Please help...

To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Is there a reason you did not run the Symantec online scan?

 

You versions of Windows and IE are very old and represent a major security risk. After we fix your current problems, you must get your system updated. I see some signs but not all of the signs of an HSA hijacker.

You must remember that ALL browsers must be shutdown before running HijackThis. You had the below running:
C:\Program Files\Internet Explorer\iexplore.exe

If you do not remember to do this, you will make it difficult to impossible to fix your problem.

Let's try a simple procdure first, since you do not seem to be too badly infected.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKCU\..\Run: [profmap] C:\WINDOWS\System32\profmap.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crut.exe (file missing)

After clicking Fix, exit HJT.
Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

In step 2 of the Getting Prepared section of the READ ME FIRST, we asked that you stop and disable any of the three services listed. You must go follow that step so that HijackThis can repair the O23 line.

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crut.exe (file missing)

Please go back and do that now. And then after that follow the steps below!


Please run HijackThis click on the "Open the Misc Tools Section" button on the open page. Then select "Delete an NT service" on the left-hand side. A "Delete a Windows NT Service" window will pop up. Try entering the following into the box and then click OK:
Network Security Service (NSS)
If that does not work try entering the short name: 11Fßä#·ºÄÖ`I
You will need to cut and paste the short name since the characters are not easily typed. Then reboot and let's see if the service is truly gone.

 

Ok! Your clean now. To help keep you that way, make sure you complete all the steps in the below:

How to Protect yourself from malware!

 

Thank you for the compliment! Happy safe surfing!