Windows XP Community - XPHeads



Driver Scanner

Handle leak in System process?

microsoft.public.windowsxp.perform_maintain




Recommended Fix - Fix Vista Errors and Optimize Performance


Driver Scanner 2009 - Free Scan Now
Reply
  #1 (permalink)  
Old 12-01-2009, 06:59 PM
Charles Lavin
 
Posts: n/a
Handle leak in System process?
Hi --

I have a Windows XP Pro SP3 box that's been giving me a headache for some
time now. Every so often, programs will fail to load and Windows (or an app)
will complain about being out of memory or system resources. Or windows
won't open. Etc., etc.

I've been looking high and low for the reason for this, with little luck.
One thing I have noticed is that when the PC starts to get cantankerous, the
System process has an elevated handle count (18,500 this last time I started
having problems). When I check the System process through Process Explorer,
I see thousands of handles open to what looks like an empty key, and a
lesser but still large number of handles open to what looks like a file with
no name:

--------------------
DETAILS

Basic Information
Name:
Type: Key
Description: A Registry key

References
References: 1
Handles: 1

Quota Charges
Paged: 0
Non-Paged: 0

SECURITY

Unable to display security information.
--------------------
DETAILS

Basic Information
Name:
Type: File
Description: A disk file, communications endpoint, or driver interface.

References
References: 2
Handles: 1

Quota Charges
Paged: 0
Non-Paged: 0

SECURITY

Everyone: Delete, Synchronize, Query State, Modify State, (Special
Permissions)

Advanced:
Permissions: <empty>
Auditing: <empty>
Owner: Everyone
--------------------

The Handles list shows all of these empty Key handles with an Access code of
0x000F003F, and the empty File handles with an access code of 0x0012091F.

I have checked just about every other process listed in Process Explorer. No
other process that has handles open to Registry keys has any open to blank
or empty keys. Process Explorer shows valid key names for every other key
every other process has open. No other process that has handles open to
files has any open to files with no name.

Rebooting the PC solves the problem -- temporarily. The System process
returns to a manageable handle count. But even after rebooting, Process
Explorer shows a collection of "empty" keys and "no-name" files open to the
System process. And even with the PC just sitting there at a desktop with no
other windows open, that count steadily increases over time.

At the risk of sounding stupid: This is _not_ normal, right? How do I find
whatever is triggering this, if I don't even know what to look for? Any help
would be appreciated.

Thanks
CL



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-01-2009, 09:45 PM
Questor
 
Posts: n/a
Re: Handle leak in System process?
I'd start with a good malware checker. Malwarebytes is a very good one
and it is free. Have you checked to see if any zero-length files are
lying around on your HD? That would indicate something running that
shouldn't be.

Q

--->
> Hi --
>
> I have a Windows XP Pro SP3 box that's been giving me a headache for some
> time now. Every so often, programs will fail to load and Windows (or an app)
> will complain about being out of memory or system resources. Or windows
> won't open. Etc., etc.
>
> I've been looking high and low for the reason for this, with little luck.
> One thing I have noticed is that when the PC starts to get cantankerous, the
> System process has an elevated handle count (18,500 this last time I started
> having problems). When I check the System process through Process Explorer,
> I see thousands of handles open to what looks like an empty key, and a
> lesser but still large number of handles open to what looks like a file with
> no name:
>
> --------------------
> DETAILS
>
> Basic Information
> Name:
> Type: Key
> Description: A Registry key
>
> References
> References: 1
> Handles: 1
>
> Quota Charges
> Paged: 0
> Non-Paged: 0
>
> SECURITY
>
> Unable to display security information.
> --------------------
> DETAILS
>
> Basic Information
> Name:
> Type: File
> Description: A disk file, communications endpoint, or driver interface.
>
> References
> References: 2
> Handles: 1
>
> Quota Charges
> Paged: 0
> Non-Paged: 0
>
> SECURITY
>
> Everyone: Delete, Synchronize, Query State, Modify State, (Special
> Permissions)
>
> Advanced:
> Permissions: <empty>
> Auditing: <empty>
> Owner: Everyone
> --------------------
>
> The Handles list shows all of these empty Key handles with an Access code of
> 0x000F003F, and the empty File handles with an access code of 0x0012091F.
>
> I have checked just about every other process listed in Process Explorer. No
> other process that has handles open to Registry keys has any open to blank
> or empty keys. Process Explorer shows valid key names for every other key
> every other process has open. No other process that has handles open to
> files has any open to files with no name.
>
> Rebooting the PC solves the problem -- temporarily. The System process
> returns to a manageable handle count. But even after rebooting, Process
> Explorer shows a collection of "empty" keys and "no-name" files open to the
> System process. And even with the PC just sitting there at a desktop with no
> other windows open, that count steadily increases over time.
>
> At the risk of sounding stupid: This is _not_ normal, right? How do I find
> whatever is triggering this, if I don't even know what to look for? Any help
> would be appreciated.
>
> Thanks
> CL
>
>
>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 12-02-2009, 03:03 AM
Charles Lavin
 
Posts: n/a
Re: Handle leak in System process?
This computer is routinely sweeped for viruses and malware, and is also
running Symantec's Endpoint Protection suite. Malware and virus checks
always come up clean.

CL

"Questor" <Questor@minimoe.com> wrote in message
news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
> I'd start with a good malware checker. Malwarebytes is a very good one
> and it is free. Have you checked to see if any zero-length files are
> lying around on your HD? That would indicate something running that
> shouldn't be.
>
> Q
>
> --->
>> Hi --
>>
>> I have a Windows XP Pro SP3 box that's been giving me a headache for some
>> time now. Every so often, programs will fail to load and Windows (or an
>> app) will complain about being out of memory or system resources. Or
>> windows won't open. Etc., etc.
>>
>> I've been looking high and low for the reason for this, with little luck.
>> One thing I have noticed is that when the PC starts to get cantankerous,
>> the System process has an elevated handle count (18,500 this last time I
>> started having problems). When I check the System process through Process
>> Explorer, I see thousands of handles open to what looks like an empty
>> key, and a lesser but still large number of handles open to what looks
>> like a file with no name:
>>
>> --------------------
>> DETAILS
>>
>> Basic Information
>> Name:
>> Type: Key
>> Description: A Registry key
>>
>> References
>> References: 1
>> Handles: 1
>>
>> Quota Charges
>> Paged: 0
>> Non-Paged: 0
>>
>> SECURITY
>>
>> Unable to display security information.
>> --------------------
>> DETAILS
>>
>> Basic Information
>> Name:
>> Type: File
>> Description: A disk file, communications endpoint, or driver interface.
>>
>> References
>> References: 2
>> Handles: 1
>>
>> Quota Charges
>> Paged: 0
>> Non-Paged: 0
>>
>> SECURITY
>>
>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>> Permissions)
>>
>> Advanced:
>> Permissions: <empty>
>> Auditing: <empty>
>> Owner: Everyone
>> --------------------
>>
>> The Handles list shows all of these empty Key handles with an Access code
>> of 0x000F003F, and the empty File handles with an access code of
>> 0x0012091F.
>>
>> I have checked just about every other process listed in Process Explorer.
>> No other process that has handles open to Registry keys has any open to
>> blank or empty keys. Process Explorer shows valid key names for every
>> other key every other process has open. No other process that has handles
>> open to files has any open to files with no name.
>>
>> Rebooting the PC solves the problem -- temporarily. The System process
>> returns to a manageable handle count. But even after rebooting, Process
>> Explorer shows a collection of "empty" keys and "no-name" files open to
>> the System process. And even with the PC just sitting there at a desktop
>> with no other windows open, that count steadily increases over time.
>>
>> At the risk of sounding stupid: This is _not_ normal, right? How do I
>> find whatever is triggering this, if I don't even know what to look for?
>> Any help would be appreciated.
>>
>> Thanks
>> CL
>>
>>


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 12-02-2009, 03:26 AM
Questor
 
Posts: n/a
Re: Handle leak in System process?
It was only a suggestion based on the info you gave us. You didn't
mention malware checks or anti-virus and that is the first thing that
jumped into my mind on your report.

Q

--->
> This computer is routinely sweeped for viruses and malware, and is also
> running Symantec's Endpoint Protection suite. Malware and virus checks
> always come up clean.
>
> CL
>
> "Questor" <Questor@minimoe.com> wrote in message
> news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
>> I'd start with a good malware checker. Malwarebytes is a very good one
>> and it is free. Have you checked to see if any zero-length files are
>> lying around on your HD? That would indicate something running that
>> shouldn't be.
>>
>> Q
>>
>> --->
>>> Hi --
>>>
>>> I have a Windows XP Pro SP3 box that's been giving me a headache for some
>>> time now. Every so often, programs will fail to load and Windows (or an
>>> app) will complain about being out of memory or system resources. Or
>>> windows won't open. Etc., etc.
>>>
>>> I've been looking high and low for the reason for this, with little luck.
>>> One thing I have noticed is that when the PC starts to get cantankerous,
>>> the System process has an elevated handle count (18,500 this last time I
>>> started having problems). When I check the System process through Process
>>> Explorer, I see thousands of handles open to what looks like an empty
>>> key, and a lesser but still large number of handles open to what looks
>>> like a file with no name:
>>>
>>> --------------------
>>> DETAILS
>>>
>>> Basic Information
>>> Name:
>>> Type: Key
>>> Description: A Registry key
>>>
>>> References
>>> References: 1
>>> Handles: 1
>>>
>>> Quota Charges
>>> Paged: 0
>>> Non-Paged: 0
>>>
>>> SECURITY
>>>
>>> Unable to display security information.
>>> --------------------
>>> DETAILS
>>>
>>> Basic Information
>>> Name:
>>> Type: File
>>> Description: A disk file, communications endpoint, or driver interface.
>>>
>>> References
>>> References: 2
>>> Handles: 1
>>>
>>> Quota Charges
>>> Paged: 0
>>> Non-Paged: 0
>>>
>>> SECURITY
>>>
>>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>>> Permissions)
>>>
>>> Advanced:
>>> Permissions: <empty>
>>> Auditing: <empty>
>>> Owner: Everyone
>>> --------------------
>>>
>>> The Handles list shows all of these empty Key handles with an Access code
>>> of 0x000F003F, and the empty File handles with an access code of
>>> 0x0012091F.
>>>
>>> I have checked just about every other process listed in Process Explorer.
>>> No other process that has handles open to Registry keys has any open to
>>> blank or empty keys. Process Explorer shows valid key names for every
>>> other key every other process has open. No other process that has handles
>>> open to files has any open to files with no name.
>>>
>>> Rebooting the PC solves the problem -- temporarily. The System process
>>> returns to a manageable handle count. But even after rebooting, Process
>>> Explorer shows a collection of "empty" keys and "no-name" files open to
>>> the System process. And even with the PC just sitting there at a desktop
>>> with no other windows open, that count steadily increases over time.
>>>
>>> At the risk of sounding stupid: This is _not_ normal, right? How do I
>>> find whatever is triggering this, if I don't even know what to look for?
>>> Any help would be appreciated.
>>>
>>> Thanks
>>> CL
>>>
>>>

>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 12-02-2009, 04:28 AM
Charles Lavin
 
Posts: n/a
Re: Handle leak in System process?
I know ...

As for 0-length files: I just discovered that there's no way to search for
them in Windows XP ...


"Questor" <Questor@minimoe.com> wrote in message
news:%23vsMy8vcKHA.1028@TK2MSFTNGP06.phx.gbl...
> It was only a suggestion based on the info you gave us. You didn't
> mention malware checks or anti-virus and that is the first thing that
> jumped into my mind on your report.
>
> Q
>
> --->
>> This computer is routinely sweeped for viruses and malware, and is also
>> running Symantec's Endpoint Protection suite. Malware and virus checks
>> always come up clean.
>>
>> CL
>>
>> "Questor" <Questor@minimoe.com> wrote in message
>> news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
>>> I'd start with a good malware checker. Malwarebytes is a very good one
>>> and it is free. Have you checked to see if any zero-length files are
>>> lying around on your HD? That would indicate something running that
>>> shouldn't be.
>>>
>>> Q
>>>
>>> --->
>>>> Hi --
>>>>
>>>> I have a Windows XP Pro SP3 box that's been giving me a headache for
>>>> some time now. Every so often, programs will fail to load and Windows
>>>> (or an app) will complain about being out of memory or system
>>>> resources. Or windows won't open. Etc., etc.
>>>>
>>>> I've been looking high and low for the reason for this, with little
>>>> luck. One thing I have noticed is that when the PC starts to get
>>>> cantankerous, the System process has an elevated handle count (18,500
>>>> this last time I started having problems). When I check the System
>>>> process through Process Explorer, I see thousands of handles open to
>>>> what looks like an empty key, and a lesser but still large number of
>>>> handles open to what looks like a file with no name:
>>>>
>>>> --------------------
>>>> DETAILS
>>>>
>>>> Basic Information
>>>> Name:
>>>> Type: Key
>>>> Description: A Registry key
>>>>
>>>> References
>>>> References: 1
>>>> Handles: 1
>>>>
>>>> Quota Charges
>>>> Paged: 0
>>>> Non-Paged: 0
>>>>
>>>> SECURITY
>>>>
>>>> Unable to display security information.
>>>> --------------------
>>>> DETAILS
>>>>
>>>> Basic Information
>>>> Name:
>>>> Type: File
>>>> Description: A disk file, communications endpoint, or driver
>>>> interface.
>>>>
>>>> References
>>>> References: 2
>>>> Handles: 1
>>>>
>>>> Quota Charges
>>>> Paged: 0
>>>> Non-Paged: 0
>>>>
>>>> SECURITY
>>>>
>>>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>>>> Permissions)
>>>>
>>>> Advanced:
>>>> Permissions: <empty>
>>>> Auditing: <empty>
>>>> Owner: Everyone
>>>> --------------------
>>>>
>>>> The Handles list shows all of these empty Key handles with an Access
>>>> code of 0x000F003F, and the empty File handles with an access code of
>>>> 0x0012091F.
>>>>
>>>> I have checked just about every other process listed in Process
>>>> Explorer. No other process that has handles open to Registry keys has
>>>> any open to blank or empty keys. Process Explorer shows valid key names
>>>> for every other key every other process has open. No other process that
>>>> has handles open to files has any open to files with no name.
>>>>
>>>> Rebooting the PC solves the problem -- temporarily. The System process
>>>> returns to a manageable handle count. But even after rebooting, Process
>>>> Explorer shows a collection of "empty" keys and "no-name" files open to
>>>> the System process. And even with the PC just sitting there at a
>>>> desktop with no other windows open, that count steadily increases over
>>>> time.
>>>>
>>>> At the risk of sounding stupid: This is _not_ normal, right? How do I
>>>> find whatever is triggering this, if I don't even know what to look
>>>> for? Any help would be appreciated.
>>>>
>>>> Thanks
>>>> CL
>>>>
>>>>

>>



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 12-02-2009, 05:15 AM
Questor
 
Posts: n/a
Re: Handle leak in System process?
About the only way I can think of is to open Windows Explorer and go
directory by directory and click on the top of the Size column. This
will arrange the files by size and not name. The zero-length ones will
go to the top of the list (or the bottom, depending on how many times
you click). VERY tedious operation however. I have no idea of knowing
if you know, but clicking on the top of ANY column sorts the listings in
that order.

Q

--->
> I know ...
>
> As for 0-length files: I just discovered that there's no way to search for
> them in Windows XP ...
>
>
> "Questor" <Questor@minimoe.com> wrote in message
> news:%23vsMy8vcKHA.1028@TK2MSFTNGP06.phx.gbl...
>> It was only a suggestion based on the info you gave us. You didn't
>> mention malware checks or anti-virus and that is the first thing that
>> jumped into my mind on your report.
>>
>> Q
>>
>> --->
>>> This computer is routinely sweeped for viruses and malware, and is also
>>> running Symantec's Endpoint Protection suite. Malware and virus checks
>>> always come up clean.
>>>
>>> CL
>>>
>>> "Questor" <Questor@minimoe.com> wrote in message
>>> news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
>>>> I'd start with a good malware checker. Malwarebytes is a very good one
>>>> and it is free. Have you checked to see if any zero-length files are
>>>> lying around on your HD? That would indicate something running that
>>>> shouldn't be.
>>>>
>>>> Q
>>>>
>>>> --->
>>>>> Hi --
>>>>>
>>>>> I have a Windows XP Pro SP3 box that's been giving me a headache for
>>>>> some time now. Every so often, programs will fail to load and Windows
>>>>> (or an app) will complain about being out of memory or system
>>>>> resources. Or windows won't open. Etc., etc.
>>>>>
>>>>> I've been looking high and low for the reason for this, with little
>>>>> luck. One thing I have noticed is that when the PC starts to get
>>>>> cantankerous, the System process has an elevated handle count (18,500
>>>>> this last time I started having problems). When I check the System
>>>>> process through Process Explorer, I see thousands of handles open to
>>>>> what looks like an empty key, and a lesser but still large number of
>>>>> handles open to what looks like a file with no name:
>>>>>
>>>>> --------------------
>>>>> DETAILS
>>>>>
>>>>> Basic Information
>>>>> Name:
>>>>> Type: Key
>>>>> Description: A Registry key
>>>>>
>>>>> References
>>>>> References: 1
>>>>> Handles: 1
>>>>>
>>>>> Quota Charges
>>>>> Paged: 0
>>>>> Non-Paged: 0
>>>>>
>>>>> SECURITY
>>>>>
>>>>> Unable to display security information.
>>>>> --------------------
>>>>> DETAILS
>>>>>
>>>>> Basic Information
>>>>> Name:
>>>>> Type: File
>>>>> Description: A disk file, communications endpoint, or driver
>>>>> interface.
>>>>>
>>>>> References
>>>>> References: 2
>>>>> Handles: 1
>>>>>
>>>>> Quota Charges
>>>>> Paged: 0
>>>>> Non-Paged: 0
>>>>>
>>>>> SECURITY
>>>>>
>>>>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>>>>> Permissions)
>>>>>
>>>>> Advanced:
>>>>> Permissions: <empty>
>>>>> Auditing: <empty>
>>>>> Owner: Everyone
>>>>> --------------------
>>>>>
>>>>> The Handles list shows all of these empty Key handles with an Access
>>>>> code of 0x000F003F, and the empty File handles with an access code of
>>>>> 0x0012091F.
>>>>>
>>>>> I have checked just about every other process listed in Process
>>>>> Explorer. No other process that has handles open to Registry keys has
>>>>> any open to blank or empty keys. Process Explorer shows valid key names
>>>>> for every other key every other process has open. No other process that
>>>>> has handles open to files has any open to files with no name.
>>>>>
>>>>> Rebooting the PC solves the problem -- temporarily. The System process
>>>>> returns to a manageable handle count. But even after rebooting, Process
>>>>> Explorer shows a collection of "empty" keys and "no-name" files open to
>>>>> the System process. And even with the PC just sitting there at a
>>>>> desktop with no other windows open, that count steadily increases over
>>>>> time.
>>>>>
>>>>> At the risk of sounding stupid: This is _not_ normal, right? How do I
>>>>> find whatever is triggering this, if I don't even know what to look
>>>>> for? Any help would be appreciated.
>>>>>
>>>>> Thanks
>>>>> CL
>>>>>
>>>>>

>
>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 12-02-2009, 05:53 AM
Michael W. Ryder
 
Posts: n/a
Re: Handle leak in System process?
Questor wrote:
> About the only way I can think of is to open Windows Explorer and go
> directory by directory and click on the top of the Size column. This
> will arrange the files by size and not name. The zero-length ones will
> go to the top of the list (or the bottom, depending on how many times
> you click). VERY tedious operation however. I have no idea of knowing
> if you know, but clicking on the top of ANY column sorts the listings in
> that order.
>


You can search an entire disk specifying a maximum file size of 1 KB and
then sort the results by size. You will then have to skip over all the
folders but the 0 byte files should be next.

> Q
>
> --->
>> I know ...
>>
>> As for 0-length files: I just discovered that there's no way to search
>> for them in Windows XP ...
>>
>>
>> "Questor" <Questor@minimoe.com> wrote in message
>> news:%23vsMy8vcKHA.1028@TK2MSFTNGP06.phx.gbl...
>>> It was only a suggestion based on the info you gave us. You didn't
>>> mention malware checks or anti-virus and that is the first thing that
>>> jumped into my mind on your report.
>>>
>>> Q
>>>
>>> --->
>>>> This computer is routinely sweeped for viruses and malware, and is
>>>> also running Symantec's Endpoint Protection suite. Malware and virus
>>>> checks always come up clean.
>>>>
>>>> CL
>>>>
>>>> "Questor" <Questor@minimoe.com> wrote in message
>>>> news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
>>>>> I'd start with a good malware checker. Malwarebytes is a very good
>>>>> one and it is free. Have you checked to see if any zero-length
>>>>> files are lying around on your HD? That would indicate something
>>>>> running that shouldn't be.
>>>>>
>>>>> Q
>>>>>
>>>>> --->
>>>>>> Hi --
>>>>>>
>>>>>> I have a Windows XP Pro SP3 box that's been giving me a headache
>>>>>> for some time now. Every so often, programs will fail to load and
>>>>>> Windows (or an app) will complain about being out of memory or
>>>>>> system resources. Or windows won't open. Etc., etc.
>>>>>>
>>>>>> I've been looking high and low for the reason for this, with
>>>>>> little luck. One thing I have noticed is that when the PC starts
>>>>>> to get cantankerous, the System process has an elevated handle
>>>>>> count (18,500 this last time I started having problems). When I
>>>>>> check the System process through Process Explorer, I see thousands
>>>>>> of handles open to what looks like an empty key, and a lesser but
>>>>>> still large number of handles open to what looks like a file with
>>>>>> no name:
>>>>>>
>>>>>> --------------------
>>>>>> DETAILS
>>>>>>
>>>>>> Basic Information
>>>>>> Name:
>>>>>> Type: Key
>>>>>> Description: A Registry key
>>>>>>
>>>>>> References
>>>>>> References: 1
>>>>>> Handles: 1
>>>>>>
>>>>>> Quota Charges
>>>>>> Paged: 0
>>>>>> Non-Paged: 0
>>>>>>
>>>>>> SECURITY
>>>>>>
>>>>>> Unable to display security information.
>>>>>> --------------------
>>>>>> DETAILS
>>>>>>
>>>>>> Basic Information
>>>>>> Name:
>>>>>> Type: File
>>>>>> Description: A disk file, communications endpoint, or driver
>>>>>> interface.
>>>>>>
>>>>>> References
>>>>>> References: 2
>>>>>> Handles: 1
>>>>>>
>>>>>> Quota Charges
>>>>>> Paged: 0
>>>>>> Non-Paged: 0
>>>>>>
>>>>>> SECURITY
>>>>>>
>>>>>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>>>>>> Permissions)
>>>>>>
>>>>>> Advanced:
>>>>>> Permissions: <empty>
>>>>>> Auditing: <empty>
>>>>>> Owner: Everyone
>>>>>> --------------------
>>>>>>
>>>>>> The Handles list shows all of these empty Key handles with an
>>>>>> Access code of 0x000F003F, and the empty File handles with an
>>>>>> access code of 0x0012091F.
>>>>>>
>>>>>> I have checked just about every other process listed in Process
>>>>>> Explorer. No other process that has handles open to Registry keys
>>>>>> has any open to blank or empty keys. Process Explorer shows valid
>>>>>> key names for every other key every other process has open. No
>>>>>> other process that has handles open to files has any open to files
>>>>>> with no name.
>>>>>>
>>>>>> Rebooting the PC solves the problem -- temporarily. The System
>>>>>> process returns to a manageable handle count. But even after
>>>>>> rebooting, Process Explorer shows a collection of "empty" keys and
>>>>>> "no-name" files open to the System process. And even with the PC
>>>>>> just sitting there at a desktop with no other windows open, that
>>>>>> count steadily increases over time.
>>>>>>
>>>>>> At the risk of sounding stupid: This is _not_ normal, right? How
>>>>>> do I find whatever is triggering this, if I don't even know what
>>>>>> to look for? Any help would be appreciated.
>>>>>>
>>>>>> Thanks
>>>>>> CL
>>>>>>
>>>>>>

>>
>>

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 12-02-2009, 05:54 AM
Charles Lavin
 
Posts: n/a
Re: Handle leak in System process?
Hi --

I am aware of that, but there are hundreds of thousands of folders on the
drives on this particular PC.

Asking Search to find all files "with size less than 0 KB" results in a lot
of drive crunching but no results. Which makes me wonder what MS considers
to be "0 KB" ...

But asking Search to find all files "with size less than 1 KB" results in
the eventual crash of the task as it produces hundreds of thousands of files
smaller than 1 KB.

Methinks I'll have to rely on my old Unix bag of tricks for this one (again)
....

find / -size 0 -ls >/zerofiles.txt

Thanks
CL


"Questor" <Questor@minimoe.com> wrote in message
news:O3C4J6wcKHA.4708@TK2MSFTNGP02.phx.gbl...
> About the only way I can think of is to open Windows Explorer and go
> directory by directory and click on the top of the Size column. This will
> arrange the files by size and not name. The zero-length ones will go to
> the top of the list (or the bottom, depending on how many times you
> click). VERY tedious operation however. I have no idea of knowing if you
> know, but clicking on the top of ANY column sorts the listings in that
> order.
>
> Q
>
> --->
>> I know ...
>>
>> As for 0-length files: I just discovered that there's no way to search
>> for them in Windows XP ...
>>
>>
>> "Questor" <Questor@minimoe.com> wrote in message
>> news:%23vsMy8vcKHA.1028@TK2MSFTNGP06.phx.gbl...
>>> It was only a suggestion based on the info you gave us. You didn't
>>> mention malware checks or anti-virus and that is the first thing that
>>> jumped into my mind on your report.
>>>
>>> Q
>>>
>>> --->
>>>> This computer is routinely sweeped for viruses and malware, and is also
>>>> running Symantec's Endpoint Protection suite. Malware and virus checks
>>>> always come up clean.
>>>>
>>>> CL
>>>>
>>>> "Questor" <Questor@minimoe.com> wrote in message
>>>> news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
>>>>> I'd start with a good malware checker. Malwarebytes is a very good
>>>>> one and it is free. Have you checked to see if any zero-length files
>>>>> are lying around on your HD? That would indicate something running
>>>>> that shouldn't be.
>>>>>
>>>>> Q
>>>>>
>>>>> --->
>>>>>> Hi --
>>>>>>
>>>>>> I have a Windows XP Pro SP3 box that's been giving me a headache for
>>>>>> some time now. Every so often, programs will fail to load and Windows
>>>>>> (or an app) will complain about being out of memory or system
>>>>>> resources. Or windows won't open. Etc., etc.
>>>>>>
>>>>>> I've been looking high and low for the reason for this, with little
>>>>>> luck. One thing I have noticed is that when the PC starts to get
>>>>>> cantankerous, the System process has an elevated handle count (18,500
>>>>>> this last time I started having problems). When I check the System
>>>>>> process through Process Explorer, I see thousands of handles open to
>>>>>> what looks like an empty key, and a lesser but still large number of
>>>>>> handles open to what looks like a file with no name:
>>>>>>
>>>>>> --------------------
>>>>>> DETAILS
>>>>>>
>>>>>> Basic Information
>>>>>> Name:
>>>>>> Type: Key
>>>>>> Description: A Registry key
>>>>>>
>>>>>> References
>>>>>> References: 1
>>>>>> Handles: 1
>>>>>>
>>>>>> Quota Charges
>>>>>> Paged: 0
>>>>>> Non-Paged: 0
>>>>>>
>>>>>> SECURITY
>>>>>>
>>>>>> Unable to display security information.
>>>>>> --------------------
>>>>>> DETAILS
>>>>>>
>>>>>> Basic Information
>>>>>> Name:
>>>>>> Type: File
>>>>>> Description: A disk file, communications endpoint, or driver
>>>>>> interface.
>>>>>>
>>>>>> References
>>>>>> References: 2
>>>>>> Handles: 1
>>>>>>
>>>>>> Quota Charges
>>>>>> Paged: 0
>>>>>> Non-Paged: 0
>>>>>>
>>>>>> SECURITY
>>>>>>
>>>>>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>>>>>> Permissions)
>>>>>>
>>>>>> Advanced:
>>>>>> Permissions: <empty>
>>>>>> Auditing: <empty>
>>>>>> Owner: Everyone
>>>>>> --------------------
>>>>>>
>>>>>> The Handles list shows all of these empty Key handles with an Access
>>>>>> code of 0x000F003F, and the empty File handles with an access code of
>>>>>> 0x0012091F.
>>>>>>
>>>>>> I have checked just about every other process listed in Process
>>>>>> Explorer. No other process that has handles open to Registry keys has
>>>>>> any open to blank or empty keys. Process Explorer shows valid key
>>>>>> names for every other key every other process has open. No other
>>>>>> process that has handles open to files has any open to files with no
>>>>>> name.
>>>>>>
>>>>>> Rebooting the PC solves the problem -- temporarily. The System
>>>>>> process returns to a manageable handle count. But even after
>>>>>> rebooting, Process Explorer shows a collection of "empty" keys and
>>>>>> "no-name" files open to the System process. And even with the PC just
>>>>>> sitting there at a desktop with no other windows open, that count
>>>>>> steadily increases over time.
>>>>>>
>>>>>> At the risk of sounding stupid: This is _not_ normal, right? How do I
>>>>>> find whatever is triggering this, if I don't even know what to look
>>>>>> for? Any help would be appreciated.
>>>>>>
>>>>>> Thanks
>>>>>> CL
>>>>>>
>>>>>>

>>


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 12-02-2009, 10:19 AM
Charles Lavin
 
Posts: n/a
Re: Handle leak in System process?
I mentioned in a prior post that when I did that, the search app crashed
because of the massive number of small files it found.

I did what I needed with a Unix command.

Thanks
CL

"Michael W. Ryder" <_mwryder55@gmail.com> wrote in message
news:7hnRm.9428$Lq5.630@newsfe20.iad...
> Questor wrote:
>> About the only way I can think of is to open Windows Explorer and go
>> directory by directory and click on the top of the Size column. This
>> will arrange the files by size and not name. The zero-length ones will
>> go to the top of the list (or the bottom, depending on how many times you
>> click). VERY tedious operation however. I have no idea of knowing if
>> you know, but clicking on the top of ANY column sorts the listings in
>> that order.
>>

>
> You can search an entire disk specifying a maximum file size of 1 KB and
> then sort the results by size. You will then have to skip over all the
> folders but the 0 byte files should be next.
>
>> Q
>>
>> --->
>>> I know ...
>>>
>>> As for 0-length files: I just discovered that there's no way to search
>>> for them in Windows XP ...
>>>
>>>
>>> "Questor" <Questor@minimoe.com> wrote in message
>>> news:%23vsMy8vcKHA.1028@TK2MSFTNGP06.phx.gbl...
>>>> It was only a suggestion based on the info you gave us. You didn't
>>>> mention malware checks or anti-virus and that is the first thing that
>>>> jumped into my mind on your report.
>>>>
>>>> Q
>>>>
>>>> --->
>>>>> This computer is routinely sweeped for viruses and malware, and is
>>>>> also running Symantec's Endpoint Protection suite. Malware and virus
>>>>> checks always come up clean.
>>>>>
>>>>> CL
>>>>>
>>>>> "Questor" <Questor@minimoe.com> wrote in message
>>>>> news:OQXTZ%23scKHA.4884@TK2MSFTNGP04.phx.gbl...
>>>>>> I'd start with a good malware checker. Malwarebytes is a very good
>>>>>> one and it is free. Have you checked to see if any zero-length files
>>>>>> are lying around on your HD? That would indicate something running
>>>>>> that shouldn't be.
>>>>>>
>>>>>> Q
>>>>>>
>>>>>> --->
>>>>>>> Hi --
>>>>>>>
>>>>>>> I have a Windows XP Pro SP3 box that's been giving me a headache for
>>>>>>> some time now. Every so often, programs will fail to load and
>>>>>>> Windows (or an app) will complain about being out of memory or
>>>>>>> system resources. Or windows won't open. Etc., etc.
>>>>>>>
>>>>>>> I've been looking high and low for the reason for this, with little
>>>>>>> luck. One thing I have noticed is that when the PC starts to get
>>>>>>> cantankerous, the System process has an elevated handle count
>>>>>>> (18,500 this last time I started having problems). When I check the
>>>>>>> System process through Process Explorer, I see thousands of handles
>>>>>>> open to what looks like an empty key, and a lesser but still large
>>>>>>> number of handles open to what looks like a file with no name:
>>>>>>>
>>>>>>> --------------------
>>>>>>> DETAILS
>>>>>>>
>>>>>>> Basic Information
>>>>>>> Name:
>>>>>>> Type: Key
>>>>>>> Description: A Registry key
>>>>>>>
>>>>>>> References
>>>>>>> References: 1
>>>>>>> Handles: 1
>>>>>>>
>>>>>>> Quota Charges
>>>>>>> Paged: 0
>>>>>>> Non-Paged: 0
>>>>>>>
>>>>>>> SECURITY
>>>>>>>
>>>>>>> Unable to display security information.
>>>>>>> --------------------
>>>>>>> DETAILS
>>>>>>>
>>>>>>> Basic Information
>>>>>>> Name:
>>>>>>> Type: File
>>>>>>> Description: A disk file, communications endpoint, or driver
>>>>>>> interface.
>>>>>>>
>>>>>>> References
>>>>>>> References: 2
>>>>>>> Handles: 1
>>>>>>>
>>>>>>> Quota Charges
>>>>>>> Paged: 0
>>>>>>> Non-Paged: 0
>>>>>>>
>>>>>>> SECURITY
>>>>>>>
>>>>>>> Everyone: Delete, Synchronize, Query State, Modify State, (Special
>>>>>>> Permissions)
>>>>>>>
>>>>>>> Advanced:
>>>>>>> Permissions: <empty>
>>>>>>> Auditing: <empty>
>>>>>>> Owner: Everyone
>>>>>>> --------------------
>>>>>>>
>>>>>>> The Handles list shows all of these empty Key handles with an Access
>>>>>>> code of 0x000F003F, and the empty File handles with an access code
>>>>>>> of 0x0012091F.
>>>>>>>
>>>>>>> I have checked just about every other process listed in Process
>>>>>>> Explorer. No other process that has handles open to Registry keys
>>>>>>> has any open to blank or empty keys. Process Explorer shows valid
>>>>>>> key names for every other key every other process has open. No other
>>>>>>> process that has handles open to files has any open to files with no
>>>>>>> name.
>>>>>>>
>>>>>>> Rebooting the PC solves the problem -- temporarily. The System
>>>>>>> process returns to a manageable handle count. But even after
>>>>>>> rebooting, Process Explorer shows a collection of "empty" keys and
>>>>>>> "no-name" files open to the System process. And even with the PC
>>>>>>> just sitting there at a desktop with no other windows open, that
>>>>>>> count steadily increases over time.
>>>>>>>
>>>>>>> At the risk of sounding stupid: This is _not_ normal, right? How do
>>>>>>> I find whatever is triggering this, if I don't even know what to
>>>>>>> look for? Any help would be appreciated.
>>>>>>>
>>>>>>> Thanks
>>>>>>> CL
>>>>>>>
>>>>>>>
>>>
>>>



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 12-12-2009, 09:29 AM
Richard
 
Posts: n/a
Re: Handle leak in System process?
> "Charles Lavin" <x@x.x> wrote in message
> news:urWPgfwcKHA.4780@TK2MSFTNGP04.phx.gbl...
>
> As for 0-length files: I just discovered that there's no way to search
> for them in Windows XP ...


Hi Charles,

Here is a simple VBScript to list Zero Byte files:

'[Begin Code:]
For Each obj in GetObject("winmgmts:\\.\root\cimv2").ExecQuery(_
"Select * from CIM_DataFile where FileSize = 0")
Wscript.Echo obj.FileSize & " -- " & obj.Name
Next
'[:End Code]

Copy and paste the code into NotePad and SaveAs: C:\ZeroByte.vbs

Open a Command Prompt window (Start|Run CMD) at C:\>
Use this command to list files:
Cscript ZeroByte.vbs | More

That will list the files one screen full at a time, with a More prompt.
Press Spacebar for next screen full.

Or you can use this command to send the list to a text file:
Cscript ZeroByte.vbs > C:\ZeroByteList.txt

Do not double click the ZeroByte.vbs file, or it will run with Wscript,
(instead of Cscript,) and will use the MsgBox feature to display the files
one file per message box, one after another when you click OK. To stop
that, you have to use Task Manager to End this Process: Wscript.exe

Keep in mind that some Zero Byte files are necessary, like those in your
"Send To" folder, and some in the root (C folder. Most Zero Byte files
are found in your "Temporary Internet Files" (TIF) subfolders, and can be
safely deleted. The normal "Internet Options" Delete Files function only
gets rid of files that are listed in the [TIF] index.dat file. There are
other programs beside Internet Explorer that use TIF for temp files.

HTH (Hope This Helps.
--Richard



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 10:49 PM.




Recommended Download



Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74