Any idea what all these processes are?

[Terry Pinnell]

I've been trying, so far in vain, to discover why some operations on
my PC are so slow, when compared to others doing identical things on a
similar system. This is a single user PC with a normal broadband
connection via cable to my router. The only other 'network' aspect is
a cable to another PC which I used months ago to transfer data across,
but that is switched off.

As part of this detective work I ran ProcMon and was amazed at so many
things apparently going on when I'm doing nothing of significance.
Here's a tiny selection below. I apologise for the 'clutter', but
thought I needed a good handful of entries to offer any clues. These
are all mostly meaningless to me. But it just looks like there's far
too much going on in about 50 ms. Any insights would be much
appreciated please. Or even a comparison from someone else with
ProcMon installed.

7605 12:20:49.9348132 lsass.exe 784 RegOpenKey
HKLM\SECURITY\Policy SUCCESS Desired Access: Read/Write

7606 12:20:49.9348218 lsass.exe 784 RegOpenKey
HKLM\SECURITY\Policy\SecDesc SUCCESS Desired Access: Read

7607 12:20:49.9348295 lsass.exe 784 RegQueryValue
HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW Length: 12

7608 12:20:49.9348360 lsass.exe 784 RegCloseKey
HKLM\SECURITY\Policy\SecDesc SUCCESS

7609 12:20:49.9348405 lsass.exe 784 RegOpenKey
HKLM\SECURITY\Policy\SecDesc SUCCESS Desired Access: Read

7610 12:20:49.9348483 lsass.exe 784 RegQueryValue
HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS Type: REG_NONE,
Length: 180, Data: 01 00 04 80 98 00 00 00 A8 00 00 00 00 00 00 00

7611 12:20:49.9348542 lsass.exe 784 RegCloseKey
HKLM\SECURITY\Policy\SecDesc SUCCESS

7612 12:20:49.9350173 lsass.exe 784 RegCloseKey
HKLM\SECURITY\Policy SUCCESS

7710 12:20:49.9797173 MacExp.exe 1280 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0

7739 12:20:49.9868163 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER
OVERFLOW Length: 144

7740 12:20:49.9868240 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER
OVERFLOW Length: 144

7741 12:20:49.9868288 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS
Type: REG_MULTI_SZ, Length: 320, Data: \Device\{2FDCCC7B-
F44D-40B8-9EE6-595FF29908E2},
\Device\{719F1105-675E-4DA7-B75D-B1ABC815F5D5},
\Device\{0AA3BF6C-8273-4C21-8BBC-51865448F406}, \Device\NdisWanIp

7746 12:20:49.9869895 Explorer.EXE 1672 RegOpenKey
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}
SUCCESS Desired Access: Read

7747 12:20:49.9870163 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\EnableDHCP
SUCCESS Type: REG_DWORD, Length: 4, Data: 1

7748 12:20:49.9870241 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\LeaseObtainedTime
SUCCESS Type: REG_DWORD, Length: 4, Data: 1233749607

7749 12:20:49.9870330 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\LeaseTerminatesTime
SUCCESS Type: REG_DWORD, Length: 4, Data: 1234008807

7750 12:20:49.9870398 Explorer.EXE 1672 RegQueryValue
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{719F1105-675E-4DA7-B75D-B1ABC815F5D5}\DhcpServer
SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.1.1

 

[Sinbad The Sailor]

FROM WIKIPEDIA:
Local Security Authority Subsystem Service (LSASS), is a process in
Microsoft Windows operating systems that is responsible for enforcing the
security policy on the system. It verifies users logging on to a Windows
computer or server, handles password changes, and creates access tokens. It
also writes to the Windows Security Log.

Windows Explorer is a file manager application that is included with
releases of the Microsoft Windows operating system from Windows 95 onwards.
It provides a graphical user interface for accessing the file systems. It is
also the component of the operating system that presents the user interface
on the monitor and enables the user to control the computer. It is sometimes
referred to as the Windows Shell, or simply ³Explorer².

GIYF.

-Sinbad

 

[Swifty]

As part of this detective work I ran ProcMon and was amazed at so many
things apparently going on when I'm doing nothing of significance.

Unfortunately, modern operating systems have a lot of things that they
are expected to do without your even noticing. The list is almost endless.

As a comparison, try to imagine all the things your body is up to, even
when you are asleep, or meditating, most of which you wouldn't want to
turn off!

Most, if not all of the stuff you find will turn out to be innocuous. It
is usually more productive to pick on one thing that is slow, and to
work out why that might be so.

 

[Terry Pinnell]

Unfortunately, modern operating systems have a lot of things that they
are expected to do without your even noticing. The list is almost endless.

As a comparison, try to imagine all the things your body is up to, even
when you are asleep, or meditating, most of which you wouldn't want to
turn off!

Most, if not all of the stuff you find will turn out to be innocuous. It
is usually more productive to pick on one thing that is slow, and to
work out why that might be so.

Thanks all. It wasn't any particular item so much as the sheer volume.
I guess I'll live with it!