Have you just downloaded and installed this?

YazzleBundle-1264.exe

Nope, I don't even recognise the name from anywhere.

Just checking since the infection has reinstalled itself again it seems.

First delete this file:

C:\WINDOWS\YazzleBundle-1264.exe

Then again look in your add/remove programs for any of these:

Oin
OuterInfo
Yazzle by OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Cowabanga by OIN
PuritySCAN By OIN
Snowballwars by OIN
ipwins
Zolero
Tizzletalk
MediaTickets
Forethought
Quicklinks
PSLister
or anything similar with Oin or Outerinfo in it.


If any of those names are found, click on it, and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan


If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed:
Uninstaller
Reboot when done and delete this folder if found:
C:\Program Files\PurityScan


Then run Combofix again, and when done, please post the log from that plus a new HJT log.

Sorry a little slow..i have been busy with school.

I have deleted the file. and here are the logs. I haven't gotten a popup however in about 4 days.

Run HijackThis , select to do a "system scan only" and then place a check beside each of the following:

Now first close all windows and browsers other then HijackThis , then click Fix checked and close HijackThis.

After that reboot your pc.


And you have just used msconfig, did you disable anything? If yes, then please re-enable them again or I can't see them, and fix them if needed.

To enable all startup items please follow these instructions:

• Start | Run | type msconfig | OK
• If not already selected go to the General tab.
• Under Startup Selection select "Normal Startup - load all device drivers and services".
• Click Apply and then Close.
• When given the option to restart or not , please choose to not restart the computer.
• Post a new HJT log when you are done.

Restarting isn't necessary because they will show in an HJT log anyway , and this way the malware doesn't become active.

Done everything succesfully..and yes i disabled a couple programs I wasn't using anymore. But I've re enabled it again and here's the log.

The Purityscan infection is finally gone. It was being very stobborn this time.. but its gone now.

Looks like these where the ones you disabled?


O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153790911\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [KCeasy] C:\Program Files\KCeasy\KCeasy.exe /hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

They are all legit so they don't have to fixed. You can disable them again if you want or remove them with HJT. That wont effect the programs and they can still be normally manually started when needed.


How is it going with your pc now? Any problems left?