Pesky Pop-Ups such as 888.com, PartyPoker.com and AdultFriendFinder to name but a few

Welcome to Majorgeeks!

You must follow ALL the steps in the READ & RUN ME and you must follow the directions in it. No logs should be posted inline. They must be attachments to your message.

You need to complete ALL of step 6 of the READ ME and you must attach the two logs from the online scanners. Then attach a new HJT log.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Is the below your expected start page?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lessthanjake.com/

Did you install some kind of screen saver that the below is used for? It is not a required application and should be removed unless you rellay need it.
C:\WINDOWS\NCLAUNCH.EXe

 

First, Goto Add/Remove programs and uninstall this: ltj_screensaver

Now make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\WINDOWS\NCLAUNCH.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {2FFD4FB5-F404-0AF6-822D-BB105FBCD829} - C:\DOCUME~1\ADAMMC~1\APPLIC~1\WINDOW~1\FILE SOAP.exe (file missing)
O4 - HKLM\..\Run: [SignFlawRefLog] C:\Documents and Settings\All Users\Application Data\Two Wma Sign Flaw\aboutwait.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [RoadBurn] C:\DOCUME~1\ADAMMC~1\APPLIC~1\CAMPSE~1\Hide Meal Ace.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Adam McGuigan\Application Data\campsendball <--- delete this campsendball folder
C:\Documents and Settings\Adam McGuigan\Application Data\WINDOW~1 <--- delete this whole folder. You will have to determine to real fullname, BUT DO NOT delete a folder named Windows that is under Application Data. If not sure, just tell me what folders you find that begin with the letters Window
c:\program files\MySearch <--- delete this MySearch folder
C:\Documents and Settings\All Users\Application Data\Two Wma Sign Flaw <--- delete the whole folder
c:\windows\NDNuninstall6_90.exe
C:\WINDOWS\NCLAUNCH.EXe

Additional step to delete files in the Downloaded Program Files folder :
- Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s activex.*
del activex.inf
del activex.ocx
exit

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely!