Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
43 Posts
Discussion Starter #1
Firstly I hope I'm posting in the most appropriate place.

I installed itunes from the web recently, and I can't get rid of it now. I also noticed a program called 'bonjour' when Sygate asked me if I wanted to allow it to access the network. Naturally I said no. A good thing, because loads of incoming stuff has been blocked.

I have run Adaware SE, Spybot, and HJT. I removed the running processes (mdnsNSP.dll) of the programs using HJT and LSPfix, so they no longer show in Sygate. Good. Rest of the stuff is, I believe, legit.

I went to c:programfiles/bonjour and tried to delete the folder, since it's not in the add/remove list, but it wont let me because mdnsNSP.dll is still running. There's another one: dnssd.dll in there as well. Either way, I can't delete the contents of the folder and I don't want it on my HDD.

The other folders in c:program files are ipod and itunes. I can't see anything that would allow me to uninstall them. I remember when I was installing them that because of my security settings/paranoia I don't think something installed properly, which I suspect didn't help. I remember thinking, **** at the time, because it's bad when that happens, and things are difficult to get rid of. They're not in the add/remove list either.

I am annoyed because I didn't follow my net rule of 'don't download things unecessarily' since I thought Apple would be fairly reputable.

If you could advise me on how to get rid of these blasted things I would appreciate it!

Many thanks.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Download HiJackThis - this program will help us determine if there are any malware on your computer.
  1. Double-click on the file you just downloaded.
  2. Click on the "Unzip" button to install the newer version.
  3. It will by default install to the directory - C:\Program Files\HiJackThis\
  4. If it gives you an intro screen, just choose - Do a system scan and save a logfile.
  5. If you don't get the intro screen, just hit [Scan] and then click on Save log.
  6. Post the HiJackThis.log file here.
 

·
Registered
Joined
·
43 Posts
Discussion Starter #3 (Edited)
The reason I didn't post this was because it says not to in the intro threads.

Thanks

I have marked one line private. I know what this is and do not wish to share the info online.


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Sygate\SPF\smc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 08:45:02, on 31/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Francesca Yates\My Documents\downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\PLUGINS\Npcdp32.dll
O16 - DPF: (private)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113420652948
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


End of KRC HijackThis Analyzer Log.
===================================================
 

·
Registered
Joined
·
83 Posts
bonjour is part of iTunes, is used by this app to share your music for 5 other computers connected in your lan... otherwise, if you have problems removing iTunes from your machine, follow this document..
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Frankles,

Bonjour isn't appearing in your HJT log. I could give you a utility to forcibly remove the /bonjour folder but that may leave orphaned entries in your Registry.
The other folders in c:program files are ipod and itunes. I can't see anything that would allow me to uninstall them. I remember when I was installing them that because of my security settings/paranoia I don't think something installed properly, which I suspect didn't help.
The wiser alternative would be to re-install the program again & then remove it using Add/Remove Programs. If it leaves any orphaned entries in the Registry, we can use a utility like CCleaner to remove them.
 

·
Registered
Joined
·
83 Posts
bonjour isn't appearing because it's a service that starts with iTunes, if you don't have iTunes running, bonjour would be deactivated... if you don't want to have it running, simply block the iTunes sharing under its preferences...
 

·
Registered
Joined
·
43 Posts
Discussion Starter #7
OK, so simple I really should've known how to do this!

Thanks for the advice, I reinstalled then uninstalled it through control panel.

Doh!

BTW, Bonjour was running without my having launched itunes, though my previous HJT log (before i cleaned some stuff) did show itunes running in the background. Curious.

Cheers guys, have a good day, I'm off to see how fast I can complete CoD:united offensive :smooch:
 

·
Registered
Joined
·
83 Posts
probably, bonjour was still running after you quitted iTunes...
well, united offensive is quite difficult, so enjoy it!
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top