Adam, this message will probably be answered quickly and painlessly by you, but any others with ideas are welcome to help me.


I suddenly noticed two strange services listed in the MMC. "Conapdrrr" and "Ipnccgxcmics". They were set to "manual" start. The conapdrrr had no path listed to the dll/exe so I wasn't worried. The Ipnccgxcmics did have a link to some strange EXE in windows\system32. I deleted that file but it immediately returns, even in safe mode.

Spybot, Ad-Aware, and NAV2k5 don't find anything wrong. HijackThis doesn't even list them. Google search turns up nothing. I can't delete the registry entries, even in safe mode. The Ipnccgxcmics references a file called lnkstub.exe; it is part of "Win95-to-WinNT Migration DLL, Win95 Side".

Ideas on what these are and how to remove them?

I assume when you try to end the running proccess it starts up again? If you simply delete it while its running it won't shut it down. Especially in the case of viruses. Some are even smart enough to know when they are shut down from the process to just start up again. To solve that problem you can right click and do END PROCESS TREE. Then you can go ahead and delete it.

Also, I had a similar problem where a DBAMW.exe was running and I had to do the stops ^^ up there. However, after ending the tree, I was able to find it through Virus scan and AdAware whereas before, while running, they didn't see it.

There's no physical process running. It's simply a service I've been able to disable. I do want to know how to actually remove them from the registry/system.

They're in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es

They're in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es

Bingo.

Also, have you tried, CMD-- MSCONFIG -- Unchecking the service?

They are disabled, Amit, as I said above. Also, you should use Service.msc, not MSCONFIG to work on your services.

I just need to flat out REMOVE them from the registry. Regedit gives me a stupid error every time I try to.

right-click the keys and check out permissions. If there are any odd users listed in the permitted users list, delete them, and then try to delete the keys again. Make sure you set yourself as owner before doing anything else.

Permissions are set to allow everyone Full Control & Read Access.

hm. I had some trouble with a random user having explicit permissions on a key, so that's what I was thinking.

Well, no idea then.

They are disabled, Amit, as I said above. Also, you should use Service.msc, not MSCONFIG to work on your services.

I just need to flat out REMOVE them from the registry. Regedit gives me a stupid error every time I try to.

Acutally they both work just as well, since MSCONFIG -- Service is the Service.msc

q: Why can't I use msconfig to change my services?

a: The reason is because with msconfig and Hardware Profiles, you can disable services that may be vital to boot your system. With the management console (services.msc) you cannot. Also, msconfig, while unchecking the box, is disabling the service.

The "Disable All" button also scares me. It should not even be there as no reason exists to justify disabling "everything."

Not "allowing" people to use msconfig reduces the flames and technical support questions in my inbox from people that fail to read the descriptions I offer with each service and the warnings I attach to them.

Well, I use MSConfig, but then I know what I am doing/disabling.

Even so, it still gives you a description of each service, what it does, and who made it, and the path file. Should be enough info for any computer-literate person to figure out :) If it says "Windows" Leave it alone :D

Heheh.

Back ON topic:

Wow, ran a quick google of those 2 services. You know its a bad thing when even GOOGLE can't find it

Eep.
Heres an option: Format Computer ;) But thats just silly. ?: Are they being detrimental to your daily activities on the computer?

Kyle helped me remove them. It was related to what Adam had said with permissions. Even though EVERYONE was allowed Full Access, I simply removed EVERYONE and re-added it. Poof, I deleted them.

Lol, now that is really strange. Never heard of that before.
Yay for learning something every day.