hi all im new here don;t know much but here my problem

[tenjake]

i have about 7 malware on my pc im useing it in safe mode right now i have been told to reinstall my windows pro 64bit cause of this i have try many of the programs on the forum but none of them work for me cause when i start my pc in normal mode when it get to the screen after the windows logo my screen is black i don;t know what that is after that my pc freezes on the black screen then when i restart it goes to the normal mode for a bit then it crashs then restarts on its own i try combofix as u can see the attach below i don;t know if i can reinstall the os cause i don;t have a OS cd but i do have a disc for the drivers but no OS disc my questin is and yeah i can;t restore my pc i try that there a error i think a system rootkit error is what i get when i try to restore it and it cost like a 140 bucks for a tech guy to do the reinstall for me i don;t wanna pay that price cause i think that is a rip off so im runing my pc in safe mode so help don;t flame me or say dumb stuff i just need help thats all thanks

[Pondus]

follow the guide and attach the logs....not copy and paste    http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

[essexboy]

Hi that is a possible MBR infection

Run this programme before running OTL, once run then run an OTL scan

 Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
• Then click on Change parameters.
   
  
   
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
  
• Click the Start Scan button.
   
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Get the report by selecting Reports

 

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

Please copy and paste its contents on your next reply.

[tenjake]

these are the problems i have on my pc i don;t know what to do next u ask me to post them here here you go

[Pondus]

also Malwarebytes and aswMBR logs.....
did you run  TDSSkiller as instructed......post that log also

[tenjake]

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.05.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
JACOB :: JACOB-PC [administrator]

Protection: Disabled

11/4/2012 11:16:54 PM
mbam-log-2012-11-04 (23-16-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380038
Time elapsed: 1 hour(s), 16 minute(s),

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4732 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end) this is the i save it to  my notepad

[essexboy]

20:56:23.0299 0896  C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe - copied to quarantine
20:56:23.0299 0896  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:56:23.0359 0896  C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe - copied to quarantine
20:56:23.0359 0896  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:56:23.0389 0896  C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe - copied to quarantine
20:56:23.0389 0896  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

You have quarantined some legitimate files these programmes may no longer work

Could you now run a fresh OTL scan please so that I can see what remains

[tenjake]

i didn;t know what i was doing cause im no good with software or programs i only know about one thing and that is gaming

[essexboy]

You need to follow the instructions I post, as some of these tools I use can be dangerous if used wrongly

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
FF - prefs.js..browser.startup.homepage: "http://start.bramjnet.com/vb/"
FF - prefs.js..browser.startup.homepage: "http://start.bramjnet.com/vb/"
FF - prefs.js..browser.startup.homepage: "http://start.bramjnet.com/vb/"
FF - prefs.js..browser.startup.homepage: "http://start.bramjnet.com/vb/"
[2012/10/18 17:01:14 | 000,000,000 | ---D | M] (Printing Helper) -- C:\Users\JACOB\AppData\Roaming\Mozilla\Firefox\Profiles\ks6unsik.default\extensions\kvmrytygsq@kvmrytygsq.org
O2:64bit: - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[tenjake]

this is what i got when it rebooted after it loads after the wins logo my screen turn black and stay black it don;t even change or anything until i have to press the power button for it go back to safe mode again

[essexboy]

OK from safe mode select a restore point prior to the one OTL made and let me know if you can return to normal windows

[tenjake]

it worked now im runing in normal mode thank you but now i can;t run or download shockwave  player or java at all it says this C:\User\JACOB\Download\jre-7u9-windows-x64.exe for java and same for shockwave player or shockwave flash  this download fine but i can;t open them at all this is Java C:\User\JACOB\Downloads\chromeinstall-7u9 (3).exe its saying this The extended attributes are inconsisten i didn;t know what do that means the avast sandbox thingy pop up when i try to open these files

[essexboy]

OK there is more here than meets the eye

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now