need some help..log

Hi, I have tried to remove the malware in my computer by using spybot,avg, and the READ & RUN ME FIRST Before Asking for Support and I cant delete it and i was wondering if someone can help me.:cry Also this lsass.exe causes this screen to pop up and it gives me about 30 seconds to have files and then i restarts my computer.
here is hijackthis log:

 

ok i think i have this right this time but i dont remember what one is the right log for the bdscan dont know if its the .log or .txt? sorry but for the avg scan there was no report.

 

my internet window keeps crashing ahhh!!!

 

Hi Rol87!
Very important! We still need you to do GetRunKeys and ShowNew as per the READ & RUN ME tutorial, Step 4. These don't take long.
Please post the RunKeys and the NewFiles logs to your next post.
Thanks!
abri

 

oh crap sorry about that i already had them i forgot to add them here they are :

 

And one of these:

• CounterSpy
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy

Counterspy in safe mode. If it didn't find anything just tell us. If it did, please post the log and make sure you set it to fix everything it finds!! If you missed this one, you can get the link off the READ & RUN ME FIRST thread.

abri

 

i did that but when i whent to report there was nothing to save

 

Did it find anything and if so, did you have it fix what it found?

abri

 

yea it round some stuff and i had it fixed but i just scan again and it keeps coming back

 

Hi rol87 !!

Now to get started! This will take more than one post, so first we'll start with these steps and when you've gone through these and posted the logs we need, we'll do the next set of steps.

As per Step 0 of the READ & RUN ME FIRST, You MUST be sure that MSconfig is not being used to control Startups. Note: That some Window's OSs (like Win 2K) do not have MSconfig!
Please do this now:

* MSConfig Startup Mode:
Please go to Start > Run > type msconfig and click OK!
Select the General tab and select Normal Startup.

Then click Apply and OK and reboot PC before continuing.

Remain in this Normal Startup mode while your PC is being cleaned of malware.


Next, please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\system32\sdadlrow-t2.exe
C:\WINDOWS\system32\sdadlrow-t2.exe
C:\WINDOWS\g4356cbvy63.exe
C:\Program Files\Outerinfo\Outerinfo.exe

After killing all the above processes, click Back.


Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Quote:
O2 - BHO: (no name) - {1167E9A9-0F2B-4FAE-8233-C1A926C190F9} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll
O2 - BHO: (no name) - {33901416-306F-4A2B-86CF-04283DD3A56B} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {33C5FFA6-91E2-4B02-846E-7B6B71E6DB71} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {358BED08-CE9B-4EC0-9D91-A7D652EEE857} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {3EDB5D29-FC94-4A6E-9286-F952F6400C85} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: Microsoft Internet Explorer Helper Class - {58FCC0A4-CB3F-4F17-8DD6-9FF0AE4B08A1} - C:\WINDOWS\System32\CryptUI32.dll (file missing)
O2 - BHO: (no name) - {68F801F9-5C93-41E1-804D-5B24E06F44A2} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {82BA4BC6-7D9A-4DCB-B3B6-48F3DD22D522} - C:\Program Files\Outlook Express\niwyk5555.dll
O2 - BHO: (no name) - {90CE8F2B-7687-4E5C-8925-E423DDBF3283} - C:\WINDOWS\shwol.dll (file missing)
O2 - BHO: (no name) - {9424EF82-783C-482E-A3C5-DA3A77897256} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {CB0C630E-5032-4A33-AB66-5DDF75225ACA} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {DADCCF1B-35A8-4BBB-B54F-CA6F6387124E} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {F171F284-C7AC-4626-B06B-58A28B52BDD9} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {F23AD7E1-4F12-440E-9CDB-160A7DA6D347} - C:\Program Files\Outlook Express\niwyk455101.dll
O2 - BHO: (no name) - {F7072D4E-7872-453E-9C9D-39D45D6505F7} - C:\Program Files\Outlook Express\niwyk455101.dll
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\sdadlrow-t2.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\system32\TISKY008.exe SKY008
O4 - HKUS\S-1-5-18\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" (User 'SYSTEM')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\TISKY008.exe


After clicking Fix, exit HJT.


Okay. Now, please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The AVENGER by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt


Now run Ccleaner!

Did you install the following which is a keylogger?

Please get new logs for ShowNew, GetRunKey and HJT.

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. RunKeys (from GetRunKeys)
3. NewFiles (from ShowNew)
4. HJT

 

Mr

ok i did all of the steps and why when alright except for when i had to save the fixME.reg to the desktop it would always freeze so i just saved it to my documents and then dragged it to desktop. here are the logs

 

as for the keylogger i didnt install it dont know what that is

 

Hi rol87!
We're working on the next part of the cleaning for your computer. If you do anything online that has to do with your credit cards or banking:

 

ok done......

 

ok everthing went fine at first i couldnt remove the outerinfo on the add/remove and now i could every thing seems better thanks everyone here are the logs

 

here is the hjt log

 

Hi Rol87!

Getting there!

Did you install the software Voice Soft?

Please run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: (no name) - {C666CF63-767F-4831-94AC-E683D962C63C} - (no file)
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\TISKY008.exe

After clicking Fix, exit HJT.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as type to All Files. Name the file fixme1.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme1.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

When we're finished cleaning your computer, as a precaution and something you should do regularly, please back up your data.

And once we've determined that your computer is clean, we'll have you set a new restore point.

Let me know how things are going.

abri

 

hey i did the steps but i couldnt find this:
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,

and for the voice soft never heard of it. I also get this ASAP!!!.txt i delete it and when i reboot it comes back.
here are the logs

 

here is the other 1

 

I need to do some more research on these. Will get back to you!
abri

 

rol87!

I think Voice Soft is okay. It may be part of Windows Media Player, so just leave it for now.

For the ASAP!!!.txt, try this:

abri