Puh-leeze Some Vista help -

[zapp22]

this site has been huge help to me, but I fear the Vista crowd are hiding some dark secret ..:sarc:
with the right google search I find NUMEROUS posts about this, but its like a problem with an Apple product: people give flaky responses then duck in the sand.... "it doesn't exist".

lsass.exe on a project thinkpad T61 running 32-bit vista. ... I have scrubbed this system so clean it squeaks, and the one remaining issue is that lsass.exe on it, unlike on my windows 7 systems, consumes resources like mad. the main symptom is that it is always and forever the leader in I/O reads/writes. it never stops pinging the HDD. when I compare to either my windows home premium x64 or Ultimate x64, the number of reads/writes in a given timeframe is 10x. and it never stops.

there was/is a malware worm out that looks/smells like lsass. I"ve checked for that and none found. this is the real deal, but something in the system causes it to constantly check authentication/s. there is only one user account.

answers I've gotten elsewhere imply to me that this is one of those mystic furtive dark secrets of vista that may not be discussed. it can't be fixed? the "fix" is 7? I dunno.

help if you can please.

 

[Jacee]

Have you looked all through here? I see you've also asked the same question on different forums
Google

 

[zapp22]

yep, its like I've stumbled onto some dark family secret and once folks understand the issue I'm onto, they just step way back. mum's the word. as I type this on my very nice win7 notebook, the ill one is sitting on the workbench, doing what it does best: accumulating a huge snowball of I/O's ad infinitum.... tick-tick-tick tick-tick-tick. it will be 100,000 by end of day. I wonder if the lsass.exe in 7 is identical to the one in vista? i may pull the drive and do a delete/replace

 

[cluberti]

I think an xperf log is in order here. Install the tools themselves as per my tutorial, but don't take any of the traces specified there. Instead, run the following command from an elevated cmd prompt (this is all one line - watch the word wrap!):

xperf -on LATENCY+DISPATCHER+DRIVERS+DISK_IO_INIT+NETWORKTRACE+MEMINFO+POWER+PERF_COUNTER+PRIORITY+REGISTRY+FILE_IO+FILE_IO_INIT -stackWalk Profile+ProcessCreate+CSwitch+ReadyThread+Mark+ThreadCreate+DiskReadInit+DiskWriteInit+DiskFlushInit+RegSetValue+RegCreateKey+RegSetInformation

This should start a trace - assuming the issue is ongoing, letting it run for only a minute or two should be sufficient (please don't use the system in any other way at this point than what it takes to reproduce the issue, which I would assume is simply letting it sit idle...). Once a minute or two has passed, run this command to stop the trace and save the .etl file:

xperf -d lsass.etl

That will save a file called lsass.etl in the path that the elevated cmd prompt is pointed to (usually C:\windows\system32, but check the path on the cmd to be sure). That file needs to be compressed and uploaded somewhere we can download it for analysis.

 

[zapp22]

thank you much for your help. did as per instructions but after typing in [couldn't paste it] the string I got an error "xperf is not recognized as an internal or external command" etc.
apparently I'm missing some package/utility or something.
also prior to installing the sdk I tried to prep by installing .NET 4 but the install failed.
pls advise

 

[zapp22]

error msg re: .NET attached

 

[zapp22]

showing the activity in lsass after fresh boot this a.m. around 8'ish

 

[cluberti]

Did you download and install the toolset itself as per my instructions? Ignore the .net 4 errors and continue with the instructions in my guide, btw - the tool you're going to end up using does not need it in any way.

 

[zapp22]

Did you download and install the toolset itself as per my instructions? Ignore the .net 4 errors and continue with the instructions in my guide, btw - the tool you're going to end up using does not need it in any way.

yep. installed the toolkit, picked only that one selection per your tut, and it installed with no errors. is there anything I should check? does it require a reboot? nothing flagged me about that.

 

[zapp22]

is this the reason?

check this error : what do I need?

 

[zapp22]

just fwiw. when I "create" a .dmp file for lsass.exe - it returns a message that the file has been created and gives the default path of the file. I go there to find it and its not there :sarc: