/build/static/layout/Breadcrumb_cap_w.png

Registry junk or not?

During capture I got some registry entries I cannot find any info about, anyone know if these are junk or not or can refer to any URL as I can't find anything regarding these.

HKLM\SOFTWARE\Microsoft\ESENT\Process\rundll32\DEBUG
Value Name: Trace Level
Data Type: REG_SZ
Value Data: <blank>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD
Value Name (REG_DWORD) & Data:
Enable = 1
Enumerate as ICD = 0
IO Priority = 0
Palettized Formats = 1
SwapSync = 1
Use Generic Stencil = 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
Value Name: DisplayParams
Data Type: REG_BINARY
Value Data: <long line>
Registry description from: http://www.ez-pc.org/?midx=205&didx=40
To change the font that is used in the MS-DOS window:
Open the registry editor
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
Change the value of Font to Courier New (or any other fixed space font you have available)
Close the registry editor.
Restart the computer for the change to take effect.


I created a C:\logs directory and shared it manually
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares
Value Name: logs
Data Type: REG_MULTI_SZ
Value Data:
CSCFlags=0
MaxUses=4294967295
Path=C:\logs
Permissions=0
Remark=
Type=0

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security
Value Name: logs
Data Type: REG_BINARY
Value Data: <long line>
Registry description:
http://support.microsoft.com/kb/125996

Hope anyone have any insite of these registry entries and maybe what to do.

0 Comments   [ + ] Show comments

Answers (10)

Posted by: anonymous_9363 15 years ago
Red Belt
0
From memory...

- SOFTWARE\Microsoft\ESENT key is connected with Task Manager
- lanmanserver key will record local shares
- MS-DOS Emulation key, I think you've already discovered is connected with the DOS command prompt window and behaviour of CMD.EXE
- MCD is connected with the OpenGL mini-client driver
Posted by: AngelD 15 years ago
Red Belt
0
Hi Ian & thanks for the info!

Did a search for ESENT and only found some details regarding HKLM\SYSTEM\CurrentControlSet\Services\ESENT
at: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbm_mon_pzgc.mspx?mfr=true
The Database object relates to the Extensible Storage Engine (ESENT), the transacted database system that stores all Active Directory objects. This performance object is not installed by default. The counters on the Database object enable you to perform advanced tuning of Active Directory. You can also use some of the counters to help determine whether you need more disk drives for storage of logs or database.

I'm not sure they relay to the same though but as it's talking about performance maybe the "Trace Level" under the DEBUG key is some how connected. The application is Java driven if that makes any sense.
Posted by: Inabus 15 years ago
Second Degree Green Belt
0
ESENT

That is antivirus as I use the same program at home :)

http://www.eset.com/

At least I am 90% sure thats the name of the service I see in taskmanager anyway.

P
Posted by: AngelD 15 years ago
Red Belt
0
Nice guess Paul,

However, I do not have any anti-virus on my clean packaging machine.
Except for WPS I only installed "J2SE Development Kit 5.0 Update 15" and .NET Framwork 1.1 + SP1 and 2.0 as it's required for the application.

The application I'm working with is "Versant Developer Suite 6.0.5.3"

Thanks anyway!
Posted by: Inabus 15 years ago
Second Degree Green Belt
0
Bah, ill go back in my box then :p

I will say, before I close the lid, that the ESNET key is on my machine here as well and appears to be part of the O/S and having also checked a clean virgin XP SP2 build I can also confirm its on there too I would therefore remove it from your snap.

P
Posted by: AngelD 15 years ago
Red Belt
0
Paul,

During capture the DEBUG key is created with the Trace Level entry so don't know if it's needed or not for the application.
Posted by: anonymous_9363 15 years ago
Red Belt
0
In your position, Kim, I'd leave it out and ProcMon the app as it runs. If it attempts to read/write the entry, put it back.
Posted by: AngelD 15 years ago
Red Belt
0
Well, now that is a good idea!
Didn't even think about ProcMon [8|]
Posted by: anonymous_9363 15 years ago
Red Belt
0
Hmmm...perhaps I need to mention it more...what do you think?
Posted by: AngelD 15 years ago
Red Belt
0
Yeah, as every other doesn't seems to work for me [;)]
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ