If you now do not have the actual program on your machine and you never plan to use it again, there is no reason to have (portions of) it in prefetch.
Delete it.
Or, leave it alone. Eventually Windows ought to remove automatically it due to lack of use.
since waiting for windows to remove it automatically sounded more like wishful thinking i deleted it. nothing has gone wrong with my computer since. thanks to you and all.
Glad I could help, I knew there was a way to delete them it just took a while to remember it as this flu I am suffering fom has really messed me up!
i just found out that mdnsresponder.exe is residing in "windows prefetch" as "MDNSRESPONDER.EXE-02F30C6F.pf". i don't have knowledge enough to tamper with with system files. What would you advise?
Were you able to rename mdnsNSP.dll?
Did you try this?
PP:)
you can see from my answer below to Rik that I should have tried that. thanks a lot.
by the way. Gizmo application is not active anymore.
apples i-tunes installes and uses those files ,do you have and use i-tunes
no i never used itunes. sse my reply to Rik below. Thanks a lot.
Had an idea. Will windows allow you to rename the 2 files and add .old at the end of each? If so, you should be able to delete them after a reboot.
Yes, indeed! I was dumb enough not to try this after " 'C:\Program Files\Bonjour\mDNSResponder.exe' - remove" command failed. I didn't have to change "mDNSResponder.exe" before deleting because it was not was locked yet this time.But I could change "mdnsNSp.dll" to "mdnsMSP.old" just like that and reboot and they were gone when I deleted them. It seems I created "much ado about nothing".
Thanks a lot, you saved me from suing expenses. :))
I'm at a bit of a loss then I'm afraid, sorry!
thank you all the same for your kind interest. i will not let this matter stay as it is and will try to find a solution on web. If the only solution is reformatting my computer, i will consider sueing master jobs.
Are you able to see and stop them with msconfig?
There's only QTTask from Apple in the "start up"; in "services" some are "stopped" but can't make anything of them.
I completely understand what you mean! I hate software like that too. Have you tried running HiJackThis on your system and using that to attempt to remove the files?
I made a scan with HijackThis and also checked the misc processes but couldn't find a trace.
right. i'm sorry. bonjour (probably installed thru OuickTime) was decently placed in my add/remove programs. however when i "removed" it, "mdnsNSP.dll" and "mDNSResponder.exe" stayed and could not be removed manually. i use "BoostSpeed" by Auslogics and it has an "unlock" service. "mDNSResponder.exe" was unlocked and i deleted it. but "mdnsNSP.dll" stayed. i asked help from Auslogics.they said "'svchost.exe' is a Windows services host application, it simply cannot be terminated" and wishing me luck, advised me to check this url: http://www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe/
at my first try it didn't work because i had already deleted "mDNSResponder.exe". so i reinstalled bonjour then removed it, two pesty files naturally keeping residence. but when i tried to run "C:\Program Files\Bonjour\mDNSResponder.exe" - remove, the "run" window kept evaporating after i clicked OK.
then i looked for the the magic "Au Revoir Bonjour" but it was not to be found anywhere in web - with the exception of a french blog. but then it was only a trap for a trojan.
it's not that i'm suspicious about those two files. I just hate apple to force them down my throat. if i don't want them on my computer (even if they're for my own good), i think i must have a right to remove them.
this is the full story. thanks for you patience.
A quick google found this - http://discussions.virtualdr.com/showthread.php?t=242173
I tried almost all the solutions offered on web. None of them work. That's why I am asking here.
How do you get rid of "mdnsNSP.dll" and "mDNSResponder.exe"?
Windows, in many cases, when trying to help actually impedes. "Data Execution prevention" for example. It gives me a hell of a time because I've got VLC as default media player. Every time I want to open a video using VLC, Windows closes the program for my "protection" and I have to open it again. Any of you have a solution? (I have placed VLC.exe as an exception in "System Properties/Advanced-Performance-Settings-Data Execution Prevention-"Turn on DEP for all programs and services except those I select - VLC media player (box checked)" -- it doesn't work)
Thank you for your advice, but I don't think I'lm intelligent enough to perform those tasks. Anyway, my PC is working without any apparent problems for now and I had justed wanted to learn what would be the probable cause of a registry data recovery action.
I was greeted by the notice "One of the files containing the system's registry data had to be recovered by use of a log or alternate copy. The recovery was successful" when I started my PC this morning.
What makes Windows make a registry recovery? I want to know because then I can find out a mistake I might have done to cause such an action. Regards...
I'm grateful to you and all at DaniWeb.
I use VTunnel to connect to YouTube, but if you have better a advice I'll gladly take it.
Hi, Crunchie. Of course it wasn't me who added "O1"s to the log. But before downloading HostsXpert as you advised, I noticed all "O1"s left after HijackThis fixed them belonged to YouTube. I live in Turkey and --I'm ashamed to tell this -- YouTube is banned in my country. I was using a program called YouTube Jacker II to gain access to the site. Since a couple of days I had started receiving error messages from YouTube videos, but it never occurred to me that there may be something wrong with the program. But apparently there was. I removed it today. I performed a HijackThis scan after the removal and as you'll see from the log below all YouTube "O1"s have vanished.
Can we say that my PC is clean now?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:42, on 06-Aug-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\etMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet …
OK. Here's MWB Anti-Malware Log:
Malwarebytes' Anti-Malware 1.40
Database version: 2563
Windows 5.1.2600 Service Pack 3
05-Aug-09 16:02:38
mbam-log-2009-08-05 (16-02-38).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 142914
Time elapsed: 35 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here's the first HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:01, on 05-Aug-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\etMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
My initial problem was with "system volume information" files. It was solved after a dialogue with a reliable member of the forum. But I still wanted to know if those file were infected or not. So this member advised me to download "Malwarebytes". I did and Malwarebytes found two infected Registry Data Items and quarantined them. My correspondent checked the log I posted for him and advised me to download HijackThis, so that he could see if Malwarebytes had really "killed" the two malwares. I downloaded HijackThis and posted the log it produced, upon which my correspondent advised me to click all "O1"s and then click "Fix Checked." I did and upon seeing this new log he replied that "It seems your hosts file is messed up. I am afraid that sorting that is beyond my ability" and referred me to this Forum.
That's why I am here. I performed all the required actions stated by PhilliePhan (except the Deckard's). I have all the logs I have stated above in case anyone is interested in looking at them. I just want to know if my PC is clean or not.
Thank you Rik. You tried your best to help me. I better start a new thread in malware section.
As you said:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:01, on 05-Aug-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\etMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O1 …
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:01, on 05-Aug-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Well, here it is:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\etMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?fr=mcafee&p=%s
O1 - Hosts: TT Jacker :)
O1 - Hosts: 195.8.214.141 dailymotion.com
O1 - Hosts: 195.8.214.142 dailymotion.com
O1 - Hosts: 195.8.214.140 www.dailymotion.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144
Thank you very much indeed. The "system volume info" files were clean, but two registry data items were infected. Below is the complete log:
Malwarebytes' Anti-Malware 1.40
Database version: 2563
Windows 5.1.2600 Service Pack 3
05-Aug-09 16:02:38
mbam-log-2009-08-05 (16-02-38).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 142914
Time elapsed: 35 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks a lot Rik! Following your advice, I activated System Restore, deleted previous checkpoints using Disc Cleanup, ran a full scan and "system volume info" files didn't show up. But this doesn't keep me from wondering why McAfee decided to scan those files... Is there a way to find out whether they're infected or not?
Last week I noticed that my scheduled scan by McAfee was taking much longer than it should. I checked and saw that an endless stream of files named "system volume information" were being scanned. It took six hours. I'm an old man with little knowledge of computers, but I managed to find out that these "system volume" files had some use for "system restore". This week I disabled the system restore function before the scheduled scan and scanning was finished in its regular one hour. But I don't know what prompted McAfee to scan system volume info files all of a sudden and I don't know whether I did right or wrong by disabling system restore. My OS is XP SP3.
Two months now, my Windows XP indicates "fatal error" and restarts my PC while McAfee is trying to do its weekly virus scan. "Fatal error" occurs when McAfee is scanning "HKU"s. I've asked McAfee and they advised me to uninstall and reinstall their program, which I did but nothing changed. Windows says they can't sort out the error and can't do anything about it.
Yes, I realized it seconds after I had posted my reply to you. I am really very sorry. Thank you so much for your patience and consideration.
I'm so much ashamed and terribly sorry!
I guess I worked too much.
I understand it's a browser problem, but I also used IE6 on Windows98. Anyway, I use these html pages to build MSebooks (using ReaderWorks) for myself. style tag is generally for making first line of a chapter unindented.
Here's what I do:
<html>
<head>
<title>Pagan and Christian Creeds</title>
<style type="text/css">
p { text-indent: 1em; margin-top: 0; margin-bottom: 0; }
p.fst { text-indent: 0em; margin-top: 0; margin-bottom: 0; }
p.note { text-indent: 0em; margin-top: 3; margin-bottom: 3; }
</style>
</head>
<body>
<p style="page-break-before:always">
<br><br><br><center><font size=2>INTRODUCTORY</font></center><br><br>
<p style=fst align=justify><font size=2>THE SUBJECT</font> of Religious Origins is a ...
<p align=justify>There is also in these matters ...
</body>
</html>
Apparently the browser doesn't see <p style=fst align=justify> tag and the line appears with 1em indent on html page and of course in the ebook.
Thanks a lot for your prompt reply. I don't know if above information is enough to give you a better idea.
I'm new to WindowsXP and the following tag which ran perfectly well in Windows98 doesn't work with XP:
<style type="text/css">
p { text-indent: 1em; margin-top: 0; margin-bottom: 0; }
p.fst { text-indent: 0em; margin-top: 0; margin-bottom: 0; }
</style>
I'd appreciate a simple explanation and remedy - if there's any.