msDNSResponder.exe + System Getting Slower

CrashedSardines · 03-13-2009, 08:42 PM

REcently ive noticed my system is getting slower and slower.
After some reasearch, ive discovered a program running: "msDNSResponder.exe". I think he created a folder on C: called "Boonjour".

DDS (Ver_09-02-01.01) - NTFSx86
Run by Proprietário-de-HP at 11:32:47,20 on 13-03-2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1023.708 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\Programas\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programas\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programas\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Proprietário-de-HP\Ambiente de trabalho\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\java\jre6\bin\ssv.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programas\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programas\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\programas\java\jre6\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [TkBellExe] "c:\programas\ficheiros comuns\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\autoru~1\adober~1.lnk - c:\programas\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programas\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://images.autodesk.com/adsk/files/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\3hdg8ver.default\
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programas\veetle\plugins\npVeetle.dll
FF - plugin: c:\programas\veetle\vlc\npvlc.dll

============= SERVICES / DRIVERS ===============

R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-10-27 19572]
R2 aawservice;Lavasoft Ad-Aware Service;c:\programas\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-6-15 2825088]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2006-2-8 21120]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-6-15 468768]

=============== Created Last 30 ================

2009-03-13 11:09 <DIR> --d----- c:\programas\CCleaner
2009-03-13 11:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-12 20:14 <DIR> --d----- c:\programas\Everest Poker

==================== Find3M ====================

2009-02-09 14:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-01 16:34 48,913 a------- c:\windows\UninstVeetleTVPlayer.exe
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 ---sh--- c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 ---sh--- c:\windows\system32\VistaUltm.dll

============= FINISH: 11:33:13,92 ===============

Thank you a lot.
You have already helped me with a problem before and i just hope you could do it now.

tetonbob · 03-14-2009, 09:56 AM

Hello -

This is installed alongside iTunes and other Apple software. There's usually an opt-out screen you pass, which many people breeze by when running an installation.

Raymond gives a good writeup and uninstall routine here

http://www.raymond.cc/blog/archives/...sresponderexe/

As far as a slow machine goes...

A slow machine is not always a product of infection. I don't see any sign of active infection

Please see this sticky topic:

Is your PC running slow...?

tetonbob · 03-19-2009, 08:20 PM

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

03-14-2009, 09:56 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,530 OS: 2000 Pro; XP Pro; XP Home	Re: msDNSResponder.exe + System Getting Slower Hello - This is installed alongside iTunes and other Apple software. There's usually an opt-out screen you pass, which many people breeze by when running an installation. Raymond gives a good writeup and uninstall routine here http://www.raymond.cc/blog/archives/...sresponderexe/ As far as a slow machine goes... A slow machine is not always a product of infection. I don't see any sign of active infection Please see this sticky topic: Is your PC running slow...? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-19-2009, 08:20 PM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,530 OS: 2000 Pro; XP Pro; XP Home	Re: msDNSResponder.exe + System Getting Slower Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009