Purityscan Removal

Could somebody help me with this?

 

here's some more.

 

Somebody also recommended ComboFix in another post, so here's that log.

 

The steps in the readme have stopped the internet ads from popping up (Outerinfo), but Symantec Antivirus keeps displaying warning messages. Thanks to all you out there that help people with these problems.

 

Hi ForTozs,

If you double click on your CounterSpy.txt file, it will open in Notepad and you can scroll down a little ways and see what Party Poker is putting on your machine. Do you really want this?

You need to re-run CounterSpy and this time Quarantine what it finds. You ignored everything including the PurityScan infection it found! Please attach a new log after the new scan.

Please go to add/remove programs and uninstall the following:

PartyPoker
PartyPokerNet
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1

More in awhile.
abri

 

doh! Well I scanned it again and for the first time my Symantec Antivirus hasn't popped up. Making real progress. Here are the new logs. Tell me if you need any other logs. I am amazed at the volume of help this site is giving each day. Keep up the good work!

 

Just as everything else seems fine, now my "My Pictures" folder seems to want to lock up when I try to view it with thumbnails. Does anyone know what may have caused this and how to fix it? Thanks.

 

Hi ForTozs!!

What is in the following 2 folders?

Do you ever use the following program? If you don't recognize it, you probably don't use it and we will uninstall it in the next fix. Old Javas are entry points for malicious software.

abri

 

Also, what is in this folder in your Windows directory??

thanks!
abri

 

Thanks for the suggestions. I'm not sure what those are, so I have deleted them. However the temp\cpna folder is not showing up (showing hidden and system files). I also removed the strange windows folder, which was empty. My computer is acting adware free now which is great, but I am really worried about how the system is running now. The my pictures folder locks up when I have it set on thumbs, and the system is running slow as a whole. I'm afraid maybe the regisrty has gotten messed up, but if I were an expert I wouldn't be on this site. Thanks for al your help, and if you have any ideas, they would be greatly appreciated.

 

Hi ForTozs!!

1) We are finished with CounterSpy now. Please go to add/remove programs and uninstall:

- Viepoint Media Player
- Sunbelt CounterSpy
- IBM 32-bit Runtime Environment for Java 2, v1.4.2


2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger



3) Please run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Wwvhstrv] "C:\Documents and Settings\jtilley\Application Data\?ppPatch\r?ndll.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\jtilley\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Sdre] "C:\WINDOWS\CROSOF~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Ncvaufyr] "C:\Program Files\Common Files\??sembly\??chost.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

After clicking Fix, exit HJT

5) Now download The AVENGER by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt


6) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


7) After you complete the above reboot once more and then attach the following logs.

* HijackThis Log
* ShowNew Log
* GetRunKey Log
* Avenger Log


Let me know how your computer's working!
abri

 

Here are the new logs. You may notice a recent install of MySpace IM and possibly some utilities recommended on this site. Some of the things you had me fix with HijackThis were already gone. My computer seems to be responding better. At least it doesn't lock up in the "My Pictures" folder, although it still seems slower than usual. Maybe a fresh reboot will help. Thanks for all the help.

 

And here is the HijackThis file.

 

Hi ForTozs!

We missed one thing. Please rerun The AVENGER by Swandog469. It should still be on your desktop!

* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

Please post the avenger log to us after you've finished and let us know how your computer is running.


If youi're not having any other malware issues, you're ready now for some last clean-up steps.

abri

 

I ran avenger again. It gave a message like "could not find the specified file, would you like to create one". I think those folders might already be gone. I am now getting a message that says from a red balloon, "virus protection is currently turn off, click here...." My antivirus does eventually come on and the balloon disappears. Not sure if thats a problem or not. I will uninstall the unneeded programs now. I am still concerned about the thumbnails not working in the "My Pictures" folder. I'm afraid I may have deleted something that I shouldn't have. Do you know of any essential files I might should check for. My other idea is that I am using windows defender now, and it has some processes (Microsoft run DLL as app and others) that are "not yet classified." I'm not sure if that could be causing my performance issues or not. Thanks again.

 

Hi ForTozs!

I would like to see a fresh newfiles.txt log to make sure those two files are gone.

I don't think the MyPictures thumbnails freezing up is caused by malware and I think it can be fixed with the cd or by reinstalling it (making sure your pictures are safely backed up first!!). However, I would ask that you post in the software forum about this to get more exact information as to the best way to go about it.

abri

 

Sorry, I've been busy the last few days. You were right. Those temp files were not successfully deleted by avenger the first time, but the second time seems to have done the trick. Here is the new text file.

 

Hi ForTozs!
Your computer is free of malware. The Thumbnails could have a number of different reasons, but I think you will get the best help on that in the software forum. As for Nortons, if you're running both Norton's and Windows Defender, both of these take a lot of resources. Consider testing this by uninstalling the Norton's and installing either AVG-free or Avast-free and see if this gets rid of the speed problem. If it does, then decide if you want to reinstall Norton AV or not. It may not make any difference, but it might. Whatever you decide to do in terms of antivirus, make sure there is only one in the end. If this does not help with the speed problems, I would recommend asking at the software or hardware forums for some diagnostic help and tools to see if you can locate where the problem lies.

Please follow the instructions below to remove the tools and logs created during the malware cleanup.

abri