The following tool will not necessary fix any or all of your popup issues but will at least provide potentially valuable diagnostic information:
Please
Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3- First close any other programs you have running as this will require a reboot
- Double click NoLop.exe to run it
- Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
- When scanning is finished you will be prompted to reboot only if infected, Click OK
- Now click the "REBOOT" Button.
- A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder and then rerun the program.
Read over the following directions. Ask if anything appears unclear to you.
Clean out TEMPORARY FILES procedures:
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner http://www.ccleaner.com/downloadbuilds.asp
Install Options: - Don't install any Toolbars, or other programs, should it ask you!
- Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Do not run CCleaner until requested later.
We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O4 - HKLM\..\Run: [up mp3 dart safe] C:\Documents and Settings\All Users\APPLICATION DATA\32 Ref Up Mp3\Bash open.exe
O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\Wardak\APPLIC~1\ATOMDE~1\32third.exe
O4 - HKCU\..\Run: [Meal Long] C:\DOCUME~1\Wardak\APPLIC~1\TITLEA~1\KIND WEB SLOW.exe
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
HIDDEN FILES: To make sure you can see all hidden files, please follow the directions
here
SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained
here if needed).
Delete TEMPORARY FILES: Now, use CCleaner to hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):
Run
CCleaner.
FIRST-TIME USE:
Select the
”Options” BUTTON option (top LEFT),
”Advanced” BUTTON, and then UNCHECK the
”Only delete files in Windows Temp Folders older than 48 hours”.
Set back to default afterwards.
Select the
”Cleaner” BUTTON option (top LEFT), if not already selected. Use the
”Windows” TAB up front by default.
- Uncheck ”Cookies” option (advisable)
- Optionally, Uncheck ”Recently Typed URLs” option (potentially still useful)
- Click the ”Analyse” button.
- Thereafter, click ”Run Cleaner” after you have reviewed what it proposes to clean.
***** Clean out the
Recycle Bin for items removed below,
ONLY once you have regained the full functional use of your PC.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
DELETE FOLDERS:
(Use <Windows+F KEYS> and paste the following Search PATH lines to locate.
Windows KEY is located between the <Ctrl and Alt KEYS>.)
C:\Documents and Settings\All Users\APPLICATION DATA\32 Ref Up Mp3
C:\DOCUME~1\Wardak\APPLIC~1\ATOMDE~1
C:\DOCUME~1\Wardak\APPLIC~1\TITLEA~1
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate
- how things are now behaving: any new or remaining apparent issues.