oinadserver problems

lmphil · Dec 8, 2005

Hey guys,

I did all the stuff your sticky told me to do...like run various ad aware programs and whatnot. I also ran hijackthis and used your very informative sticky on that program to clear a lot of malware stuff on my computer...so my computer is definitely a lot safer and cleaner than it was before. Thank you for that. However, what led me to do this is that damned adware oinadserve.com or however you spell it. I have posted my hijackthis log...please help me! It won't go away.

- L

chaslang · Dec 8, 2005

Welcom to Majorgeeks!

Messenger Plus is a notorious cause of malware being on thousands of computers. It can even install a LOP infection. Due to its sneaky nature and affiliation with known malware, it should not be trusted and should be uninstalled via Add/Remove programs.

chaslang · Dec 8, 2005

If you do not use Viewpoint Manager (most people do not), you should uninstall it via Add/Remove programs.

Your Popup blocker from Propel seems to be broken based on this next line:

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll (file missing)

You may need to reinstall it.

This next process should not be running but the normal lines that show how it is loading do not show in your log. We will need to run another couple scans below to see if we can locate this.
C:\WINDOWS\system32\n?pdb.exe

We do not recommend having anything in the Trusted Zone unless you cannot not live or work without it. So if the below does not fit that definition, I would have HJT fix this O15 entry.
O15 - Trusted Zone: *.lsac.org

Generate a StartupList log using HijackThis.
Run HJT and on the first screen, click the button that says "Open the Misc Tools section". In the next window first select "List also minor sections (full)" and then click the button that says "Generate StartupList log". CLick Yes to the Do you want to continue prompt. Now a notepad window will come up with the Startuplist.txt file. It is already saved in the the directory HJT is running from. So just come back here and upload the file as an attachment to your next message.

Now download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

lmphil · Dec 8, 2005

Thanks for your help so far.

Attached are both documents you requested.

I got rid of messenger plus, viewpoint finder, and that popup blocker error thing. When I did my own hijackthis analysis yesterday, I got rid of the n?pdb.exe file you were talking about. Could there be others or something like that? Also, the lsac.org trusted zone I need for my law school application, lol.

chaslang · Dec 8, 2005

You are basically clean! Are you still having problems? If so, follow the directions in the below link:

Running Spy Sweeper

Log in or Sign up

oinadserver problems

lmphil Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

lmphil Private E-2

Attached Files:

startuplist.txt

winpfind document.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member