Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


MagicAndre1981

Patron
  • Content count

    6,232
  • Donations

    $20.00 
  • Joined

  • Last visited

Everything posted by MagicAndre1981

  1. This is an updated tutorial of the one cluberti posted here. To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 Now open a command prompt with admin rights and run the following commands: For boot tracing: xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP Attention: Some users reported that they get a bugcheck (BSOD) when using the DRIVERS flag in the boot trace command. If you get this, use system restore to go back to a working Windows and run the command without DRIVERS xbootmgr -trace boot -traceFlags BASE+CSWITCH+POWER -resultPath C:\TEMPAlso change the name in the command to generate the XML. I've send some dumps to Microsoft, they look at the issue right now. For shutdown tracing: xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Standby+Resume: xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Hibernate+Resume: xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPreplace C:\TEMP with any temp directory on your machine as necessary to store the output files All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. Once Vista/Server 2008(R2) or Windows 7 does reboot, log back in as necessary and once the countdown timer finishes, you should now have some tracing files in C:\TEMP. If asked, upload or provide the file(s) generated in C:\TEMP (or the directory you chose) on a download share for analysis. Analyses of the boot trace: To start create a summary xml file, run this command (replace the name with the name of your etl file) xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a bootNow you see this picture.: You have too look at the timing node. All time values are in ms. The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop. The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications. those values show you a summary. The MainPathBoot Phase PreSMSS Subphase So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly. SMSSInit Subphase So if the SMSSInit Phase takes too long, try to get an graphic card driver update. WinLogonInit Subphase If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay. In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software. ExplorerInit Subphase So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different. The PostBoot Phase If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns. When you have a HDD (no SSD!) and you want to speedup the boot, run the optimization from this guide: http://www.msfn.org/board/index.php?showtopic=140262 Analyses of the shutdown trace: The shutdown is divided into this 3 parts: To generate an XML summary of shutdown, use the -a shutdown action with Xperf: xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdownOpen the XML and you see this: It shows you the most relevant data. <timing shutdownTime="23184" servicesShutdownDuration="1513">The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast. Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n). sessionShutdown sessionID="1" duration="3321">shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds. UserSession Phase sessionShutdown sessionID="0" duration="1513">The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop. SystemSession Phase In both cases expand the node and look at the shutdownDuration value. It helps you to identify a hanging application are service. KernelShutdown Phase To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime. In my example: KernelShutdown = 23184 - 3321 - 1513 = 18350 In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time. That is all you need to analyze slow shutdown issues. Analyses of the Hibernation trace:: To generate the XML, run this command: xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspendAnalyses of the Sleep/Resume trace:: xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspendOpen the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume. For deeper analysis refer to the Sleep and Hibernate Transitions part of theWindows On/Off Transition Performance Analysis Guide from Microsoft. The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information. // Edit: 2010-11-28 Add the explanation of the boot process // Edit: 2010-10-11 added the optimization guide // Edit: 2010-10-09 If you get a BSOD (Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED) while making traces, REMOVE ALL USB DEVICES and reboot! When making a new trace remove the DRIVERS flag from the command line! // Edit: 2010-02-04 Added the -noPrepReboot command at shutdown tracing to prevent the preparatory reboot during a shutdown/rebootCycle trace. Usually, the reboot is required to ensure a consistent machine state before the first shutdown if multiple traces are being taken. // Edit: 2010-05-08 Added the link to the Visual Studio 2010 Diagnostic Tool as alternative download to get the Windows Performance Toolkit Installers. Added some pictures.
  2. Hi, this is my second part of the series "What is the UAC". People always disable the UAC because there is no way to disable the UAC for a specific program. is this really true? No, it is not true. There is an build in way to do this! Q: How can I do this? A: Use the taskscheduler. 1. Start the computer management MMC snap-in 2. This step is optional: go to Task scheduler Library and make a right click and click "New Folder" (see picture 2) and type in "myTasks" to create a new folder (see picute 3) 3. Make a right click on the folder myTasks and select "Create Task" and type in a name: I always name them "autoElevatePROGRAMNAME". Here for my expample "autoElevateProcessExplorer" and mark the checkbox "Run with highest priviligies". 4. go to the tab "Actions" and select the program you want to execute and click ok, to create the Task. 5. create a new shortcut on your desktop and type in the following command: C:\Windows\System32\schtasks.exe /RUN /TN "myTasks\autoElevateProcessExplorer"Q: Do I have to do this for all programs I want to start? A: Yes Q: How Do I backup my tasks? A: make a right click on the task and select "Export" and save it into a XML file and after a reinstall of your Windows Vista / 7 select "Import Task" and import the XML file again. Q: How do I start applications with administrator rights at startup? A: You can copy the shortcut into the startup folder ( C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ) or run the task with a trigger (in the task creation window to to "triggers" and select "create Trigger" and choose "Begin the task" - "At logon". If you create such an trigger you don't have to put the shortcut into the startup folder. So I hope I was able to show you how to start applications with elevated rights, without disabling the UAC and without being "annoyed" to accept the UAC prompt. I'm using this technique for 3 years (starting with Vista Beta2 Milestone Builds) now.
  3. How to get the cause of high CPU usage by DPC (Deferred Procedure Call) and interrupts? Ok, you found this guide, because you see this: in Process Explorer/Hacker or you run the DPC Latency Checker tool an see this: (Attention: If you use Windows 8, don't use the "DPC Latency Checker tool". Due to internal Kernel changes in Windows 8, the "DPC Latency Checker tool" shows DPC spikes of over 1000µs all other the time. Those VALUES are not correct!) The developers of the tool try to create a Windows 8 compatible version. Here I will tell you a ) to see which driver causes the high CPU usage and b ) which driver causes the spikes. To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 Now open a command prompt with admin rights (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token), go to C:\temp (cd\temp) and run the following commands: xperf -on latency -stackwalk profilenow wait a time while the high DPC and Interrupt usage occurs. to stop the trace run the following command: xperf -d DPC_Interrupt.etlThis closes the trace and writes the result to the file DPC_Interrupt.etl. In the next step, make a double click on the etl file to run the Viewer. Now wait until the 2 passes are over. Go to "Trace"->"Configure Symbol Paths" and type in the following: srv*C:\symbols*http://msdl.microsoft.com/download/symbolsClick ok, to close the dialog. Now go to the graphs "DPC CPU Usage" or "Interrupt CPU Usage" (depending where you high CPU usage) and select the intervall, make a right click and select "Load Symbols" and next click summary table. Now, you have to accept the license agreement to download the public debugging symbols. (NOTE, THE PDBs ARE SOMETIME VERY HUGE. BE AWARE THAT IT MAY TAKE SOME TIME IF YOU HAVE A SLOW INTERNET CONNECTION) Here you'll see summary of the calls For me the cause is the NDIS.sys. This is a part of the networking system. The usage comes for me, when I have nearly 100% network speed usage on my 100MBit LAN adapter of my notebook. In your case, you should see the driver which causes the issues. An alternative way is to use the xperf commandline tool to dump the values into a text file: xperf -I DPC_Interrupt.etl -a dpcisr > dpc.txtOpen the generated dpc.txt with notepad. Under CPU Usage Summing By Module For the Whole Trace you can see a summary of all DPC usage for each CPU core. Look here which driver is causing the high CPU usage. Look in the dumped text files for µsec values which are over 256µsec. They can be critical. An alternativ to xperf is the tool LatencyMon It shows you the same statistic you see in the text file, but it shows you the values in realtime. So you can see which driver is the cause. You can download this tool from here: http://www.resplendence.com/downloads If the NDIS.sys driver is shown as possible cause, check your (W)LAN drivers for updates. For usbport.sys, check your chipset and USB device drivers for updates. if you see ACPI/HAL you may run into power saving feature issues. So update the BIOS and change the Power Plan in Windows. To see which driver versions you use run this command: xperf -I DPC_Interrupt.etl -a fileversion > fileversion.txtNow open the fileversion.txt and look for the driver version you use. Do a Bing/google search if you can find updated drivers. If you see UNKNOWN as cause you run drivers which use dynamic code. 1 known driver which uses such dynamic code is the DuplexSecure SPTD driver which is used in tools like DAEMON-Tools. If you see the UNKNOWN as a possible cause look if you have the SPTD driver installed. If yes, download the latest installer, run the installer and select "Uninstall" and reboot. Now run the xperf commands again and look if you see the real driver. Ok, I hope, this helps you to determine which driver is causing high DPC, interrupt usage and spikes which causes sound glitches.
  4. The Happy Birthday Thread

    A new year and 2 members have their Birthday: XPero(29) and DigeratiPrime(25). Enjoy your day
  5. ATTENTION: The guide only works if you use HDD (NOT a SSD!). To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 If you are a Windows 7 User: Make sure that EnablePrefetcher and EnableSuperfetch registry settings are set to 3 and that the Superfetch service (sysmain) is running and set to start automatically. Also install those Windows 7 hotfixes: http://www.msfn.org/board/index.php?showtopic=152622 If you are a Windows Vista User: Make sure that EnablePrefetcher and EnableSuperfetch registry settings are set to 3 and the ReadyBoost service and that the Superfetch service (sysmain) are both running and set to start automatically. Now open a command prompt with admin rights ( http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token ) and run the following command: xbootmgr -trace boot -prepSystem -verboseReadyBoot Now your PC will be restarted 6 times. After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster (for the description read what ReadyBoot is). The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup. Note! DON'T USE OTHER DEFRAGMENTATION PROGRAMS AFTER THE OPTIMIZATION, USE ONLY THE INCLUDED MS TOOL, BECAUSE EVERY TOOL PLACES THE FILES AT A DIFFERENT OFFSET ON YOUR HDD, BECAUSE ALL TOOL THINK THEY KNOW IT BETTER! Background: With Windows XP, MS implemented a prefetcher which loads data into the RAM, when the CPU was busy, starting services, drivers, so that they are already loaded when they are needed in later stages of the boot process. With Vista, MS improved this prefetcher and named it ReadyBoot: Source: http://technet.microsoft.com/en-us/magazin...el.aspx?pr=blog If you remember XP days, their was a tool called BootVis. The optimization is similar to this here, but the difference is, that is only starts the integrated MS defragmentation program for a better HDD layout, because XP doesn't have ReadyBoot. To see the improvement in time, run those 2 commands: xperf -i bootPrep_BASE+CSWITCH_1.etl -o 01_summary_start.xml -a boot xperf -i boot_BASE+CSWITCH_1.etl -o 02_summary_end.xml -a boot To determine the boot time, open the XML files and look at the value bootDoneViaPostBoot. This value (-10000 = 10seconds) shows you the time, which Windows needs to boot completely. In the file 02_summary_end.xml it should be much lower. I hope this small tutorial helps you to make your Windows start faster.
  6. This is an updated tutorial of my Windows 7 here. To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 Now open a command prompt with admin rights and run the following commands: For boot tracing: xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPNote, in Windows 8 it is safe to use the DRIVERS flag, the Windows 7 bug is fixed in Windows 8. For shutdown tracing: xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Standby+Resume: xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Hibernate+Resume: xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPreplace C:\TEMP with any temp directory on your machine as necessary to store the output files All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. After you login to your PC, the new startscreen is shown and you have to click to the desktop to see countdown timer. Again, wait until the timer finishes. Afetr you did this you should now have some tracing files in C:\TEMP. Analyses of the boot trace: To start create a summary xml file, run this command (replace the name with the name of your etl file) xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a bootNow you see this picture.: You have too look at the timing node. All time values are in ms. The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop. The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications. those values show you a summary. The MainPathBoot Phase PreSMSS Subphase So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly. SMSSInit Subphase So if the SMSSInit Phase takes too long, try to get an graphic card driver update. WinLogonInit Subphase If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay. In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software. ExplorerInit Subphase So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different. The PostBoot Phase If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns. if possible, you should always use the new Fast Startup/ hybrid Boot of Windows 8. At the end of this guide you'll learn how to analyze this new mode. Analyses of the shutdown trace: The shutdown is divided into this 3 parts: To generate an XML summary of shutdown, use the -a shutdown action with Xperf: xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdownOpen the XML and you see this: It shows you the most relevant data. <timing shutdownTime="23184" servicesShutdownDuration="1513">The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast. Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n). sessionShutdown sessionID="1" duration="3321">shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds. UserSession Phase sessionShutdown sessionID="0" duration="1513">The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop. SystemSession Phase In both cases expand the node and look at the shutdownDuration value. It helps you to identify a hanging application are service. KernelShutdown Phase To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime. In my example: KernelShutdown = 23184 - 3321 - 1513 = 18350 In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time. That is all you need to analyze slow shutdown issues. Analyses of the Hibernation trace:: To generate the XML, run this command: xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspendAnalyses of the Sleep/Resume trace:: xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspendOpen the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume. Windows 8 includes a new boot mode called Fast Startup or Hybrid Boot. If this boot mode is slow, you have to run this command to trace the slowness: xbootmgr -trace fastStartup -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPI've already explained how this mode works. First Windows shuts down the users, next Windows hibernates the kernel with all drivers and the services. Next the PC shuts down. Now Windows boots again, read the hibernation file and resumes all services and drivers and next you go to the Logon screen. So we now need to view all 3 actions. So first look is the closing of apps and logging off the users takes too long. Create the shutdown XML with this command: xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdownOpen it and you'll see this: Note, that the file only shows the logoff of the user sessions. Here check which programs take long to close. The FlushVolume is writing open files/cache to the HDD. Next, we must look if the hibernation is slowly. To generate the XML run this: xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspendOpen it and you'll see this: Now the same applies like Hibernation. Look which services or drivers take a long time to suspend. Also note, that those values are in µs! If those 2 steps are fine, we must look at the new Startup. To generate the XML run this: xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_Boot.xml -a bootOpen it and you'll see this: When you compare it to the normal boot, you see some differences. The PreSMSS and SMSSInit Subphases are gone. This is replaced with SystemResume. If this takes a very long time, open again the summary_hibernation.xml and look for devices are services which take long time to resume. The rest of the boot is the same like the normal boot. If WinLogonInit are long, check the Group Policies and if you're restoring of network connections. And if PostExplorerPeriod is long, you also start too many desktop programs or your new Windows 8 apps take too long to load the data to show in the live tiles. I hope, this helps you to fix your Performance issues with Windows 8. The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information.
  7. When making a right click on the Explorer and select "Run as administrator" it doesn't start the Windows Explorer with admin rights. The Windows Vista/7 Explorer includes a special function to block such requests. To disable it, start regedit.exe and go to the following key: HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} make a right click on Permissions and set your user as owner of the key and give your current user writing permissions. Next, delete or rename the value RunAs. Now the Elevated-Unelevated Explorer Factory is disabled and you can start the Explorer with admin rights. This helps you delete files, for which you need admin rights. Have fun
  8. I haven't insulted you. I simply wrote the truth. You have NO knowledge and troll around. I haven't had 1 UAC prompt today, so UAC is no issue at all during normal work and instead of understanding it you bash about this feature. I'll put you on my ignore list, so that I don't need to read your crap any longer *facepalm*
  9. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    starting the Bitdefender Virus Shield service ("VSSERV") causes a 80s delay: serviceTransition name="VSSERV" group="System Reserved" transition="start" totalTransitionTimeDelta="80521" Try a different Av suite.
  10. Your point is, that you simply don't understand it. I wrote a guide about UAC here for dummies like you.
  11. Windows 10 - First Impressions

    but the icons are still bad. Some have pseudo 3D when a look from the left side and some are flat by watching directly at them. This sucks
  12. no, IE11 is secure unless you turn UAC off and disable this way the sandbox around IE.
  13. Demon Dante

    @Demon_Dante your reply is not helpful at all. This is spam and should be deleted.
  14. Explorer.exe crash

    The Intel HD driver is the issue. It crashes while loading the CPL file: APPLICATION_VERIFIER_HEAPS_CORRUPTED_HEAP_BLOCK_SUFFIX (f)Corrupted suffix pattern for heap block.Most typically this happens for buffer overrun errors. Sometimes the applicationverifier places non-accessible pages at the end of the allocation and bufferoverruns will cause an access violation and sometimes the heap block isfollowed by a magic pattern. If this pattern is changed when the block getsfreed you will get this break. These breaks can be quite difficult to debugbecause you do not have the actual moment when corruption happened.You just have access to the free moment (stop happened here) and theallocation stack trace (!heap -p -a HEAP_BLOCK_ADDRESS) Arguments:Arg1: 00000000376e1000, Heap handle used in the call. Arg2: 000000001d5b4170, Heap block involved in the operation. Arg3: 0000000000000004, Size of the heap block. Arg4: 000000001d5b4174, Corruption address. 0:044> !heap -p -a 000000001d5b4170 address 000000001d5b4170 found in _HEAP @ 1d5b0000 HEAP_ENTRY Size Prev Flags UserPtr UserSize - state 000000001d5b4120 0008 0000 [00] 000000001d5b4170 00004 - (busy) 7f95dee81ab verifier!AVrfDebugPageHeapAllocate+0x000000000000039f 7f9644ad248 ntdll!RtlDebugAllocateHeap+0x0000000000000038 7f964469fd1 ntdll!RtlpAllocateHeap+0x00000000000000e6 7f9643c6773 ntdll!RtlAllocateHeap+0x00000000000001ae 7f95df006eb verifier!AVrfpRtlAllocateHeap+0x00000000000000d7 1b81ae4b hccutils!DllUnregisterServer+0x000000000000306f 1b81a237 hccutils!DllUnregisterServer+0x000000000000245b 1b811334 hccutils!GetCUICustomizationKey+0x0000000000000168 1b8118f2 hccutils!GetCUICustomizationKey+0x0000000000000726 1b81322b hccutils!CreateThisKey+0x0000000000000383 1b8135c8 hccutils!FindResources+0x0000000000000108 1b813908 hccutils!LoadSTRING+0x00000000000002f8 1b813ec8 hccutils!SaveString+0x000000000000014c 1b8141ab hccutils!LoadICON+0x000000000000002b 1b81426c hccutils!LoadIMAGE+0x0000000000000048 180001738 igfxcpl!CPlApplet+0x00000000000000b8 7f96299d76e shell32!CPL_CallEntry+0x0000000000000052 7f96299d271 shell32!_InitializeControl+0x000000000000009d 7f962b3d2ec shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+0x0000000000053ac7 7f962528ea2 shell32!CPL_LoadCPLModule+0x00000000000001c2 7f962528caf shell32!_LoadCPLModuleAndAdd+0x000000000000001f 7f962528c61 shell32!CPLD_InitModule+0x000000000000003d 7f962528bf9 shell32!CControlPanelEnum::_NextNonCachedCpl+0x000000000000008e 7f9624f9615 shell32!CControlPanelEnum::Next+0x00000000000000b4 7f9625d05a3 shell32!CRegFolderEnum::Next+0x00000000000001fa 7f9624fab95 shell32!CControlPanelAppletList::_AddAppletsToCategories+0x0000000000000051 7f96252c013 shell32!CControlPanelAppletList::LoadSlowApplets+0x000000000000007b 7f96252bf27 shell32!CControlPanelDataWorkItem::_LoadSlowData+0x0000000000000037 7f962527ec1 shell32!CControlPanelDataWorkItem::DoWork+0x0000000000000055 7f9624ff994 shell32!CFrameTask::InternalResumeRT+0x000000000000001c 7f96245a784 shell32!CRunnableTask::Run+0x0000000000000098 7f96242193c shell32!CShellTask::TT_Run+0x000000000000003c 0:044> lmvm igfxcplBrowse full module liststart end module name00000001`80000000 00000001`80024000 igfxcpl (export symbols) igfxcpl.cpl Loaded symbol image file: igfxcpl.cpl Image path: C:\Windows\System32\igfxcpl.cpl Image name: igfxcpl.cpl Browse all global symbols functions data Timestamp: Tue Apr 23 01:55:33 2013 (5175CDF5) CheckSum: 00028534 ImageSize: 00024000 File version: 8.15.10.3131 Product version: 8.15.10.3131 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Intel Corporation ProductName: Intel(R) Common User Interface InternalName: IGFXCPL OriginalFilename: IGFXCPL.DLL ProductVersion: 8.15.10.3131 FileVersion: 8.15.10.3131 PrivateBuild: 8.15.10.3131 SpecialBuild: 8.15.10.3131 FileDescription: igfxcpl Module LegalCopyright: Copyright 1999-2006, Intel Corporation LegalTrademarks: Copyright 1999-2006, Intel Corporation Comments: Copyright 1999-2006, Intel Corporation0:044> lmvm hccutilsBrowse full module liststart end module name00000000`1b810000 00000000`1b82f000 hccutils (export symbols) hccutils.dll Loaded symbol image file: hccutils.dll Image path: C:\Windows\System32\hccutils.dll Image name: hccutils.dll Browse all global symbols functions data Timestamp: Tue Apr 23 01:55:05 2013 (5175CDD9) CheckSum: 00024400 ImageSize: 0001F000 File version: 8.15.10.3131 Product version: 8.15.10.3131 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Intel Corporation ProductName: Intel(R) Common User Interface InternalName: HCCUTILS OriginalFilename: HCCUTILS.DLL ProductVersion: 8.15.10.3131 FileVersion: 8.15.10.3131 PrivateBuild: 8.15.10.3131 SpecialBuild: 8.15.10.3131 FileDescription: hccutils Module LegalCopyright: Copyright 1999-2006, Intel Corporation LegalTrademarks: Copyright 1999-2006, Intel Corporation Comments: Copyright 1999-2006, Intel CorporationFind a newer driver and install this one. Your driver is still 2 years old. Which GPU do you ave?
  15. Windows Update issues on Windows 7

    post the error code from the Windows Update Search. To diag UpdateInstall failures I need the folder C:\Windows\Logs\CBS
  16. Windows 8.1 dialog bugs

    this is fixed in Windows 10.
  17. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    this is not helpful. It only shows the known 40s delay.
  18. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    no registry operation takes very long (only 1s). I'm out of ideas why the Windows hangs. When did this start? Have you changed anything?
  19. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    still the same. I need to capture registry information to see more details: xbootmgr -trace boot -traceFlags BASE+LATENCY+DISPATCHER+POWER+REGISTRY+REG_HIVE -stackwalk profile+CSwitch+ReadyThread+RegQueryKey+RegEnumerateKey+RegEnumerateValueKey+RegDeleteKey+RegCreateKey+RegOpenKey+RegSetValue+RegDeleteValue+RegQueryValue+RegCloseKey -resultPath C:\TEMP
  20. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    I can see the 40s delay in the Wait data. rpcrt4.dll!Invoke calls sspisrv.dll!SspirLogonUser and later lsasrv.dll!NegLogonUserEx2 and wait for a response of lsass.exe. The lsass.exe checks some registry keys if you have the system configured to automatically logon with a username/password (authui.dll!CAutoLogon::IsAutoLogonMode, authui.dll!CAutoLogon::GetAutoLogonCredential, kernel32.dll!RegCreateKeyExW). Do you have this configured? If yes, disable it and enter your password on its own. Is it faster now?
  21. Still getting the nag screen after donating

    login to the glass8 website with your email/zip code, generate a donation.key and store this file into your AeroGlass folder and restart Aero Task from inside the TaskScheduler.
  22. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    WaitForLSM is slow (caused by the slow RpcSs start). Try this hotfix: https://support.microsoft.com/en-us/kb/2661001 If you still have the issue, run this command, here I capture wait data: xbootmgr -trace boot -traceFlags BASE+LATENCY+DISK_IO_INIT+DISPATCHER+FILE_IO+FILENAME+POWER -stackwalk profile+CSwitch+ReadyThread+DiskReadInit+DiskWriteInit -resultPath C:\TEMP Also please compress the ETL file as 7z/RAR to reduce the size.
  23. Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

    Send me a link to the ETL and I'll take a look at it.
  24. Anti-Malware Suggestions

    ...or simply running as non-Admin.... this is what the UAC is doing *facepalm*
  25. Anti-Malware Suggestions

    not really. Sorry. they do. 90% of the security issues are fixed only be having UAC on. http://arstechnica.com/information-technology/2010/03/half-of-windows-flaws-mitigated-by-removing-admin-rights/
×