Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Autoruns : High DPI Scaling of Sysinternals Apps

January 3, 2016, 6:27 am
$
0
0
Author: thnuser
Subject: High DPI Scaling of Sysinternals Apps
Posted: 03 January 2016 at 2:27pm

I have not tried all the Apps since I changed laptops but I wanted to get this out there. I tried AUtoruns and with the Alienware 17 r3 which has a 17.3 inch 4K screen (38402x2160 resolution) the text and icons are too tiny to see without a magnifying glass. This is not the first App I have found that does not understand high DPI scaling on WIndows 10 (64 bit). I was ,however, surprised that even when I created a Manifest file as documentation from MSDN instructs, the program does not look fro the presence of a manifest file to properly allow scaling. It would be nice if we could get this changed as 4K monitors are becoming more prevalent.
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 3, 2016, 9:38 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 03 January 2016 at 5:38pm

have you tested it more? Does it solve the issue?

Miscellaneous Utilities : ZoomIt mouse problem

January 3, 2016, 9:03 pm
$
0
0
Author: ethynol
Subject: ZoomIt mouse problem
Posted: 04 January 2016 at 5:03am

I'm having the same problem here, zooming it works great, (CRTL 1) but live zoom (CRTL 4) does not show the mouse/pointer.  I can still do things, such as move the screen, even click around, but I have to guess where the mouse is based on when it hovers over things and highlights them.

I've done a clean install on Win10 and am using Zoomit 4.5.  I even downgraded to an older version of zoomit (4.2 I think) and it still didn't work.  I've also tried it on serveral different computers and even a mac running VMWare and Win10 with the same results.

Any help would be great.

Thanks

Miscellaneous Utilities : RAMMap on Windows 10

January 4, 2016, 7:07 am
$
0
0
Author: johnwerneken
Subject: RAMMap on Windows 10
Posted: 04 January 2016 at 3:07pm

RAMMAP.exe 1.4 works not with win 10 pro 64 build 11082

Miscellaneous Utilities : RAMMap on Windows 10

January 4, 2016, 7:11 am
$
0
0
Author: johnwerneken
Subject: RAMMap on Windows 10
Posted: 04 January 2016 at 3:11pm

Originally posted by fernandk fernandk wrote:

Hello!

I came here to report that RamMap is not working with Windows 10 build 10586 but it seems who needed to be aware of it already is, that's a definite relief.. I tried loading RAMMap today because I noticed a huge ammount of RAM had been leaked during my OS session.

I need RamMap to diagnose what is causing the leak. I suspect it has something to do with hibernation. I use hibernation very often, at least twice a day, when I go out to launch and when I go to sleep, my OS session is the same for as long as it can, sometimes it dures a month. It's been like that for several years with Windows 7 and 8.0.

But since I installed Windows 10 - one month ago - my session doesn't go as far as a week. There's too much memory leak I end up having to restart the PC to clear the RAM. I have 32 gigs of RAM, today it hit 22 gigs of RAM with ALL user's installed programs and services turned off. I closed it all, everything I could find I killed until only critical system's programs ans services were open. And there was still 22 gigs of RAM being occupied. 

Well, that's my history. It's been fun. Guess I'll have to wait for RamMAP to be updated so I can start digging this issue again. =D



Memory compression may be causing the system porocess to use a lot of ram. http://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/windows-10-system-memory-leak/12e3b8ab-d95d-43ba-b1db-6e21d0657de1?auth=1

The purpose is to minimize pagefaults. In my use case, I got more trouble from churning than i got benefit from it, so i disabled the feature:

I solved it by changing the registry (different from @Alex DC). Open notepad, save the below text (after the start line and before the end line) as .reg extension and run the file:

--------------- START ----------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TimeBroker]
"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
"DisplayName"="Superfetch"
"Start"=dword:00000003

---------- END -----------------------

Now my System process has less than 0.1 MB. Of course you need to reboot your computer first.


Miscellaneous Utilities : RAMMap on Windows 10

January 4, 2016, 12:04 pm
$
0
0
Author: MagicAndre1981
Subject: RAMMap on Windows 10
Posted: 04 January 2016 at 8:04pm

@johnwerneken

you disabled a nice FEATURE of Windows 10:

http://superuser.com/a/952142

Autoruns : Autoruns: new bug verified.

January 4, 2016, 4:19 pm
$
0
0
Author: markel
Subject: Autoruns: new bug verified.
Posted: 05 January 2016 at 12:19am

This is still broken, 2+ months after reporting. As I stated previously, this is a problem because the number of false 'missing files' makes it hard to identify actual problems, find new entries that shouldn't be there, etc. It is a major pain trying to isolate new entries amongst the dozens of false reports. It makes Autoruns virtually useless for me. We need a fix for 64-bit Windows users.

Miscellaneous Utilities : ZoomIt Mouse Pointer

January 5, 2016, 3:21 am
$
0
0
Author: plumothy
Subject: ZoomIt Mouse Pointer
Posted: 05 January 2016 at 11:21am

ZoomIt is brilliant, but I can't use it since switching to Windows 10.

Is the invisible ZoomIt LiveZoom mouse pointer issue going to be addressed?

If not, I'll have to go back to Windows 7.
Search

Process Explorer : P.E. crashes - server with 2900 processes

January 5, 2016, 6:50 am
$
0
0
Author: j.pugh
Subject: P.E. crashes - server with 2900 processes
Posted: 05 January 2016 at 2:50pm

@pinscomputer - Thanks!

I've created a dump file using procdump and I'm looking to email it.  I'll update when I hear back.

Joe

Autoruns : Suggestion: autorunsc - Proxy aware

January 5, 2016, 12:33 pm
$
0
0
Author: dsplice
Subject: Suggestion: autorunsc - Proxy aware
Posted: 05 January 2016 at 8:33pm

Would love to see an option in autorunsc to use a specific web proxy (non-transparent) to connect to the internet (aka the VirusTotal lookups).  The VT lookup is very useful in incident response however I am unable to use it at my current company.

dsplice

Troubleshooting : How can I recover deleted files

January 5, 2016, 1:01 pm
$
0
0
Author: Kim John
Subject: How can I recover deleted files
Posted: 05 January 2016 at 9:01pm

Accidental deletion of importantfiles by hitting Shift + Delete key will hurts anyone. Don’t get panic undersuch situations because the deleted files are still present on your storagedrive until they get overwritten with some new files. There are variousrecovery tools readily available in the market but the chances of recovery withthese tools are less.

So I recommend you to use thisHard Drive Data Recovery software which helps you to recover your deleted orlost files in hassle free manner. For more information and data related queriesyou can check this page: http://www.recoverfilesfromharddrive.net/format.html

Disk2vhd : disk2vhd fails when running procmon

January 5, 2016, 1:26 pm
$
0
0
Author: parkaz
Subject: disk2vhd fails when running procmon
Posted: 05 January 2016 at 9:26pm

I have had a problem since upgrading to win10 with not being able to save a system image to my NAS drive "Seagate Central". I found that I could save the image to a win7 computer on my network. In order to investigate, I did a procmon scan when saving to each location to pin down the problem. My problem there is that I am not a programmer but I have a general idea what the problem is. However, the reason for posting on this forum is that I tried to save an image to my seagate using disk2vhd (using vhds) and it worked fine. However when I try to run disk2vhd with procmon running, I get an error "unable to open disk 0". Any suggestions would be greatly appreciated.

thanksAngry

Disk2vhd : disk2vhd fails when running procmon

January 5, 2016, 1:44 pm
$
0
0
Author: parkaz
Subject: disk2vhd fails when running procmon
Posted: 05 January 2016 at 9:44pm

An added note. The VSS error log is throwing out: 
0x80070005, Access is denied.
Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {26e28ee4-8e0e-4f6c-b9e7-bb8f97f43259}

Miscellaneous Utilities : RAMMap on Windows 10

January 5, 2016, 2:36 pm
$
0
0
Author: johnwerneken
Subject: RAMMap on Windows 10
Posted: 05 January 2016 at 10:36pm

Originally posted by MagicAndre1981 MagicAndre1981 wrote:

@johnwerneken

you disabled a nice FEATURE of Windows 10:

http://superuser.com/a/952142

It probably is a nice feature - I suppose most people care about speed. As long as there is responsivenes, I don't, I care about stability.

My main system does a lot of stuff 24 x 7. The swapping /compression was not just utilizing RAM, it was sucking cpu cyles and crashes seemed to result - stopped since I made this change.

Troubleshooting : Standby Memory Problem

January 6, 2016, 7:42 am
$
0
0
Author: IT_Tech
Subject: Standby Memory Problem
Posted: 06 January 2016 at 3:42pm

I have a Windows Server 2008 R2 server with 24GB RAM. Backups (using Windows Backup) have been failing daily with "Insufficient Quota" error. Further research shows Standby Memory has completely consumed all available Free Memory. I downloaded the RAMMap app and cleared the Standby Memory

After doing so and launching the Resource Monitor, I can see the Standby Memory being consumed in 12 to 25 MB blocks and not being released. Using RAMMap again, I see large chunks of memory are being used by a "user" to "move" PDF files from one location to another on the same disk. I think this is the culprit and if so, any suggestions or thoughts on why this memory is not being released back to the "free" pool?

I think I understand that as the system requires free memory from the Standby (choosing the lowest priority?), but inevitably, what happens is the error regarding the Backup, in that it does not have enough resources to perform the VS of the disk for backup.

Not really sure how to troubleshoot this, any suggestions or thoughts would be greatly appreciated (as long as they are constructive!).
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 6, 2016, 10:05 am
$
0
0
Author: tytanium
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 06 January 2016 at 6:05pm

Hello,
I have the same kind of problem : my CPU usage is 20% when I don't use my computer for 5 minutes. But if I let my computer in standby mode for over than 12h. My CPU usage is around 20% all the time.
After looking with "process Explorer" in the threads in properties. I can see ntoskrnl.exe working at 15%+ on my CPU.
I am using windows 10 and had the same problem on windows 8.1.
I reinstalled totally my computer but it didn't solve the problem.

I did the step like the 1st page and this is the link of the result to the command
"xperf -on latency -stackwalk profile -buffersize 2048 -MaxFile 1024 -FileMode Circular && timeout -1 && xperf -d C:\highCPUUsage.etl" :


I'm out of solution. And I'm not expert on windows.
Can you help me to find the solution for my problem please?
Thank you in advance :).

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

January 6, 2016, 1:26 pm
$
0
0
Author: tytanium
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 06 January 2016 at 9:26pm

thank you, I'll try that and answer to you in few days if it solved my problem :)

Miscellaneous Utilities : BUG - ZoomIt on Windows 10

January 7, 2016, 1:48 am
$
0
0
Author: LucianC
Subject: BUG - ZoomIt on Windows 10
Posted: 07 January 2016 at 9:48am

Is there a way to make ZoomIt - LiveZoom functional on Windows 10? Is it a great tool for presentations but on live zoom I loose the mouse cursor.
Unfortunately it does not seems to work in compatibility mode so maybe will be updated to work on Windows 10.
 
Thanks.

Malware : Gpu based paravirtualization rootkit, all os vulne

January 7, 2016, 2:07 am
$
0
0
Author: lil_king420
Subject: Gpu based paravirtualization rootkit, all os vulne
Posted: 07 January 2016 at 10:07am

So... another year... hope you world's treat you well this one...

Just stumbled onto some further additional resources directly relating to our thread... one's from 2006!!!  though that doesn't really surprise me much... Damn this internet is HUGE!  and for the record... google sucks!

knowledge is free... continue to share it!  thanks

https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Zovi.pdf

http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/

https://heatsoftware.com/security-blog/10082/is-your-graphics-card-hiding-a-rootkit-or-keylogger/

http://www.extremetech.com/computing/205270-proof-of-concept-gpu-rootkit-hides-in-vram-snoops-system-activities

https://antivirus.comodo.com/blog/computer-safety/rootkits-or-keyloggers-can-hide-on-a-graphics-card-and-gain-access-to-your-computer/

enjoy..
Stay safe.  Stay vigilant!  I hope 2016 brings many lulz!


Edited by lil_king420 - 10 hours 4 minutes ago at 10:39am

Autoruns : Autoruns - Bug - windows Startup folder

January 7, 2016, 7:01 am
$
0
0
Author: jabiilord
Subject: Autoruns - Bug - windows Startup folder
Posted: 07 January 2016 at 3:01pm

If you have a virus (file) in C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup that has a dot in front of the name, autoruns will not detect it.

ex: C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.virus.exe

This happens in Autoruns v13.51, Windows 7 64 bit version.
I haven't tested on other windows versions.


Viewing all 10386 articles
Browse latest View live
Search