Malware : svchost.exe launching iexplore.exe (x64)
Author: c4p0neSubject: svchost.exe launching iexplore.exe (x64)Posted: 16 February 2013 at 10:34amYes I have tried procmon but the output is just too much for me to extrapolate anything from... I've...
View ArticleClik here to view.
Process Explorer : The requested operation requires elevation
Author: ewgoforthSubject: The requested operation requires elevationPosted: 16 February 2013 at 12:35pm htw6930 wrote:Same problem here. But it works, if I deactivate the UAC. But this can't be the...
View ArticleClik here to view.
Troubleshooting : Interrupts takes CPU capacity
Author: morgotSubject: Interrupts takes CPU capacityPosted: 16 February 2013 at 6:53pmhello!When loading Windows (starting from the logon) and then process Hardware Interrupts takes 40-50% of CPU...
View ArticleClik here to view.
Troubleshooting : Interrupts takes CPU capacity
Author: morgotSubject: Interrupts takes CPU capacityPosted: 17 February 2013 at 10:15amThank you for the answer, I will do it. Only I do not understand this: Now wait until you captured 20s-30s of the...
View ArticleTroubleshooting : High CPU Usage- System Interrupts and DPC
Author: dave2945Subject: High CPU Usage- System Interrupts and DPCPosted: 17 February 2013 at 4:44pmAndre- I keep getting an error now when I try to run new trace that says this xperf: error: NT Kernel...
View ArticleProcess Monitor : Tool for comparing ProcMon traces
Author: patrauleaSubject: Tool for comparing ProcMon tracesPosted: 17 February 2013 at 5:25pm(apologies for the late reply)credible58:LogView only reads CSV files right now. If the PML format is...
View ArticleTroubleshooting : Interrupts takes CPU capacity
Author: MagicAndre1981Subject: Interrupts takes CPU capacityPosted: 17 February 2013 at 7:37pmthis doesn't matter. press whatever key you want
View ArticleTroubleshooting : High CPU Usage- System Interrupts and DPC
Author: MagicAndre1981Subject: High CPU Usage- System Interrupts and DPCPosted: 17 February 2013 at 7:39pmthis means you already run a tool which does ETW tracing. Don't run ProcessExplorer or resMon...
View ArticleDevelopment : ZwSetInformationThread - Change Start Address
Author: ja523Subject: ZwSetInformationThread - Change Start AddressPosted: 17 February 2013 at 8:15pmI am trying to change the starting address of a suspended thread. I believe that I can do this with...
View ArticleProcess Monitor : Unable to allocate sufficient memory
Author: YrbkMgrSubject: Unable to allocate sufficient memoryPosted: 18 February 2013 at 2:18amI am getting the same message. I've just downloaded the SysInternals Suite and tried to run Process...
View ArticleDevelopment : ZwSetInformationThread - Change Start Address
Author: ja523Subject: ZwSetInformationThread - Change Start AddressPosted: 18 February 2013 at 1:33pmI am running this on Win8 x64, I am seeing this result both compiling a 32-Bit and 64-Bit (changing...
View ArticleProcess Monitor : Conflict with ZoneAlarm Toolbar IswSvc service
Author: YrbkMgrSubject: Conflict with ZoneAlarm Toolbar IswSvc servicePosted: 18 February 2013 at 3:53pmI was receiving the same message "Procmon was unable to allocate sufficient memory to run"....
View ArticleProcess Monitor : Unable to allocate sufficient memory
Author: YrbkMgrSubject: Unable to allocate sufficient memoryPosted: 18 February 2013 at 3:57pmSolution for me was posted here:http://forum.sysinternals.com/topic27288_post138713.html#138713
View ArticleProcess Monitor : PM 3.03: no Network Activity
Author: credible58Subject: PM 3.03: no Network ActivityPosted: 20 February 2013 at 7:47amHi Armin,Many of the network interactions will be between System components and the outside world; SMB for file...
View ArticleProcess Monitor : Strange entry in RegSummary-not seen in registry
Author: credible58Subject: Strange entry in RegSummary-not seen in registryPosted: 20 February 2013 at 7:56amPossibly something to do with boot options - see...
View ArticleProcess Monitor : Blocking a Connection found with ProcMon
Author: credible58Subject: Blocking a Connection found with ProcMonPosted: 20 February 2013 at 8:14amIf you do it through the firewall you'll have to specify the IP address rather than the name. Use...
View ArticleMalware : Gpu based paravirtualization rootkit, all os vulne
Author: machetazosSubject: Gpu based paravirtualization rootkit, all os vulnePosted: 20 February 2013 at 11:28amHMMMMM does anyone else findit "odd" that the skeptics and critics tend to be a tad on...
View ArticleTroubleshooting : FASTIO_READ events getting slower
Author: ChrisAtRadhypsSubject: FASTIO_READ events getting slowerPosted: 20 February 2013 at 7:39pmDebugging an in-house 32-bit application whose performance is degrading over time. Using Process...
View ArticlePsTools : PsShutdown & PowrProf.dll,SetSuspendState
Author: struesSubject: PsShutdown & PowrProf.dll,SetSuspendStatePosted: 20 February 2013 at 10:36pmI encountered the same results... powerprof.dll would not allow a Windows XP PC's scheduled task...
View ArticleMalware : ARK Tools for Windows 7?
Author: LaishSubject: ARK Tools for Windows 7?Posted: 21 February 2013 at 12:05pmlook here the tool name is WIN64AST
View Article