Mozilla Firfox And Winsock

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below exactly as written:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Sorry but you did not run all the steps of the READ ME FIRST according to your HJT log. I see no signs of the BitDefender and RavAntivirus online scans being run.

Is this log from safe mode.\?

You have no AV, no firewall, and have a very old OS.

 

What tools and what versions are you running? You need to make sure you have what we give in the READ ME FIRST.

AV = antivirus

Firewalls and AV's are recommended in the below, but we will do this later:

How to Protect yourself from malware!

 

Yes that is what you will have to do. Make sure you use the links in the READ ME FIRST to download from. Then you will have the proper versions. The only problem you will have is getting the updates if you cannot get online on the problem PC. For things like Ad-Aware SE and Spybot S&D, the updates can be download and installed manually too.

 

I do not believe this is a malware problem. It would be better to approach that problem in the Software Forum. You can look at the below threads to see if they are of any use too:

http://support.microsoft.com/kb/q294728/
http://www.annoyances.org/exec/forum/winxp/t1031315908

You should have posted your HJT log as requested so we can also identify any malware related problems.

 

It may still be worthwhile checking your log for other problems. As I said in my previous post, the other problem is more than likely not malware.

I see you posted in the Software Forum. Did you look at the links I gave you?

 

You are way out of dates with your Windows updates and that is a big problem. You must get updated. Which means you still need to follow ALL the steps in the How to protect thread I gave to you. You also still have no firewall.

Are you using some kind of libraries from PJ Naughter: http://www.codeproject.com/library/pj.asp

The below lines in your log is what I'm questioning:

C:\WINDOWS\System32\MsBAfd.EXE
O23 - Service: MS Service (MSHelper) - PJ Naughter - C:\WINDOWS\System32\MsBAfd.EXE

 

I was asking if you run something by PJ Naughter. Do you? I did not say to remove it. I just wanted to see if you new what it was. I never saw it before. You cannot just delete it that way.

You do not have WinXP SP1. You have WinXP. Look at you version shown in your HJT log. You have IE SP1. You must purchase a valid license so you can get upgrades.

 

I would say you should goto any retail store and purchase a copy. Watch for sales. The other alternative would be a reputable online mail order store. Ask this question in the Software Forum. I'm sure you would get a load of responses.

You still have not directly answered the question about PJ Naughter. Do you use or want it?

 

Ask about the Key Code thing in the Software Forum but it will probably cost you the same amount. Also you really want to buy something where you have the original bootable XP CD. It would be even better if you just bought WinXP SP2 on CD. Without a bootable CD you could eventually have problems that require a CD to repair it and you would still be up a creek without a paddle.

Do you want to remove the PJ stuff since you do not know what it is?

If so, first run Control Panel, Add/Remove Programs and see if you can find it in there. Let me know.

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to MS Service (or look for MSHelper) Then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

MS Service

If that does not work, look for: MSHelper

After doing the above exit HJT this and if told that you need to reboot to complete the process, do not reboot yet. We will restart HJT to use different options in a few lines.

As a double check, Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O23 - Service: MS Service (MSHelper) - PJ Naughter - C:\WINDOWS\System32\MsBAfd.EXE


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\MsBAfd.EXE

Now reboot in normal mode and check your HJT log to make sure that the service no longer shows.

 

Okay! So how is everything running now?

 

Hmmm! You never said anything along the way that you had made hardware changes.

Oh well! Problem solved now and your PC is cleaner too?

 

Most of what we recommend is in: How to Protect yourself from malware!

Also I recommend Ewido Security Suite

For you girl friends computer run the READ ME FIRST and also do the below. If still having problems afterwards, start a new thread and make sure you indicate what you have already run.

- download Nail/Bolder/Aurora Remover 0.3.1 Beta and save it to its own folder like c:\ABIremover
- Now extract the abiremover.exe file from the ZIP file into the folder you created but do not run the EXE yet.

- Now while still in safe mode, run the abiremover.exe but make sure you are physically disconnected from the internet (unplug your cable to be sure). Just click install, wait (explorer window will disapear)

- When abiremover finishes just reboot into normal and see how things look.

 

Each PC on the network must have a unique name.