I have downloaded spybot S&D, registrybooster, and spyware doctor; I have reinstalled avg 9. All find virut. here is the hijackthis log. If I need to add anything else, please let me know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:25 AM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
d:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
D:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
d:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
D:\Downloads\keyfinder.2.0.1\Keyfinder.2.0.1\keyfinder.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
D:\Downloads\erunt-setup.exe
C:\DOCUME~1\all\LOCALS~1\Temp\is-0POQR.tmp\is-U5PCF.tmp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ides.state.il.us/individual/online-services.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6fb64f5e-bbc2-454a-8c59-49755e255100} - nahotifo.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "d:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [seworerema] Rundll32.exe "molukoza.dll",s
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\all\reader_s.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\all\reader_s.exe (User 'Default user')
O4 - S-1-5-21-823518204-308236825-839522115-1003 Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe (User '?')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{647310E1-A86C-4BDA-8261-C0B642919377}: NameServer = 4.2.2.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: migunugo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O21 - SSODL: GootkitSSO - {6924B989-0D62-44FA-8564-2C1A757501C3} - C:\WINDOWS\System32\msxsltsso.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - d:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - d:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 10318 bytes

Your system is infected with a nasty variant of Virut (http://www.f-secure.com/v-descs/virus_w32_virut.shtml), a polymorphic file infector (http://www.virusbtn.com/resources/glossary/file_infector_virus.xml) with IRCBot (http://en.wikipedia.org/wiki/IRC_bot) functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. Virux (http://blog.trendmicro.com/virux-cases-escalate/) is an even more complex file infector which also infects script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.


The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.McAfee Risk Assessment and Overview of W32/Virut (http://vil.nai.com/vil/content/v_143034.htm)

miekiemoes' Blog on Virut (http://miekiemoes.blogspot.com/2008/06/virut-is-back-again-sigh.html).
Virut and other File infectors - Throwing in the Towel? (http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html)
This kind of infection is contracted and spread by visiting remote, crack (http://en.wikipedia.org/wiki/Cracker_(computing)) and keygen (http://wiki.answers.com/Q/What_is_a_keygen) sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting (http://wiki.answers.com/Q/What_does_it_mean_to_reformat_a_computer) and reinstalling the OS.


...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...Keygen and Crack Sites Distribute VIRUX and FakeAV (http://blog.trendmicro.com/crack-sites-distribute-virux-and-fakeav/)

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
What Should I Do If I've Become A Victim Of Identity Theft? (http://www.usdoj.gov/criminal/fraud/websites/idtheft.html#whatifvictim)
Identity Theft Victims Guide - What to do (http://www.privacyrights.org/fs/fs17a.htm)
There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063)
Help: I Got Hacked. Now What Do I Do? (http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx)
Where to draw the line? When to recommend a format and reinstall? (http://miekiemoes.blogspot.com/2008/06/malware-removal-where-to-draw-line.html)

If you insist on trying to fix this infection instead of following our advice to reformat and reinstall your operating system, there are various rescue disks available from major anti-virus vendors which you can try. Keep in mind, even the vendors like Kaspersky say there is no quarantee that some files will not get corrupted during the disinfection process. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove infected files. IMO the safest and easiest thing to do is just reformat and reinstall Windows.

I DO NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image (http://en.wikipedia.org/wiki/ISO_image) file format. Avira uses an EXE that has built-in CD burning capability.
Avira AntiVir Rescue System (http://www.raymond.cc/blog/archives/2008/06/28/free-avira-antivir-rescue-system-cd-to-clean-unremovable-virus/) - Avira's download page (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html).
If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Tools Support Forum (http://forum.avira.com/wbb/index.php?page=Board&boardID=210).
Dr Web LiveCD (http://www.freedrweb.com/livecd/). Be sure to print out and follow the instructions provided in the User Manual (ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf).
F-Secure Rescue CD (http://www.techmixer.com/free-f-secure-rescue-bootable-cd-to-clean-virus-and-malware/) - Rescue CD 3.01 released (http://www.f-secure.com/linux-weblog/2008/06/).
Video: How to Remove Malware with F-Secure Rescue CD (http://blog.misec.net/2008/09/19/removing-malware-with-f-secure-rescue-cd/)
If you encounter problems running the Rescue CD, you can get further assistance at the F-Secure Support Forum (http://forum.f-secure.com/default.asp?sectionid=0).
BitDefender LiveCD (http://www.techmixer.com/bitdefender-rescue-cd-with-auto-update-virus-definition-features/) - Index of /rescue_cd (http://download.bitdefender.com/rescue_cd/)
If you encounter problems running the Rescue CD, you can get further assistance at the BitDefender Support Forum (http://forum.bitdefender.com/index.php?showforum=185).
Kaspersky RescueDisk (http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/) - Index of /devbuilds/RescueDisk/ (http://ftp.kaspersky.com/devbuilds/RescueDisk/)
If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum (http://forum.kaspersky.com/index.php?showforum=4).
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO (http://www.bleepingcomputer.com/tutorials/tutorial114.html). If you need a FREE utility to burn the ISO image, download and use ImgBurn (http://www.imgburn.com/).

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.