Hi, i am here seeking help in removing a very serious virus. Currently i am on the pc by using safe mode with networking as within seconds after the login screen appears, the virus now forces a reboot of the system. i have used malwarebytes a few times but it doe snot seem to help and i must reinstall after each reboot as it throws up runtime errors preventing the program from launching until it is reinstalled.

This pc is not my own but is a friend’s pc and i am currently accessing it through remote desktop. i am attaching the otl logs i have made hoping that it can provide enough information to provide at least some clues as to what hit the pc as currently i have not been able to figure out just what has happened since i have no way aside from safe mode to get onto the system. originally i could not even get the pc to boot until i repaired the boot sector and the master file table.

Here is the extras log that OTL created, the attachment size was to large to post with my original post. Thank you in advance for any help you may be able to provide.

Essexboy is notified. i think he is in bed now, if so he is not back until late tomorrow

This is probably a rootkit, as nothing is showing in the normal launch points. We will need to use the big boy

Download ComboFix from one of these locations: It may complain about running in safe mode but you can ignore that

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Here is the log from the scan, sorry it took so long to get.

One to kill - can you work in normal mode now please

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder:: c:\windows\Fonts\qmmowq

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new OTL log.

Sorry for the delay, the pc messed up and was unable to reconnect for a few days. i am attaching the new logs in this post and my next post due to size.

i did notice the time is off in the logs and is off in general on the pc, most likely due to either safe mode or i was told the pc was hit by a power surge recently as well.

here is the extras log file from otl.

On completion of this run can you let me know how the system is running

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
ipconfig /flushdns /c
c:\windows\Fonts\qmmowq

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.
THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.