Link to home
Create AccountLog in
Avatar of Robert Silver
Robert SilverFlag for United States of America

asked on

sysinternals - Procmon.exe

I am trying to use Procmon.exe to examine several of my windows XP machines and I am finding a lot of
entries showing "NAME NOT FOUND" results in the boot log I created.
This is troublesome because I am experiencing some virtual memory problems on this machine right now and
one of my older proprietary programs is exhibiting extremely sluggish behavior which I attribute to the fact it was written a long time ago and Microsoft's excessive hack fixes seem to have done a number on UNC based file opening versus drive letter file opening. although I can not be sure why this  old application  runs so very slowly

Should I do anything to fix this situation or should I expect this sort of behavior as part of Windows operation. It does seem stupid but it is not the first time Microsoft did stupid things in their software design.

I think these are probably normal and does not really effect performance as a first guess

e.g
260195      12:34:43.1886598 PM      lsdelete.exe      816      RegOpenKey      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsdelete.exe      NAME NOT FOUND      Desired Access: Read

seems potentially normal maybe its used as a semaphore of some kind  like if the file exists branch to perform a different function???
Avatar of Mohamed Osama
Mohamed Osama
Flag of Egypt image

What this  means, is that the program lsdelete.exe PID 816 tried to access the registry to read the aforementioned registry key (usually to read further settings or program configuration) , and this key was not found, followed by that event the program will probably write this key to the registry ,which can be read in a different event.

is the lsdelete.exe your program ?

MAke sure you are filtering down to the process name you are observing & that you are monitoring File access, process activity as well as the registry access

what exactly are the symptoms of the sluggish behaviour ?, more info about the problem may point us in the right direction to provide a solution.
Avatar of Robert Silver

ASKER

I think I nailed the problem as being related to the installation of Adaware 2008 which I stupidly paid for
considering how poorly written the software has now become!
Suddenly my virtual memory falls off and my workstation becomes non-responsive.
Nope the problem was in the end Symantec's Backup Exec software modifications which trash my memory
when the agent kicks in. After disabling the lousy backup agent the problem went away.

The Adaware has proven to be a lousy product though anyway as it is slow and clumsy and not so easy to use. Free Spybot is much better. Not because its free but because it works and much better than paid for Adaware which I will never buy again!
ASKER CERTIFIED SOLUTION
Avatar of Computer101
Computer101
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer