Miscellaneous Utilities : Does NotMyFault allow to change color on Windows10

October 17, 2016, 12:04 pm

≫ Next: BgInfo : displaying boottime

≪ Previous: BgInfo : BGInfo + Wallpaper + Diferent size screen

$

0

0

Author: xenonia
Subject: Does NotMyFault allow to change color on Windows10
Posted: 17 October 2016 at 7:04pm

I was just playing around with NotMyFault and I realized I couldn't change the color anymore on Windows 10? Is this expected? 1607 release changes the BSOD to include the QR code so it has changed but I honestly haven't tested this probably since Windows 7.

Cheers,

Sami

---

BgInfo : displaying boottime

October 18, 2016, 1:57 am

≫ Next: Miscellaneous Utilities : Rammap Active Unused Memory

≪ Previous: Miscellaneous Utilities : Does NotMyFault allow to change color on Windows10

$

0

0

Author: MagicAndre1981
Subject: displaying boottime
Posted: 18 October 2016 at 8:57am

this is no bug, if you use fastStartup feature since Win8, here the kernel gets hibernated at shutdown  and the time is not resetted.

Miscellaneous Utilities : Rammap Active Unused Memory

October 18, 2016, 2:05 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: BgInfo : displaying boottime

$

0

0

Author: MagicAndre1981
Subject: Rammap Active Unused Memory
Posted: 18 October 2016 at 9:05am

I never saw this before. Which Windows? Looks like Server 2012(R2)

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 18, 2016, 2:08 am

≫ Next: Miscellaneous Utilities : DbgView and Windows 10

≪ Previous: Miscellaneous Utilities : Rammap Active Unused Memory

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 18 October 2016 at 9:08am

Use AIDA64 to generate a HTML report, zip the report and share it to me.

Miscellaneous Utilities : DbgView and Windows 10

October 18, 2016, 2:09 am

≫ Next: Miscellaneous Utilities : SDelete hangs at 100%

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: belinea123
Subject: DbgView and Windows 10
Posted: 18 October 2016 at 9:09am

I also have the problem, that DebugView only logs the KernelOutput in the first session. I have Windows 10 64 Bit + Anniversary Update + current Windows Updates.

When I develop for Windows 10, this is not so nice. It would be great if it could be fixed in DebugView.

Miscellaneous Utilities : SDelete hangs at 100%

October 18, 2016, 4:10 am

≫ Next: Miscellaneous Utilities : Sysmon crash

≪ Previous: Miscellaneous Utilities : DbgView and Windows 10

$

0

0

Author: dinno73
Subject: SDelete hangs at 100%
Posted: 18 October 2016 at 11:10am

i've v2 and after 3 hours It is still 100%
what's name of the temporary file?

Miscellaneous Utilities : Sysmon crash

October 18, 2016, 5:24 am

≫ Next: Miscellaneous Utilities : Rammap Active Unused Memory

≪ Previous: Miscellaneous Utilities : SDelete hangs at 100%

$

0

0

Author: MattGiannetto
Subject: Sysmon crash
Posted: 18 October 2016 at 12:24pm

I originally had the ImageLoad BSOD problem.  I've updated to 4.12 and the BSOD problem seems to have been resolved, but it was replaced by a 15-20 minute increase in boot time and a large number of Sysmon image load events during that boot-up delay that show the error "Signed: failed: Signing queue is full" for the Signed field:

Image loaded:
UtcTime: 2016-10-17 15:46:57.339
ProcessGuid: {e09b3404-f271-5804-0000-0010b01a1f00}
ProcessId: 432
Image: C:\Windows\SysWOW64\SearchProtocolHost.exe
ImageLoaded: C:\Windows\System32\wow64win.dll
Hashes: SHA1=A9705E74A6954DFC7266FF2F65761DBB26CB0BA6,MD5=F94597169B736145A839B11E8B67D1ED,SHA256=21627096B1B579DC90AEA65425A6680B19A59A40006616812C6CD3CCE83C9BEF,IMPHASH=1B9E13FDAC1ED24DFB21FACD7BEC5775
Signed: failed: Signing queue is full
Signature:

Miscellaneous Utilities : Rammap Active Unused Memory

October 18, 2016, 5:51 am

≫ Next: PsTools : psEXEC - cannot find the file specified

≪ Previous: Miscellaneous Utilities : Sysmon crash

$

0

0

Author: jtruckenbrod
Subject: Rammap Active Unused Memory
Posted: 18 October 2016 at 12:51pm

It is server 2012 R2.

---

PsTools : psEXEC - cannot find the file specified

October 18, 2016, 12:06 pm

≫ Next: Disk2vhd : Unable to boot converted VHDX

≪ Previous: Miscellaneous Utilities : Rammap Active Unused Memory

$

0

0

Author: edutomazett
Subject: psEXEC - cannot find the file specified
Posted: 18 October 2016 at 7:06pm

Hi!
I'm trying to uninstall the OCS Agent whit this command line:

psexec \\PC01 -u user -p mypassword "C:\Program Files (x86)\OCS Inventory Agent\uninst.exe" /s

and i get this:

PsExec could not start C:\Program Files (x86)\OCS Inventory Agent\uninst.exe on PC01:
O sistema não pode encontrar o arquivo especificado.
"the system cannot find the filespecified"

Disk2vhd : Unable to boot converted VHDX

October 18, 2016, 12:54 pm

≫ Next: Disk2vhd : Disk2Vhd old version for Windows 2000

≪ Previous: PsTools : psEXEC - cannot find the file specified

$

0

0

Author: ewgoforth
Subject: Unable to boot converted VHDX
Posted: 18 October 2016 at 7:54pm

I'm having the same problem. Did you get a solution?

Disk2vhd : Disk2Vhd old version for Windows 2000

October 18, 2016, 1:04 pm

≫ Next: Miscellaneous Utilities : Sysmon crash

≪ Previous: Disk2vhd : Unable to boot converted VHDX

$

0

0

Author: ewgoforth
Subject: Disk2Vhd old version for Windows 2000
Posted: 18 October 2016 at 8:04pm

hugomo wrote: Dear all, May I know that is there anywhere can still download the old version of Disk2BHD for P2V Windows 2000? Since v1.63 or latest one v2.01 supporting up from Windows 2003 Thanks a lot

Here's a link to v1.2.1 but it says it only runs on xp sp2 or higher:

1.2.1

Miscellaneous Utilities : Sysmon crash

October 18, 2016, 8:21 pm

≫ Next: Process Explorer : About save function

≪ Previous: Disk2vhd : Disk2Vhd old version for Windows 2000

$

0

0

Author: MattGiannetto
Subject: Sysmon crash
Posted: 19 October 2016 at 3:21am

After some troubleshooting today, I'm fairly confident that McAfee AV is conflicting with the ImageLoad feature of Sysmon.  I've tried various combinations of Sysmon ImageLoad +/- McAfee, on more than one system, and when they're running together the system starts to hang.

I've got no solution for this.


Edited by MattGiannetto - 22 hours 55 minutes ago at 3:22am

Process Explorer : About save function

October 19, 2016, 8:21 am

≫ Next: Process Explorer : Samba Network Share Bug

≪ Previous: Miscellaneous Utilities : Sysmon crash

$

0

0

Author: mikezunya
Subject: About save function
Posted: 19 October 2016 at 3:21pm

How to save a document from the command line？

Equal to the background automatically recorded to the txt file？

thanks

Process Explorer : Samba Network Share Bug

October 19, 2016, 10:09 am

≫ Next: Miscellaneous Utilities : Rammap Active Unused Memory

≪ Previous: Process Explorer : About save function

$

0

0

Author: jefferywilkins
Subject: Samba Network Share Bug
Posted: 19 October 2016 at 5:09pm

I mapped a network share to U:

net use u: \\myserver\share

I started a program from inside my share and inside process explorer it shows

[The system cannot find the file specified.]

Miscellaneous Utilities : Rammap Active Unused Memory

October 19, 2016, 2:28 pm

≫ Next: PsTools : PsKill & Rundll

≪ Previous: Process Explorer : Samba Network Share Bug

$

0

0

Author: LMiller7
Subject: Rammap Active Unused Memory
Posted: 19 October 2016 at 9:28pm

I don't see this in Windows 7 but it does appear in Windows 10. Maybe something added in Windows 8.

---

PsTools : PsKill & Rundll

October 20, 2016, 2:49 am

≫ Next: Miscellaneous Utilities : Sysmon crash

≪ Previous: Miscellaneous Utilities : Rammap Active Unused Memory

$

0

0

Author: mycachecrashed
Subject: PsKill & Rundll
Posted: 20 October 2016 at 9:49am

I want to terminate a Rundll process after a certain number of milliseconds.  Applets like PsKill are always
useful when creating a script, but I've never tried to control the ubiquitous Rundll32.exe.  The command
line looks like this:

rundll32.exe newdev.dll,ClientSideInstall \\.\pipe\PNP_Device_Install_Pipe_0.{Registry Key}

Using the PID with PsKill seemed like a good idea, until a countdown box appeared.  When it got to "0" the
system rebooted.  Needless to say, I didn't try that again!

PsKill followed by the process name is a little better.  It kills the process and immediately reloads itself, like
it's stuck in a feedback loop.  Am I wasting my time, or is there a way to make a "clean rundll kill" with PsKill?

You might be thinking, "why are you messing around with this process?"  I have a very good reason, but the
explanation would require several paragraphs.

If it can be done, please tell me how.

Miscellaneous Utilities : Sysmon crash

October 20, 2016, 7:11 am

≫ Next: PsTools : How to get full command lines?

≪ Previous: PsTools : PsKill & Rundll

$

0

0

Author: MattGiannetto
Subject: Sysmon crash
Posted: 20 October 2016 at 2:11pm

Found the following errors (among more of the same) in the Application log on my workstation.

A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated. Thread id : 10164 (0x27b4)
Thread address : 0x000000007755BB7A
Thread message :

Build VSCORE.15.4.0.657 / 5800.7501
Object being scanned = \Device\HarddiskVolume1\Windows\System32\autochk.exe
by C:\WINDOWS\Sysmon.exe
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)

A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated. Thread id : 8796 (0x225c)
Thread address : 0x000000007755BB7A
Thread message :

Build VSCORE.15.4.0.657 / 5800.7501
Object being scanned = \Device\HarddiskVolume1\Windows\System32\cfgbkend.dll
by C:\WINDOWS\system32\wbem\wmiprvse.exe
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)

As expected, Sysmon and McAfee are trouncing all over each other, causing McAfee to hang, which causes the system to hang. This happens whenever on-access scanning is enabled. I've tried to exclude sysmon by file location as well as adding it as a low risk process with no luck. I'm giving up.

Reference:

https://kc.mcafee.com/corporate/index?page=content&id=KB86112&snspd-1215
https://community.mcafee.com/thread/44700?start=0&tstart=0
https://kc.mcafee.com/corporate/index?page=content&id=KB52441

PsTools : How to get full command lines?

October 20, 2016, 4:04 pm

≫ Next: BgInfo : BGInfo + Wallpaper + Diferent size screen

≪ Previous: Miscellaneous Utilities : Sysmon crash

$

0

0

Author: dkarr
Subject: How to get full command lines?
Posted: 20 October 2016 at 11:04pm

When I view processes in ProcessExplorer, I can see the full command line that started the process.

When I'm in a shell and I use the various command line SysInternals tools for listing processes, they all just list the base executable name, and not the entire command line.

What can I do to get this output on the command line from a shell?

BgInfo : BGInfo + Wallpaper + Diferent size screen

October 20, 2016, 10:16 pm

≫ Next: PsTools : Write PsExec Output to File

≪ Previous: PsTools : How to get full command lines?

$

0

0

Author: WindowsStar
Subject: BGInfo + Wallpaper + Diferent size screen
Posted: 21 October 2016 at 5:16am

#2 Since I don't have access to your background, setup, network or computers it is impossible for me to help.

What I would do is work on a background that looks perfect in the middle of 4:3 and 16:9. Then it will a bit distorted stretched at 16:9 and distorted compressed at 4:3.

OR

With some work you could make 1 background 4:3 and 1 background 16:9 and then have BGInfo run a VBScript to detect the monitor size and then apply the correct image.

 

I hope that is helpful. -WS

PsTools : Write PsExec Output to File

October 21, 2016, 12:28 am

≫ Next: BgInfo : BGInfo + Wallpaper + Diferent size screen

≪ Previous: BgInfo : BGInfo + Wallpaper + Diferent size screen

$

0

0

Author: xXxOlivierxXx
Subject: Write PsExec Output to File
Posted: 21 October 2016 at 7:28am

I know this topic is almost 10 years old, but I wanted to add my contribution about the way how I managed to work this out, since this a public forum and I'm sure other folks have found this page recently looking for help (just like me).

Instead of trying to pipe the output of the pexec command, I just stored the output in a variable like:

$data = pexec etc etc etc...

Then, you can just export the contents of that variable to a text file:

$data | Out-File -Append C:\file.txt

Easy :)