Need malware removal help

I went through the read and run me first thread and I hope I did everything right. I tried to do as much as I could. I would rather do it myself but at some point you have to know when to ask for help! I hope to work on analyzing HJT logs a little more from a learning view rather than trying to fix my computer. So here goes:

I was getting windows antispyware 2006 popups all the sudden and then they were getting worse and varied from that to your system is infected and a french vacation ad.

I ran adware,spybot,ccleaner,windows defender,ewido (avg anti-spyware), and vundofix.exe. Not in that order but I ran them all and toggled system restore.

I ran bitdefender and then I went back and verified that everything was deleted and had to delete the files in the housecall6 quarantine folder and the C:\WINDOWS\system32\winjks32.dll was still there but not accessible due to a program using it.

Then I ran panda activescan and deleted all the guest cookies and then deleted all the rest of the files except for:

Potentially unwanted tools:Application/HideWindow.A C:\hp\bin\FondleWindow.exe and

Potentially unwanted tool:Application/KillApp.B
C:\hp\bin\KillIt.exe

I really want to know if I have to do anything else to get this stuff out of my computer or if through a great walk through I managed to do this myself.

Here are the first three log files:

 

If you need anymore info than this I will get it as soon as I can.
The popups seem to have stopped for now but I will reboot and give it a work out for a while.
I feel violated and not real trustworthy of my pc right now!
Thanks!!

 

Seemed okay last night but today AVG picked out Yazzle11620inAdmin.exe in Crogram files/common files.

What do I need to remove this?
Thanks

 

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Download and install Sun Java Runtime Environment 5.0 Update 9




Download

- Pocket KillBox
- Process Explorer

Extract each to their own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)




- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of winjks32.dll once and then click the kill button. After you have killed all of the winjks32.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of winjks32.dll and kill it. (If you do not find the dll, just continue on.)

Repeat both of the above steps for the following DLLs

Now just exit Process Explorer.





Run HijackThis. Click the 'Do a system scan only' button.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.






Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.






Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.[/QUOTE]

 

I got some of this out yesterday on my own but I completed the rest of the tasks and here are the files.

1 more problem now is that my desktop is smashed down on the top and bottom after rebooting. If I switch to 800x600 it's fine but at 1024 it's smashed. Computer seems to load a little slower but that could be my fault.

 

Please be a little more specific which bits of my fix did you run and what other stuff did you do, Did you delete any files ?

Your logs look clean now, but Im not sure whats effecting your resolution, do you have a widescreen monitor what does it looklike on 1024 x 768 ?

 

Sorry for the delay in responding. Been really busy!!

Okay I ran everything you said but did not perform some of the tasks because the files were not present. I did have to delete one file manually that was missed.

As for the screen, another reboot solved the problem. It was like someone smashed it between their hands from the top and bottom. Not real sure myself what caused this but it's all better now!!!

PC has been running great for the last 2 days and I couldn't be happier!!

Thanks a million!!!!
Your help was much appreciated!!!
Even my wife thanks you!

 

Glad we could help!

Have a read through this thread and lets see if we can keep it clean!

How to Protect yourself from malware!