Hi

i used process hacker to create a log about processes that starts with the boot
and system explorer to create again a log

well i did notice that sometime the system run verclsid.exe for a very short time

for example
process hacker
-{ Quote: "7.04.19 02/08/2011: Process created: verclsid.exe (2396) started by explorer.exe (228)" }-

system explorer
-{ Quote: "02/08/2011 7.04.20 Process Delete PID=2396 PPID=228 Filename="verclsid.exe" ExitCode=3 ProcessorTime=00:00:00" }-

i set process hacker & system explorer to start at the boot

now i have never noticed verclsid.exe,in the past
i know only that i installed only 1 new program , nod32 v4

do you think it's normal ?
does it happen to you too?
what i can not understand it's that this process startup and terminate random(not every boot)

thanks
cheers

What is the full path to verclsid.exe?

http://www.file.net/process/verclsid.exe.html

From http://support.microsoft.com/kb/918165
Security update 908531 (MS06-015) installs a new program, Verclsid.exe. The Verclsid.exe program validates shell extensions before they are instantiated by the Windows shell or by Windows Explorer.

It is normal for verclsid.exe to run for short intervals. On XP-SP2, verclsid.exe is in the system32 folder and is 28KB. File version is 5.1.2600.2869. The MD5 for this version is 32a71f37940de5997fbb8f7bf76bd246

-{ Quote: "What is the full path to verclsid.exe?

http://www.file.net/process/verclsid.exe.html" }-
is C:\WINDOWS\system32

-{ Quote: "From http://support.microsoft.com/kb/918165
Security update 908531 (MS06-015) installs a new program, Verclsid.exe. The Verclsid.exe program validates shell extensions before they are instantiated by the Windows shell or by Windows Explorer.

It is normal for verclsid.exe to run for short intervals. On XP-SP2, verclsid.exe is in the system32 folder and is 28KB. File version is 5.1.2600.2869. The MD5 for this version is 32a71f37940de5997fbb8f7bf76bd246" }-
thanks
i did read it before opening a thread
but i don't understand why it loads up random:blink:

why on Earth are you still running SP2?

-{ Quote: "why on Earth are you still running SP2?" }-
i'm running w7
but on an old laptop i did a fresh install of xp sp2 legit

-{ Quote: "but i don't understand why it loads up random" }-
You will find that verclsid.exe runs when another processes is launched and when other activities are performed. It verifies the CLSID of objects as they're used. Depending on what you're doing at the time, verclsid.exe can start and finish many times in a short timespan.

-{ Quote: "why on Earth are you still running SP2?" }-
Because SP3 breaks some apps that I use, doesn't allow its drivers to load.

-{ Quote: "
Because SP3 breaks some apps that I use, doesn't allow its drivers to load." }-
Interesting, can you name them?

-{ Quote: "You will find that verclsid.exe runs when another processes is launched and when other activities are performed. It verifies the CLSID of objects as they're used. Depending on what you're doing at the time, verclsid.exe can start and finish many times in a short timespan.
" }-
but i guess before installing nod32 , i have never seen it
do you have in the prefetch folder?
and do you run nod v4?

thanks

Just FYI. http://systemexplorer.net/db/verclsid.exe.html
-{ Quote: "Review: verclsid.exe is part of operating system. This program validates shell extensions before they are started by Windows Shell or Windows Explorer." }-

-{ Quote: "but i guess before installing nod32 , i have never seen it
and do you run nod v4?" }-
Right clicking on a folder and selecting "explore" will draw a prompt for verclsid.exe, at least it does on mine. Scrolling the Windows folder in detail view also brings up a couple of prompts. I don't use an AV and have never tried NOD32. If NOD32 adds a context menu entry for manual scanning, that entry might also bring up a verclsid.exe prompt.
-{ Quote: "do you have in the prefetch folder?" }-
My XP system has been severely stripped down (XPlite and more). I don't have a prefetch folder.
-{ Quote: "-{ Quote: "Because SP3 breaks some apps that I use, doesn't allow its drivers to load." }-Interesting, can you name them?" }-
There was a couple of them, but the only one I can think of at this moment is SSM free, which I prefer to the pro version.