17pholmes1001186/mrofinu1001186 impossible to get rid of =(

I've done almost everything from the read and run me. I only couldn't run combofix and mgtools. Combofix simply wouldn't run, and mgtools says windows can't find getlogs.bat.

I have attached SASlog and MBAMlog to this post.

Is it possible to save my computer? I fear that my only option may be a reformat... Please help me, Major Geeks!

 

OK. Both files were downloaded from the read and run first thread.

1) combo-fix.exe will not run even on safe mode. When I try to enter the /killall command it only shows a status bar filling up and then the process shuts down and nothing happens. The same thing happens when trying to open the .exe directly.

2) MGTools was saved to my C:/ Drive. I get two pop ups. The first one says "Windows cannot find 'GetLogs.bat'. Make sure you typed the name correctly, and try again. To search for a file, click the Start button, and then click Search." I click OK and the second message says "Failed to run GetLogs.bat, working dir = \MGtools (check to see if this file is in the EXE)".

A folder named MGtools was created on my C drive, but none of the files in there seem to work... They give the same first error message mentioned above.

About my problem, sometimes 17pholmes shows up in the task manager on starting windows, other times it's mrofinu, sometimes it's both. They always appear accompanied by a DIL#.tmp

So what next? Thank you very much for your help, BTW.

 

oh boy...

""Windows cannot find 'cmd'. Make sure you typed the name correctly, and try again. To search for a file, click the Start button, and then click Search."

This is bad, isn't it?

Oh and I'm using Windows 32-bit (Home Edition, SP1)


EDIT: I just found a copy of cmd.exe I had. Here's the flist.txt

 

Hey, chaslang. I had a copy of cmd.exe in my documents folder. I think some process that I ran before had quarentined the original file. But MGtools worked now, the .zip has been attached.

I guess I should tell you that during this interim I ran NOD32 and it tried to clean and then quarentined pretty much every .exe in my system. They are all infected with a Win32/Virut.AV virus (a couple with Virut.AT)...one .exe has a Korgo.U worm... Also, a lot of .htm and .html files are infected with Win32/Allaple.Gen worm (in order to post here I had to restore a supposedly infected html file for firefox to launch)... And NOD32 seems to have contained mrofinu.exe and 17pholmes.cmt, which it says are probably a variant of TrojanDownloader.Agent.BLS trojan, and the DIL.tmp files, which show as probable variants of TrojanDownloader.Small.IAW trojan. An .exe with Spy.Agent.PY trojan was also found. Too bad I can't get NOD to generate a .txt with the log.

So it looks like all my system is pretty much screwed. Is this completely cleanable? It looks like reformatting is my only option. If it is, do you have any advice to avoid getting infected again? I plan to make a back up of music, picture and movie files, a few word files and some .zip and .rar files. I'm sure as hell staying away from executables and other system files. I guess scanning the files that I intend to keep with NOD would be a good idea, huh?

And again, thanks for all the support.

 

Even NOD can get infected... Well isn't that something, geez.

OK, well thank you for all your help. I'm sorry for sort of wasting your time with the previous posts, but I certainly learned a lot. You know, I've used this computer for four years with no antivirus or anything and never had a problem until this thing came out of nowhere.

Oh well. About that partition thing, is there a guide here that could help me to delete and create new partitions as you say? Because I have no idea how to go about that. Thanks again.