FERREIRA88
asked on
TMG denying connection for smtp traffic
Dear Experts,
Some users were complaining that email with attachments were not being received from external senders. So I checked the limits and they were all set to 20Mb. I asked the senders for some more info and some of them were getting bounce backs stating 4.2.1 connection dropped. Also some were getting delay notifications and the message would eventually be delivered a few hours (or days) later.
I then decided to send a few tests. At 10pm, when things were a little less busy, I sent 3 separate emails to an internal recipient - each with a different sized attachment - 2Mb, 5Mb and 8Mb. The mails arrived in good time. when i send the same mail during working hours the emails gets delayed.
I have looked at the TMG logs and noticed a lot of denied connections for smtp traffic as below:
Denied Connection RX-TMG01-S 2011/11/09 12:15:53 PM
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.
Rule: None - see Result Code
Source: External (213.199.154.134:39731)
Destination: Local Host (196.15.196.58:25)
Protocol: SMTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 213.199.154.134
Also listed against this log entry is " 0xc0040017 FWX_C_TCP_NOT_SYN_PACKET_D ROPPED "
Notice that the rule which denies the connection is blank! Even when an email is delivered successfully, this message appears in the log.
All our email are sent via bigfish.com the online exchange protection service and the delivered to our exchange. following errors shows on bigfish side when the email needs to be deliverd to the exchange.
Sender:
user@gmail.com
Recipient:
user@domain.com
Message ID:
CADZjsbm--xochg2SRyORycuLX oHgHq6P8pR MCzcp2uXBA ZcLUA@mail .gmail.com
Message size:
7,967.48 KB
Date and time received:
2011/11/09 10:42:51 AM
Date and time filtered:
2011/11/09 10:42:51 AM
First delivery attempt:
2011/11/09 11:12:58 AM
Final delivery attempt:
2011/11/09 11:43:05 AM
From IP address:
209.85.161.45 <unknown>
To IP address:
196.15.***.** <196.15.***.**>
Filtering results:
Passed Filtering (Hit Policy Allow rule ID 1038890)
Delivery result:
In Deferral: lost connection with 196.15.***.**[196.15.***.* *] while sending message body (2 attempts)
Any ideas what is going on here?
All help appreciated. Thanks.
Some users were complaining that email with attachments were not being received from external senders. So I checked the limits and they were all set to 20Mb. I asked the senders for some more info and some of them were getting bounce backs stating 4.2.1 connection dropped. Also some were getting delay notifications and the message would eventually be delivered a few hours (or days) later.
I then decided to send a few tests. At 10pm, when things were a little less busy, I sent 3 separate emails to an internal recipient - each with a different sized attachment - 2Mb, 5Mb and 8Mb. The mails arrived in good time. when i send the same mail during working hours the emails gets delayed.
I have looked at the TMG logs and noticed a lot of denied connections for smtp traffic as below:
Denied Connection RX-TMG01-S 2011/11/09 12:15:53 PM
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.
Rule: None - see Result Code
Source: External (213.199.154.134:39731)
Destination: Local Host (196.15.196.58:25)
Protocol: SMTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 213.199.154.134
Also listed against this log entry is " 0xc0040017 FWX_C_TCP_NOT_SYN_PACKET_D
Notice that the rule which denies the connection is blank! Even when an email is delivered successfully, this message appears in the log.
All our email are sent via bigfish.com the online exchange protection service and the delivered to our exchange. following errors shows on bigfish side when the email needs to be deliverd to the exchange.
Sender:
user@gmail.com
Recipient:
user@domain.com
Message ID:
CADZjsbm--xochg2SRyORycuLX
Message size:
7,967.48 KB
Date and time received:
2011/11/09 10:42:51 AM
Date and time filtered:
2011/11/09 10:42:51 AM
First delivery attempt:
2011/11/09 11:12:58 AM
Final delivery attempt:
2011/11/09 11:43:05 AM
From IP address:
209.85.161.45 <unknown>
To IP address:
196.15.***.** <196.15.***.**>
Filtering results:
Passed Filtering (Hit Policy Allow rule ID 1038890)
Delivery result:
In Deferral: lost connection with 196.15.***.**[196.15.***.*
Any ideas what is going on here?
All help appreciated. Thanks.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
97% is very high, As said in the article exchange server will not accept external emails if the memory usage is higher than 94%...
on task manager, which process is eating the memory ?
also, check the partition which hosted the pagefile,,, is it ok on the free space ? more than 10% free disk space.
on task manager, which process is eating the memory ?
also, check the partition which hosted the pagefile,,, is it ok on the free space ? more than 10% free disk space.
ASKER
Disks has more than 10GB free.
List of processes follow....
Image PID Hard Faults/sec Commit (KB) Working Set (KB) Shareable (KB) Private (KB)
store.exe 5672 0 7 858 112 7 754 348 27 944 7 726 404
w3wp.exe 5820 0 585 000 614 936 80 512 534 424
w3wp.exe 9804 0 505 356 537 228 85 264 451 964
EdgeTransport.exe 6672 0 470 568 408 280 107 168 301 112
svchost.exe (regsvc) 2140 0 445 356 444 944 8 928 436 016
Microsoft.Exchange.Monitor ing.exe 7900 0 394 884 429 496 110 600 318 896
FSCTransportScanner.exe 8556 0 345 448 231 036 15 296 215 740
FSCRealtimeScanner.exe 7624 0 343 112 225 852 14 724 211 128
FSCTransportScanner.exe 8732 0 335 616 219 488 14 400 205 088
FSCRealtimeScanner.exe 7672 0 332 812 212 500 12 964 199 536
FSCTransportScanner.exe 8440 0 332 544 213 784 13 620 200 164
w3wp.exe 4228 0 313 592 308 792 75 320 233 472
Microsoft.Exchange.RpcClie ntAccess.S ervice.exe 3460 0 301 628 281 432 61 952 219 480
w3wp.exe 1832 0 290 108 306 888 75 524 231 364
Microsoft.Exchange.Pop3.ex e 3152 0 285 172 269 472 50 336 219 136
w3wp.exe 5208 0 269 964 282 988 74 768 208 220
Microsoft.Exchange.Service Host.exe 3620 0 259 960 217 204 47 124 170 080
ExTRA.exe 2948 0 241 480 230 976 77 840 153 136
Microsoft.Exchange.Address Book.Servi ce.exe 2240 0 239 860 203 116 38 700 164 416
Microsoft.Exchange.Imap4.e xe 2820 0 237 416 210 900 39 296 171 604
Microsoft.Exchange.Imap4Se rvice.exe 2672 0 236 968 203 528 29 956 173 572
MSExchangeTransportLogSear ch.exe 3780 0 236 920 198 668 38 084 160 584
w3wp.exe 5372 0 236 136 237 436 57 136 180 300
Microsoft.Exchange.Pop3Ser vice.exe 1684 0 220 100 186 296 29 976 156 320
MSExchangeMailboxReplicati on.exe 2964 0 219 728 191 760 44 552 147 208
msexchangerepl.exe 3276 0 218 396 159 256 55 440 103 816
Microsoft.Exchange.Protect edServiceH ost.exe 3136 0 214 240 180 784 28 640 152 144
MSExchangeThrottling.exe 3704 0 211 536 175 908 27 820 148 088
mmc.exe 17400 0 186 064 33 312 14 972 18 340
mmc.exe 5252 0 182 996 21 784 9 088 12 696
msftefd.exe 5700 0 123 148 87 740 45 644 42 096
inetinfo.exe 1972 0 118 896 118 216 8 236 109 980
MsMpEng.exe 848 0 117 608 75 376 16 932 58 444
powershell.exe 10808 0 113 516 34 840 11 368 23 472
mmc.exe 10540 0 110 912 58 364 20 256 38 108
MSExchangeMailboxAssistant s.exe 2788 0 108 388 115 672 60 168 55 504
Microsoft.Exchange.Search. ExSearch.e xe 3536 0 108 388 83 260 39 936 43 324
HealthService.exe 1904 0 103 840 37 288 4 412 32 876
Microsoft.Exchange.EdgeSyn cSvc.exe 2524 0 103 012 66 364 32 116 34 248
MSExchangeMailSubmission.e xe 3032 0 80 088 78 388 48 680 29 708
mmc.exe 16548 0 77 356 60 908 30 856 30 052
MsExchangeFDS.exe 2612 0 75 848 68 540 35 516 33 024
mmc.exe 10452 0 74 584 26 848 14 112 12 736
svchost.exe (netsvcs) 976 0 72 152 78 244 24 624 53 620
MonitoringHost.exe 3244 0 69 036 45 544 4 864 40 680
MSExchangeTransport.exe 6568 0 64 912 53 320 29 912 23 408
WmiPrvSE.exe 6284 0 57 020 60 116 9 572 50 544
svchost.exe (LocalServiceNetworkRestri cted) 924 0 56 316 51 892 20 224 31 668
Microsoft.Forefront.Server .EhsGatewa yService.e xe 1756 0 55 408 57 024 32 348 24 676
SentItemsUpdater.Service.e xe 1588 0 54 300 53 928 26 148 27 780
SMSvcHost.exe 2068 0 43 232 38 632 21 056 17 576
Microsoft.Exchange.Antispa mUpdateSvc .exe 2476 0 41 856 30 328 17 484 12 844
svchost.exe (LocalService) 356 0 35 920 40 980 6 672 34 308
explorer.exe 8920 0 33 552 51 240 27 260 23 980
FSEMailPickup.exe 5608 0 29 628 24 876 13 520 11 356
FSCEventing.exe 6624 0 29 524 34 596 17 460 17 136
lsass.exe 584 0 23 568 31 832 9 660 22 172
mad.exe 5040 0 23 044 29 800 11 148 18 652
WmiPrvSE.exe 7936 0 22 372 24 260 6 984 17 276
w3wp.exe 4492 0 21 628 27 164 9 856 17 308
FSCConfigurationServer.exe 5684 0 21 216 26 964 12 836 14 128
CcmExec.exe 4140 0 20 796 35 988 19 500 16 488
svchost.exe (NetworkService) 364 0 19 168 21 168 10 360 10 808
perfmon.exe 13472 0 17 068 26 452 12 196 14 256
explorer.exe 13496 0 16 516 33 616 21 228 12 388
FSCController.exe 4396 0 13 908 19 960 8 796 11 164
svchost.exe (RPCSS) 768 0 13 852 18 176 5 400 12 776
MonitoringHost.exe 4852 0 13 476 10 648 4 936 5 712
MSExchangeADTopologyServic e.exe 2024 0 13 348 18 148 7 628 10 520
FSCScheduledScanner.exe 7740 0 13 248 18 816 8 256 10 560
FSCTransportScanner.exe 9480 0 13 056 18 684 8 264 10 420
FSCRealtimeScanner.exe 7848 0 13 004 18 644 8 268 10 376
FSCRealtimeScanner.exe 7796 0 12 780 18 612 8 272 10 340
cscript.exe 15748 0 11 716 16 912 6 784 10 128
cscript.exe 7828 0 11 696 16 948 6 812 10 136
svchost.exe (LocalServiceNoNetwork) 1044 0 10 752 13 564 6 832 6 732
spoolsv.exe 1264 0 10 212 16 564 9 176 7 388
exfba.exe 1552 0 9 612 11 808 5 336 6 472
WmiPrvSE.exe 9504 1 9 320 10 300 6 284 4 016
svchost.exe (LocalSystemNetworkRestric ted) 444 0 9 172 17 032 8 676 8 356
svchost.exe (iissvcs) 2208 0 9 168 13 012 5 344 7 668
services.exe 576 0 8 792 14 456 6 744 7 712
LogonUI.exe 8640 0 8 744 15 664 8 296 7 368
clussvc.exe 4708 0 8 192 15 404 9 420 5 984
rhs.exe 6116 0 7 924 14 036 7 120 6 916
TrustedInstaller.exe 11992 0 7 624 8 772 5 320 3 452
svchost.exe (DcomLaunch) 692 0 7 172 12 888 6 828 6 060
WmiPrvSE.exe 10248 0 6 896 10 712 5 368 5 344
vmicsvc.exe 1356 0 6 152 10 164 4 916 5 248
WmiPrvSE.exe 5792 0 6 116 8 416 4 804 3 612
msseces.exe 5656 0 5 724 12 796 8 520 4 276
msseces.exe 17108 0 5 708 12 736 8 472 4 264
rhs.exe 5988 0 5 104 9 800 6 152 3 648
DWRCS.EXE 1724 0 4 928 9 160 5 600 3 560
FSEContentScanner64.exe 7880 0 4 896 9 608 6 116 3 492
msftesql.exe 1704 0 4 868 33 160 29 224 3 936
svchost.exe (apphost) 1464 0 4 732 9 132 4 832 4 300
svchost.exe (termsvcs) 6432 0 4 220 9 620 6 136 3 484
csrss.exe 428 0 4 192 6 196 2 968 3 228
cscript.exe 12480 0 3 984 7 968 4 692 3 276
cscript.exe 12248 0 3 972 7 864 4 636 3 228
taskmgr.exe 16240 0 3 892 12 604 9 112 3 492
lsm.exe 592 0 3 892 6 964 4 092 2 872
msdtc.exe 4092 0 3 724 7 724 4 572 3 152
sppsvc.exe 6528 0 3 608 9 532 6 704 2 828
fscvsswriter.exe 4788 0 3 388 7 496 5 160 2 336
FSCMonitor.exe 1884 0 3 200 5 864 4 108 1 756
taskhost.exe 8512 0 3 016 6 060 4 176 1 884
rdpclip.exe 16660 0 2 980 7 648 4 964 2 684
csrss.exe 15752 0 2 908 6 384 4 124 2 260
taskhost.exe 12744 0 2 892 5 872 4 148 1 724
svchost.exe (RPCHTTPLBS) 4576 0 2 840 5 776 3 208 2 568
vmicsvc.exe 1308 0 2 784 7 276 4 828 2 448
WmiPrvSE.exe 15096 0 2 684 5 892 3 800 2 092
taskeng.exe 5616 0 2 236 5 516 3 608 1 908
csrss.exe 16776 0 2 184 5 292 3 648 1 644
winlogon.exe 11436 0 2 164 5 172 3 336 1 836
winlogon.exe 5596 0 2 156 5 180 3 336 1 844
rdpclip.exe 9008 0 2 148 6 824 4 980 1 844
svchost.exe (NetworkServiceNetworkRest ricted) 6556 0 2 112 5 476 3 784 1 692
csrss.exe 15816 0 1 848 3 856 2 488 1 368
svchost.exe (LocalServiceAndNoImperson ation) 1448 0 1 808 7 956 6 432 1 524
vmicsvc.exe 1436 0 1 788 4 560 3 016 1 544
winlogon.exe 972 0 1 760 4 236 2 800 1 436
vmicsvc.exe 1408 0 1 748 4 588 3 080 1 508
vmicsvc.exe 1384 0 1 704 4 368 2 892 1 476
wininit.exe 488 0 1 692 4 524 3 184 1 340
dwm.exe 8048 0 1 564 3 880 2 608 1 272
dwm.exe 14472 0 1 524 3 844 2 608 1 236
conhost.exe 6804 0 1 184 3 020 2 032 988
conhost.exe 7380 0 1 180 3 060 2 068 992
conhost.exe 10548 0 1 180 3 060 2 072 988
conhost.exe 1084 0 1 180 3 076 2 088 988
conhost.exe 13712 0 1 180 3 056 2 076 980
conhost.exe 6684 0 1 168 2 848 1 836 1 012
conhost.exe 2828 0 1 164 2 824 1 812 1 012
conhost.exe 3164 0 1 164 2 820 1 812 1 008
smss.exe 336 0 636 1 316 756 560
System 4 0 112 300 244 56
List of processes follow....
Image PID Hard Faults/sec Commit (KB) Working Set (KB) Shareable (KB) Private (KB)
store.exe 5672 0 7 858 112 7 754 348 27 944 7 726 404
w3wp.exe 5820 0 585 000 614 936 80 512 534 424
w3wp.exe 9804 0 505 356 537 228 85 264 451 964
EdgeTransport.exe 6672 0 470 568 408 280 107 168 301 112
svchost.exe (regsvc) 2140 0 445 356 444 944 8 928 436 016
Microsoft.Exchange.Monitor
FSCTransportScanner.exe 8556 0 345 448 231 036 15 296 215 740
FSCRealtimeScanner.exe 7624 0 343 112 225 852 14 724 211 128
FSCTransportScanner.exe 8732 0 335 616 219 488 14 400 205 088
FSCRealtimeScanner.exe 7672 0 332 812 212 500 12 964 199 536
FSCTransportScanner.exe 8440 0 332 544 213 784 13 620 200 164
w3wp.exe 4228 0 313 592 308 792 75 320 233 472
Microsoft.Exchange.RpcClie
w3wp.exe 1832 0 290 108 306 888 75 524 231 364
Microsoft.Exchange.Pop3.ex
w3wp.exe 5208 0 269 964 282 988 74 768 208 220
Microsoft.Exchange.Service
ExTRA.exe 2948 0 241 480 230 976 77 840 153 136
Microsoft.Exchange.Address
Microsoft.Exchange.Imap4.e
Microsoft.Exchange.Imap4Se
MSExchangeTransportLogSear
w3wp.exe 5372 0 236 136 237 436 57 136 180 300
Microsoft.Exchange.Pop3Ser
MSExchangeMailboxReplicati
msexchangerepl.exe 3276 0 218 396 159 256 55 440 103 816
Microsoft.Exchange.Protect
MSExchangeThrottling.exe 3704 0 211 536 175 908 27 820 148 088
mmc.exe 17400 0 186 064 33 312 14 972 18 340
mmc.exe 5252 0 182 996 21 784 9 088 12 696
msftefd.exe 5700 0 123 148 87 740 45 644 42 096
inetinfo.exe 1972 0 118 896 118 216 8 236 109 980
MsMpEng.exe 848 0 117 608 75 376 16 932 58 444
powershell.exe 10808 0 113 516 34 840 11 368 23 472
mmc.exe 10540 0 110 912 58 364 20 256 38 108
MSExchangeMailboxAssistant
Microsoft.Exchange.Search.
HealthService.exe 1904 0 103 840 37 288 4 412 32 876
Microsoft.Exchange.EdgeSyn
MSExchangeMailSubmission.e
mmc.exe 16548 0 77 356 60 908 30 856 30 052
MsExchangeFDS.exe 2612 0 75 848 68 540 35 516 33 024
mmc.exe 10452 0 74 584 26 848 14 112 12 736
svchost.exe (netsvcs) 976 0 72 152 78 244 24 624 53 620
MonitoringHost.exe 3244 0 69 036 45 544 4 864 40 680
MSExchangeTransport.exe 6568 0 64 912 53 320 29 912 23 408
WmiPrvSE.exe 6284 0 57 020 60 116 9 572 50 544
svchost.exe (LocalServiceNetworkRestri
Microsoft.Forefront.Server
SentItemsUpdater.Service.e
SMSvcHost.exe 2068 0 43 232 38 632 21 056 17 576
Microsoft.Exchange.Antispa
svchost.exe (LocalService) 356 0 35 920 40 980 6 672 34 308
explorer.exe 8920 0 33 552 51 240 27 260 23 980
FSEMailPickup.exe 5608 0 29 628 24 876 13 520 11 356
FSCEventing.exe 6624 0 29 524 34 596 17 460 17 136
lsass.exe 584 0 23 568 31 832 9 660 22 172
mad.exe 5040 0 23 044 29 800 11 148 18 652
WmiPrvSE.exe 7936 0 22 372 24 260 6 984 17 276
w3wp.exe 4492 0 21 628 27 164 9 856 17 308
FSCConfigurationServer.exe
CcmExec.exe 4140 0 20 796 35 988 19 500 16 488
svchost.exe (NetworkService) 364 0 19 168 21 168 10 360 10 808
perfmon.exe 13472 0 17 068 26 452 12 196 14 256
explorer.exe 13496 0 16 516 33 616 21 228 12 388
FSCController.exe 4396 0 13 908 19 960 8 796 11 164
svchost.exe (RPCSS) 768 0 13 852 18 176 5 400 12 776
MonitoringHost.exe 4852 0 13 476 10 648 4 936 5 712
MSExchangeADTopologyServic
FSCScheduledScanner.exe 7740 0 13 248 18 816 8 256 10 560
FSCTransportScanner.exe 9480 0 13 056 18 684 8 264 10 420
FSCRealtimeScanner.exe 7848 0 13 004 18 644 8 268 10 376
FSCRealtimeScanner.exe 7796 0 12 780 18 612 8 272 10 340
cscript.exe 15748 0 11 716 16 912 6 784 10 128
cscript.exe 7828 0 11 696 16 948 6 812 10 136
svchost.exe (LocalServiceNoNetwork) 1044 0 10 752 13 564 6 832 6 732
spoolsv.exe 1264 0 10 212 16 564 9 176 7 388
exfba.exe 1552 0 9 612 11 808 5 336 6 472
WmiPrvSE.exe 9504 1 9 320 10 300 6 284 4 016
svchost.exe (LocalSystemNetworkRestric
svchost.exe (iissvcs) 2208 0 9 168 13 012 5 344 7 668
services.exe 576 0 8 792 14 456 6 744 7 712
LogonUI.exe 8640 0 8 744 15 664 8 296 7 368
clussvc.exe 4708 0 8 192 15 404 9 420 5 984
rhs.exe 6116 0 7 924 14 036 7 120 6 916
TrustedInstaller.exe 11992 0 7 624 8 772 5 320 3 452
svchost.exe (DcomLaunch) 692 0 7 172 12 888 6 828 6 060
WmiPrvSE.exe 10248 0 6 896 10 712 5 368 5 344
vmicsvc.exe 1356 0 6 152 10 164 4 916 5 248
WmiPrvSE.exe 5792 0 6 116 8 416 4 804 3 612
msseces.exe 5656 0 5 724 12 796 8 520 4 276
msseces.exe 17108 0 5 708 12 736 8 472 4 264
rhs.exe 5988 0 5 104 9 800 6 152 3 648
DWRCS.EXE 1724 0 4 928 9 160 5 600 3 560
FSEContentScanner64.exe 7880 0 4 896 9 608 6 116 3 492
msftesql.exe 1704 0 4 868 33 160 29 224 3 936
svchost.exe (apphost) 1464 0 4 732 9 132 4 832 4 300
svchost.exe (termsvcs) 6432 0 4 220 9 620 6 136 3 484
csrss.exe 428 0 4 192 6 196 2 968 3 228
cscript.exe 12480 0 3 984 7 968 4 692 3 276
cscript.exe 12248 0 3 972 7 864 4 636 3 228
taskmgr.exe 16240 0 3 892 12 604 9 112 3 492
lsm.exe 592 0 3 892 6 964 4 092 2 872
msdtc.exe 4092 0 3 724 7 724 4 572 3 152
sppsvc.exe 6528 0 3 608 9 532 6 704 2 828
fscvsswriter.exe 4788 0 3 388 7 496 5 160 2 336
FSCMonitor.exe 1884 0 3 200 5 864 4 108 1 756
taskhost.exe 8512 0 3 016 6 060 4 176 1 884
rdpclip.exe 16660 0 2 980 7 648 4 964 2 684
csrss.exe 15752 0 2 908 6 384 4 124 2 260
taskhost.exe 12744 0 2 892 5 872 4 148 1 724
svchost.exe (RPCHTTPLBS) 4576 0 2 840 5 776 3 208 2 568
vmicsvc.exe 1308 0 2 784 7 276 4 828 2 448
WmiPrvSE.exe 15096 0 2 684 5 892 3 800 2 092
taskeng.exe 5616 0 2 236 5 516 3 608 1 908
csrss.exe 16776 0 2 184 5 292 3 648 1 644
winlogon.exe 11436 0 2 164 5 172 3 336 1 836
winlogon.exe 5596 0 2 156 5 180 3 336 1 844
rdpclip.exe 9008 0 2 148 6 824 4 980 1 844
svchost.exe (NetworkServiceNetworkRest
csrss.exe 15816 0 1 848 3 856 2 488 1 368
svchost.exe (LocalServiceAndNoImperson
vmicsvc.exe 1436 0 1 788 4 560 3 016 1 544
winlogon.exe 972 0 1 760 4 236 2 800 1 436
vmicsvc.exe 1408 0 1 748 4 588 3 080 1 508
vmicsvc.exe 1384 0 1 704 4 368 2 892 1 476
wininit.exe 488 0 1 692 4 524 3 184 1 340
dwm.exe 8048 0 1 564 3 880 2 608 1 272
dwm.exe 14472 0 1 524 3 844 2 608 1 236
conhost.exe 6804 0 1 184 3 020 2 032 988
conhost.exe 7380 0 1 180 3 060 2 068 992
conhost.exe 10548 0 1 180 3 060 2 072 988
conhost.exe 1084 0 1 180 3 076 2 088 988
conhost.exe 13712 0 1 180 3 056 2 076 980
conhost.exe 6684 0 1 168 2 848 1 836 1 012
conhost.exe 2828 0 1 164 2 824 1 812 1 012
conhost.exe 3164 0 1 164 2 820 1 812 1 008
smss.exe 336 0 636 1 316 756 560
System 4 0 112 300 244 56
ASKER