getting popup ads from NYM1.Ib.adnxs.com, only when I am in facebook using apps. I have not gotten them at any other time, even when just in facebook, its just when I use the game apps.
I need help removing popup ads
- Thread starter Bjo
- Start date
- Mar 1, 2014
- 251
hello welcome 
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
configure it like this : ("Run Scan"="Analyse") must be pressed after pasting the bold text below under the picture)
if a 64 bits checkbox appears let it checked.
copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan"(Analyse) and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Dont post them in the forum !!!! ( they're too big )
Attach them here or on http://cjoint.com or other site and give the links you obtained.
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
configure it like this : ("Run Scan"="Analyse") must be pressed after pasting the bold text below under the picture)
if a 64 bits checkbox appears let it checked.
copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan"(Analyse) and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Dont post them in the forum !!!! ( they're too big )
Attach them here or on http://cjoint.com or other site and give the links you obtained.
ok complete attaching logs
One more comment on this . g3n-h@ckm@n is not on the list of those who should be helping.. is it ok to be following his directions?
One more comment on this . g3n-h@ckm@n is not on the list of those who should be helping.. is it ok to be following his directions?
- Mar 1, 2014
- 251
No cause they want to test me before accepting me , I'm just Trusted Advisor for the moment
Paste this bold text under "Personnalization" in OTL and Click "Run Fix"
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\S-1-5-21-263363050-1132841584-2172254880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net/
CHR - homepage: http://www.centurylink.net/
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
SafeBootMin: 30340216.sys - Driver
SafeBootNet 30340216.sys - Driver
SafeBootNet: 30340216.sys - Driver
SafeBootMin 30340216.sys - Driver
[2013/04/02 22:32:42 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2014/02/01 08:50:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2014/02/01 08:50:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
:reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
:commands
[ResetHosts]
[emptytemp]
Attach the new log
Paste this bold text under "Personnalization" in OTL and Click "Run Fix"
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\S-1-5-21-263363050-1132841584-2172254880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net/
CHR - homepage: http://www.centurylink.net/
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
SafeBootMin: 30340216.sys - Driver
SafeBootNet 30340216.sys - Driver
SafeBootNet: 30340216.sys - Driver
SafeBootMin 30340216.sys - Driver
[2013/04/02 22:32:42 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2014/02/01 08:50:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2014/02/01 08:50:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
:reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
:commands
[ResetHosts]
[emptytemp]
Attach the new log
- Mar 1, 2014
- 251
IE I use google chrome once in awhile but never saw it in there at all.. and actually since running the fix, I have only seen it once.
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
you have Chrome ? install il in Chrome too https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=fr
can I delete all the other stuff off my pc.. FRST, OTL? I use malwarebytes so I will keep that one.
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
Ok do you want to try this evening and tomorrow and come back to tell me the news about that at the end of the day ?
That sound great to me!!! thanks for the help. Can u explain whats going on though, seems to me like its not on my computer really but in my browser?? By blocking these does it make me safe for no one to get any personal stuff from me?
- Mar 1, 2014
- 251
No it just blocks popups and publicities.
browse until tomorrow evening and if it's good we'll finish by cleaning the tools and little updates
browse until tomorrow evening and if it's good we'll finish by cleaning the tools and little updates
Last edited:
Similar threads
- Locked