H
HF
Hi,
There's a couple of strange files, processes and registry keys that I've
been looking for info on. All this is on a Windows XP SP 3 Pro system that is
almost never online (almost only for Windows updates) and is working mostly
as a media player and storage for backups. Maybe someone here can confirm
what these things are because I'm really curious. My googling has so far
brought up only inconclusive results. So here are my questions..
1) What is this registry key? Where does it come from, what does it do?
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents"
It has subkeys "IMAIL", "MAPI" and "MSFS" but they don't contain much, just
keys like "Installed" with REG_SZ value of 1, there are no paths to any files
or stuff like that so they don't look like normal run keys to me.
2) What is this process? What does it do?
rundll32.exe shell32.dll,Activate_RunDLL
It's rundll32.exe with that shell32.dll command line, but what does it do
and is it ok? It seems to run briefly when USB devices are connected to the
system. Those are clean USB devices btw, nothing evil on them.
3) What is this strange ini file? What creates it and why?
Documents and Settings\(User's name)\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
I can open it in a hex editor but it makes no sense, just random looking
stuff with a few readable strings like "vids" and "auds". I have Windows
Media Player 10, and Google found some people saying it's related, but I
really can't say for myself...
4) What file is this?
Documents and Settings\(User's name)\Application Data\GDIPFONTCACHEV1.DAT
In a hex editor it looks like it contains references to fonts.
5) What is this (seemingly) empty folder?
C:\WINDOWS\SxsCaPendDel
Something created by Windows updates?
Thanks a lot in advance! Some of these questions are probably stupid, so
sorry for that. I'm just lookin to find out what these things really are.
Kind of a learning experience, but so far googling hasn't given me any
concrete answers to them, just people that have guesses about what these
things might be.
There's a couple of strange files, processes and registry keys that I've
been looking for info on. All this is on a Windows XP SP 3 Pro system that is
almost never online (almost only for Windows updates) and is working mostly
as a media player and storage for backups. Maybe someone here can confirm
what these things are because I'm really curious. My googling has so far
brought up only inconclusive results. So here are my questions..
1) What is this registry key? Where does it come from, what does it do?
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents"
It has subkeys "IMAIL", "MAPI" and "MSFS" but they don't contain much, just
keys like "Installed" with REG_SZ value of 1, there are no paths to any files
or stuff like that so they don't look like normal run keys to me.
2) What is this process? What does it do?
rundll32.exe shell32.dll,Activate_RunDLL
It's rundll32.exe with that shell32.dll command line, but what does it do
and is it ok? It seems to run briefly when USB devices are connected to the
system. Those are clean USB devices btw, nothing evil on them.
3) What is this strange ini file? What creates it and why?
Documents and Settings\(User's name)\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
I can open it in a hex editor but it makes no sense, just random looking
stuff with a few readable strings like "vids" and "auds". I have Windows
Media Player 10, and Google found some people saying it's related, but I
really can't say for myself...
4) What file is this?
Documents and Settings\(User's name)\Application Data\GDIPFONTCACHEV1.DAT
In a hex editor it looks like it contains references to fonts.
5) What is this (seemingly) empty folder?
C:\WINDOWS\SxsCaPendDel
Something created by Windows updates?
Thanks a lot in advance! Some of these questions are probably stupid, so
sorry for that. I'm just lookin to find out what these things really are.
Kind of a learning experience, but so far googling hasn't given me any
concrete answers to them, just people that have guesses about what these
things might be.