Impossible to solve?

Hi,

Had some friend over yesterday, IDIOT friends that wouldn't listen to me when I told them to not mess around on the internet.
I shutdown the computer after they left, didn't notice anything weird until this morning when I booted it up.
I was updating Kaspersky when the Pc suddenly frooze and the harddrive made a couple of weird boot-ish sound. It rebooted by itself and wanted to run CHKDSK but it never made it tru the 2nd step, just sat there @ 0%.
So I turned rebooted and skipped chkdsk, everything booted fine but I noticed something weird in the taskmanager. Kaspersky also found this which it deleted: Trojan.Win32.small.mc

Here's a screenshot I put together:
http://img520.imageshack.us/img520/3517/helphelpvl1.jpg


I have read the FAQ but I can't even get tru step one, I can't even type the name of the app before explorer crashes and reloads. Samething with this app: H---I------j---ac--ks T-his , can't run that either, tried to rename the app but no luck.
I can't reboot in safemode either, it just sits there with a blackscreen.
I've cleaned out every possible temp folder that I could find.
Dunno what else I can do since the apps I wanna use to solve this crashes and I can't boot in safemode. (

So, is format c the only way out at this point?

Thanks!!
Rob
Ps: This site looks really(!) resourcefull, I'll continue to look around, hopefully someone have had a similar problem that got resolved.

Edit: Thank god, I tried to post this thread multiple times but it wouldn't let me for some reason.

 

Update 1:

Manged to boot into safemode via msconfig.
Still can't run Hijackthis (on another pc right now so I can type it )
I used Killbot to try and delete the said files, they appear to be gone now but if that was the case shouldn't I be allowed to run Hijackthis and CCleaner?

If you look at the screenshot I posted you see that the "weird" .exe file is being run by another user, "ioPVHKMXdOlt". How is that being done? I only have one account on my pc, well two if you count admin in safemode.

 

Don't mean to bump the thread but I can't edit my previous posts.

Rebooted into normal mode and the files showed up again.

I was able to run Silent Runners, attached the log, didn't see anything of use tho. :/
When I run apps as, I get this little box
http://img104.imageshack.us/img104/7075/usersys4.jpg
There must be away to remove that user and gain controll over the malware.

Also, when I click on properties on the "weird" .exe files and look at the certificate by clicking on properties/advance(info,( I don't know squat about this btw) I tried to remove it and it said it that the certificate was a serie linked together, I was unable to delete it, apparantly had no permission to do so.

Cheers
Rob

 

Hey,

I managed to get into "C:\Documents and Settings\ioPVHKMXldQlt"
I deleted the files within the folders , the certificets and whatnot.
Then rebooted into safe mode once again, I was then able to run Hijackthis and CCleaner without any problems what so ever! :-D.
I didn't see any weird files there, I have also used Search & Destroy, CounterSpy, PAVARK and TrendMicros Sysclean.
Again, just some cookies where found nothing too alarming.

I can not log in to the ioPVHKMXldQlt account nor does can I remove it because I can't see it under the useraccount tab.
I can log in as Admin in safemode, so no problem there.

The CYC.exe file located here "C:\Program\Delade filer\System"
Doesn't mutate/duplicate anylonger, it just sits there as a hidden file that I'm unable to delete, even with Killbot. And it no longer runs in the taskmanager when I boot up.
So it looks like we are making some progress here.

I will run the program you suggested, will also go tru the READ ME faq once again.
I'm very curious as to what this malware/virus is and what it does.

I'll get back to you asap.
Thanks for helping out!

Rob

 

Problem solved! (I hope)

So I found this command doing a google search, "control userpasswords2"
Pasted it into Run and managed to delete the malware account.
I was then able to change the settings on CYC.exe so it would let me delete it, so I hit delete and poof it was gone!

Everything is back to normal now I hope!

Cheers!
Rob
Ps: Oh Gromozon Rootkit Removal Tool didn't find anything.