What is Reddit's opinion of
Process Monitor?
From 3.5 billion Reddit comments
37 reviews of this app found across Reddit:
Process Monitor will let you trace what your system is doing in alarming detail. Add a filter to exclude any process name that excludes Steam, launch Steam, and when it's done stop capturing (Ctrl-E, or the spyglass toolbar icon) and see what it recorded.
My observations: a good few seconds reading in .dll files, a lot of registry access, and quite a bit of file activity, including scanning savegames. Total of about 9 seconds with a warm cache.
Try doing the same and seeing if any particular type of activity stands out time wise, or if it's just death by 200,000 cuts.
MS has a simple tool that gives you a reasonably detailed view of what a process is up to. I recommend it for people who aren't quite as up on debugging but understand how the Windows filesystem and registry work.
Does your sysadmin per default enable hard disk encryption?
Is your laptop part of a domain?
If both of these answers are answered with Yes than it might explain the performance issue. Because encryption often cuts writing and reading speed in half. A domain also requires some services and programs to reauthenticate upon awakening of the laptop.
Your antivirus software may also play a role in this, if not properly configured it will check on writing and reading processes all the time, even those that could be excluded by the sysadmin because they belong to your "standard software".
Maybe your backup routin is triggered after a wakeup/start of the system? Or some kind of file sync? Check for that too.
If you want to inspect some of the issues try this:
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
But I have to warn you, it may cause more issues/performance drops while using it. You definitly should set some filters and stuff. Or call your sysadmin and tell him to look for processes with many I/O requests.
Start unplugging machines ;-)
Seriously, I think you should change methodology. No two machines/users/processes on a network should ever be competing and writing over or appending to an existing file on a server.
That being said, I'd look at setting up tracers in Process Monitor for the user and processes involved in creating the file.
As your next step, I would follow cyanogen's advice - uninstall it, and nuke every last folder in your user profile that it could be storing data. Maybe create a temporary new user on your computer and try running it from that user to see what happens?
Barring that, I have only one more really nasty answer - open up SysInternals' Process Monitor, watch Chrome while it's starting up, and try to find out what files it can't read/write to and figure out why. It's not a great answer since you're going to have to wade through a ton of crap to get to what you need.
taskmanager -> check what taking resources (cpu/mem)
combo with "resource monitor" ... the disk monitoring function should easily spot what taking disk io
if need more depth analysis u can use process explorer/monitor https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx?f=255&MSPPError=-2147217396
hope helps
SMB sucks over high latency links. Even with some of the fixes added for SMB2 it still isn't perfect.
Keep in mind that opening an office document isn't simply reading the content into memory, it creates temporary files in the original location, for auto-save features.
If you want to see, you could open procmon and see what all you are actually doing over the wan link when you open the file.
Could you use something like Process Monitor (https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) and check if there is any special file activity going on while this happens? If you enable packaged app debugging in vivaldi://flags and inspect the UI (right click any UI element, select Inspect), and grab a profile session from the Timeline, it could help to see if the problem is on the web UI side of things. Very technical, I know, sorry.
Okay so the files keep coming back. I got an idea while searching around. Seems you can specify a folder and see what process changed something in it. This could be a way to know what creates those files. The utility is called process monitor: https://technet.microsoft.com/en-us/sysinternals/bb896645 I am not at my computer right now so I can not test run it so I can tell how to use it. I come online later and then I will try it.
Kristian818
Try Process Monitor to figure which files/registry values are fiddled.
Maybe it'll give you a clue.
https://technet.microsoft.com/en-us/sysinternals/bb896645
Anyway, I'd advise to contact Logitech again.
If they continue to get created in the future, you can use Process Monitor to find out what is creating them.
ProcMon Tutorial: http://www.howtogeek.com/school/sysinternals-pro/lesson4/all/
Okay, that's information that we didn't have before. Borderlands has never worked at all on this current system of yours.
You say in another reply that you're messing around with VC. Launching borderlands.exe under the debugger could be enlightening-- you might observe a DLL dependency chain failing.
edit: Or try this.
Yeah, that rundll32.exe seems suspicious. I would install Process Explorer like /u/russellvt said. Double-click on the rundll32 process, and you'll be able to see it's "command line", which will show you the DLL file and function it's running. After that, you'll need to do a web search and research any info about what it's doing.
Also if one of the svchost processes really is the main culprit like you say, find the one that's using a lot of cpu/memory and double-click it in Process Explorer. In the "Services" tab it will show you what services are being hosted by that particular svchost.exe process, which can then help you narrow down the possible cause.
And lastly, I would use Process Monitor which is also part of the Window Sysinternals suite. With that you can create a filter and actually see what files rundll32.exe is reading/writing.
>Can I detect key logger software?
If you know what to look for, yes. Besides, your screenshots don't really help. What you need are screenshots of processes running RIGHT NOW. That's what Process Explorer is for. Also Process Monitor. Oh yeah, and Autoruns.
Process Monitor in boot-logging mode might be able to shed some light. e.g. this article diagnoses a slow boot using it.
Mr Russinovich is your friend here with another great sys internals tool Process Monitor
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Have you attached ProcessMon to the process to see which part of the file system the program is touching?
Might give you some insight into caching/temp files.
1) look at system logs. 2) try this software. https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx (its simple software. run it - look how it works. create filters - run dirt and look one of the last movement of it in the system )
Filemon and Regmon used to be around to do this, but they have been discontinued and replaced with Process Monitor. I haven't tried using it to monitor filesystem and registry changes yet, so I can't give a good review on it.
Something is using your HDD, thats why you have spikes and high access times. After completing the error scan, which searches for bad sectors, download this and try to find whats using your HDD. Search for high reads/writes or file events(open, close)
You have 2 options to search for the problem.
First one is "Tools>Process Activity Summary". Click on "File Events graph" or "File I/O Bytes" it should show you most recent process that used your HDD. Select the process and click on "Detail". Clicking on spikes on graphs will show traces of what happened on the main screen of the program.
Second one is "Tools>File Summary". Also does the same but without graphs.
Also, do you have any warning signs on "Health" tab?
Try "dependency walker" (google it), error 126 is better than 193, it means you have the right dll in principle, but some dependencies are missing. I did it and got this result: https://i.imgsafe.org/21b6443659.jpg So as you can see some dlls are missing, but it's working fine for me. If you have any more missing dlls than that, you should probably google how to get them.
You can also use this https://technet.microsoft.com/en-us/sysinternals/bb896645 to monitor exactly, which dll dependencies it tries to load and can probably see what's missing from there.
The "/Q" switch on the "rmdir" command suppresses the output. Listing that many files may have slowed it down a bit...considering it already took a ridiculous 2 days without doing that, haha.
As for preventing it from happening again, I have a suggestion.
- Download Process Monitor and create a filter to monitor any process that accesses the INetCache directory.
Option 1: Assuming Windows 7: Follow the procedure on Microsoft Technet to activate file system auditing - You'll want to probably combine this and option 2. You can also run Process Monitor to watch the program specifically, rather than watching everything access your files:
Option 2: I don't imagine you need assistance with this. :)
Option 3: I'd probably suggest Virtualbox and load the Windows image into it, then install SuchFlex onto the Windows image. As blaid said, this would affect your sharing, as some resources would be taken up by virtual machine overhead and other resources denied, but this is very nearly the point. Others may suggest other virtual machine software, I find that as long as it works, it's primarily a matter of preference.
One possibility that the SuchFlex design team may want to consider: Creating a VM image based off of a Linux kernel dedicated to minimizing the VM OS's overhead, maximizing their ability to claim unused host system resources. Really, you'd need minimal HUI drivers, nothing better than a VGA driver for actual output, and there's no need for many of the services that a modern OS keeps running anyway. This gives them more room to work without worrying about client limitations while ensuring to users that user privacy is kept.
Windows by default does not track audits for object access. Even if you turn on "Audit object access" in Local Security Policy it will not track every single EXE that you launch. So for example if you launch calculator, notepad, there is no record that would be saved to event log.
You need to use an external tool such as Sysinternals Process Monitor to track specific processes. You would need to know the name of the EXEs you want to track. You could create a rule that blacklists EVERYTHING from being tracked, except "appX.exe, appY.exe appZ.exe, etc)
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
I mentioned we have a lot of problems with the uploads not completing. It wasn't any worse over the summer or anything, but it had the same ongoing problems.
Using Tegrity with Deep Freeze requires using Faronics Data Igloo with persistent storage (Thaw Space). Here's the Tegrity help article on it.
https://help.tegrity.com/how-to-configure-faronics-deep-freeze-to-use-with-tegrity-recorder.html
Unfortunately, that doesn't address the files spewed elsewhere on the drive, specifically, the logs written into C:\Windows\temp or the user's %temp%
Watch it with Process Monitor to see just how messy it is. https://technet.microsoft.com/en-us/sysinternals/bb896645
Panopto is a bit nicer. During install, or after,you just configure the recording directory to be on persistent storage (Thaw Space) and that's it.
I love that Panopto modified their installer to allow for setting the configuration on the installation command line. This forum post shows how the features were added because of user feedback. https://helpdesk.panopto.com/entries/20100717-How-to-do-a-silent-install-of-the-Panopto-Windows-Recorder
We update the recorder software whenever a new version comes along. For Tegrity, this involved visiting each computer, thawing it, updating, then freezing again when it's all done.
With Panopto, I can push a silent install as part of a maintenance schedule from the Deep Freeze console.
I'm not trying to sell Panopto or anything, it just removed a LOT of my headaches.
alrighty.. my search wasn't very successful, however, i had a brilliant idea ! https://technet.microsoft.com/en-us/sysinternals/bb896645
this program logs files used and directories created on your computer, download and launch it! You'll see a bunch of text that keeps adding up, minimize the window, go to your folder on the desktop, and delete it a few times .. 3 - 4 times should do it. Go back to the program and under the File menu, click Save (or Crtl+s) it will make a log file located on your desktop. Close the program, go to your desktop and doubleclick on the Logfile.PML to open it. You can send that to me, or you can press Ctrl+F (search) and there type bluej & tick "match whole words only", press enter and repeat, press Ctrl+F press enter, do this a few more times untill the program that generated it shows up.. the program that created the folder is displayed at the begining of the row.
Good luck ! :-)
and if you like, add me on Steam!
If no one posts, you might be able to find it out yourself with Process Monitor and see where it reads/writes to.
It's interesting to see the file path for the app on my System is this:
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.12101.0_x64__8wekyb3d8bbwe
ZuneMusic... Oh, Zune!
Still your taskmanager screenshot says its 97% full. Have you installed a 64bit version of Windows?
Otherwise: try one or both of these tools: https://technet.microsoft.com/en-us/sysinternals/bb896653 or https://technet.microsoft.com/en-us/sysinternals/bb896645
There are other tools in the sysinternals suite that may help you as well.
Oh hah. Ignore that >_> lol
Ok, so after that, you have to look at the hardware itself. Have you verified you have no HDD or RAM issues? IE, a manufacturer's HDD diagnostic tool and MemTest have both passed?
At this stage, after a software reinstall and continued issues, the chances of some kind of weird hardware problem are higher than a software issue, unless there are others with the same hardware having the same issue (which is honestly rather doubtful).
You could also potentially try SysInternals; https://technet.microsoft.com/en-us/sysinternals/bb842062 Specifically; https://technet.microsoft.com/en-us/sysinternals/bb896645
Although those are both rather insanely difficult to understand for a layperson. :(
I don't have any advice for your specific scenario, but if you want to look more into what's actually happening the next step could be using process monitor and see what it's trying to access and fails at.
It's possible the error isn't 100% correct or there are other contributing problems.
Use Process Explorer and Process Monitor
You can search for "steam" with process explorer.
If that doesn't work you need something that scans for rootkits.
https://technet.microsoft.com/en-us/sysinternals/bb896645
does it.
note that it also shows all the registry edits by a program, but you can easilly filter them out. (click the registry icon at the top)
also, you want to filter all but the one that you want to monitor, because windows does a shit ton of reads and writes when its "apparently" just sitting and doing nothing.
Edit: allows filtering by user too.
ok, but seriosly, this might help:
https://technet.microsoft.com/en-us/sysinternals/bb896645 Best part about this program is that it was made by better company, bought out by Microsoft, made free.
windows itself has a tool on figuring these out, called resource monitor, its a bit unwieldy and, basically just bad. but the disk tab might interest you.
filemon and regmon are out there as separate tools if you want to use them.
This can be a tricky problem to troubleshoot as others have pointed out. Especially if it is intermittent.
A couple things worth checking:
Services can be set to start with credentials other than SYSTEM. Check services.msc for anything that is using the user's credentials to login. These credentials can be saved (with a bad cached password after a change). You can sort by the "Log On As" column on the right in services.msc to quickly review.
If that is not the source and none of the other suggestions work we've gotta try to take the intermittent part of out the equation. Finding a way to make it repeatable will go a long way towards determining the cause. What is your lockout threshold (3 or 5 incorrect logins etc)? Log off and back on as many times as is your threshold. If that does not produce a lock out try rebooting as many times and logging in.
If it is caused by the machine and not the user it is more likely to take place at login or reboot.
If you can reproduce it that way check for login scripts and that sort of thing but more importantly at this point you can just use Process Monitor and call it a day. If you have never used it before it's like an extremely verbose event viewer. Add it to start up. Alternatively, if you can narrow the lockout down to a consistent time of day start it right before the lockout happens.
It will produce a lot of data to sort through but I guarantee more specific details about what is causing the lockout will be within.
Good luck!
Well I am not sure if this is the correct way to do it, but this is what I managed to do (twice so far).
Few months ago I converted my sense device to a GPE device, then a few weeks later went to CM. I kinda got fed up that I couldn't use the stock camera app so I wanted to go back to stock.
I originally downloaded the RUU exe file (latest) - M7 and M8 Latest Dev/Unlocked RUU Exe Files
I ran into an issue where the utility was stuck on 'Sending'. So I used Process Monitor to extract the zip.
I moved the zip to my sd card and renamed the zip file from 'rom' to '0P6BIMG'. I booted into the bootloader and was given the option to update. I think it was 'Volume Up' to proceed. The phone will tell you what to do anyway. Took around 10 minutes for the phone to boot up after updating.
Could someone let me know if this process will allow me to get OTA updates?
As a precaution I cleared the cache and factory reset the device using the stock recovery.
Also Note, that I tried flashing the zip using the cmd command 'fastboot oem rebootRUU' and 'fastboot flash zip rom.zip' however that never worked.
EDIT: Fixed some grammatical errors.
That is odd, have you checked the program folder permissions / temp folder permissions?
A system restore to before your admin install and reinstall from her account?
Run process monitor and see where it fails to access something.
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Does their app generate any log files?
Any security software that runs under her profile and not yours?
Have you already tried running it in safe mode?
> Does your sysadmin per default enable hard disk encryption?
No encryption. I can boot Linux from a USB drive and read all partitions.
> Is your laptop part of a domain?
No, only a workgroup.
> Your antivirus software may also play a role in this
Work computers have Symantec Endpoint Protection and Lumension Endpoint Security. Personal laptop has Avira.
> Maybe your backup routine is triggered after a wakeup/start of the system?
No backups or syncs whatsoever. I tried stopping all unnecessary services during startup (like FF and Google updaters, OpenOffice loader). Restore points are disabled. I have admin access and can enable/disable stuff at will.
Work laptop connects through VPN and only checks for updates manually.
> If you want to inspect some of the issues try this: > https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Might give it a try, since I won't be getting a SSD ever.
I know Windows versions are radically different, but damn, XP was so light, no wonder it survives till today in some companies.
Are there problems like this on Win8, does it read the HD constantly when idling? Is prefetch/superfecht a possible candidate for the root cause of this?