust your network .

how to do it? http://www.msfn.org/board/Creating-memory-dumps-t90244.html

I read that to mean he's got x86 Windows, and his version of Windows doesn't work on x64 or ia64 (natively, which of course it won't). I read that to mean he specifically wanted to determine which hotfixes to integrate.Since we've answered his questions in both ways, I'm locking down this thread so it doesn't spiral out of control. Questions answered (in both possible ways).

It was removed in Server 2008 completely, you didn't miss it. I'm not sure why this was done, but I'm guessing it cannibalized sales of Exchange. I can't think of any other reason.

The OPs point was specific to installing updates, so the mode the OP's Windows is installed in IS the issue . There are many ways other than this to figure out processor type (regardless of version of OS), but I understood the original question to be "which version of an update do I install when I can find x86, x64, and ia64 editions of an update".

A dump of explorer.exe crashing would be nice too - also, if it worked in safe mode but not regularly, something else is amiss .

Make one available somewhere and post the link here, and we'll have a look.

If you're having problems in both Firefox and Internet Explorer, it definitely sounds like something problematic deeper in the OS. Have you considered installing the Windows Script Host 5.7 update and seeing if that makes things any different?

If you're looking for something easy to read, run "msinfo32" on your box and it'll tell you what type of OS is installed (x86 vs x64 vs ia64) and the processor in the machine. If you have a machine that you cannot use x64 or ia64 patches on, it'll be x86 (32bit). x64 = AMD and Intel x86-64 processors, and ia64 = Intel Itanium (and you would know you had one of those, because your wallet would be very, very light).

Hopefully devs having real issues with their site and IE8 will post bugs and perhaps review their code. IE8 isn't 100% standards compliant (most browsers are not), and a lot of the hacks previously used to get a site to render properly in IE6 specifically will horribly break a site in IE8. If you can get your site to render in quirks mode in IE7, it should render properly in IE8 too (although strict would be much better, quirks will do).

If you can get your box to work in safe mode, consider running ShellExView and Autoruns to disable all non-Microsoft shell extensions and startup items, then reboot regularly and see if that fixes it (almost always does). Then, if you need something you disabled, re-enable things one at a time or in small bunches until the problem returns, and you can then pinpoint what you enabled that caused the problem.

The vista binaries themselves are language neutral, so ALL languages are a MUI. Therefore, all Vista code updates are global (not language-specific). The Language packs are the .mui files that change the display, but again, hotfixes and updates that are not language pack updates are all language-neutral.

Most of those software packages install drivers which run at the same layer or lower than the device they're attached to (lower and upper filters). If you had CD software/drivers on your box that are incompatible, it's hard to say which caused the problem specifically. However, it really doesn't matter, because ither way you were destined for failure. You could try a newer version of the nero suite and InCD that are Vista compatible and try again, if you so desire.

OS updates should be in English, unless the OS itself is localized in German. A MUI doesn't change which updates to install (unless they're specifically targeting the MUI pack itself).

I meant that without the actual file opened up in windbg on my box, I can't be 100% certain - but I am 95% certain . Generally, .dmp files are far too large to upload - you're better off using a file hosting service. Good luck

Hopefully you documented and submitted the bugs and sites you had issues on!

Hard to say for sure without the dump file to actually poke and prod memory, but yes, if you see a driver load in csrss.exe and immediately after you see nt!TerminateProcess, it's very, VERY likely it's your culprit . It is also very old for a symevent.sys (Tue Nov 07 22:38:37 2006) - considering this binary gets updated every 4 - 6 months from symantec, you are likely at least 3 versions behind. Note that this binary is usually only upgraded on major version upgrades of their software, otherwise it is never updated (and it can get pretty buggy when you're that far behind). You can get the latest symevent plus installation instructions here.