Skip to main content

Can't get rid of popups



  • Customer

    * Please remove these entries from Add/Remove Programs in the Control Panel(if present):

    To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.



    If you aren't really using Logitech Desktop Messenger, you can uninstall it because it's slowing down your computer and it only searches for updates for your Logitech products, but you can update perfect manually without slowing down your computer.


    Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.


    Updating Java:

    • Download the latest version of Java Runtime Environment (JRE) 6.

    • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".

    • Click the "Download" button to the right.

    • Check the box that says: "Accept License Agreement".

    • The page will refresh.

    • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).

    • Close any programs you may have running - especially any web browsers.

    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.

    • Click the Remove or Change/Remove button.

    • Repeat as many times as necessary to remove each Java versions.

    • Reboot your computer once all Java components are removed.

    • Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version.

    * Run Hijackthis again, click scan, and Put a checkmark next to each of these if they still present.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    O3 - Toolbar: Nutshell - {7BA7B95F-9B92-4132-8012-E19B585CAF21} - g:\Program Files\nutshell\nutshell.dll (file missing)

    O4 - HKCU\..\Run: [third soap] C:\DOCUME~1\Bobby\APPLIC~1\SETTIN~1\tons date 4.exe


    * After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.


    * Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


    * Reconfigure Windows XP to show hidden files:

    Click Start. Open My Computer.

    Select the Tools menu and click Folder Options. Select the View Tab.


    Under the Hidden files and folders heading select "Show hidden files and folders".

    Uncheck the "Hide protected operating system files (recommended)" option.

    Uncheck the "Hide file extensions for known file types" option.

    Click Yes to confirm. Click OK.


    * delete following folder:


    C:\DOCUMENTS AND SETTINGS\Bobby\APPLICATION DATA\SETTIN~1 <== the folder that begins with the characters 'SETTIN'


    * boot back to normal


    * Please run Notepad and copy the following text into a new file:


    dir %Windir%\tasks /a h > files.txt
    notepad files.txt


    Save the file to the desktop as findjobs.bat and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on findjobs.bat, notepad will pop-up, post the content of it here with a new hijackthis log.

  • Customer

    You are infected with Lop aka C2Media, adware.lop


    Lop is an advertising program that uses odd names like "listdart.exe" or "tons date 4.exe" or "Meow dupe.exe", it injects code into internet explorer, shows popup ads (often for non-legitimate products/programs), uses a number of ways to automatically reinstall, aggressively fights removal, and automatically updates.



    Download nolop


    save anything you are working on and prepare for a possible reboot

    run nolop.exe

    click the button "search and destroy"

    when it's done it will prompt you to reboot if you are infected.

    click the "reboot" button.


    Post the log which is saved to c:\nolop.log and another hijackthis log.


Please sign in to leave a comment.