RESOLVED: lsass.exe running @ 50% w/ Tinker.exe

OK:

Logged in as Ibrahim and tried to run as Test: WORKED PERFECTLY
Logged in as Ibrahim and tried to run as Ibrahim: (well)

Right, here is the issue. I can't get it to run anything under my name: I type everything in correctly, just like I did to make it run under Test. I just changed the name to "Ibrahim".

Here is what I exactly wrote:

runas /profile /user:OPC\Ibrahim "E:\Program Files (x86)\Microsoft Games\Tinker\Tinker.exe"

It asks for a password and I put one in. I actually just made up a password for both Test and Ibrahim accounts as I realized runas won't let me do it without a password. Anyways, I press and enter and it gives me an error:

1326: Logon failure: unknown user name or bad password

But my name is definitely in correctly (I tried changing it to "Ibrahim" and it said there already was an account with this name: duh) and the password, ironically, is the same one I used for Test: "lol" without the quotes. And yeah, I checked CAPS LOCK: not on.

~Ibrahim~



Edited by ikjadoon - 04 October 2008 at 2:09pm

So, I checked the process lists. They were identical except that the Test account had these processes while my main one did not:

AVGWatchdogService (site checker used by AVG; I don't like the way it is implemented)
Razertra.exe (tray icon for Razer mice)
1 Sidebar.exe (versus 2 Sidebar.exe on Ibrahim)

And that's it. I purposefully disabled the first two and the sidebar issue just depends on how many gadgets your running, I think.

So, I ran through the Tinker game on the Test account again. Lsass.exe barely does anything. It only operates in HKLM/SECURITY or HKLM/SAM, which you say are both normal. It doesn't even try to open anything in my AppData folder or the Microsoft folder in the registry like it does on my main account. I don't see why it would even want to open anything on my main account!

One thing I noticed: while opening the game on the test account, it failed blaming something about a 3D Driver. I exited the dialog and tried again, and it worked. Odd. The game started to open, the splash screen came up (which has NEVER come up on my main account), and then gave me the error.

This is just ridiculous, Microsoft. I almost wish I could write them an email about this bloody issue without having to spend $60(!) to do it. :(

Thanks again. :)

~Ibrahim~

P.S. Should I try safe mode?



Edited by ikjadoon - 03 October 2008 at 9:23pm

it won't crash on me now, with 899,473 showing of 1,232,0062 events. Figures. ;)

Try getting it to show 1+ million events.

crss.exe

Or csrss.exe?

Is there something I'm looking for, exactly?

The idea is to compare the log from an invocation of Tinker.exe that behaves as you would expect, with the log from an invocation of Tinker.exe that does not behave as one would expect.  That's a very general idea, of course, but with not much being known about the problem it is difficult to direct to any specific area.  And the problem may not be readily discoverable, if at all, using this technique.

it is just doing lots of things

Yes.  The stack you posted suggests lsass.exe is doing work requested of it by another process.  Again, it seems difficult to discover what process it may be, and even if one could it may not be obvious why that process was acting that way.

Another thought - since you witness the behavior with one account but not another, perhaps you could compare the list of processes running in each case, and eliminate the ones that are running when you have the problem, that aren't running when you don't.  You might also consider selectively stopping / exiting / killing other applications / services / processes, in an attempt to determine if there may be some other interaction among processes, that stopping one may help with.

Oh......I get it now. Sorry, I was a bit confused; I've actually never made an entire folder (key) in the Registry, just new values. :) Running it again.

~Ibrahim~

Oh, blast, I guess not. I want to say so, yes. I'm not positive,but it never crashes in the very beginning.

Old GPU driver: the Tinker issue.

Sure, give me a few moments while I get Tinker running again.

~Ibrahim~

EDIT: I don't seem to have a LocalDumps folder, only Consent, Debug, Excluded Applications, Hangs, Heapcontrolledlist, and Livekernel reports. No Localdumps folder in Windows Error Reporting.


Edited by ikjadoon - 03 October 2008 at 2:43pm