Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Browsers Won't Launch 3

Status
Not open for further replies.

Nuffsaid

Technical User
Aug 3, 2001
374
CA
Hi Everyone,

Win XP SP3 on a Dell Dimension 1 Gig ram.

I cannot get on the internet with either IE or Firefox. It appears something is blocking access. I'm also going through AVG hell. It didn't install properly and I had a hell of a time getting rid of it. I tried a system restore to an earliear date but that didn't help. Ran Malwarebytes, CCleaner nothing. Got like 52 process running. Tried creating a new account, same deal. Seems only Safe Mode works.

Advice welcome and thanks in advance

Nuffsaid.
 
Sometimes malware like to place entries in the Proxy Server Settings of IE/ Tools/ Internet Options/ Connections/ LAN Settings, these are normally just blank for most home users so see what you have entered in there. This is just one common way they prevent Internet access.

AVG Remover Tool (click on the Downloads Tab and look for the Tool link at bottom of the page)
This will introduce you to the Winsock Fix.

WinXP Connectivity Issues
faq779-4625


How to troubleshoot TCP/IP connectivity with Windows XP

How to troubleshoot network connectivity problems






Some general things to try.

Try running ChkDsk to check your drive for errors. Right-click your Drive icon/ Properties/ Tools/ Error Checking. Try it first by not checking either box (this will run it in a Read-only mode) to see if it flags any hard drive or file problems. If it does, restart it by ticking both boxes, and rerun it to allow it to attempt to fix any found problems.


Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

HOW TO: Verify Unsigned Device Drivers in Windows XP

If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)
 


Thanks Linney, I'll explore them all.

More observations, all done while in safe mode with networking;

From a cold boot log on as an admin.
Launch browser IE or FF don't matter, access internet no problem.

Close browser and try to re launch, slight "busy signal" then nothing. Try again, same response, nothing.

Task Manager activity during all of this;

Initial browser launch, process appears (iexplore / ff) ~ 20k memory allocated.

Second attempt, process launched ~3k memory allocated. No UI.

Third attempt, process launched ~3k memory allocated. No UI.

These 3K process just keep accumulating every time I try to relaunch a browser until I reboot. Then the whole process begins again.

Additional error messages encountered along the way...

From the system event log;
The following boot-start or system-start driver(s) failed to load:
Beep

Pop Up Error msgs;
Application popup: svchost.exe - Application Error : The instruction at "0x7c923845" referenced memory at "0x00000000". The memory could not be "read".

.... and last but not least (don't recall where we were when this happened....);

Generic Host Process Win 32 Services

....of course "We Appologize...."

Any more insight?





Nuffsaid.
 
Any change if you recreate Shortcuts and or try clicking on the actual .exe files?

Beep driver can be disabled via the Recovery Console using the Listsvc command and then the Disable command.

How to install and use the Recovery Console in Windows XP

Have you checked your RAM for faults?


Error messages when you start a Windows XP-based computer and then try to download Windows Updates

How do I reset Windows Update components?
 
Another update,

I had already run the AVG remover tool before Linney's post. Found that on my own. Appears to have removed AVG completely so hoping AVG is a non issue at this point.

I ran Chkdsk as suggested, came back clean.

My Dell box came with XP Pro pre installed. The CD that was provided is not a full blown copy of XP Pro, it's some type of Dell recovery / backup disk. I'm not exactly sure what it contains. (I need to dig thru my CDs to locate it.) This being the case, I'm leary on following any advice that states "have your XP CD handy".
I don't want to end up in a situation where I'm half way through a process only to find out I can't complete it because I don't have an original CD. This (in my mind) would only make matters worse. Also, without a full blown copy of XP, a reinstalation of Windows is probably out of the question. (and perhaps a little extreme at this early point.)

I read the FAQs and Support documents from Linney's first post, but they seem to speak to an "All Or Nothing" issue. My problem seems to be intermitant.
I have no problen connecting to my ISP with Outlook to get my mail. It's just the browsers that are hooped. Everything else installed on the machine like Office, Adobe, Corel, etc seem to work fine.

I have not tried launching the browsers from the actual .exe files I'll give that a shot and let you know.

Using the Recovery Console. Not currently available in my install. When I boot up in safe mode there's only one operating system to choose, Microsoft Windows XP Professional. As stated earlier, not having an original XP CD, well.....

I tried re installing IE 7 (no removal was done first just re installed over top of...) no effect.

Well, guess what I'll be doing the weekend.....




Nuffsaid.
 
Oh Yea,

Checked this.. Proxy Server Settings of IE/ Tools/ Internet Options/ Connections/ LAN Settings ... zippo

Nuffsaid.
 
Please post HiJackThis log for us to peruse.

Have you run a continuous ping at the CMD prompt and see what percentage is lost or to see a pattern of successes and then drops???

ping -t wait about 15 minutes
Control C (to stop it)
Read loss percentage
 
The System File Checker wont cause you any problems even if it fails to complete. It will use the files on your Recovery CD, or files already on your computer, or a combination of both. The media that it requests is controlled by entries in the Registry that point to the original source media.
 
Sounds like you have a compromised or malicious service running in Normal Mode, which is not there in Safe Mode.

I'd prescribe either an on-line scan, e.g. or take the drive out and attach to a known clean system and scan it.

ROGER - G0AOZ.
 
Please post a BEFORE hijackthis log, but you can also run these after and then let us know what happened.

0. RKILL (see if it kills anything)
1. GMER (see if the initial launch shows anything weird)
2. Combofix
 
Hi Everyone,

Thanks for the input so far, much appreciated.

"Think Point". I caught this little bugger last week and thought I got fid of the bugger by stopping the hotfix.exe
process using Task Manager then running the latest Malware Bytes scan anr removeing all offending entries.

This morning the splash screen reappeard. Checking Task Mgr. it's not running under hotfix.exe anymore.
It appears to be running unde randomletter.exe (a.exe) Appears Malware didn't totally get rid of this.

I'm having a hell of a time accessing Tek-Tips during all of this so please excuse me if somw of this post becomes
sporatic.

Here's the "before" hijack this log....

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:14:18 PM, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\All Users\Documents\Highjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL unfurl="true"]http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL unfurl="true"]http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL unfurl="true"]http://www.people.com/people/[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL unfurl="true"]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [URL unfurl="true"]www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061012[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - [URL unfurl="true"]http://www.nintendo.com/consumer/systems/wii/en_na/usbaptest.cab[/URL]
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - [URL unfurl="true"]http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab[/URL]
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - [URL unfurl="true"]http://i.dell.com/images/global/js/scanner/SysProExe.cab[/URL]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [URL unfurl="true"]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194800948484[/URL]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [URL unfurl="true"]https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab[/URL]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [URL unfurl="true"]https://secure.logmein.com/activex/ractrl.cab?lmi=100[/URL]
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 10391 bytes
[/]code




Nuffsaid.
 
Hi Aagain All,

Think We're up against 2 issues, Think Point and too many processes running with only 1 gig.

Nuffsaid.
 
Update (while I can)

Ping Google.... Sent 238 Received 238 Loss 0%

Sfc/scannow... Took awhile to run but returned to dos prompt with no messages. Assume We're good.

Latest Malware scan .... totally clean

Housecall..... 0 threats found.

Question, with 1 gig, how many k in task manager would cause the system to behave in the manner I'm experiencing.

Viruses aside. Am I just having a memory issue? i.e when I boot and 52 processes load up befor I even attempt to access the internet, could this be the problem?

Also, in Task Manager I see processes from programs I dumped a long time ago, how do I get rid of these? (probably shud start a new thread about this)

Nuffsaid.
 
This first one could be nasty and part of your prpblem.

O20 - AppInit_DLLs: cru629.dat



These want checking to see while files are missing (or removal of entry), and the rest, as to whether they are something you know about.


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)





Access Violation


When I log into my PC I see a ThinkPoint window


Think Point


Look at some of the later comments in that post too. This sounds like a particularly nasty piece of malware. Some of those links might be a bit out of date if ThinkPoint has mutated since they were current.




XP should perform adequately with 1GB of RAM. See what processes you can remove from running at Startup.

310560 - How to Troubleshoot By Using the Msconfig Utility in Windows XP

Autoruns for Windows v10.04
 
I agree with Linney's suggestions on the HJT log...

but in my opinion, this is the problem, as to why you have a hard time running browser and getting on the iNet...

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

My suggestion on how to remove it:

Completly Uninstall and Remove Bonjour Service and Files (mDNSResponder.exe, mdnsNSP.dll) for Windows


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
What I would do at this point, is search the registry for this file cru629.dat and see where it lives. Then replace it with notepad.exe (in all the places it lives) but then rename notepad to cru629.dat.

That will do two things. As you try to clean your system, you will see notepad pop up IF the system has not been cleaned yet. When notepad stops popping up, the system is not trying to launch that malware any longer.

I'd still run combofix if not now then AFTER Linney's suggestions.
 
Hi All,

Looks like I got some work to do.....

My plan of attack;

Load and run RKILL.. Rerun MalwareBytes. Just to make sure Think Point is gone.
(I think there's a little Cat and Mouse going on. My wife's been accessing Facebook while I've been attempting to clean this up.
So it's possible that after I remove the virus she's doing something to "invite it back"????)

Load and Run Combofix.

If that doesn't work, then, I'll "search and destroy" all instances of cru629.dat (probably using goombawaho's suggestion)

@ Linney, I know what most of the "have a look at" entries refer to, however a lot of this stuff has been removed off the system.

What do I need to do to get these entries to stop showing up in the HJT log?

The only one that really concerns me is this, what is it? Leftover from AVG 8?
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

@ BadBigBen, I've read that if I remove this, ITunes won't function. I'll remove it tempoararily to see if it's part of the problem.
But i do need to run ITunes.

@ goombawaho, I've read Combofix is quite a powerfull tool and can mess up your system if not used properly.
As you have recommended it twice in this thread and I'm a novice.... hope ya plan on sticking around. [wink]

Will report back when I have some new info.....



Nuffsaid.
 
Hi,
I agree with goombawho about using combofix - it was the only tool I found to remove a particularly nasty BHO trojan ( it redirected ALL searches in Google to an odd site)

It is powerful so do as you plan and read then re-read all the docs first.

Removing the Bonjour service should not affect iTunes - It is a service discovery program for locating devices on a network but can cause problems with internet connectivity since it can add 0.0.0.0 as a default DNS address.

[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Did you every run the AVG remover tool, I would have thought that it would remove all the AVG stuff?

Are you, or your wife, surfing the Internet with an Admin User rather than the less prone to infection, Limited User?
 
linney said:
Are you, or your wife, surfing the Internet with an Admin User rather than the less prone to infection, Limited User?

.....hmmmm...... eh....... ahem.... not anymore. [blush]

Nuffsaid.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top