Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Utilities Suggestions : SDelete Erase File bugs

November 22, 2017, 4:20 am
$
0
0
Author: freesoft00
Subject: SDelete Erase File bugs
Posted: 22 November 2017 at 12:20pm

reg add "HKCR\*\shell\sdelete" /f /ve /t REG_SZ /d "SDelete"
reg add "HKCR\*\shell\sdelete\command" /f /ve /t REG_SZ /d "\"%cd%\sdelete.exe\" -p 3 -q \"%%1\""
reg add "HKCR\Folder\shell\sdelete" /f /ve /t REG_SZ /d "SDelete"
reg add "HKCR\Folder\shell\sdelete\Command" /f /ve /t REG_SZ /d "\"%cd%\sdelete.exe\" -p 3 -s -q \"%%1\""
Right-Select all file erase
There are shortcuts to Office documents, shortcuts to PDFs, shortcuts to HTM files, shortcuts to folders
 
Search

BgInfo : Support for PowerShell scripts

November 22, 2017, 5:53 am
$
0
0
Author: RickC
Subject: Support for PowerShell scripts
Posted: 22 November 2017 at 1:53pm

Good question. I registered just to ask about this too.

Utilities Suggestions : sDelete

November 22, 2017, 1:29 pm
$
0
0
Author: StuartMW
Subject: sDelete
Posted: 22 November 2017 at 9:29pm

SDelete 2.0 is broken and has been since it was release in June 2016. Issues have been reported and yet so far it they haven't been fixed.

I and others continue to use v1.61 since it works fine.

BgInfo : Free Space & Volume

November 22, 2017, 5:12 pm
$
0
0
Author: Torstein
Subject: Free Space & Volume
Posted: 23 November 2017 at 1:12am

Greetings

This script works as intended on my workstaion, but not on my servers. It makes BGinfo fail with a "BGInfo text configurator has stopped working" error.  

Any idea why my win10 workstation would run the vbs but my 2008R2 servers would not?

Thanks!

PS: from event viewer:
Log Name:      Application
Source:        Application Error
Date:          11/22/2017 4:36:03 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      HatIsland.mv.skagit.edu
Description:
Faulting application name: Bginfo.exe, version: 4.22.0.0, time stamp: 0x5955a91b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1890
Faulting application start time: 0x01d363f2fd1628b9
Faulting application path: C:\Program Files\Bginfo.exe
Faulting module path: unknown
Report Id: 48cd0fd9-cfe6-11e7-a3e9-00505693223a
Event Xml:
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-23T00:36:03.000000000Z" />
    <EventRecordID>122932</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HatIsland.mv.skagit.edu</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Bginfo.exe</Data>
    <Data>4.22.0.0</Data>
    <Data>5955a91b</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>0000000000000000</Data>
    <Data>1890</Data>
    <Data>01d363f2fd1628b9</Data>
    <Data>C:\Program Files\Bginfo.exe</Data>
    <Data>unknown</Data>
    <Data>48cd0fd9-cfe6-11e7-a3e9-00505693223a</Data>
  </EventData>
</Event>

Process Explorer : Bulk End Process

November 22, 2017, 10:40 pm
$
0
0
Author: freesoft00
Subject: Bulk End Process
Posted: 23 November 2017 at 6:40am

It is recommended that you add a batch end process feature, and you can press CTRL or shift multiple-selection processes to end the batch.
There are many processes that need to end, but Processexplorer can only be one end of the process, more annoying.
The following window shows DLL dynamic link libraries, and the right key can add an uninstall module feature.
Process window and DLL dynamic link Library window Right-click menu to add a location file function.
At present, the Processexplorer software personalization is still relatively deficient. function is not too powerful.
Using Processexplorer software is generally a computer professional user, do not underestimate their ability. General computer users will not use Processexplorer software. There is basically no need to consider these users. Can make processexplorer more powerful. As a real Ark tool.

Autoruns : Sort the scan results

November 22, 2017, 10:43 pm
$
0
0
Author: freesoft00
Subject: Sort the scan results
Posted: 23 November 2017 at 6:43am

In the Scan results window. You cannot click on the tab bar to sort the results. It is recommended to add this feature. You can browse content as needed when finding results.

Process Monitor : HP Printer Customer care 1800-861-1362 number

November 23, 2017, 3:32 am
$
0
0
Author: albrtadria
Subject: HP Printer Customer care 1800-861-1362 number
Posted: 23 November 2017 at 11:32am

HP Printer Support Number orHP Printer Customer Service Toll Free Number or HP Printer CustomerSupport or, on the other hand HP Printer CustomerCare Number or HP Printer Technical Support Number or even HP Contact Numbertakes you to one and just HP Printer Customer Service Desk over a HP PrinterToll Free Number that is 1 - 800-861-1362. This is an outcast HP PrinterCustomer Service Number that is itself an untouchable association who turns outan extensive variety of HP Printer or any kind of HP Printer Technical SupportHelp. This gathering of masters is adequately fit to manage any or an extensivevariety of HP Printer intertwined issues or issues. They are easily conceivableand that excessively completed a HP Printer Customer Service Toll Free Number.The HPprinter Customer Service Toll Free Number 1-800-861-1362 can become in from any country using the USA country code that is +1 and can beoverpower on and totally free call or you can state toll free number. If youdon't have that slant you can similarly call this HP printer Customer ServiceToll Free Number from Skype which is open for or from all countries. The mainproblems that any HP printer Customer would face are uncommonly unvaried, forinstance, HP printer Not Printing, HP printer Paper Jam , HP printer Driver NotWorking , HP printer Driver Corrupted , HP printer Error , HP printer Setup ,HP printer Installation , HP Printer Not Getting To The Internet / HP printernot related with wifi . Whatever we have raised about the HP Printer issuesthese all are taken care by the HP Printer Customer Service Team or HP PrinterCustomer Support Team or the HP Printer Support Team or the HP Printer CustomerSupport over a Toll Free Number. The Team is extraordinarily strong insuperintendence any kind of hp Customer Problems and fix the issue capably andrapidly with a turn time. The HP printer Customer Service Toll Free Number orthe HP Customer Support Toll Free Number or the HP Printer Support Toll FreeNumber an inquisitively vast and immense part in obliterating all and any kindof HP Printer Technical Problems. It’s a one housetop Support for all your HPPrinter Technical Support Assistance. On a step by step substructure thegenuine sort of HP Printer Technical Issues that keeps running over look likeHP Printer Problems , HP Printer Setup Errors, HP Printer Not Printing , HPPrinter Error , HP Printer Paper Jam , HP Printer wife Error , HP Printer NotGetting Connected to the web , HP Printer Connection Problems. All these aresome huge issues that the gathering handles consistently and with 100%deliberateness and brief term of time beyond question.

VISIT HERE: http://hp-printer-technical-support-number.com

SOURCE: http://hp-printer-technical-support-number.com/hp-printer-support/

 

 

 

PsTools : can't lock local workstation using PSSHUTDOWN -L

November 23, 2017, 11:19 am
$
0
0
Author: rashcneto
Subject: can't lock local workstation using PSSHUTDOWN -L
Posted: 23 November 2017 at 7:19pm

Using Windows 10 pro, commandline, with administrative privileges (elevated?)

PSSHUTDOWN -L

returns:

Error locking local system:
access denied (5)

What do I have to do? Is there some gpedit or secpol I have to check, add, modify?

What's more, using the ol skool rundll32 command works as a breeze ... so... if there is a supposed "security problem" I laugh at it ;-)

Can someone help?

THANKS!!!!!


Edited by rashcneto - 6 hours 30 minutes ago at 7:20pm
Search

Malware : Online scam

November 23, 2017, 7:48 pm
$
0
0
Author: Martin Winkelmann
Subject: Online scam
Posted: 24 November 2017 at 3:48am

Looks like you fell for the good 'ol tech support scam.

Please bring your PC to a computer repair shop you trust and ask them to back up your files and do a clean reinstall of Windows.

God knows what shady software these scammers installed on your PC!

The sysinternals apps this forum is about are very legit tools for professionals to troubleshoot PCs and hunt malware. It is not an antivirus application. The scammers most likely just pretended to use them.

BgInfo : Support for PowerShell scripts

November 23, 2017, 11:44 pm
$
0
0
Author: WindowsStar
Subject: Support for PowerShell scripts
Posted: 24 November 2017 at 7:44am

Unfortunately this software as not been updated or bug fixed for years. Please reach out to Mark and beg him to take a few weeks and update, patch, fix, add features, etc. This software is so widely used it really needs to be updated. If not then beg him to make it open source so we can update it and fix it etc. Thanks -WS

Miscellaneous Utilities : TCPView - Some Questions...

November 24, 2017, 6:12 am
$
0
0
Author: Arianax
Subject: TCPView - Some Questions...
Posted: 24 November 2017 at 2:12pm

I was under the impression the remote server would send a Time_Wait TCP packet when it had already dropped the connection (but was prepared to reestablish the connection if communication started again within a maximum timeframe... 2 minutes or so). After the Time_Wait status expired the TCP connection would have to be established from the very first step again.

As for all these 0:0:0:0:0:0:0:0 MAC addresses, 0.0.0.0 IP addresses and Remote Port 0 connections I would assume they represent a loopback across the N.I.C?

If that's the case, though, why are they even using the N.I.C?

So I can see why you're suspicious of these Network Identifiers as well, but so far no certain answers from my end...

Edited by Arianax - 38 minutes ago at 2:13pm

Autoruns : Running Autorunsc from a service

November 24, 2017, 9:03 am
$
0
0
Author: pepak
Subject: Running Autorunsc from a service
Posted: 24 November 2017 at 5:03pm

Hi!

I am trying to set up an automatic run of autorunsc.exe from a scheduler service. The point of that is, I want to periodically check the autoruns against a known good state and get an alert if something changes. Unfortunately, I can't seem to get autorunsc.exe to complete. It will start, it will create an empty destination file, but then it just sits there in the processes doing nothing. When I terminate it (even more than several days after the initial start), the rest of my script runs correctly and reports that autorunsc.exe failed to complete. I think the problem might be in the License Agreement dialog, but even if I create the respective registry keys, I am still not getting the results.

The command runs fine if I execute it manually.

The script (relevant parts only, not the actual comparison against the good state):

@echo off
setlocal
reg add HKCU\Software\Sysinternals\VolumeID /v EulaAccepted /t REG_DWORD /d 1 /f
autorunsc.exe -a * -x -m -s pepak >c:\autoruns\current.xml

The process information:

Module:               autorunsc.exe, 32-bit
Full path:             C:\Autoruns\autorunsc.exe
File version:          13.71
Description:           Autostart program viewer
PID:                   1268
Parent PID:            4420 (cmd.exe)
Priority:              8
Threads:               1
Owner:                 NT AUTHORITY\SYSTEM (S-1-5-18)
Session:               0

Started at:            17:44:00
Uptime:               00:11:23

Command Line:
autorunsc.exe -a * -x -m -s pepak

Current Directory:     C:\Windows\system32\

Any ideas of what can I do to fix it?

Thanks.

Miscellaneous Utilities : Sysmon File Hash

November 24, 2017, 9:11 am
$
0
0
Author: Geriden
Subject: Sysmon File Hash
Posted: 24 November 2017 at 5:11pm

Hello,

Currently Sysmon does show the Hash of a file in Event Viewer when it has been changed, but it will not display the Hash of a newly created file - until it has been later changed.

Any way i can get Sysmon to record the File Hash upon creation so i can keep record of a baseline for any future changes?

Thanks

BgInfo : Suppress Popup?

November 24, 2017, 12:51 pm
$
0
0
Author: Arthur169
Subject: Suppress Popup?
Posted: 24 November 2017 at 8:51pm

What is the pop-up dialog box?


BgInfo : Querying the BGINFO Database

November 24, 2017, 2:01 pm
$
0
0
Author: Arthur169
Subject: Querying the BGINFO Database
Posted: 24 November 2017 at 10:01pm

Without any replies, I re-read it, and thought it might be confusing.  Rather than start a new thread, I thought I'd re-write to the comments...

My company uses BGInfo religiously to keep track of ~80properties on over 200 webservers.  Those fields are a mix of server stats (IP address, OSVer, HyperV host)and versions of various installed software components.   A scheduled task writes this informationevery day all webservers to a single database (currently >300K records).   We need a query (to eventually be fed into areport) to give us a time of when something has changed onany given webserver.  A sort of automatedchange control if you will.

Example:  WebSvr_XYZused had 2G of RAM since inception before getting additional RAM allocated afew months later.  Then a year afterthat, it was given a new IP address.

Server           Time_stamp       Host       IP                       RAM

WebSvr_XYZ      June 1,2016       Virt5a    192.168.10.45     2G
WebSvr_XYZ      June 2,2016       Virt5a    192.168.10.45     2G

WebSvr_XYZ      Aug 20,2016       Virt5a    192.168.10.45     4G
WebSvr_XYZ      Aug 21,2016       Virt5a    192.168.10.45     4G

WebSvr_XYZ      July18, 2017       Virt5a    192.168.20.105  4G
WebSvr_XYZ      July19, 2017       Virt5a    192.168.20.105  4G
WebSvr_XYZ      July20, 2017       Virt5a    192.168.20.105  4G 

When running a query against WebSvr_XYZ, the output against over 540records (6/1/16 -> present) would be

June 1, 2016       Virt5a    192.168.10.45     2G
Aug 20, 2016       Virt5a    192.168.10.45     4G
July 18, 2017       Virt5a    192.168.20.105  4G

I’ve tried the select distinct against the table them Joiningit against the full table, Joining on all relevant fields and using a MIN(Timestamp)to get the first.  But I either get badtimestamps or no results at all.

~Alan

 

Search

Process Monitor : diagnosing a freezing PC

November 25, 2017, 3:26 am
$
0
0
Author: photon
Subject: diagnosing a freezing PC
Posted: 25 November 2017 at 11:26am

We have a Windows 7 machine at a customer's site that is occasionally freezing / locking up.  I would like to use process monitor as described here with circular logging.


I've heard that if a PC freezes without procmon getting a clean shutdown, that the active log file will be unreadable.  Is this still the case?

Miscellaneous Utilities : ZoomIT 4.5 Now Breaks My Mouse Pointer

November 25, 2017, 12:54 pm
$
0
0
Author: Mallycat
Subject: ZoomIT 4.5 Now Breaks My Mouse Pointer
Posted: 25 November 2017 at 8:54pm

I have used ZoomIT for years - love it.  In the last few weeks something seems to have changed.  When I zoom in and draw, it all works fine.  But when I press Esc to return to normal view, my mouse pointer is no longer visible.   I can still move the mouse around but I can't see what I am pointing at - this makes my PC completely unusable and I have to reboot.  

Is this a known bug?
Is there a fix?
Any advice from anyone?

Matt

BgInfo : Querying the BGINFO Database

November 25, 2017, 7:18 pm
$
0
0
Author: WindowsStar
Subject: Querying the BGINFO Database
Posted: 26 November 2017 at 3:18am

Query is beyond what BGInfo does. If you are writing this to a SQL database then there are a lot of queries you can do from within the management studio, google can help you. If not then I would look for utilities that support your database for queries. Sorry...hope that helps. -WS

Miscellaneous Utilities : TCPView - Some Questions...

November 26, 2017, 5:01 am
$
0
0
Author: Arianax
Subject: TCPView - Some Questions...
Posted: 26 November 2017 at 1:01pm

Do all these PID 0 processes indicate a device using the 'System Interrupts' process?

That is to say: is there a Hardware Device on a specific IRQ that is deliberately broadcasting network activity and overriding OS settings that may control or restrict data distribution?

If so, how could I go about identifying which device is responsible for this activity? Is it possible it's a software program simulating a hardware IRQ (i.e. malware)? Same question again.

Process Explorer : Task Manager replacement issue

November 26, 2017, 3:06 pm
$
0
0
Author: Ripley21
Subject: Task Manager replacement issue
Posted: 26 November 2017 at 11:06pm

I'm having a problem with process manager too, when I de-select "Replace Task Manager" it doesn't work.  I want to go back to the standard task manager but process manager won't let go.

Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>