SQmini.exe?????Nowhere to be found!!!
I have a process called SQmini.exe that is taking up 50% of my CPU. I have searched everywhere and not anyone or anywhere even mentions "SQmini.exe". It is like no one has even seen it before!! When I go into the task manager and close it, it comes
right back. I have done all kinds of virus scans "with new updates".
I am also having one call w3wp.exe come up at times and take the other 50%. When that happens it pretty much locks things up!!
In my event viewer I am getting 2 error messages that occur often.
One is Event ID 1334 =
ASP .NET 2.0.50727.0
and also Event ID 1000
Application Error
August 17th, 2010 11:18pm
here is some info on the w3wp
http://blog.whitesites.com/w3wp-exe-using-too-much-memory-and-resources__633900106668026886_blog.htmRoy Mayo | MCTS MCSE | USA
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2010 11:27pm
What operating system and service pack? I'd check the location and properties tab for the file sqmini.exe
Possibly this one applies.
The W3wp.exe process consumes up to 99 percent of the CPU resources every several minutes on a Windows Server 2003-based computer
http://support.microsoft.com/kb/900243
Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
August 17th, 2010 11:27pm
If you right click the process in the processes tab of task manager and
select "properties", the location of the file should be located in the
folder specified by "Location"
-- Mike Burr
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2010 4:14am
I have a process called SQmini.exe that is taking up 50% of my CPU.
I am also having one call w3wp.exe come up at times and take the other 50%. When that happens it pretty much locks things up!!
In my event viewer I am getting 2 error messages that occur often.
One is Event ID 1334 =
ASP .NET 2.0.50727.0
and also Event ID 1000
Application Error
Hi ,
i see couple of things here
a) sqmini.exe is not from microsoft and this forum doesnt help debugging / troubleshooting issues related with 3rd party processes.
b) w3wp.exe it is a worker process which is responsible to run IIS applications. There is a dedicated forum to answer w3wp / iis related queries. please post your query under
http://forums.iis.net
August 18th, 2010 9:37am
Hi,
If you are using Windows Vista or the later Microsoft system, you can open Windows Task Manager, navigate to View > Select Columns, check the option
“Command Line”, then you can see the image path of the process.
You can also use Process Explorer to find the path of the problematic process.
Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Best Regards,
Vincent Hu
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2010 10:29am
A) I have no idea what sqmini is related to. It could be from microsoft for all i know. That is why I am asking to try and find out if it is.
August 18th, 2010 3:05pm
Hi ,
Thanks for the info, can you confirm the steps provided by vincent ?
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2010 3:09pm
I am using Win 2003 service pack 2. This is my server for around 80 clients, so when the two take up 50% each no one is able to access the files on the server.
When I right click on the process in task manager there is only the option to end process, end process tree, set priority and set affinity. I have never seen an option for location in 2003 or XP. That would be great to have though. Do you have some
third party installed that gives you that option.
The SQmini does go away by itself once in awhile for a couple mins. I do not even do anything to make this happen. It will also come back on its own. If I do end the process it comes right back.
For the w3wp.exe I went into service and stoped "IIS admin service" and I have not seen since. I was just worried that would make it so something I needed would not work. But I do not host any web sites, use ftp, smtp, or nntp. So I figured I would
be ok.
I will be getting the process explorer to see if that help.
Thanks ALL
August 18th, 2010 3:42pm
Hi ,
as a simple test , search for the exe, once found right click and go to the details to fnd the manufacturer.
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2010 5:03pm
I have tried that and it does not come up with any results. I had it to search hidden folders and all.
I am still trying to get some time to go get what vincent has suggested
August 18th, 2010 5:47pm
Hi,
Any progress with your issue?
Best Regards,
Vincent Hu
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2010 8:44am
I came in this morning and a tipical monday. Half my network was down "no internet connection". I am hoping to get some time today to try what you sugested. I will let you know. Thanks for keeping with me!!
August 23rd, 2010 6:37pm
I used the process ex[plorer and this is what it shows. Any idea what any of it is and what I can do to make it stop.
Process PID CPU Description
Company name
SQMini.exe 8064 46.58 SelectQu DataTransfer SelectQu
Process: SQMini.exe Pid: 8064
Type Name
Desktop \Default
Directory \KnownDlls
Directory \BaseNamedObjects
Event \BaseNamedObjects\DINPUTWINMM
Event \BaseNamedObjects\crypt32LogoffEvent
File \Device\Tcp
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55
File \Device\Afd
File \Device\Afd
File \Device\Afd
File \Device\Tcp
File C:\selectqu\Ans
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
Key HKLM
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKU\.DEFAULT
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows
Key HKLM\SOFTWARE\Microsoft\Tracing\tapi32
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Process SQMini.exe(8064)
Section \BaseNamedObjects\00001F8000400000MODULE
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Thread SQMini.exe(8064): 6572
Thread SQMini.exe(8064): 6572
Thread SQMini.exe(8064): 6572
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2010 10:16pm
This is the other one that will sometimes take 50% also the the server will lock up when they both do at the same time.
w3wp.exe 6640 IIS Worker Process Microsoft Corporation
Process: w3wp.exe Pid: 6640
Type Name
Desktop \Default
Desktop \__A8D9S1_42_ID
Directory \KnownDlls
Directory \BaseNamedObjects
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\CorDBIPCSetupSyncEvent_6640
Event \KernelObjects\LowMemoryCondition
File C:\WINDOWS\system32\inetsrv
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File \Device\KsecDD
File C:\WINDOWS\Registration\R00000000000b.clb
File \Device\Http\AppPool
File \Device\NamedPipe\iisipm068f8793-e64c-4216-997f-c84f6ab3405e
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
File D:\PCCSRV\Download
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
File \Device\NamedPipe\szFoZdYyPdO2FmDhuCSlrNHc3eTMEgaKtmy0P064tdMGllewmRHGiZQVpcE4XHYbGyOMMkG1fHuMKyA8pZzmeLQ92jkwM82iJHqPls0LX7aLvCIOdjeScU
File C:\Documents and Settings\Default User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1ab.dat
File C:\WINDOWS\assembly\pubpol1.dat
File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
File C:\WINDOWS\assembly\pubpol1.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
File C:\Inetpub\wwwroot
File C:\Inetpub\wwwroot
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG
File C:\WINDOWS\assembly\pubpol1.dat
File C:\Inetpub\wwwroot
File C:\Inetpub\wwwroot
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG
File C:\Inetpub\wwwroot
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\26676eb7\92c7e946\hash
File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
File C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
File C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
File C:\WINDOWS\Help\iisHelp\common
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKCR
Key HKCR
Key HKCR\CLSID
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Services\InetInfo\Parameters
Key HKCR
Key HKU
Key HKCR
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKU\.DEFAULT
Key HKLM\SOFTWARE\Microsoft\.NETFramework
Key HKLM\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default
Key HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
Key HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default
Key HKCR
Key HKLM\SYSTEM\Setup
Key HKCR
Key HKCR
Key HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default
Key HKLM\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\CLdb85b95b-E7dEZBy1xTRzNQwQtWG45g3SbYYxDJ
Port \RPC Control\OLED1C92FD9AF124804A86FCE581276
Process w3wp.exe(6640)
Section \RPC Control\DSEC19f0
Section \BaseNamedObjects\Debug.Memory.19f0
Section \BaseNamedObjects\Cor_Private_IPCBlock_6640
Section \BaseNamedObjects\Cor_Public_IPCBlock_6640
Section \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Thread w3wp.exe(6640): 3048
Thread w3wp.exe(6640): 6308
Thread w3wp.exe(6640): 3048
Thread w3wp.exe(6640): 3048
Thread w3wp.exe(6640): 3988
Thread w3wp.exe(6640): 1692
Thread w3wp.exe(6640): 3112
Thread w3wp.exe(6640): 3284
Thread w3wp.exe(6640): 7316
Thread w3wp.exe(6640): 7316
Thread w3wp.exe(6640): 2736
Thread w3wp.exe(6640): 2736
Thread w3wp.exe(6640): 5876
Thread w3wp.exe(6640): 5876
Thread w3wp.exe(6640): 4960
Thread w3wp.exe(6640): 5876
Thread w3wp.exe(6640): 7108
Thread w3wp.exe(6640): 6360
Thread w3wp.exe(6640): 5104
Thread w3wp.exe(6640): 1300
Thread w3wp.exe(6640): 1300
Thread w3wp.exe(6640): 5012
Thread w3wp.exe(6640): 4308
Thread w3wp.exe(6640): 5652
Thread w3wp.exe(6640): 5652
Thread w3wp.exe(6640): 5652
Token NYEAUTO\TSERV2$:6508cf9
Token NYEAUTO\GMPARTSC1$:6505ac8
Token NT AUTHORITY\SYSTEM:634a5ef
Token NYEAUTO\FSERVCC$:6355bac
Token NYEAUTO\GMPARTSC3$:6475045
Token NYEAUTO\FJOMARIE$:64868bb
Token NYEAUTO\FPARTSCOUNTER$:639d071
Token NYEAUTO\FSALESFLOOR$:6343156
Token NYEAUTO\TOYJOHN$:6363d85
Token NYEAUTO\administrator:62f76da
Token NYEAUTO\administrator:62f76da
Token NYEAUTO\GMSALESMGR1$:6372fb0
Token NYEAUTO\OFFICEJC$:6357154
Token NYEAUTO\PREOWNZONE$:6389ca2
Token NYEAUTO\FLEETJR$:636cb33
Token NYEAUTO\FPARTSDH$:6352410
Token NYEAUTO\TFI2$:6386781
Token NYEAUTO\FJOMARIE$:64869da
Token NYEAUTO\GMSERVICE3$:634acc9
Token NYEAUTO\FPARTSTIFF$:64947ab
Token NYEAUTO\TPARTSJC$:638c1de
Token NYEAUTO\GMPARTSC1$:6352d2f
Token NYEAUTO\IT-SJR$:6342902
Token NYEAUTO\GMFI$:6307bd7
Token NYEAUTO\ALASKA01$:63055fc
Token NYEAUTO\FPARTSMC$:654ac20
Token NYEAUTO\TSERVMGR$:637dae2
Token NYEAUTO\GMPARTSMGR$:636116a
Token NYEAUTO\FORDSALESTATION$:652d292
Token NYEAUTO\TOYSALESMGR2$:6472b9c
Token NYEAUTO\BODYSHOP2$:63a6553
Token NYEAUTO\BODYSHOPMATT$:647f176
Token NYEAUTO\FORD-SERVICE$:638a6ab
Token NYEAUTO\TOFFICE2$:64f16bc
Token NYEAUTO\GMSERVICE1$:648c92e
Token NYEAUTO\GMCPRTS1$:6399877
Token NYEAUTO\FPARTSMB$:639d357
Token NYEAUTO\LORIFORD$:63a724f
Token NYEAUTO\GMPARTSC3$:647505e
Token NYEAUTO\TBILL$:64899b7
Token NYEAUTO\OFFICE2$:646bc4e
Token NYEAUTO\TOFFICE1$:64886ac
Token NYEAUTO\TOYSALES1$:651566f
Token NYEAUTO\TPARTSFC$:648b0aa
Token NYEAUTO\FPARTSTIFF$:6494945
Token NYEAUTO\FSERVCR$:64c9d0b
Token NYEAUTO\SALESGSM$:64cde54
Token NYEAUTO\SALESGSM$:64cde6c
Token NYEAUTO\GMPARTSDOCK$:64ce73e
Token NYEAUTO\GMPARTSDOCK$:64ce7bf
Token NYEAUTO\FLEET2$:64cf948
Token NYEAUTO\TOYOFFICECJ$:64d9243
Token NYEAUTO\HR1$:6536f3c
Token NYEAUTO\FORD-NEW$:652ea15
Token NYEAUTO\GMSALESMGR2$:64d1629
Token NYEAUTO\TCUSTREL$:64dd47e
Token NYEAUTO\FORDSERVMGR$:64dd811
Token NYEAUTO\OFFICESC$:64d9eac
Token NYEAUTO\GMSERVMGR$:64deeb7
Token NYEAUTO\TIS-2$:64e59ec
Token NYEAUTO\TOYSERVMGR$:64e0f34
Token NYEAUTO\TOYOTASERVICE$:64f482b
Token NYEAUTO\FORDSALEMGR2$:6500287
Token NYEAUTO\FORD-NEW$:652ea15
Token NYEAUTO\RENTAL$:64f9f18
Token NYEAUTO\TPARTSFT$:65368df
Token NYEAUTO\FSERVCC$:6533bfb
Token NYEAUTO\FPARTSMGRTC$:6526280
Token NYEAUTO\FBILL$:65006c1
Token NYEAUTO\FSERVCL$:650263f
Token NYEAUTO\GM-OFFICE3$:651b35d
Token NYEAUTO\GMPARTSMGR$:651d563
Token NYEAUTO\TPARTSMGR$:651eb1b
Token NYEAUTO\GMPARTSC1$:6505ae0
Token NYEAUTO\GMSERVICE3$:65646ba
Token NYEAUTO\TPARTSDH$:65284fb
Token NYEAUTO\FSERVCC$:6533bfb
Token NYEAUTO\FPARTSDH$:6531984
Token NYEAUTO\FORDSALESTATION$:652d292
Token NYEAUTO\HR1$:6536fc7
Token NYEAUTO\TPARTSFT$:65368df
Token NYEAUTO\GMSERVICE3$:65646a3
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\__X78B95_89_IW
WindowStation \Windows\WindowStations\__X78B95_89_IW
August 25th, 2010 10:20pm
Odds are that SQMini.exe is malware. I'm not familiar with the output you posted. They may know more here.
http://forum.sysinternals.com/
Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2010 6:03am
I have ran Malewarebytes I have trend micro have updated both today and ran them nothing!!
August 26th, 2010 8:08pm
It is gone. I used the process explorer and deleted anything that had to do with it. I have not seen it since. Thanks for the help, and leting me know about that tool. It can be very handy!!!
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2010 9:26pm