some one help please

Welcome to MGs!

Well this is all covered in one of our stickies you should have read:
READ & RUN ME FIRST Before Asking for Support

But I'll give you something to run to go after SpywareStriker. Hang on a few minutes for my next post.

 

Download the attach GetRunKey119.zip to your PC someplace you can locate it. Then extract the files from the ZIP. Locate the getrunkey.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) . This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment.

This will help us in our on going fight against malware. After posting the above log continue on to run the steps in the below link and when it completes, post the requested smitfiles.txt log as an attachment.

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

 

You are supposed to attach the log from getrunkey. It is not supposed to removed anything. It is a log to find the problems. Please follow the directions and attach the log.

Then complete the steps with SmitRem and attach the smitfiles.txt too. Make sure you donwload SmitRem.exe from the link in my message. Even if you already had it downloaded, download it again and use the new version. Delete any old copies you had first.

You must follow our directions and only do what we request and you must attach the logs we request. We cannot help you if you do not help us.

 

You are using Msconfig to stop a bunch of items from loading at startup. Some of them you should actually uninstall completely. It would be best to first select Normal Startup (not use msconfig). Then use Add/Remove programs to uninstall
MyWebSearch Email Plugin or MyWebSearch or MyWebSearch Bar or anything else from MyWeb or MyWay
Viewpoint or Viewpoint Manager

You did not run SmitRem per the directions indicated in the link I gave to you. Or you did not re-download and use the version in the link. It you did, your problem with Spyware Strike should be resolved. It is VERY IMPORTANT that you download the tool again. It was just changed recently to fix Spyware Strike. I still see a couple items in your registry that relate to this that should be fixed by running the new SmitRem tool.
Also the tool MUST be run in safe mode as the directions indicate. Are you running it in safe mode.

Also make sure you have viewing of hidden and system files enable per the READ ME and tell me if you see the below files:
c:\windows\system32\netwrap.dll
c:\windows\system32\waitwain.dll

 

Huh! I don't know what you are saying!

Yes I can what? Are these supposed to be two different sentences?

 

You did not post the log!

You should also re run GetRunKeys and attach a new log from it.

 

They showed in the runkeys.txt log (look in it) as being stopped from running by msconfig. Run msconfig and look at it it. You probably have them unchecked. Maybe you already uninstalled them at another time?

 

Actually I never asked for a HijackThis log. You must run the standard cleaning procedures in this Sticky thread READ & RUN ME FIRST Before Asking for Support before posting HJT logs.

You SpywareStike problems appears to be gone. If you are having other problems, the full sticky should be followed so we can uncover any other possible hidden malware. HijackThis is not a malware scanner and only shows a limited amount of info. HJT logs can infact be clean while a PC is badly infected.

 

I need to see the PandaActiveScan log too. Please attach it.

Are you saying everything is working okay now?

I do see two files from you BitDefender log that you should make sure were delete. Look for the below and delete if found:

C:\WINDOWS\system32\zzjluyjk.dll
C:\install.htm

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Boot into safe mode and find and delete (tell me what you find):
C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\SYSTEM32\FLEOK
C:\WINDOWS\system32\wiatwain.dll

Reboot into normal mode and then do another PandaActiveScan. How do things look now.