Win32/Virut virus..?

Hi,

I recently formatted my computer and reinstalled windows xp. I scanned with avast antivirus and it said that heaps of files were infected with win32/virut. at that point, it told me to reboot my computer, which i did, and it became unresponsive. i booted in safe mode, and surprisingly, my computer worked just fine without the antivirus program. i have to use an online scanner, and it still turns out that i have win32/virut viruses. there is a particular file called uuuj.exe which is a win32/virut virus that reappears at every startup.
here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:17:55 PM, on 12/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Ivinator\HJ\thing.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Flash Module - {DF50F976-592A-47a4-81C7-AD34D5A3A947} - ktasr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


i have tried the grisoft win32/virut removal program, but it said the virus was in the memory and it could disrupt cleaning. it scanned when i restarted the computer and cleaned some files, but the virus files keep reappearing.

i have attached some txt logs of scans..

 

Hi poiisonivyy
Welcome to Major Geeks. Your computer is infected to a degree that it may or may not be possible to recover the operating system. There is a removal tool which I will post for you, but so far when we've asked people to run it, it's been one of those cases where the cure is as bad as the disease. You can decide if you wish to try it here: http://free.grisoft.com/doc/8/us/frt/0/ndi/67762

Otherwise, please try doing the instructions below and we'll try a removal by other means. The results you posted so far showed mainly that you didn't follow the instructions in our READ & RUN ME very well and you're working with a computer that has zero updates. Before you attempt anything else, please begin by getting the current version of Java onto your computer. You can link to it at Java Runtime Environment vs. 6.3 Make sure when you run HijackThis, that it's installed where we request that it be installed. Two of the scans have to be done with Internet Explorer - BitDefender & Panda.

And now, please run this utility:

After you've run Combofix, please follow the instructions and links in the box below!

abri

 

Hi,

Yeahh I ended up formatting borth drives of my computer and reinstalling windows xp. nasty virus.
thanks for the reply =]

 

Thanks for telling us! I think in this case, you probably saved yourself some time. Sorry it came to that. (and DO get your WINDOWS updates!!! and DO get the version of Java I mentioned!) And our How to Protect yourself from malware!
is a good read and has some useful information!
Good luck!

abri