Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

BgInfo : BGInfo Bugs or Feature Request

May 9, 2016, 12:58 pm
$
0
0
Author: Neighborgeek
Subject: BGInfo Bugs or Feature Request
Posted: 09 May 2016 at 7:58pm

I was hoping that the latest version of BGInfo would work better with the DPI scaling in win10, but apparently not.  If I have bginfo set to stretch the wallpaper, the preview shows the wallpaper properly stretched to fit the screen, but when it is actually applied, windows ends up tiling the wallpaper.  If I set the compatibility options for bginfo.exe to "disable display scaling on high dpi settings", then it works properly.

Any chance of getting this fixed?  If not, is there a recommended workaround for this that can be applied across the board, as opposed to setting this compatibility option on individual workstations? 
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

May 9, 2016, 4:54 pm
$
0
0
Author: Shadonow
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 09 May 2016 at 11:54pm

Hello, this is my first time on the forum, but I've noticed that alot of people here have been getting help with this Ntoskrnl issue. I'm just like many others here, its going between 15% of my CPU to a stupid 40%+, and I've got a GTX 970M and a i7-6700HQ in here. So whatever is going on that it is eating 40% of my CPU is obviously bringing me down, hard.

I have the thingie that you asked from other people right here, I think I did it for about 40 seconds for measure:

https://drive.google.com/file/d/0B2k85FDyWReUQ2I3TEJLbzRuVkU/view?usp=sharing

Hope that is the proper link for this. And I hope that you will be able to assist me in figuring this out. Updating drivers (so far) has not helped me. And I just noticed it today, so I don't exactly know how long this has been going on, but it has to have been recent because I was monitoring my CPU usage a few days ago while testing a game out.

Edited by Shadonow - 1 hour 55 minutes ago at 11:55pm

Miscellaneous Utilities : Zoom it on Windows 10

May 10, 2016, 6:40 am
$
0
0
Author: retiredfields
Subject: Zoom it on Windows 10
Posted: 10 May 2016 at 1:40pm

Yes, Zoomit is now working on win 10.

It is not a new version of zoomit, so it appears it was a windows bug that has been fixed.

Process Explorer : Windows 10 Crash on Start

May 10, 2016, 1:07 pm
$
0
0
Author: binki
Subject: Windows 10 Crash on Start
Posted: 10 May 2016 at 8:07pm

I’m getting the same crash as the OP in Windows 10 build 14332:

Faulting application name: procexp64.exe, version: 16.12.0.0, time stamp: 0x56b3cb63
Faulting module name: procexp64.exe, version: 16.12.0.0, time stamp: 0x56b3cb63
Exception code: 0xc0000005
Fault offset: 0x000000000001ca58
Faulting process id: 0x35b4
Faulting application start time: 0x01d1aaec464f364f
Faulting application path: C:\Users\ohnob\AppData\Local\Temp\procexp64.exe
Faulting module path: C:\Users\ohnob\AppData\Local\Temp\procexp64.exe
Report Id: 62ec0e74-400e-49de-93e4-cd3f8bd0d750
Faulting package full name:
Faulting package-relative application ID:

I’ve shared the .dmp files with markruss@microsoft.com as instructed. Is there a fix yet/will there be?

Miscellaneous Utilities : Can't monitor .NET CLR Memory Performance Counter

May 10, 2016, 3:23 pm
$
0
0
Author: thesourcerer
Subject: Can't monitor .NET CLR Memory Performance Counter
Posted: 10 May 2016 at 10:23pm

You can try adding \\localhost to the counter name:
procdump Aspect.UCC.WebServiceHost  -p "\\localhost\.NET CLR Memory(Aspect.UCC.WebServiceHost)\Large Object Heap size" 50000
 
Fixed the same error code for me.

Internals : Excel recovery .xls

May 11, 2016, 5:39 am

Troubleshooting : Sysmon v4 Not Logging Network Connections

May 11, 2016, 9:12 am
$
0
0
Author: rusty_shackleford
Subject: Sysmon v4 Not Logging Network Connections
Posted: 11 May 2016 at 4:12pm

I can confirm that I am having the same issues across Windows 10 and Windows 7. When upgrading to Sysmon v4 after specifying the -n flag, yet there are no logged network transactions.

>Sysmon.exe -i -n -l -accepteula

Sysinternals Sysmon v4.0 - System activity monitor
Copyright (C) 2014-2016 Mark Russinovich and Thomas Garnier
Sysinternals - www.sysinternals.com

Sysmon installed.
SysmonDrv installed.
Starting SysmonDrv.
SysmonDrv started.
Starting Sysmon..
Sysmon started.

>Sysmon.exe -c

Sysinternals Sysmon v4.0 - System activity monitor
Copyright (C) 2014-2016 Mark Russinovich and Thomas Garnier
Sysinternals - www.sysinternals.com

Current configuration:
 - Service name:                  Sysmon
 - Driver name:                   SysmonDrv
 - HashingAlgorithms:             SHA1
 - Network connection:            enabled
 - Image loading:                 enabled

No rules installed

It would be nice if there were changelogs available since this is a large version bump and things seem to be breaking on tier 1 systems. 


Edited by rusty_shackleford - 9 hours 19 minutes ago at 5:35pm

Process Explorer : Windows 10 Crash on Start

May 11, 2016, 9:44 am
$
0
0
Author: Jacob Klein
Subject: Windows 10 Crash on Start
Posted: 11 May 2016 at 4:44pm

After installing Windows 10 Build 14342, Process Explorer has started working correctly for me now.

I'll monitor it more closely, to see if something I do (like adding a column) causes it to crash and not start.
Search

PsTools : Starting PsExec service take long time on 2012R2

May 11, 2016, 9:40 pm
$
0
0
Author: nambala
Subject: Starting PsExec service take long time on 2012R2
Posted: 12 May 2016 at 4:40am

I used PsExec to remote execute service over 1000 servers in last 5 years. 
Nothing wrong when source and target are Windows Server 2003 or 2008.
This year we start to migrate Windows Server 2012R2 which is 64bit OS.
The original process now have to take long time to complete. (average 5 mins per target server)
I observed the connection speed between server seems OK because the PSEXESVC.exe file in target server is created at the same time I start PsExec.
The message just hang on "Starting PsExec service on TargetServer..." of most waiting period.
It seems like something wrong when PsExec wants to activate service
I tried the different source server 2003/2008/2012R2 and two version of PsTool 1.98/2.11.0, but nothing changed.
Firewall are all disabled in my servers and I use administrator to connect all (same P/W). Also tried disable UAC still not work.
My command: psexec \\TargetServer -u TargetServer\administrator -p P/W -i \\TargetServer\d$\test.exe
(already tried -h, -e, -s)
Really need someone's help. Thanks so much


Edited by nambala - 17 hours 57 minutes ago at 9:06am

Process Explorer : Windows 10 Crash on Start

May 11, 2016, 11:00 pm
$
0
0
Author: binki
Subject: Windows 10 Crash on Start
Posted: 12 May 2016 at 6:00am

Yeah, launches without crashing for me again in 14342 too. I wonder what changed and if it’s Windows’s fault or procexp’s ;-)

Miscellaneous Utilities : Process Explorer and VAS

May 12, 2016, 12:27 am
$
0
0
Author: l52
Subject: Process Explorer and VAS
Posted: 12 May 2016 at 7:27am

Hi,

I use Process Explorer (v.16.12). 

I configured the utility to control the VAS.
When a program exceeds 1 giga bytes of VAS used, the value shown is 1K without decimal values ... eg. 1,300 (1 Giga Mega +300).

How do I configure the utility because it shows the full value?

thanks in advance

L52

Miscellaneous Utilities : Process Explorer and VAS

May 12, 2016, 1:10 am
$
0
0
Author: l52
Subject: Process Explorer and VAS
Posted: 12 May 2016 at 8:10am

to be more clear below a screenshot of the problem

Disk2vhd : VM fails to load using p2v converted disk

May 12, 2016, 4:28 am
$
0
0
Author: jeanrouge
Subject: VM fails to load using p2v converted disk
Posted: 12 May 2016 at 11:28am

I am running Hyper-V 2015 R2 Core
I manage this via Win7 using Hyper Manager
I have 3 physical machines which I must virtualise.
Started off using Acronis UR but there are issues and frankly it is overly complex.
Someone recommended p2v
I have created a VHD file on the network
I create a VM and for the hard disk I point to the VHD on the network
When I run up the VM I get a message which I don't know how to copy & paste:
VMNAME failed to start
MS Emulated IDE Controller (Instance ID.......): Failed to Power on with Error 'The version does not support this version of the file format' and more besides Error code 0xC3A0005 features several times
I don't see what the difference is in the file format... Can anyone help please?
(The Help File downloaded with p2v is empty for some reason).
Also the VHD is on a network drive: how do I get it on to the Host machine?
Thanks for any help
Jean

Malware : Trojan Ransom (WinLock, LockScreen)

May 12, 2016, 1:06 pm
$
0
0
Author: Gearmonster
Subject: Trojan Ransom (WinLock, LockScreen)
Posted: 12 May 2016 at 8:06pm

Cerber is very dangerous type of ransomware, once in victims computer it’ll encrypt all your files and then will demand 3 bitcoins (more than 1000$) to decrypt files. Found a lot of useful information in this site http://manual-removal.com/cerber/, and now I’m using Malwarebytes Anti-Ransomware and I make regular backups of important data.


Edited by Gearmonster - 6 hours 56 minutes ago at 8:07pm

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

May 12, 2016, 1:24 pm
$
0
0
Author: jbm622
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 12 May 2016 at 8:24pm

Hi,
I wonder if anyone could possibly help me. I am experiencing very high CPU 90%-100% very frequently (every hour or so) which causes the laptop to freeze. I have an ASUS laptop about 18 months old with an Intel Celeron CPU 1007U @ 1.50GHz, 6.0GB Ram. 

Using Process explorer I can see many instances of "ntoskml.exe!ExfAcquirePushLockExclusive+0xb54", two of which are causing the high CPU. When the CPU returns to normal level, "System Idle Process" kicks in and "ntoskml.exe!KeSynchronizeExecution+0x2ea0" runs with high CPU (roughly 40%-60%).
 I managed to capture the data from the WPT command and uploaded it to dropbox (SEE LINK BELOW). I have been unable to locate what is causing the problem. Any help would be greatly appreciated as I am trying to hammer out my dissertation and this laptop is on the verge of being thrown out my window.  

https://www.dropbox.com/s/1gdkc3r9mpxeuw5/highCPUUsage.zip?dl=0
Search

Miscellaneous Utilities : contig is very slow on large partitions

May 12, 2016, 8:55 pm
$
0
0
Author: jawz101
Subject: contig is very slow on large partitions
Posted: 13 May 2016 at 3:55am

Pardon my ignorance from 6 years ago.  Clearly I wasn't paying attention.

Just got a notification about this latest post.  Would you mind trying a free program called Defraggler by Piriform?  You can replicate contig's function by clicking Analyze then go to the 2nd tab which shows which files are fragmented.  Once it's completed analyzing, select all files and click the option to defragment highlighted/selected files.  Rather than a typical disk defrag, doing this is similar to doing contig's file defragmentation.  If that is slow I'd be curious.

Otherwise, the only other things are that they're slower drives in general- which is typical with these newer multi-terabyte drives nowadays.  They're meant for more long term storage for data that doesn't shuffle around a lot... which is what defragmenting is doing.

I'd also check your hard drive manufacturer's site to see if the drive has firmware updates as well as your computer manufacturer's site for any BIOS updates and chipset and storage controller driver updates.  Never hurts.

Personally, I have less OCD these days about defragmentation.  Windows Vista and higher do have a prebuilt scheduled task to defrag once a week already.  They also changed how defragmenting works by not defragmenting a file if the fragmentation is negligible.  My worse case scenario was a database server whose database files were in 11,000 fragments.  There was little free space to even perform the defragmentation.  Over the course of a week or so running trial versions of diskeeper it eventually got down to 2 fragments.  I eventually had to stop the database instance and physically move the file off of the drive, defragment the reset of the drive to open up some space, and then move it back on for it to place it in a contiguous block.  Regardless, those last 2 fragments didn't mean anything for performance or drive wear.

The other option, as in my example, is to copy some of the bigger files off of the drive, defragment the drive now with the extra space on the drive to shuffle things around, and then put the big files back on.  If there is a big enough free space for the copy back onto the drive it'll put it in one contiguous spot.

Troubleshooting : hibernate very slow

May 13, 2016, 3:05 am
$
0
0
Author: SamSoft
Subject: hibernate very slow
Posted: 13 May 2016 at 10:05am

Did you find anything out?

Process Monitor : How it can be?

May 13, 2016, 4:10 am
$
0
0
Author: JustRu
Subject: How it can be?
Posted: 13 May 2016 at 11:10am


1. Process ytomol.exe start thread with 3296
2. Thread 3296 start another thread (3932)
3. Thread 3296 inject remote thread into dinotify.exe (1160)

Am I right?

Process Explorer : ** Process Explorer Bugs **

May 13, 2016, 4:56 am
$
0
0
Author: KarlIV
Subject: ** Process Explorer Bugs **
Posted: 13 May 2016 at 11:56am

procexp 16.12 doesn't show the network traffic of httpd.exe (blank or "0").
screenshot: https://s32.postimg.org/7z2ljit8j/Procexp_bug.png

Windows 2003 SP2 32bit ENU
Apache 2.4.20


I could put up with that alone. Unfortunately it means there are (easy) ways to hide traffic of malicious software from process explorer which makes it in matters of network unreliable/useless to investigate a 'strangely behaving' system. Cry



P.S. bug also applies to tcpview (my version 3.5.0.0)

Disk2vhd : Avoid Blue Screen with VirtualBox

May 13, 2016, 7:07 am
$
0
0
Author: ptitus
Subject: Avoid Blue Screen with VirtualBox
Posted: 13 May 2016 at 2:07pm

Hello...  Problems capturing a snapshot with Oracle VirtualBox, resulting in a BSOD when the newly created VHD starts to load, may be avoided with this simple howto. This pertains only to a (probably not uncommon) scenario where a new computer is being used to host the image created on an older computer. The key difference frequently is that the new computer has a SATA controller for storage and the old computer has an IDE controller.

Anyone encountering this situation will likely discover the cause easily enough on their own, so these directions are for those too impatient to poke around in VirtualBox settings until they come across the obvious answer.

After creating the snapshot with Disk2vhd, go ahead and create a VM using VirtualBox. When you get to the part about the Hard drive, you select the vhd file by ticking off "Use an existing virtual hard drive file" and navigating to the location of the file. So far so good, but the VM will not boot. It will repeatedly crash to the blue screen.  In this case, when trying to boot an IDE VM on a SATA host system,  you first need to select the VM in Virtual Box, then click on "Settings". Select the settings for "Storage." Right away you can see the source of confusion. There are two IDE controllers listed: IDE and SATA. The image is being associated with the SATA controller. It needs to be associated with the IDE controller. So simply select the icon for the file associated with the IDE controller, the one labeled "Empty" and remove it using the minus sign icon at the bottom of the window. There are two plus icons and two minus icons, one each for the controller and the file, but the ones that are not relevant will be grayed out depending on what you have selected.

Repeat for the IDE controller itself (don't worry, you add it back later). Then remove the VHD image associated with the SATA controller by clicking the minus sign while that icon is selected. Finally remove the SATA controller.

Then, when the storage tree window is empty, you can click on the plus symbol and add a new IDE controller. Last, you select the plus symbol for the VHD icon which allows you to "Add Hard Disk" which leads to the next step "Choose existing disk" so you can now select your VHD file. That should do it.

Now when you try to start the VM, it should boot successfully.

I know this scenario is specific to storage controller conflicts between guest and host, and there are probably lots of other causes for images not booting that require different workarounds, but I figured I would share this solution in case it meets anyone's needs.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>