Troubleshooting : Win10 freeze/hangs

March 30, 2017, 8:04 am

≫ Next: Utilities Suggestions : Sigcheck questions

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

Author: MagicAndre1981
Subject: Win10 freeze/hangs
Posted: 30 March 2017 at 3:04pm

which software have you tried? the windows inbox tool doesn't support it. you need a 3rd party tool

↧

Utilities Suggestions : Sigcheck questions

March 30, 2017, 9:27 am

≫ Next: Miscellaneous Utilities : Interpretation of accesscheck report

≪ Previous: Troubleshooting : Win10 freeze/hangs

Author: Dax1792
Subject: Sigcheck questions
Posted: 30 March 2017 at 4:27pm

Sigcheck is the 32bit version; Sigcheck64 is the 64bit version provided for Nano Server, which does not support 32bit programs. Sigcheck64 can be run on any 64bit system. The output is exactly the same.

The -q parameter has been replaced by -nobanner. Enter sigcheck with no parameters to see what command line parameters are available.

↧

Miscellaneous Utilities : Interpretation of accesscheck report

March 30, 2017, 9:32 am

≫ Next: Troubleshooting : rammap mapped file using all of ram

≪ Previous: Utilities Suggestions : Sigcheck questions

Author: Dax1792
Subject: Interpretation of accesscheck report
Posted: 30 March 2017 at 4:32pm

https://technet.microsoft.com/en-us/sysinternals/hh290819

↧

Troubleshooting : rammap mapped file using all of ram

March 30, 2017, 11:26 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Miscellaneous Utilities : Interpretation of accesscheck report

Author: dorlow
Subject: rammap mapped file using all of ram
Posted: 30 March 2017 at 6:26pm

We have servers that over a few hours, the "mapped file" within rammap shows it's using all of the available ram. Theoretically I think this is how 2008 R2 works and it's supposed to be OK, but in reality with our app, it breaks it. The apps' services crash and quit working. The only way for me to get the app working again is to open rammap and "empty working set." (For over a year, I wasnt aware of this tool and was rebooting the server about 2 times a day.) Does anyone know of a way to empty or clear the mapped file via command line so I could add a scheduled task to do this?

↧

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 30, 2017, 12:42 pm

≫ Next: Process Explorer : Can't get back to original Task Manager

≪ Previous: Troubleshooting : rammap mapped file using all of ram

Author: GrimKodiak
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 30 March 2017 at 7:42pm

just the built in one that comes with the motherboard, it seems to be fine now only probly I am having is my McAfee virus and firewall bundle that I got from the my internet host provider Shaw, firewall wont stay on and I dont know why, and it found some unwanted programs and removed them, but the firewall goes off everytime I try to turn it on.
optiplex 745 is the band I have if you needed to know?

↧

Process Explorer : Can't get back to original Task Manager

March 30, 2017, 2:30 pm

≫ Next: Site Suggestions : some people want to get old version

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

Author: Geoffrey Stuart
Subject: Can't get back to original Task Manager
Posted: 30 March 2017 at 9:30pm

That did work for me. Win7 Ultimate 64.

↧

Site Suggestions : some people want to get old version

March 30, 2017, 7:17 pm

≫ Next: Utilities Suggestions : Convert Outlook 2013 OST to PST

≪ Previous: Process Explorer : Can't get back to original Task Manager

Author: kyamauchi
Subject: some people want to get old version
Posted: 31 March 2017 at 2:17am

Most of the current Sysinternals utilities support Windows Vista or later, and the latest version is available on sysinternals web site.

There are things that work on Windows XP, but some utilities that have not worked already are appearing (for example: accesschk, handle, procdump, procmon and sicheck). I think that many people would like to download past versions of the utility.

How about publish the past Sysinternals Suite as archived versions ?

For example
SysinternalsSuite_1111.zip corresponding to the book "Windows Sysinternals Administrator's Rerefence" (Microsoft Press, 2011).
SysinternalsSuite_1607.zip (or _1612.zip) corresponding to the book "Troubleshooting with the Windows Sysinternals Tools" (Microsoft Press, 2016).

Edited by kyamauchi - 18 hours 55 minutes ago at 2:18am

↧

Utilities Suggestions : Convert Outlook 2013 OST to PST

March 31, 2017, 1:45 am

≫ Next: Process Explorer : Command Line

≪ Previous: Site Suggestions : some people want to get old version

Author: peterbaker
Subject: Convert Outlook 2013 OST to PST
Posted: 31 March 2017 at 8:45am

Hello Gentleman ,

If you try to open you OST to PST Converter which can nicely remove Outlook OST file errors and restore OST file into PST data format without any harm.This application will help you in repairing large sized corrupt OST file within few seconds and convert it into new error free PST, MSG, EML or HTML file format.This software perfectly Recover OST to PST file with clear repair of each emails .It supports all MS Outlook, Outlook Express and Windows versions.

Download link:- http://https://convertosttooutlookpst.wordpress.com/

Edited by peterbaker - 12 hours 27 minutes ago at 8:46am

↧

Process Explorer : Command Line

March 31, 2017, 3:35 am

≫ Next: Process Explorer : Command Line

≪ Previous: Utilities Suggestions : Convert Outlook 2013 OST to PST

Author: jmarcosf
Subject: Command Line
Posted: 31 March 2017 at 10:35am

No, I refer to the "Command Line" field on the "Image" tab from the process property page.
For example, if you double click a word document, the command line always ends on the .docx part, not showing neither the last quotes nor the rest of the command line. The real command line of the image below is:
"C:\Utilidades\Office\Office15\WINWORD.EXE" /n "D:\Simarks\Documents\Test Word Document.docx" /o ""
UPDATE: It also happens on the List View "Command Line" field.

Edited by jmarcosf - 10 hours 32 minutes ago at 10:41am

↧

Process Explorer : Command Line

March 31, 2017, 11:57 am

≫ Next: Process Explorer : Command Line

≪ Previous: Process Explorer : Command Line

Author: sredna
Subject: Command Line
Posted: 31 March 2017 at 6:57pm

Depending on how PE reads the command line, it is possible that the application has changed the memory where the command line is stored.

To verify this you could start Word in a debugger, it will start suspended before the process has called GetCommandLine and possibly changed the memory.

↧

Process Explorer : Command Line

April 1, 2017, 3:21 am

≫ Next: Utilities Suggestions : How To Splits large PST files ?

≪ Previous: Process Explorer : Command Line

Author: jmarcosf
Subject: Command Line
Posted: 01 April 2017 at 10:21am

After trying the next powershell command I definitely think it is a bug.

Get-WmiObject Win32_Process -Filter "name = 'WINWORD.EXE'" | Select-Object CommandLine

It will get you the complete command line.
Try double clicking a word document and you'll see the diference between the powershell command and Process Explorer.

↧

Utilities Suggestions : How To Splits large PST files ?

April 1, 2017, 3:48 am

≫ Next: Miscellaneous Utilities : what is pesha1

≪ Previous: Process Explorer : Command Line

Author: robertburrus
Subject: How To Splits large PST files ?
Posted: 01 April 2017 at 10:48am

Manual way steps :- To Splits large PST files

Step 1: Open MS Outlook, Select the PST file to move the mail items.

Step 2: Go to the file tab, then ‘Clean Up’ tools after that select ‘Archive’ option.

Step 3: Check Archive folders and all subfolders if not checked from the archive dialogue box

Step 4: Select the folders to move and then browse the location to save PST file.

Step 4: Now name the new PST file and click OK

By archive feature you can split your files for quarter year, one year or for two year as per your requirement.I've had the same problem with oversized PST some time ago, so I found best Split PST File Tool has various other features. When MS Outlook slows down its process due to large size of PST file, the Split PST File software performs better and breaks large size PST files by date, year, size and folder.

For 24 x 7 free technical assistance and unlimited access, you can also buy full version from here. Recommended to use Free Trial version First.

↧

Miscellaneous Utilities : what is pesha1

April 2, 2017, 11:04 am

≫ Next: PsTools : Error When i am running my Remote EXE using psexec

≪ Previous: Utilities Suggestions : How To Splits large PST files ?

Author: sredna
Subject: what is pesha1
Posted: 02 April 2017 at 6:04pm

SHA1 is a normal SHA1 of the entire file.

PESHA1 excludes some areas of a PE file, it is calculated with CryptCATAdminCalcHashFromFileHandle.

IMP is ImpHash.

↧

PsTools : Error When i am running my Remote EXE using psexec

April 2, 2017, 11:08 am

≫ Next: Process Monitor : ProcMon Boot Logging BSOD on W10 1607

≪ Previous: Miscellaneous Utilities : what is pesha1

Author: sujith
Subject: Error When i am running my Remote EXE using psexec
Posted: 02 April 2017 at 6:08pm

HI,

I am using psexec.exe to execute one of my Exe Remotely from one VM to another Server.I am getting the Error with Exit code 2146232576 .

when i checked the Event viewer on the Destination Server.

.NET Runtime version : 4.0.30319.36366 - This application could not be started. This application could not be started.

I checked in my Destination Server Dotnet framework is installed.

Can you Help me why i am getting this Error and how to fix this?

Thanks,

Sujith.

↧

Process Monitor : ProcMon Boot Logging BSOD on W10 1607

April 2, 2017, 11:30 am

≫ Next: Process Explorer : PE won't open

≪ Previous: PsTools : Error When i am running my Remote EXE using psexec

Author: Jim262
Subject: ProcMon Boot Logging BSOD on W10 1607
Posted: 02 April 2017 at 6:30pm

I have this problem too. It looks like no attention is being paid to it. Is that because:

1. It only happens to a select few?

2. Few people use boot logging?

3. Other...?

This has come up maybe two or three times in this group this year without followup.

The problem is 100% reproducible for me, and I would be happy to invest the time and effort to reproduce it and upload the dump and log files if there are some replies to this post indicating an interest.

Just in case it is configuration specific, I am running Windows 10 Version 1607 build 14393.969, Intel I 5 4590 with 8GB RAM, ASRock H97M Pro4.

Jim

↧

Process Explorer : PE won't open

April 3, 2017, 6:53 am

≫ Next: Utilities Suggestions : Convert Outlook 2013 OST to PST

≪ Previous: Process Monitor : ProcMon Boot Logging BSOD on W10 1607

Author: richengels
Subject: PE won't open
Posted: 03 April 2017 at 1:53pm

Tried to get a dump with Procdump but unsuccessful. First time user so I must have done it wrong. Here is what I got:

Microsoft Windows [Version 10.0.14393]

C:\WINDOWS\system32>cd D:\Engels Data Do Not Backup\Procdumps

C:\WINDOWS\system32>cd c:

C:\Windows\System32

C:\WINDOWS\system32>cd C:\

C:\>cd D:\Engels Data Do Not Backup\Procdumps

C:\>cd D:\Engels Do Not Backup\Procdumps

The system cannot find the path specified.

C:\> D:\Procdumps

'D:\Procdumps' is not recognized as an internal or external command,

operable program or batch file.

C:\> cd D:\Procdumps

C:\>cd D:

D:\Procdumps

C:\>cd D:

D:\Procdumps

C:\>D:

D:\Procdumps>procdump -e -w -ma procdump64