Oh mighty malware guru's, I come to you yet again for your advice.

Background:
I'm running XP SP3, AVG Antivirus 8.0, and ZoneAlarm.
The other day my antivirus pops up telling me that horrible things have happend and 4 files were quarantined. Then ZoneAlarm pops up and tells me things are trying to communicate out of bounds, ok, so I unplug the PC from the network, and hit it with AVG's Full System Scan. It finds about 20 things, heals/virus vaults the baddies and I restart.

Ok, so I'm not satisfied, Internet goes back in, I go to TrendMicro Housecall, and I can't get it to load up in IE or FireFox. Ok, so I try SafeMode, same deal, except now I'm getting bogus browser redirects when I use IE.

There are also a few programs that claim they have failed to load on startup.
Sooo Spybot to the rescue. It finds a pile of items and kills them all. Ok, good.
I restart and try out housecall again, no such luck

I try system restore and note that there aren't any restore points available, at all... odd. So, I disable system restore and re-enable it.
I scan again with AVG and my computer shuts down halfway through. It actually goes through the sequences of shutting down too, as if software triggered.

Ok, safemode, log in, it shuts down.
Ok, safemode with command prompt, AVG CommandLine Scan. It finds similar entries as I found before and the various baddies are cleaned (I finally save a log file!).

Ok, start in normal mode, ooh, lots of files won't load on startup, including logongui which is why I guess I don't get the welcome screen anymore but instead see the classic login. Ok, everything is locked down, no desktop, not even the task manager will run because Windows is flexing its dangerous program termination muscle.

Loading in safe mode I get a little further, but svchost dies and safemode hates it when svchost dies, a countdown brings me to shutdown yet again.

Ok, back to safe mode command prompt. It works, it doesn't fail, svchost fails but the command line doesn't care unless I acknowledge the failure, so I can run AVG again. There are no issues found this time.

Windows still can't stay open to save its life. So I am at the brink I guess, and I have my XP SP3 recovery disk ready to do a recovery install.
Effectively I can only things that run from the command line, which basically is AVG.

I fear using a Knoppix LiveCD and TrendHousecall will destroy my data because it claims to not fully support write access on an NTFS hard drive.

Which brings us to my issue:

- Most of the net tells me that a recovery install is terrible and will ruin all my personal files, I didn't think this was the case, but I have a lot to learn.

- Should I be trying some kind of command line tools on my system before I do the repair install? I don't want spyware to hijack my repair install and kill everything I hold dear (maybe that's impossible, I don't know).

- Is it even safe to backup my personal files before doing the repair? What if they're infected and kill my other personal files?

I can post my AVG log file, but that's all I have and seem to be able to get. Would that be helpful or is there some other command line tool I can use?

Or do I just do the repair install and go from there?

Thanks in advance for any and all help.
I apologize for not being able to follow the standard topic procedure.

Update:

Not sure if I did the right thing here, but an expert recommended that I backup my documents and settings folder and go ahead with the SP3 repair install.

During the install windows noted that a few things didn't get installed because they didn't pass the windows "valid driver" check, which I didn't mind I guess.

Anyway, as soon as Windows loads I get bombarded with: "logongui" failing, I say "ok" and the message happens at least 10 more times.

Ok, I look this up and I make sure that an entry in my registry is set to "logongui.exe", and it is. Fine.
Ok, so I replace msgina.dll like the common solution also dictates. Fine.

Ok, now Spybot, it finds:
Refpron
win32.Delf.uc
It claims to have killed both.

Restart, ok, logongui can't run, it fails 10 times or something like that before I'm face with the Windows Classic login yet again...grr..

Ok, Data Execution Prevention tells me that it has slaughtered logongui.exe.
Not good I assume.

I have installed Avast and the newest definitions via my handy-dandy USB memory stick and I hope to post the results of that scan post-haste.
Ook... the full scan will take a while, but immediately it found reader_s...

Anyway, I will persevere. Oh, and don't worry, my network cable is unplugged.

Quick update so you guys don't waste time with my old situations:

Windows keeps telling me that my DVD driver isn't compatible and it wants to upgrade it, I ignore this.

Avast tells me I have virus' in memory, still... great, ok so it does its boot time scan and immediately finds two files in my cd burning app (deepburner) that sound legit but are apparently virus'. Ok, so I say repair, it says "can't repair", I say "move to vault" it says "can't find file". I'm not liking avast very much, especially since it's incapable of scanning without getting my input every 8 seconds.

Apparently "move to the vault" is code for "do nothing and don't let anything besides ignore work".

Here's an update on what went on with my boot-up Avast Scan:

- bad things

Basically all my small executable files are showing up as virus'. Win32:Vitro to be exact.

I don't quite trust the results for 4 reasons:
- AVG didn't catch any of them.
- some of the programs (notepad2 for example) work fine and don't seem to be doing any terrible things when executed.
- "Vitro" can't be cleaned from any of the files it's detected in (and they are all executables).
- Even the Avast executables are detected as Win32:Vitro.


Not sure what to do at all now. I'm quite certain that my problem is with the logon malware due to the reaction of my system and my logongui thing not working. Plus, nothing crazy seems to be going on other than when I log in.

So, again, any help is appreciated.

Well a few web searches have indicated that if it says I have win32.virut I am in deep...

Apparently it DOES kill all your executables. I'm following the recommended action to first use Dr WebCureit, then AVG Virut Custom Remover, then Avast all in safe mode.

If that doesn't work I guess I have to format, which sucks because apparently even my backups are too risky to save.

As DrWeb CureIT running off of BartPE powers away at my poor hard drives I have to say this is the first relief I've had in a while.

DrWeb is eating Win32.Virut.56 for breakfast, oh and as a disclaimer to anyone who comes to this topic by means of search: DON'T DO WHAT I DID.

I should have just unplugged my PC and waited for some premium advice.
I probably got Virut as the result of using my PC on the network too long after that trojan downloader hooked me up with this beast of a virus.

Live and learn I guess, I'll be posting the results of my scan as soon as this massive scan goes through.

Side note: I am loving BartPE, totally free, can run Win32 executables, and knows how to handle NTFS partitions.

Ok, latest news:

DrWebCureIt and AVG rmVirut seem to have thoroughly cleaned through everything. I double scanned with both, they are now clean (after they cleaned like... 1100 files on the first run, and found 0 files on the second run).

So, I run the repair install of windows, again...
It freezes on minute 34, restart.

It finishes installing, woo. Boot into windows, freezes at the "please wait" screen, except it's not frozen, the mouse can move. Restart.

It makes it past the welcome screen, no desktop loads, only wallpaper.... ok, task manager, add task, browse, drop-down menu, freeze, grrrrrrrrr. (Mouse again, still can move). Restart.

Same deal as last time, I remember where I put the AVG virut cleaner, I run it. It runs, woohoo. No virus detected... SFC scannow does nothing, I try to run it and it just.... doesn't do anything, says to wait, but that's it.

...so now I'm stuck. Clean, repaired system, that won't give me a desktop.

Any takers? I'd be much obliged.

Woohoo, ok, this is a bit unorthodox, but after running scan after scan via the task manager I decided I'd end every task I could possibly end then try to start explorer.exe. Bam, my desktop shows up for the first time in ages!

Now I'm stuck again, one of the processes I ended allowed my desktop to show up, but which one? I think I still have a trouble-making start up entry.

I'm going to try spybot again.

I also seem to have this odd problem where I can't open text files by double clicking on them, it says I don't have access permissions, but I can open the files fine when I open notepad and drop them in.

I can open images and office documents just fine... but Windows can't seem to install drivers for my usb thumb drive. ....odd.