Any idea what all these processes are?
in [Help and Support]
|
From: Terry Pinnell on 4 Feb 2009 07:34 I've been trying, so far in vain, to discover why some operations on my PC are so slow, when compared to others doing identical things on a similar system. This is a single user PC with a normal broadband connection via cable to my router. The only other 'network' aspect is a cable to another PC which I used months ago to transfer data across, but that is switched off. As part of this detective work I ran ProcMon and was amazed at so many things apparently going on when I'm doing nothing of significance. Here's a tiny selection below. I apologise for the 'clutter', but thought I needed a good handful of entries to offer any clues. These are all mostly meaningless to me. But it just looks like there's far too much going on in about 50 ms. Any insights would be much appreciated please. Or even a comparison from someone else with ProcMon installed. 7605 12:20:49.9348132 lsass.exe 784 RegOpenKey HKLM\SECURITY\Policy SUCCESS Desired Access: Read/Write 7606 12:20:49.9348218 lsass.exe 784 RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS Desired Access: Read 7607 12:20:49.9348295 lsass.exe 784 RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW Length: 12 7608 12:20:49.9348360 lsass.exe 784 RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS 7609 12:20:49.9348405 lsass.exe 784 RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS Desired Access: Read 7610 12:20:49.9348483 lsass.exe 784 RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS Type: REG_NONE, Length: 180, Data: 01 00 04 80 98 00 00 00 A8 00 00 00 00 00 00 00 7611 12:20:49.9348542 lsass.exe 784 RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS 7612 12:20:49.9350173 lsass.exe 784 RegCloseKey HKLM\SECURITY\Policy SUCCESS 7710 12:20:49.9797173 MacExp.exe 1280 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0 7739 12:20:49.9868163 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 7740 12:20:49.9868240 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 7741 12:20:49.9868288 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 320, Data: \Device\{2FDCCC7B- F44D-40B8-9EE6-595FF29908E2}, \Device\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}, \Device\{0AA3BF6C-8273-4C21-8BBC-51865448F406}, \Device\NdisWanIp 7746 12:20:49.9869895 Explorer.EXE 1672 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5} SUCCESS Desired Access: Read 7747 12:20:49.9870163 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 7748 12:20:49.9870241 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1233749607 7749 12:20:49.9870330 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1234008807 7750 12:20:49.9870398 Explorer.EXE 1672 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.1.1 -- Terry, East Grinstead, UK
From: Sinbad The Sailor on 4 Feb 2009 10:13 FROM WIKIPEDIA: Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. It also writes to the Windows Security Log. Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents the user interface on the monitor and enables the user to control the computer. It is sometimes referred to as the Windows Shell, or simply �Explorer�. GIYF. -Sinbad On 04/02/2009 12:34, in article 682jo4hpe202lh5f8h1esukuf6tdv9k68p(a)4ax.com, "Terry Pinnell" <terrypinDELETE(a)THESEdial.pipex.com> wrote: > I've been trying, so far in vain, to discover why some operations on > my PC are so slow, when compared to others doing identical things on a > similar system. This is a single user PC with a normal broadband > connection via cable to my router. The only other 'network' aspect is > a cable to another PC which I used months ago to transfer data across, > but that is switched off. > > As part of this detective work I ran ProcMon and was amazed at so many > things apparently going on when I'm doing nothing of significance. > Here's a tiny selection below. I apologise for the 'clutter', but > thought I needed a good handful of entries to offer any clues. These > are all mostly meaningless to me. But it just looks like there's far > too much going on in about 50 ms. Any insights would be much > appreciated please. Or even a comparison from someone else with > ProcMon installed. > > 7605 12:20:49.9348132 lsass.exe 784 RegOpenKey > HKLM\SECURITY\Policy SUCCESS Desired Access: Read/Write > > 7606 12:20:49.9348218 lsass.exe 784 RegOpenKey > HKLM\SECURITY\Policy\SecDesc SUCCESS Desired Access: Read > > 7607 12:20:49.9348295 lsass.exe 784 RegQueryValue > HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW Length: 12 > > 7608 12:20:49.9348360 lsass.exe 784 RegCloseKey > HKLM\SECURITY\Policy\SecDesc SUCCESS > > 7609 12:20:49.9348405 lsass.exe 784 RegOpenKey > HKLM\SECURITY\Policy\SecDesc SUCCESS Desired Access: Read > > 7610 12:20:49.9348483 lsass.exe 784 RegQueryValue > HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS Type: REG_NONE, > Length: 180, Data: 01 00 04 80 98 00 00 00 A8 00 00 00 00 00 00 00 > > 7611 12:20:49.9348542 lsass.exe 784 RegCloseKey > HKLM\SECURITY\Policy\SecDesc SUCCESS > > 7612 12:20:49.9350173 lsass.exe 784 RegCloseKey > HKLM\SECURITY\Policy SUCCESS > > 7710 12:20:49.9797173 MacExp.exe 1280 RegQueryValue > HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0 > > 7739 12:20:49.9868163 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER > OVERFLOW Length: 144 > > 7740 12:20:49.9868240 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER > OVERFLOW Length: 144 > > 7741 12:20:49.9868288 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS > Type: REG_MULTI_SZ, Length: 320, Data: \Device\{2FDCCC7B- > F44D-40B8-9EE6-595FF29908E2}, > \Device\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}, > \Device\{0AA3BF6C-8273-4C21-8BBC-51865448F406}, \Device\NdisWanIp > > 7746 12:20:49.9869895 Explorer.EXE 1672 RegOpenKey > HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-6 > 75E-4DA7-B75D-B1ABC815F5D5} > SUCCESS Desired Access: Read > > 7747 12:20:49.9870163 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-6 > 75E-4DA7-B75D-B1ABC815F5D5}\EnableDHCP > SUCCESS Type: REG_DWORD, Length: 4, Data: 1 > > 7748 12:20:49.9870241 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-6 > 75E-4DA7-B75D-B1ABC815F5D5}\LeaseObtainedTime > SUCCESS Type: REG_DWORD, Length: 4, Data: 1233749607 > > 7749 12:20:49.9870330 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-6 > 75E-4DA7-B75D-B1ABC815F5D5}\LeaseTerminatesTime > SUCCESS Type: REG_DWORD, Length: 4, Data: 1234008807 > > 7750 12:20:49.9870398 Explorer.EXE 1672 RegQueryValue > HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-6 > 75E-4DA7-B75D-B1ABC815F5D5}\DhcpServer > SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.1.1
From: Mort on 4 Feb 2009 10:23 On Wed, 04 Feb 2009 12:34:45 +0000, Terry Pinnell <terrypinDELETE(a)THESEdial.pipex.com> wrote: >As part of this detective work I ran ProcMon and was amazed at so many >things apparently going on when I'm doing nothing of significance. >Here's a tiny selection below. I apologise for the 'clutter', but >thought I needed a good handful of entries to offer any clues. These >are all mostly meaningless to me. Google each one individually and you'll find out what they are.
From: Swifty on 4 Feb 2009 15:11 Terry Pinnell wrote: > As part of this detective work I ran ProcMon and was amazed at so many > things apparently going on when I'm doing nothing of significance. Unfortunately, modern operating systems have a lot of things that they are expected to do without your even noticing. The list is almost endless. As a comparison, try to imagine all the things your body is up to, even when you are asleep, or meditating, most of which you wouldn't want to turn off! Most, if not all of the stuff you find will turn out to be innocuous. It is usually more productive to pick on one thing that is slow, and to work out why that might be so. -- Steve Swift http://www.swiftys.org.uk/swifty.html http://www.ringers.org.uk
From: Terry Pinnell on 5 Feb 2009 04:20 Swifty <Steve.J.Swift(a)gmail.com> wrote: >Terry Pinnell wrote: >> As part of this detective work I ran ProcMon and was amazed at so many >> things apparently going on when I'm doing nothing of significance. > >Unfortunately, modern operating systems have a lot of things that they >are expected to do without your even noticing. The list is almost endless. > >As a comparison, try to imagine all the things your body is up to, even >when you are asleep, or meditating, most of which you wouldn't want to >turn off! > >Most, if not all of the stuff you find will turn out to be innocuous. It >is usually more productive to pick on one thing that is slow, and to >work out why that might be so. Thanks all. It wasn't any particular item so much as the sheer volume. I guess I'll live with it! -- Terry, East Grinstead, UK
|
Pages: 1 Prev: sfc /scannow 0x000004dd error Next: what is Windows Driver Package? |