HJT - 016 DPF items: Anyone know what these are?

[MasterRacker]

Cleaning up a particularly nasty machine I ran into these two entries.


O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB


I don't remember seeing the HCP protocol before. From what I've been able to gather, it is some new chat protocol. This machine did have a number of chat clients on it and I'm guessing that these aren't necessarily malware, but I'm curious if anyone knows they actually are.


Jeff
The future is already here - it's just not widely distributed yet...

 

[lspook2]

sounds like u may have a trojan, spyware or dialer on your computer.
What i usually do is download avg free and update it from

http://www.grisoft.com

do a full scan if you find any virus (not trojans)restore the files. if there are cleaners get them from

http://www.nod32.ie

and

http://www.symantec.com

run them in safe mode. i noticed syamantecs cleaners dont always clear the virus's fully. after that download adaware, make sure its up to date and do a full scan and clean.
with dialers sometimes you have to manually go in and delete the folders.

 

[MasterRacker]

There was a metric ton of malware on this beast. I've been through the normal Ad-Aware, Hi-Jack, Virus scan, manual cleanup, swear-a-lot routine. I've just never noticed these two items before.


Jeff
The future is already here - it's just not widely distributed yet...

 

[THoey]

Hey Master, from what I have been told, if there are any 016 level entries that you are unsure of, you can remove them. If they are necessary for some tool you are using, they will be reloaded when necessary.

Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...

 

[diogenes10]

googling on the numbers between the brackets gets lots of hits on both. What little checking I had time to do yesterday-I think I only saw one place where someone had recommended one of them be removed.

 

[THoey]

http://www.sysinfo.org/bholist.php

Using the above site, neither of the CLSID's show up. Should be okay, but as I mentioned they can be deleted and will be reloaded if they are needed.

Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...

 

[MasterRacker]

Thanks. I figured they were safe. As I said before, this machine had all the normal chat clients - AIM, MSN, Yahoo, etc, but it also had a couple I hadn't seen before. (If I remember right, one was called AVChat?)

From what I could find in a quick search, HCP is an open chat protocol that MS started supporting with XP. Since I couldn't find incriminating info against those items, I assumes they were part of those other chat programs. Good to get some verification though.


Jeff
The future is already here - it's just not widely distributed yet...