Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Utilities Suggestions : OST 2 PST Converter

September 25, 2017, 10:37 pm
$
0
0
Author: jamesdean250
Subject: OST 2 PST Converter
Posted: 26 September 2017 at 5:37am

Convert OST mailbox data into Outlook PST, I would like to refer an excellent third party software, export OST to PST. The software is capable to resolve all minor or major corruption issues easily. In addition, it is also capable to restore email meta properties (to, from, date, time, subject, Cc, Bcc, etc.) during recovery and conversion.
For more information about the software, visit- http://www.export.osttopsttool.com
Search

Troubleshooting : CryptSvc heavy disk I/O utilization on startup

September 26, 2017, 10:05 am
$
0
0
Author: MagicAndre1981
Subject: CryptSvc heavy disk I/O utilization on startup
Posted: 26 September 2017 at 5:05pm

catroot gets enumerated during first start of Audio service. reduce the number of installed updates, so run disk cleanup and cleanup winsxs

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

September 26, 2017, 10:30 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 26 September 2017 at 5:30pm

Originally posted by tripleoptic tripleoptic wrote:

 Having trouble figuring out why system.exe is using so much cpu.  Any help would be appreciated. 

ntoskrnl.exe!MiFindPageFileWriteCluster casues the cpu usage, which is called by ntoskrnl.exe!MiModifiedPageWriter and ntoskrnl.exe!MiGatherPagefilePages. You have assigned 16GB of RAM to the Server 2016 VM. Do you run into memory pressure? how large is the pagefile?

Utilities Suggestions : Want to recover lost ost file?

September 27, 2017, 5:14 am
$
0
0
Author: sharonbrown
Subject: Want to recover lost ost file?
Posted: 27 September 2017 at 12:14pm

Use OST to PST software one time and after use you will understand that how much it’s easy to convert OST file into PST file. OST to PST utility made with advanced technology and keeping this in mind that anybody can use this utility without required of any IT guy or any specialist. OST to PST software boost and repair outlook OST file after repair it will recover all emails of OST file and export OST file into PST file and into more option EML, EMLX, MBOX, MSG and HTML formats.

Know more about: OST to PST

Miscellaneous Utilities : SYSMON Uninstall Issue

September 27, 2017, 8:40 am
$
0
0
Author: Geriden
Subject: SYSMON Uninstall Issue
Posted: 27 September 2017 at 3:40pm

Have you tried booting into Safe Mode and running sysmon -u    ?


Process Monitor : ProcMon unable to save PML file, hard reboot case

September 27, 2017, 12:56 pm
$
0
0
Author: danny33c
Subject: ProcMon unable to save PML file, hard reboot case
Posted: 27 September 2017 at 7:56pm

I realize this post is a few years old, but if there's anyone still looking at this I have this issue also. We have many W7 PCs that are spontaneously restarting with no sys event stating why (we do think we know what is causing it, but not why). I was able to launch and capture the restart with procmon running remotely on one of the PC. Unfortunately the log file was corrupt because the restart was not graceful. My question is, is there a switch you can use in the psexec command to run procmon remotely with boot logging enabled? In theory this will capture the PC restarting and then starting back up?

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

September 28, 2017, 4:08 am

BgInfo : Dual Monitor Background Problem

September 28, 2017, 5:30 am
$
0
0
Author: lza
Subject: Dual Monitor Background Problem
Posted: 28 September 2017 at 12:30pm

Hello

I just wanted to add one more comment on this topic, maybe it helps...
We also "suffer" from this problem.

Search

PsTools : psinfo error?

September 29, 2017, 10:02 am
$
0
0
Author: ocelot_actual
Subject: psinfo error?
Posted: 29 September 2017 at 5:02pm

4 years later, same issue.

Any thoughts?
PsInfo v1.78 - Local and remote system information viewer
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

System information for \\plex:
Uptime:                    Error reading uptime
Kernel version:            Windows 10 Pro, Multiprocessor Free
Product type:              Professional
Product version:           6.3
Service pack:              0
Kernel build number:       15063
Registered organization:   Microsoft
Registered owner:          Microsoft
IE version:                9.0000
System root:               C:\WINDOWS
Processors:                8
Processor speed:           3.3 GHz
Processor type:            Intel(R) Core(TM) i7-2600 CPU @
Physical memory:           5466 MB
Video driver:              Intel(R) HD Graphics

PsTools : psinfo reports incorrect memory

September 29, 2017, 10:19 am
$
0
0
Author: ocelot_actual
Subject: psinfo reports incorrect memory
Posted: 29 September 2017 at 5:19pm

Good point.

I think I have way more than 34MB.

PsInfo v1.78 - Local and remote system information viewer
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

System information for \\ACHUDACOFF-W10:
Uptime:                    0 days 3 hours 9 minutes 2 seconds
Kernel version:            Windows 10 Enterprise, Multiprocessor Free
Product type:              Professional
Product version:           6.3
Service pack:              0
Kernel build number:       14393
Registered organization:
Registered owner:
IE version:                9.0000
System root:               C:\WINDOWS
Processors:                4
Processor speed:           2.8 GHz
Processor type:            Intel(R) Core(TM) i7-6600U CPU @
Physical memory:           34 MB
Video driver:              Intel(R) HD Graphics 520

Miscellaneous Utilities : Sysmon Feature Request: Log WMI Config Changes

September 29, 2017, 12:07 pm
$
0
0
Author: HackerHurricane
Subject: Sysmon Feature Request: Log WMI Config Changes
Posted: 29 September 2017 at 7:07pm

Problem already solved...

LOG-MD can do this... Run -ar and then populate the whitelist with AutoRuns with parameters you trust and then apply -md to exclude AutoRuns that have no parameters...

The bad sticks out easily...

MG

Miscellaneous Utilities : Sysmon Feature Request: Log WMI Config Changes

September 29, 2017, 12:10 pm
$
0
0
Author: HackerHurricane
Subject: Sysmon Feature Request: Log WMI Config Changes
Posted: 29 September 2017 at 7:10pm

There is also a Syslog agent called WLS that does WMI logging.  The Windows logging Service is really powerful!

We will be building the WMI persistence into LOG-MD as a separate report to make it easy to trigger on if you run it say daily or weekly.  You can pipe an alert to the Application log for SIM to detect or anything else you come up with.

MG

Utilities Suggestions : OST 2 PST Converter

September 29, 2017, 1:19 pm
$
0
0
Author: sandersdavid
Subject: OST 2 PST Converter
Posted: 29 September 2017 at 8:19pm

Atom TechSoft for OST to PST recovery tool is programmed torecover severely corrupt OST files with complete accuracy irrespective of thecause of corruption. It can recover large size of OST files also and convertOST emails into new formats. The ATS OST to PST Converter tool works professionallywith all Windows OS platforms including Windows 10, 8.1, 8, 7, Vista, XP, 2000,98, NT and 95. Apart from PST, the tool can save recovered OST files in variousother file formats such as MSG, EML, HTML, EMLX, DOC, TXT, VCF, MBOX, and PSTformats.


http://www.atomtechsoft.com/download/ats-ost-converter.exe


http://www.atomtechsoft.com/buy-ost-converter.html

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

September 30, 2017, 2:59 am
$
0
0
Author: Camineet
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 30 September 2017 at 9:59am

thank you kindly MagicAndre1981Big smile

PsTools : PsExec access denied only with ip

September 30, 2017, 11:07 am
$
0
0
Author: sebus
Subject: PsExec access denied only with ip
Posted: 30 September 2017 at 6:07pm

I know it is 5+ years later and the current OS is Win 10 64-bit, but the same error exists

If using netbios name I get:
The remote procedure call was cancelled.

If using IP all is OK.
But DNS/WINS/Netbios all resolve perfectly fine

So what is the reason?

sebus
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 1, 2017, 4:19 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 01 October 2017 at 11:19am

Originally posted by Cybourg Cybourg wrote:

Hi MagicAndre1981,

I've tried debugging this myself, but google isn't helping me with those symbol names.

you can easily see that the driver nvlddmkm.sys is causing the cpu usage. this is the GPU driver fro your Geforce MX150. you already use the latest version 385.69, so report it to nvidia in their forums. 

They can analyze the ETL better with their debug symbols for the GPU driver. 

Autoruns : Crash autostart program viewer has stopped working

October 1, 2017, 10:53 am
$
0
0
Author: vbjh13
Subject: Crash autostart program viewer has stopped working
Posted: 01 October 2017 at 5:53pm

Is anyone else getting this crash during the startup scan?  Thanks
Error: "autostart program viewer has stopped working"
The crash does not occur with the 32bit version of autoruns.

Win10 Home v1703 build15063.632
autoruns64.exe v13.8

Faulting application name: autoruns64.exe, version: 13.80.0.0, time stamp: 0x59b5e7c8
Faulting module name: autoruns64.exe, version: 13.80.0.0, time stamp: 0x59b5e7c8
Exception code: 0xc0000005
Fault offset: 0x000000000005f0e3
Faulting process ID: 0x1d34
Faulting application start time: 0x01d33ada8147b01c
Faulting application path: D:\My System Tools\SysInternals\autoruns64.exe
Faulting module path: D:\My System Tools\SysInternals\autoruns64.exe
Report ID: efb01ad1-d03d-4f50-bce2-a07ab8eb9f2a
Faulting package full name: 
Faulting package-relative application ID: 

PsTools : vmmap output to file not working

October 2, 2017, 1:30 am
$
0
0
Author: malidiab
Subject: vmmap output to file not working
Posted: 02 October 2017 at 8:30am

using vmmap to capture output to file doesn't work when the path has a space. for example:

>vmmap -p 10234 "C:\My Folder\output.mmp" 

Process Monitor : [bug] "Drop Filtered Events" not respected

October 3, 2017, 5:50 am
$
0
0
Author: user5226582
Subject: [bug] "Drop Filtered Events" not respected
Posted: 03 October 2017 at 12:50pm

Hi all,

I just discovered a minor bug and got an impression that this is the best place to post it.

Steps to reproduce (not everything may be required):

- Start the app, add a filter to include specific app

- Start monitoring, enable "Drop Filtered Events" from the menu

- Clear all events

- Edit filters, double click on the filter created in the step 1 to load it into entry boxes

- Reset filters, click "Add" to re-add the loaded filter

- Excluded events at the bottom left are increasing regardless of "Drop Filtered Events" state.

Thanks!

Disk2vhd : Disk2VHD run by PSExec

October 3, 2017, 7:26 am
$
0
0
Author: DomDeVitto
Subject: Disk2VHD run by PSExec
Posted: 03 October 2017 at 2:26pm

Try:

net use \\machine\ipc$
PsExec.exe -w c:\ -nobanner -accepteula \\machine -s -e -h \\sharedrive\share\disk2vhd.exe -accepteula c: \\sharedrive\share\machine.vhd

It's slow as hell, but it works.

You can check the progress on the shareserver as the image grows - suggest marking the directory and inherited objects as compressed to save space :-)

If you're not careful with the PsExec switches, you can easily end up with application pop-ups on the desktop - making it seem like it's hanging, that's probably your problem.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>