Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Troubleshooting : ntoskrnl.exe high cpu usage

March 7, 2016, 2:29 pm
$
0
0
Author: zbaw
Subject: ntoskrnl.exe high cpu usage
Posted: 07 March 2016 at 10:29pm

Hello,

I have noticed high CPU usage from ntoskrnl.exe (using process explorer). The thing is, I did not have this problem until two days ago and I don't know what could be the trigger. I noticed because the laptop gets hot and the CPU fan starts very often.
My laptop is an Apple Macbook 15" Retina late 2013. I run Windows 10 as my only operating system.

Any help would be greatly appreciated.
Thank you!

Edit: I have to mention that I looked into the other thread regarding the same problem but I don't know if I should post there the log by using xperf.


Edited by zbaw - 42 minutes ago at 10:33pm
Search

Troubleshooting : ntoskrnl.exe high cpu usage

March 7, 2016, 2:52 pm
$
0
0
Author: zbaw
Subject: ntoskrnl.exe high cpu usage
Posted: 07 March 2016 at 10:52pm

You can delete this post because I posted on the other thread. Sorry for not doing this from the first time.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 7, 2016, 2:54 pm
$
0
0
Author: zbaw
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 07 March 2016 at 10:54pm

Hello,

I have noticed high CPU usage from ntoskrnl.exe (using process explorer). The thing is, I did not have this problem until two days ago and I don't know what could be the trigger. I noticed because the laptop gets hot and the CPU fan starts very often.
My laptop is an Apple Macbook 15" Retina late 2013. I run Windows 10 as my only operating system.

The command I ran: xperf -on latency -stackwalk profile -buffersize 2048 -MaxFile 1024 -FileMode Circular && timeout -1 && xperf -d C:\highCPUUsage.etl


Any help would be greatly appreciated.
Thank you!


Edited by zbaw - 20 minutes ago at 10:55pm

Process Explorer : AVG antivirus detection

March 7, 2016, 5:44 pm
$
0
0
Author: engmod5
Subject: AVG antivirus detection
Posted: 08 March 2016 at 1:44am

Only AVG can fix that.

Troubleshooting : SysEdit and Command not running on Win7/32

March 8, 2016, 12:18 am
$
0
0
Author: Isolde
Subject: SysEdit and Command not running on Win7/32
Posted: 08 March 2016 at 8:18am

Hello,

In our company we are using multiple 16bit applications, which we can't replayce any time soon.
Those apllications are running without Virtual-PC or VM-Ware on Win 7/32. Now we've got a problem
with a new purchased "HP ProDesk 600 G2 SFF" with Win 7/32. Not even one 16bit apllication is running on this computer.
Neither SysEdit nor Command are able to start, even after a complete new installation of Win7/32.
If possible we try to avoid using software like VMWare and I hope that someone has an idea, so we can solve this problem.

Greetings from germany,

Isolde

PsTools : PsExec execute cmd on standard user access denied

March 8, 2016, 1:46 am
$
0
0
Author: schussda
Subject: PsExec execute cmd on standard user access denied
Posted: 08 March 2016 at 9:46am

I get access denied with PsExec when i try to execute a command remotely on a machine with standard user credentials
PsExec.exe \\IP -u USER -p PW -l echo %PATH%Could'nt access IPAccess Denied.

Is it possible to configure the standard user account (target) to grant access to remote call without changing it to admin user? I use Windows 7 Professional SP1



Edited by schussda - 13 hours 41 minutes ago at 9:47am

Troubleshooting : SysEdit and Command not running on Win7/32

March 8, 2016, 3:15 am
$
0
0
Author: rmetzger
Subject: SysEdit and Command not running on Win7/32
Posted: 08 March 2016 at 11:15am

Right-click application > Properties > Compatibility tab

Check 'Run this program in compatibility mode,' and select the OS to emulate

and try again.

Good luck!
Ron Metzger

Miscellaneous Utilities : DbgView stalls OutputDebugString calls after 1GB

March 8, 2016, 4:13 am
$
0
0
Author: mdruiter
Subject: DbgView stalls OutputDebugString calls after 1GB
Posted: 08 March 2016 at 12:13pm

I think I found a bug in DebugView...

Setup
The machine was a Citrix VM running Windows Server 2003. I know...
As a Scheduled Task, a VBScript first started DbgView via WshShell.Exec, as follows:
"D:\Path\DbgView.exe" -accepteula /t /f /g /om /l "\\server\share\path\DbgView.csv"
Then the script started three (equal) executables working together on some data. Each of these processes logged lots of messages via OutputDebugString.

Problem
The DbgView log file gradually increased in size. When it got near 1GB in size all three processes 'hung'. Actually it contained 1,070,153,902 bytes < 0.997 GB so 3.4 MB short.
Looking at the stack trace (with Process Explorer) I found out that they were all stuck in a OutputDebugString call.

As soon as I killed the DbgView process in an interactive session, the three processes continued their work!

Am I right that this could well be a deadlock situation? Is this something that could be fixed in DebugView perhaps?

Although not trivial, I could try to reproduce this issue, maybe on a recent OS. Is that worth it? Anything else I can do to help?
Search

Troubleshooting : SysEdit and Command not running on Win7/32

March 8, 2016, 6:01 am
$
0
0
Author: Isolde
Subject: SysEdit and Command not running on Win7/32
Posted: 08 March 2016 at 2:01pm

Thank you for your fast answer!

SysEdit is part of the 16 bit subsystem. Unfortunately it is not possible to run 16 bit command.com in compatibility mode, because the content of this tab is disabled.

Greetings

Isolde

Troubleshooting : lmhosts / high I/O Other Operations/sec

March 8, 2016, 9:51 am
$
0
0
Author: HyperShredding
Subject: lmhosts / high I/O Other Operations/sec
Posted: 08 March 2016 at 5:51pm

Hello,

I have had a problem driving me crazy for the past two weeks, and it seems that Process Monitor saved my day. However, I can't really find much about this problem, so if anyone has an idea, I'd be glad to hear it.

So, every once in a while and for about 10 to 15 seconds, the System process is going <1% CPU usage to 20%+. Might not seem much, but when I play games (I can't say whether the problem happens every time) it is very noticeable since I get huge lag spikes & FPS drops. For the record, I'm always connected to the Internet but rarely play online, at least not since I've had this problem.

I first tried using Data Collector Sets, and found that the spikes involved the cryptic counter "I/O Other Operations/sec". Here is an example:



As you can see, System makes up for 99%+ of the total, so I was sure it came from this.

Now, using Process Explorer, I tried getting to the  "Properties > Threads" tab of the System process, and see which thread was at fault, but it didn't help much. Clicking "Stack" gave an error (unable to access thread), while clicking "Module" only showed that "ntoskrnl.exe" was used.

Then I downloaded Process Monitor, and after a few minutes of capture, I hit the jackpot:



From the first screenshot we know that the problem appears between 17:31:56 or :57 and ends somewhere around 17:32:10. This is exactly what happens between those timestamps, more than 200 000 entries similar to that "lmhosts NAME NOT FOUND" one.

So, does anyone know how to solve this, or why it started happening maybe a couple of weeks ago (because I sure don't remember having those lag spikes before that, this is really annoying even is rare)?
I went into the etc\ folder but lmhosts doesn't even exist (hence the error maybe? But then, why does that provoke so many I/O operations?).

Miscellaneous Utilities : Microsoft utility for create the isos and USB stic

March 8, 2016, 1:38 pm

BgInfo : Outline effect for text please

March 8, 2016, 1:39 pm
$
0
0
Author: kunkel321
Subject: Outline effect for text please
Posted: 08 March 2016 at 9:39pm

I folks.  Feature request for Bryce, et al, here.  I realize that this is a "form over function" request, but please consider allowing some way to make the text that BGInfo puts on the desktop be more visually discernible when a desktop image of the same color is used.  I usually change my desktop image a couple times per month.  Often there will be portions of the image that fall under parts of the text and "hide" it.  

One way to handle this might be a feature for "outlining" the text, such that the outline and the fill of each letter was a different color.  Another possibility would be if each line of text had a vertical gradient (changing top-to-bottom).  A third idea might be to have a "mix" option like many graphics tools use with their layer blending (i.e. "burn|dodge|multiply|difference").

Or maybe other users have figured out a way to handle this(?)  I thought about kludging a "shadow" effect, by putting a dark color font, then having a lighter one drawn over it, but a couple pixels higher and to the left...  I couldn't figure out how to achieve this though.  

Thanks All. 
-steve

Process Monitor : Boot logging across multiple reboots

March 11, 2016, 7:49 am
$
0
0
Author: pinscomputer
Subject: Boot logging across multiple reboots
Posted: 11 March 2016 at 3:49pm

how did you combine the files?   custom script or manual editing?
 
what, if any, modifications were needed to the PMB file?
 
thanks..

Autoruns : disable windows 10 metro apps?

March 11, 2016, 10:37 am
$
0
0
Author: tamahome
Subject: disable windows 10 metro apps?
Posted: 11 March 2016 at 6:37pm

Is there a way to disable windows 10 metro apps from installing using autoruns, when a new user logs in?



Edited by tamahome - 11 March 2016 at 6:37pm

Process Monitor : Boot logging across multiple reboots

March 11, 2016, 12:21 pm
$
0
0
Author: cooperthehuman
Subject: Boot logging across multiple reboots
Posted: 11 March 2016 at 8:21pm

So, after each boot I'd do what was needed to get procmon no longer holding %windir%\Procmon.pmb (terminate and can't remember if I had to disable boot logging or not, will need to double check when I write the scripts). Move over %windir%\Procmon.pmb C:\temp\Procmon_%bootcount%.pmb. Then, after the last boot, just use COPY /B C:\temp\Procmon_1.pmb + /B C:\temp\Procmon_2.pmb ... /B %windir%\Procmon.pmb. Then launch procmon and it will see the pmb and ask if I want it converted. Say yes and let it go. I only did basic testing on all of this as this was a side thing I was working in in between other stuff, but the gist of it is here and this appeared to work, I was able to browse through the .pml and see the distinction between the reboots. 

Search

Process Explorer : Figuring out what's stealing window focus

March 11, 2016, 2:27 pm
$
0
0
Author: brianekins
Subject: Figuring out what's stealing window focus
Posted: 11 March 2016 at 10:27pm

I wanted to say thanks for the info in the first answer to the original question and also pass along some additional information that I needed to solve the problem.
 
First, the instructions in the first post helped me to identify Werfault.exe as the process stealing focus. It's the Windows Error Reporting functionality.  I immediately blamed it for my problems and was trying to figure out how to turn it off, but then found a link talking about checking Event Viewer and their I found the real culprit.  A process from a recently installed application was failing every few seconds as it tried to update some data, which triggered the error reporting.  I disabled the other application and everything is good again.
 
-Brian

PsTools : Couldn't install PSEXESVC service on Windows 10

March 12, 2016, 1:42 am
$
0
0
Author: yuf
Subject: Couldn't install PSEXESVC service on Windows 10
Posted: 12 March 2016 at 9:42am

Now that you said any help would be appreciated:

1. If you want to start a program locally in different session (like the experiment you did), you do need to run psexec in elevated privileges, because putting PSEXESVC into %windir% requires that.

2. If you run it remotely (like the second experiment you did), you do not have to run psexec in elevated privileges. Only make sure the credential you provide belongs to a member of Administrators.

3. When you provide username in non-domain env, it seems you should use MACHINENAME\USERNAME, instead of USERNAME.

4. If it still fails, use "net use" command to see if there's an existing connection to \\MACHINENAME\IPC$. Use "net use /del \\MACHINENAME\IPC$" to delete it.

5. Stare at \\MACHINENAME\ADMIN$ and your Task Manager, to see in which phase does it fail. You should first see PSEXESVC.exe appear in the folder.

Let me know if my input helps. :)

-Yu

PsTools : PsExec execute cmd on standard user access denied

March 12, 2016, 1:52 am
$
0
0
Author: yuf
Subject: PsExec execute cmd on standard user access denied
Posted: 12 March 2016 at 9:52am

I guess not.

Read the article written by Mark: http://windowsitpro.com/systems-management/psexec

"PsExec does so by extracting from its executable image an embedded Windows service named Psexesvc and copying it to the Admin$ share of the remote system. PsExec then uses the Windows Service Control Manager API, which has a remote interface, to start the Psexesvc service on the remote system."

Both share accessing and SCM API call requires Admin permission.

Troubleshooting : Excel data lost for work.

March 13, 2016, 9:12 am
$
0
0
Author: MarkusHakala
Subject: Excel data lost for work.
Posted: 13 March 2016 at 4:12pm

I haveseveral old excel files that got corrupted when a server had a power surge.They were being used on a Mac 10.6 client and I have tried to fix with diskutility, many excel file repair packages on mac and pc and online, tried alsoopening in alternate software like open office and JMP to no avail. Is thereany hope for this data?

Process Explorer : Process Explorer Virus total - A security error oc

March 14, 2016, 12:41 am
$
0
0
Author: jeffwong_86
Subject: Process Explorer Virus total - A security error oc
Posted: 14 March 2016 at 7:41am

My windows server 2003 and Windows xp after submitted the hash return message  "A security error occurred" anyone know what is the problem ?

Thank you !
Viewing all 10386 articles
Browse latest View live
Search