Networking process causes continuous hard drive activity
in [Network and Web]
|
Prev: Access Denied, XP pro, SP2 5 machnes , Simple File and Printer Share
Next: domain not visible some time after system start
From: goldtech on 8 Apr 2008 06:06 I don't know is this info below is usable - I got from the Sysinternals Process Monitor. Sometimes it continues for hours. I saw my Hard drive constantly be used and tried this Process Monitor to figure it out - to hopefully stop it. But it's beyond my knowledge. You can see it repeats itself... Does anyone know what's going on and how to stop it? Thanks. Using XP... 50214 9:51:52.8527885 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50215 9:51:52.8528010 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50216 9:51:52.8528089 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 414, Data: \Device\ {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, \Device\NdisWanIp 50221 9:51:52.8529681 PM Explorer.EXE 1896 RegOpenKey HKLM\SYSTEM \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read 50222 9:51:52.8529941 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 50223 9:51:52.8530053 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1207619106 50224 9:51:52.8530156 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1207705506 50225 9:51:52.8530254 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.2.1 50226 9:51:52.8530349 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.2.1 50227 9:51:52.8530488 PM Explorer.EXE 1896 RegCloseKey HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS 50228 9:51:52.8531086 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50229 9:51:52.8531173 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50230 9:51:52.8531245 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 414, Data: \Device\ {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, \Device\NdisWanIp 50235 9:51:52.8532952 PM Explorer.EXE 1896 RegOpenKey HKLM\SYSTEM \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read 50236 9:51:52.8533156 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 50237 9:51:52.8533254 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1207619106 50238 9:51:52.8533349 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1207705506 50239 9:51:52.8533450 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.2.1 50240 9:51:52.8533545 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.2.1 50241 9:51:52.8533667 PM Explorer.EXE 1896 RegCloseKey HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS 50242 9:51:52.8533927 PM Explorer.EXE 1896 RegOpenKey HKLM\SYSTEM \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Query Value 50243 9:51:52.8534112 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\AddressType SUCCESS Type: REG_DWORD, Length: 4, Data: 0 50244 9:51:52.8534232 PM Explorer.EXE 1896 RegCloseKey HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS 50245 9:51:53.8528516 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50246 9:51:53.8528631 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50247 9:51:53.8528709 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 414, Data: \Device\ {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, \Device\NdisWanIp 50252 9:51:53.8530142 PM Explorer.EXE 1896 RegOpenKey HKLM\SYSTEM \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read 50253 9:51:53.8530360 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 50254 9:51:53.8530463 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1207619106 50255 9:51:53.8530561 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1207705506 50256 9:51:53.8530659 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.2.1 50257 9:51:53.8530751 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.2.1 50258 9:51:53.8530877 PM Explorer.EXE 1896 RegCloseKey HKLM\System \CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS 50259 9:51:53.8531410 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50260 9:51:53.8531494 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 50261 9:51:53.8531572 PM Explorer.EXE 1896 RegQueryValue HKLM\System \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 414, Data: \Device\ {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, \Device\NdisWanIp
From: Chris Atwell on 8 Apr 2008 11:27 Does this occur on just one computer? what OS? "goldtech" wrote: > I don't know is this info below is usable - I got from the > Sysinternals Process Monitor. Sometimes it continues for hours. I saw > my Hard drive constantly be used and tried this Process Monitor to > figure it out - to hopefully stop it. But it's beyond my knowledge. > You can see it repeats itself... > > Does anyone know what's going on and how to stop it? Thanks. Using > XP... > > 50214 9:51:52.8527885 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50215 9:51:52.8528010 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50216 9:51:52.8528089 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > REG_MULTI_SZ, Length: 414, Data: \Device\ > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > \Device\NdisWanIp > 50221 9:51:52.8529681 PM Explorer.EXE 1896 > RegOpenKey HKLM\SYSTEM > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read > 50222 9:51:52.8529941 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: > REG_DWORD, Length: 4, Data: 1 > 50223 9:51:52.8530053 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime > SUCCESS > Type: REG_DWORD, Length: 4, Data: 1207619106 > 50224 9:51:52.8530156 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime > SUCCESS > Type: REG_DWORD, Length: 4, Data: 1207705506 > 50225 9:51:52.8530254 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > REG_SZ, Length: 24, Data: 192.168.2.1 > 50226 9:51:52.8530349 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > REG_SZ, Length: 24, Data: 192.168.2.1 > 50227 9:51:52.8530488 PM Explorer.EXE 1896 > RegCloseKey HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > 50228 9:51:52.8531086 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50229 9:51:52.8531173 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50230 9:51:52.8531245 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > REG_MULTI_SZ, Length: 414, Data: \Device\ > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > \Device\NdisWanIp > 50235 9:51:52.8532952 PM Explorer.EXE 1896 > RegOpenKey HKLM\SYSTEM > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read > 50236 9:51:52.8533156 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: > REG_DWORD, Length: 4, Data: 1 > 50237 9:51:52.8533254 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime > SUCCESS > Type: REG_DWORD, Length: 4, Data: 1207619106 > 50238 9:51:52.8533349 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime > SUCCESS > Type: REG_DWORD, Length: 4, Data: 1207705506 > 50239 9:51:52.8533450 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > REG_SZ, Length: 24, Data: 192.168.2.1 > 50240 9:51:52.8533545 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > REG_SZ, Length: 24, Data: 192.168.2.1 > 50241 9:51:52.8533667 PM Explorer.EXE 1896 > RegCloseKey HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > 50242 9:51:52.8533927 PM Explorer.EXE 1896 > RegOpenKey HKLM\SYSTEM > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Query > Value > 50243 9:51:52.8534112 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\AddressType SUCCESS Type: > REG_DWORD, Length: 4, Data: 0 > 50244 9:51:52.8534232 PM Explorer.EXE 1896 > RegCloseKey HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > 50245 9:51:53.8528516 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50246 9:51:53.8528631 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50247 9:51:53.8528709 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > REG_MULTI_SZ, Length: 414, Data: \Device\ > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > \Device\NdisWanIp > 50252 9:51:53.8530142 PM Explorer.EXE 1896 > RegOpenKey HKLM\SYSTEM > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read > 50253 9:51:53.8530360 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: > REG_DWORD, Length: 4, Data: 1 > 50254 9:51:53.8530463 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime > SUCCESS > Type: REG_DWORD, Length: 4, Data: 1207619106 > 50255 9:51:53.8530561 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime > SUCCESS > Type: REG_DWORD, Length: 4, Data: 1207705506 > 50256 9:51:53.8530659 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > REG_SZ, Length: 24, Data: 192.168.2.1 > 50257 9:51:53.8530751 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > REG_SZ, Length: 24, Data: 192.168.2.1 > 50258 9:51:53.8530877 PM Explorer.EXE 1896 > RegCloseKey HKLM\System > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > 50259 9:51:53.8531410 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50260 9:51:53.8531494 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > Length: > 144 > 50261 9:51:53.8531572 PM Explorer.EXE 1896 > RegQueryValue HKLM\System > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > REG_MULTI_SZ, Length: 414, Data: \Device\ > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > \Device\NdisWanIp >
From: Guido on 17 Apr 2008 07:28
Hiya, I've got the exact same thing, using Windows XP Home SP2;I get similar Process Monitor output as below. I cannot really understand what's going on there, but it doesn't really look normal, or does it? It seems like continuos registry activity, but it seems repetitive... The same on my girlfriends pc.. Anyone ideas? Cheers, Guido "Chris Atwell" wrote: > Does this occur on just one computer? what OS? > > "goldtech" wrote: > > > I don't know is this info below is usable - I got from the > > Sysinternals Process Monitor. Sometimes it continues for hours. I saw > > my Hard drive constantly be used and tried this Process Monitor to > > figure it out - to hopefully stop it. But it's beyond my knowledge. > > You can see it repeats itself... > > > > Does anyone know what's going on and how to stop it? Thanks. Using > > XP... > > > > 50214 9:51:52.8527885 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50215 9:51:52.8528010 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50216 9:51:52.8528089 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > > REG_MULTI_SZ, Length: 414, Data: \Device\ > > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > > \Device\NdisWanIp > > 50221 9:51:52.8529681 PM Explorer.EXE 1896 > > RegOpenKey HKLM\SYSTEM > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read > > 50222 9:51:52.8529941 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: > > REG_DWORD, Length: 4, Data: 1 > > 50223 9:51:52.8530053 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime > > SUCCESS > > Type: REG_DWORD, Length: 4, Data: 1207619106 > > 50224 9:51:52.8530156 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime > > SUCCESS > > Type: REG_DWORD, Length: 4, Data: 1207705506 > > 50225 9:51:52.8530254 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > > REG_SZ, Length: 24, Data: 192.168.2.1 > > 50226 9:51:52.8530349 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > > REG_SZ, Length: 24, Data: 192.168.2.1 > > 50227 9:51:52.8530488 PM Explorer.EXE 1896 > > RegCloseKey HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > > 50228 9:51:52.8531086 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50229 9:51:52.8531173 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50230 9:51:52.8531245 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > > REG_MULTI_SZ, Length: 414, Data: \Device\ > > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > > \Device\NdisWanIp > > 50235 9:51:52.8532952 PM Explorer.EXE 1896 > > RegOpenKey HKLM\SYSTEM > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read > > 50236 9:51:52.8533156 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: > > REG_DWORD, Length: 4, Data: 1 > > 50237 9:51:52.8533254 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime > > SUCCESS > > Type: REG_DWORD, Length: 4, Data: 1207619106 > > 50238 9:51:52.8533349 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime > > SUCCESS > > Type: REG_DWORD, Length: 4, Data: 1207705506 > > 50239 9:51:52.8533450 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > > REG_SZ, Length: 24, Data: 192.168.2.1 > > 50240 9:51:52.8533545 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > > REG_SZ, Length: 24, Data: 192.168.2.1 > > 50241 9:51:52.8533667 PM Explorer.EXE 1896 > > RegCloseKey HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > > 50242 9:51:52.8533927 PM Explorer.EXE 1896 > > RegOpenKey HKLM\SYSTEM > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Query > > Value > > 50243 9:51:52.8534112 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\AddressType SUCCESS Type: > > REG_DWORD, Length: 4, Data: 0 > > 50244 9:51:52.8534232 PM Explorer.EXE 1896 > > RegCloseKey HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > > 50245 9:51:53.8528516 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50246 9:51:53.8528631 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50247 9:51:53.8528709 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > > REG_MULTI_SZ, Length: 414, Data: \Device\ > > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > > \Device\NdisWanIp > > 50252 9:51:53.8530142 PM Explorer.EXE 1896 > > RegOpenKey HKLM\SYSTEM > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS Desired Access: Read > > 50253 9:51:53.8530360 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\EnableDHCP SUCCESS Type: > > REG_DWORD, Length: 4, Data: 1 > > 50254 9:51:53.8530463 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseObtainedTime > > SUCCESS > > Type: REG_DWORD, Length: 4, Data: 1207619106 > > 50255 9:51:53.8530561 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\LeaseTerminatesTime > > SUCCESS > > Type: REG_DWORD, Length: 4, Data: 1207705506 > > 50256 9:51:53.8530659 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > > REG_SZ, Length: 24, Data: 192.168.2.1 > > 50257 9:51:53.8530751 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}\DhcpServer SUCCESS Type: > > REG_SZ, Length: 24, Data: 192.168.2.1 > > 50258 9:51:53.8530877 PM Explorer.EXE 1896 > > RegCloseKey HKLM\System > > \CurrentControlSet\Services\Tcpip\Parameters\Interfaces > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50} SUCCESS > > 50259 9:51:53.8531410 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50260 9:51:53.8531494 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW > > Length: > > 144 > > 50261 9:51:53.8531572 PM Explorer.EXE 1896 > > RegQueryValue HKLM\System > > \CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: > > REG_MULTI_SZ, Length: 414, Data: \Device\ > > {F458D970-5D74-4333-9BE8-5B6912F61F49}, \Device > > \{2D663155-75E9-4CAD-83EA-49FDE3D7BE50}, \Device\{B8616C2E-4CEC-4744- > > A927-806C97ACCA24}, \Device\{0A0F0B98-8C0F-411E-AB8A-62225DDC3B35}, > > \Device\NdisWanIp > > |