Robert Silver
asked on
sysinternals - Procmon.exe
I am trying to use Procmon.exe to examine several of my windows XP machines and I am finding a lot of
entries showing "NAME NOT FOUND" results in the boot log I created.
This is troublesome because I am experiencing some virtual memory problems on this machine right now and
one of my older proprietary programs is exhibiting extremely sluggish behavior which I attribute to the fact it was written a long time ago and Microsoft's excessive hack fixes seem to have done a number on UNC based file opening versus drive letter file opening. although I can not be sure why this old application runs so very slowly
Should I do anything to fix this situation or should I expect this sort of behavior as part of Windows operation. It does seem stupid but it is not the first time Microsoft did stupid things in their software design.
I think these are probably normal and does not really effect performance as a first guess
e.g
260195 12:34:43.1886598 PM lsdelete.exe 816 RegOpenKey HKLM\Software\Microsoft\Wi ndows NT\CurrentVersion\Image File Execution Options\lsdelete.exe NAME NOT FOUND Desired Access: Read
seems potentially normal maybe its used as a semaphore of some kind like if the file exists branch to perform a different function???
entries showing "NAME NOT FOUND" results in the boot log I created.
This is troublesome because I am experiencing some virtual memory problems on this machine right now and
one of my older proprietary programs is exhibiting extremely sluggish behavior which I attribute to the fact it was written a long time ago and Microsoft's excessive hack fixes seem to have done a number on UNC based file opening versus drive letter file opening. although I can not be sure why this old application runs so very slowly
Should I do anything to fix this situation or should I expect this sort of behavior as part of Windows operation. It does seem stupid but it is not the first time Microsoft did stupid things in their software design.
I think these are probably normal and does not really effect performance as a first guess
e.g
260195 12:34:43.1886598 PM lsdelete.exe 816 RegOpenKey HKLM\Software\Microsoft\Wi
seems potentially normal maybe its used as a semaphore of some kind like if the file exists branch to perform a different function???
ASKER
I think I nailed the problem as being related to the installation of Adaware 2008 which I stupidly paid for
considering how poorly written the software has now become!
Suddenly my virtual memory falls off and my workstation becomes non-responsive.
considering how poorly written the software has now become!
Suddenly my virtual memory falls off and my workstation becomes non-responsive.
ASKER
Nope the problem was in the end Symantec's Backup Exec software modifications which trash my memory
when the agent kicks in. After disabling the lousy backup agent the problem went away.
The Adaware has proven to be a lousy product though anyway as it is slow and clumsy and not so easy to use. Free Spybot is much better. Not because its free but because it works and much better than paid for Adaware which I will never buy again!
when the agent kicks in. After disabling the lousy backup agent the problem went away.
The Adaware has proven to be a lousy product though anyway as it is slow and clumsy and not so easy to use. Free Spybot is much better. Not because its free but because it works and much better than paid for Adaware which I will never buy again!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
is the lsdelete.exe your program ?
MAke sure you are filtering down to the process name you are observing & that you are monitoring File access, process activity as well as the registry access
what exactly are the symptoms of the sluggish behaviour ?, more info about the problem may point us in the right direction to provide a solution.