Process Explorer : process explorer detecting hidden processes

October 13, 2015, 7:32 am

≫ Next: Miscellaneous Utilities : Reporting vmmap exception

≪ Previous: Troubleshooting : Help with BSOD "Pool Corruption"

$

0

0

Author: DannyJohnson
Subject: process explorer detecting hidden processes
Posted: 13 October 2015 at 2:32pm

Does process explorer detect hidden processes not caused by rootkits

---

Miscellaneous Utilities : Reporting vmmap exception

October 13, 2015, 9:34 am

≫ Next: Miscellaneous Utilities : the meaning of message in procdump

≪ Previous: Process Explorer : process explorer detecting hidden processes

$

0

0

Author: MagicAndre1981
Subject: Reporting vmmap exception
Posted: 13 October 2015 at 4:34pm

0x40000015 = STATUS_FATAL_APP_EXIT

so there was a fatal error. Capture a crash dump with procdump (https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx):

procdump -ma -i C:\dumps

zip the dump, upload it to OneDrive and send Mark the link to the dump:

http://blogs.technet.com/b/markrussinovich/contact.aspx

Miscellaneous Utilities : the meaning of message in procdump

October 13, 2015, 9:37 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Miscellaneous Utilities : Reporting vmmap exception

$

0

0

Author: MagicAndre1981
Subject: the meaning of message in procdump
Posted: 13 October 2015 at 4:37pm

E06D7363 = VC++ Exception:

http://blogs.msdn.com/b/oldnewthing/archive/2010/07/30/10044061.aspx

But I have not found anything what AVEPSCoreException is. Does this come from procdump or from a 3rd party tool?

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 13, 2015, 9:41 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Miscellaneous Utilities : the meaning of message in procdump

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 13 October 2015 at 4:41pm

I looked at the trace and saw that the CPU usage come from Zeroing the RAM (ntoskrnl.exe!MiZeroWorkerPages) before it can be reused again.

Install all updates and the Enterprise Hotfix Rollup (https://support.microsoft.com/en-us/kb/2775511) and try again. You use a Server 2008 R2 with the Sp1 and without any later updates.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 13, 2015, 10:02 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: sk12345
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 13 October 2015 at 5:02pm

Thanks a lot !
Could you please explain, what do you mean by Zeroing the RAM ?
I tried to look it up but cannot find much information on it. Meanwhile, I will install the Hotfix and will update if things improve.
Kind Regards,
SM

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 13, 2015, 10:20 am

≫ Next: PsTools : PSShutdown on Windows 10

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: pinscomputer
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 13 October 2015 at 5:20pm

@sk12345

take a look at this Microsoft video starting at approximately timestamp 20 minutes 32 seconds.

https://channel9.msdn.com/events/TechEd/NorthAmerica/2011/WCL406?format=smooth

 

there is a general explanation of how the memory manager works, including the zero page thread.

 

PsTools : PSShutdown on Windows 10

October 13, 2015, 10:26 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: ChaosEngine
Subject: PSShutdown on Windows 10
Posted: 13 October 2015 at 5:26pm

OK, maybe a trace with procmon will tell you why you keep getting the access denied?

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 13, 2015, 10:58 am

≫ Next: Process Explorer : process explorer detecting hidden processes

≪ Previous: PsTools : PSShutdown on Windows 10

$

0

0

Author: sk12345
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 13 October 2015 at 5:58pm

@MagicAndre1981
I have installed Enterprise Hotfix Rollup and also one another patch from the link that you have provided.
It still does not seem to solve the problem. CPU Utilization is still the same. If you need another trace then please let me know.

---

Process Explorer : process explorer detecting hidden processes

October 13, 2015, 11:13 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: ChaosEngine
Subject: process explorer detecting hidden processes
Posted: 13 October 2015 at 6:13pm

More info on this can be found here

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 13, 2015, 9:57 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Process Explorer : process explorer detecting hidden processes

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 14 October 2015 at 4:57am

now you need to do "try & error" approach. try to stop some applications until you find the one that allocates new memory so often that the kernel has to zero RAM so often.

Currently I only know that HW acceleration in Chrome causes it.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 14, 2015, 2:28 am

≫ Next: PsTools : PSShutdown on Windows 10

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: sk12345
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 14 October 2015 at 9:28am

@MagicAndre1981
Could you please tell me how did you find out that CPU load is coming from 'ntoskrnl.exe!MiZeroWorkerPages' ? I cannot seem to find it in the trace file.
Thanks

PsTools : PSShutdown on Windows 10

October 14, 2015, 3:09 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: quatermass
Subject: PSShutdown on Windows 10
Posted: 14 October 2015 at 10:09am

Good idea as I'm getting no where. :)
It's really odd as I launch the  Bat file via run as administrator it just flashes up and closes. If I just run it, I get the batch window with the window asking for input.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 14, 2015, 3:44 am

≫ Next: PsTools : PSShutdown on Windows 10

≪ Previous: PsTools : PSShutdown on Windows 10

$

0

0

Author: sk12345
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 14 October 2015 at 10:44am

By using process explorer, I found that thread '132   46.97 1483  ntoskrnl.exe!RtlRemoveEntryHashTable+0x360' is responsible for almost all of the load on the machine. @MagicAndre1981's initial analysis is correct. Some Application is responsible for zeroing the ram.
but There are no applications installed on this machine for me to deinstall and check. We have around 10 other machines with same configuration and same specs. But this problem is only occurring on this machine.
Any hints will be highly appreciated !

PsTools : PSShutdown on Windows 10

October 14, 2015, 7:12 am

≫ Next: Troubleshooting : pst files outlook

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: ChaosEngine
Subject: PSShutdown on Windows 10
Posted: 14 October 2015 at 2:12pm

The PsShutdown service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Try:

1 open regedit 

2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows and change NoInteractiveServices from 1 to 0.

See if PsShutdown then works.

Interactive Services

P.s Don't forget to backup your registry before making any changes!

 

Edited by ChaosEngine - 21 hours 59 minutes ago at 6:23pm

Troubleshooting : pst files outlook

October 14, 2015, 8:58 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: PsTools : PSShutdown on Windows 10

$

0

0

Author: edwardsx6
Subject: pst files outlook
Posted: 14 October 2015 at 3:58pm

Can someone please give me some possibilities for (preferably free) software strategies / techniques to repair archived past files - archived from outlook 2007 clients

I constantly get errors when trying to open some of them - either I get the message that

1. the pst file is corrupted or 

2. the pst file is not recognised as a personal pst file

I have obviously tried the ost / pst repair tools but no luck

---

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 14, 2015, 9:16 am

≫ Next: Process Explorer : ProcessExplorer prevent deleting a Windows Service

≪ Previous: Troubleshooting : pst files outlook

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 14 October 2015 at 4:16pm

Load the ETL in WPA, laod the debug smybols and arrange the columns this way and expand the stack:

Process Explorer : ProcessExplorer prevent deleting a Windows Service

October 14, 2015, 10:03 pm

≫ Next: Process Explorer : ProcessExplorer prevent deleting a Windows Service

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: sken130
Subject: ProcessExplorer prevent deleting a Windows Service
Posted: 15 October 2015 at 5:03am

Yes, I faced the same problem too. This problem occurs randomly.

Process Explorer : ProcessExplorer prevent deleting a Windows Service

October 14, 2015, 10:07 pm

≫ Next: PsTools : Psexec - setting affinity

≪ Previous: Process Explorer : ProcessExplorer prevent deleting a Windows Service

$

0

0

Author: sken130
Subject: ProcessExplorer prevent deleting a Windows Service
Posted: 15 October 2015 at 5:07am

The problem happens randomly when I run psexec in an elevated Windows cmd console.

psexec -s "C:\Program Files\Java\jdk1.7.0_75\bin\jstack.exe" 18936 > "thread_dump_%tempdate%.tdump"

PsTools : Psexec - setting affinity

October 15, 2015, 6:04 am

≫ Next: Disk2vhd : VHDX doesn't start with W10

≪ Previous: Process Explorer : ProcessExplorer prevent deleting a Windows Service

$

0

0

Author: nitnit
Subject: Psexec - setting affinity
Posted: 15 October 2015 at 1:04pm

Hello PSTools experts,

We are using Psexec utility to rum multiple instances of a process on different cores of a windows system.

Recently we have tried to use a 20-processor system which supports hyper-threading (provides up to 40 cores).

It seems that when the affinity setting is higher than 32, the actual affinity value wraps (i.e. setting -a 33 results with core 1 being used, -a34 results with core 2 being used etc...).

Is there any limit on the value which set with the "-a" option ? Can we control the affinity for all 40 cores by Psexec ?

Regards

Nitzan

Disk2vhd : VHDX doesn't start with W10

October 15, 2015, 11:41 am

≫ Next: Miscellaneous Utilities : Sdelete left empty folders

≪ Previous: PsTools : Psexec - setting affinity

$

0

0

Author: dtag
Subject: VHDX doesn't start with W10
Posted: 15 October 2015 at 6:41pm

Hi,

before i upgraded my Windows 8.1 to Windows 10, i had made VHDX with Disk2VHD. It worked very good.

But now with Windows 10 Hyper-V i can't start the VHDX.

I get this information at the boot process. I have disabled the Safe Starting Option. My phyisical maschine has not UEFI...



Have any one an idea?

Best regards,

Stefan


Edited by dtag - 21 hours 40 minutes ago at 6:42pm