I followed all Instructions. Please help.

I'm getting tired of pop-ups. I used all the programs that are in the stickies and did everything listed. Now, my Norton Antivirus kept saying I'm getting intrusion attempts and more pop-up. I can't even watch movies, play games without getting pop-ups to ruin it.

Just want to get some last help before I format and reinstall window again.

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Now, please follow our standard cleaning procedures which are necessary for us to provide you support.

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

Update with files.

 

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

Here's the log. Right after I've done it and booted back to normal, softwareonline.com ads pop up.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

O4 - HKLM\..\Run: [084c0f6g.dll] RUNDLL32.EXE 084c0f6g.dll,b 6941718
O4 - Global Startup: palstart.exe

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Click Start > Run > type services.msc and Click OK

Locate Local Security Authority Subsystem Service (lsass) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\scvhost.exe

C:\Documents and Settings\YOUR USERNAME\Start Menu\Programs\Startup\palstart.exe

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

After you complete the above, reboot to normal windows and procede with the below...

Finally, I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above, reboot and attach a fresh HJT log and let me know how things are running.

 

I have done everything and so far so good. Giving it an hour to see if there's any pop up.

Also, I didn't see the file scvhost.exe in the windows directory nor the palstart.exe

Adware and sd didn't find anything either. Hope this work out.

 

Your HJT log is clean, are you having any further problems?

 

Thanks alot! It's very stable now and I haven't have a pop up yet. Well, again thanks alot!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!