PDA

View Full Version : file information and startup



hddndrgn04
04-10-2004, 04:03 AM
Hey all,

I have some questions about some exe, dll, and other files. I'm hoping someone may help me understand the os better.

1. lsass.exe, csrss.exe
I know these files belong to windows, but what do they actually do. My research on lasass.exe suggests that some services use this name. I disabled these services, however, the file is still shown in the task manager.

2. oobebaln.exe
I found this file in the C:\Windows\system32\oobe directory
What is it? When I tried deleting it, it strangely reappears. I can't seem to get rid of it

3. tcpsvcs.exe
I'm a bit concerned about this one. It listens on ports 7,9,13,17, and 19. Research suggests that the Terminal service uses this. However, it isn't installed by default on xp home. So why do I have it tcpsvc.exe running? I've disabled it by renaming it to tcpsvc.old for now.

4. mshta.exe
What is this file and what does it do?
It's called upon from the registry key HKLM\software\classes\htafile\shell\open\command

5. ntoskrnl.exe
Apparently this execuable is apart of the boot process, right? The task manager calls it "system" with process id 4.
What does this file actually do and why does it listen on UPD and TCP 445?

6. mscdexnt.exe, redir.exe, dosx.exe

what do these execuables do and are they necessary? C:\windows\system32\autoexec.nt loads them

7. himem.sys
what is this file and is it necessary? C:\windows\system32\config.nt loads it


8. ginstall.dll
I have no idea what this does
It's loads via C:\windows\wininit.ini
What does it do?

9. timer.drv
I don't know what does either. C:\Windows\system.ini loads it

10. Wscript.exe

I know many script files uses this execuable, but what does it actually do and is it necessary?

"vbsfile", "vbefile", "jsfile", "jsefile", "wshfile", and "wsffile"
calls to wscript.exe in the registry key HKCR\" "\shell\open\command


11. Shell32.dll, webcheck.dll, stobject.dll, upnpui.dll

What do these dll do and are they necessary? They are all loaded by the registry key HKLM\software\microsoft\windows\currentversion\she llserviceobjectdataload

12. ntvdm.exe, krnl386
The key HKLM\system\currentcontrolset\wow\cmdline points to ntvdm.exe
and the key HKLM\system\currentcontrolset\wow\wowcmdline points to krnl386

What do both of these files do?

13. dcsws2.dll, mswsock.dll, rsvpsp.dll

The key HKLM\Systemcurrentcontrolset\services\winsock2\par ameters\protocol_caatalog9\catalog_entries\

uses these dll files. What are the files and what is the key referring to?

14. javasup.vxd
I know this is an important file for java but what does it actually do?

It can be found in the key HKLM\system\currentcontrolset\services\vxd\javasup \

15. Explorer.exe
Can someone verify that explorer.exe is load from two locations

I have it loaded from C:\windows\system.ini [boot] shell and from HKLM\\software\microsoft\windowsnt\currentversion\ winlogon\shell

16. msconfig

Msconfig from run shows

system.ini loads

"; for 16-bit app support"
"[drivers]"
"[mci]"
"[dirver32]"
"[386enh]"

win.ini loads

"; for 16-bit app support"
"[fonts]"
"[extensions]"
"[mci extensions]"
"[files]"
"[mial]"
"[mci extensions.bak]"

which box is safe to uncheck for general use?


I know there're a lot of questions here, so any help at all would definitely be wonderful.


With appreciation,
Terry

ski
04-10-2004, 10:17 AM
That's a pretty tall order.
Suggest that you do a Google search.
Lots of good answers for your questions can be found there.

Paul Komski
04-10-2004, 11:07 AM
THIS (http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/) will get you started with lsass.exe - but there's too many indivisual queries to respond to without some special reason IMHO.

PrntRhd
04-10-2004, 11:13 AM
Let me put this another way, are you trying to set services for Windows XP ? See blackviper (www.blackviper.com)

Or are you trying to do something else?

hddndrgn04
04-10-2004, 11:32 AM
yeah it's a tall order :)

I've been doing the research on google, but no luck. This is why I've saved up all the one's I can't find much about for this place in hope of assistance.

My primary concern is oobebaln.exe in my C:\Windows\system32\oobe folder. As soon as I delete it, it returns! My bet is that if you have it on your system, it would be same case because I tried deleting it after a reinstallation of xp. Try finding it and deleting it yourself to see what happens.

I honestly think this is an "important" microsoft program. What do you guys think?

pave_spectre
04-10-2004, 11:49 AM
If it returns when you delete it then you may still have windows file protection enabled.

Its just the activation reminder program. If XP is already activated it does nothing, if its not activated then its part of what locks you out. All part of microshafts 'Out of Body Experience'.

Budfred
04-10-2004, 03:59 PM
This was the first link on Google for that file:

http://www.msfn.org/board/index.php?act=ST&f=34&t=17428

You can probably find some more of them here:

http://www.windowsstartup.com/wso/browse.php?l=1

and here:

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm