If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Some security related questions about Win XP files and processes
Hi,
There's a couple of strange files, processes and registry keys that I've been looking for info on. All this is on a Windows XP SP 3 Pro system that is almost never online (almost only for Windows updates) and is working mostly as a media player and storage for backups. Maybe someone here can confirm what these things are because I'm really curious. My googling has so far brought up only inconclusive results. So here are my questions.. 1) What is this registry key? Where does it come from, what does it do? "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\OptionalComponents" It has subkeys "IMAIL", "MAPI" and "MSFS" but they don't contain much, just keys like "Installed" with REG_SZ value of 1, there are no paths to any files or stuff like that so they don't look like normal run keys to me. 2) What is this process? What does it do? rundll32.exe shell32.dll,Activate_RunDLL It's rundll32.exe with that shell32.dll command line, but what does it do and is it ok? It seems to run briefly when USB devices are connected to the system. Those are clean USB devices btw, nothing evil on them. 3) What is this strange ini file? What creates it and why? Documents and Settings\(User's name)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini I can open it in a hex editor but it makes no sense, just random looking stuff with a few readable strings like "vids" and "auds". I have Windows Media Player 10, and Google found some people saying it's related, but I really can't say for myself... 4) What file is this? Documents and Settings\(User's name)\Application Data\GDIPFONTCACHEV1.DAT In a hex editor it looks like it contains references to fonts. 5) What is this (seemingly) empty folder? C:\WINDOWS\SxsCaPendDel Something created by Windows updates? Thanks a lot in advance! Some of these questions are probably stupid, so sorry for that. I'm just lookin to find out what these things really are. Kind of a learning experience, but so far googling hasn't given me any concrete answers to them, just people that have guesses about what these things might be. |
Ads |
#2
|
|||
|
|||
Some security related questions about Win XP files and processes
Google is your friend.
--- Leonard Grey Errare humanum est HF wrote: Hi, There's a couple of strange files, processes and registry keys that I've been looking for info on. All this is on a Windows XP SP 3 Pro system that is almost never online (almost only for Windows updates) and is working mostly as a media player and storage for backups. Maybe someone here can confirm what these things are because I'm really curious. My googling has so far brought up only inconclusive results. So here are my questions.. 1) What is this registry key? Where does it come from, what does it do? "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\OptionalComponents" It has subkeys "IMAIL", "MAPI" and "MSFS" but they don't contain much, just keys like "Installed" with REG_SZ value of 1, there are no paths to any files or stuff like that so they don't look like normal run keys to me. 2) What is this process? What does it do? rundll32.exe shell32.dll,Activate_RunDLL It's rundll32.exe with that shell32.dll command line, but what does it do and is it ok? It seems to run briefly when USB devices are connected to the system. Those are clean USB devices btw, nothing evil on them. 3) What is this strange ini file? What creates it and why? Documents and Settings\(User's name)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini I can open it in a hex editor but it makes no sense, just random looking stuff with a few readable strings like "vids" and "auds". I have Windows Media Player 10, and Google found some people saying it's related, but I really can't say for myself... 4) What file is this? Documents and Settings\(User's name)\Application Data\GDIPFONTCACHEV1.DAT In a hex editor it looks like it contains references to fonts. 5) What is this (seemingly) empty folder? C:\WINDOWS\SxsCaPendDel Something created by Windows updates? Thanks a lot in advance! Some of these questions are probably stupid, so sorry for that. I'm just lookin to find out what these things really are. Kind of a learning experience, but so far googling hasn't given me any concrete answers to them, just people that have guesses about what these things might be. |
Thread Tools | |
Display Modes | |
|
|