How Apple Bonjour almost killed my Windows

Nothing like a day after another day. Right?

 

Yesterday, I saw a process on my system named “mDNSResponder.exe” and I thought:

“Oh no Bonjour again!”

No, it is not a virus. It is a genuine service from Apple Inc. (they digitally signed the file).

Who will be crazy enough to sign a virus? It would be like saying: sue me please!

 

Going back to the main question: WHY DO I HAVE THIS INSTALLED (AGAIN)?

The answer was pretty simple: Acronis True Image 2017.

(Hey! I spent 30 dollars to upgrade it and won a free Bonjour copy)

 

Ok. Let’s remove Bonjour, shall we?

 

The problem, I mean, the program was located in both folders:

C:\Program Files\Bonjour
C:\Program Files (x86)\Bonjour

 

Let’s see what we have there…

mDNSResponder.exe (Service)
mdnsNSP.dll (Winsock Provider)

 

Well, at least it makes sense. Right?

It is a service to locate devices on the network…

 

CAUTION: DO IT AT YOUR RISK, IF YOU WANT!
IF YOU ARE ALREADY IN TROUBLE, SKIP TO THE END.

 

1. Removing the service:

On a command prompt (as admin), just type the commands:

"C:\Program Files\Bonjour\mDNSResponder.exe" –remove
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe" –remove

On my computer only the x64 version was registered as a service.

Pretty simple, no harm is done!

 

2. Removing the Winsock Catalog:

On a command prompt (as admin), just type the commands:

regsvr32 /u "C:\Program Files\Bonjour\mdnsNSP.dll"
regsvr32 /u "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"

Again, pretty simple…

 

Now, it is time to reboot my computer.

(A few seconds later)

Wow, it is back! Seems nothing went wrong.

 

Wait…   Wait…   Wait…

 

3. The symptoms:

Something is happening!
My Skype crashed at launch!

Nah! I am overthinking this, how can it be related?

Wait again! Where is my OneDrive app?

OMG! WHY I HAVE DONE THAT!?

Nooooo! I don’t want to reinstall my computer!

 

Let me look some other apps…

Some work, some not.

 

Even Internet Explorer was not working!

(Ha! I got you, like if that was a big surprise)

 

I spent about 2 hours trying to find what was the cause of the failure.

After gather some data and many trial and error. I finally got some success.

 

(I’m skipping my mistakes to keep the story short)

Backtracking all the errors, I found the main cause was an error related to Winsock.

 

OK! I did remove a Winsock provider, what was wrong with that!?

 

4. Solution

Looking for information related to the Winsock catalog, I finally got here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

 

Interesting, every provider is registered there, so where is Bonjour?

Gone! I removed it! OK, finally something that makes sense.

 

Going deeper I found:

NameSpace_Catalog5/Catalog_Entries: 7 entries

NameSpace_Catalog5/Catalog_Entries64: 7 entries

Protocol_Catalog9/ Catalog_Entries: 15 entries

Protocol_Catalog9/ Catalog_Entries64: 15 entries

 

So, why does the number on the key Num_Catalog_Entries mismatches the number of Catalog_Entries I had!?

 

Was I mistaken? Could it be so simple? Yes, it can!

All I needed to do was synchronize the number of entries in each Catalog and a reboot my computer.

 

Note: The number of entries on each Catalog can change on your system, but the idea is the same…

 

I hope this can help you too.

Leave a Comment

Your email address will not be published. Required fields are marked *