I seem to be infected by Virtumonde!!
Here is my Kaspersky report

Tuesday, August 28, 2007 6:35:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/08/2007
Kaspersky Anti-Virus database records: 394397


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Memory


Scan Statistics
Total number of scanned objects 2372
Number of viruses found 4
Number of infected objects 53
Number of suspicious objects 0
Duration of the scan process 00:02:09

Infected Object Name Virus Name Last Action
[536] winlogon.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[536] winlogon.exe => C:\WINDOWS\system32\cryC71.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped

[596] lsass.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[744] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[808] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[872] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[916] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1000] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1264] explorer.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1264] explorer.exe => C:\WINDOWS\system32\cryC71.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped

[1264] explorer.exe => C:\WINDOWS\rqpnnm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped

[1264] explorer.exe => C:\WINDOWS\mlifef.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped

[1328] spoolsv.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1640] hpgs2wnd.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1656] iTunesHelper.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1676] pdesk.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1684] jusched.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1704] GoogleDesktop.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1764] ctfmon.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1784] msmsgs.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1800] GoogleToolbarNotifier.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1820] wcescomm.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1900] hpgs2wnf.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1912] GoogleDesktop.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1956] LastFMHelper.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1988] SnagIt32.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[2032] winmysqladmin.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[252] aawservice.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[348] rapimgr.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[412] apache.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[464] GoogleDesktop.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[648] AdskScSrv.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1156] mdm.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1060] TscHelp.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1532] apache.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1548] SnagPriv.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1080] mgabg.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1600] mysqld-nt.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[2068] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[2084] devldr32.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3160] mDNSResponder.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3544] iPodService.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3808] alg.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[408] svchost.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3988] iexplore.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3988] iexplore.exe => C:\WINDOWS\system32\cryC71.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped

[3988] iexplore.exe => C:\WINDOWS\WebAssist.dll Infected: not-a-virus:AdWare.Win32.BHO.cz skipped

[3512] EditPadPro.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3216] tmpF.tmp.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[1068] AcroRd32.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3276] iexplore.exe => c:\windows\system32\geeddca.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped

[3276] iexplore.exe => C:\WINDOWS\system32\cryC71.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped

[3276] iexplore.exe => C:\WINDOWS\WebAssist.dll Infected: not-a-virus:AdWare.Win32.BHO.cz skipped

Scan process completed.



and here is the Hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:17 μμ, on 28/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\xampp\mysql\bin\winmysqladmin.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
c:\xampp\apache\bin\apache.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\mgabg.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\Documents and Settings\contact7\Application Data\tmpF.tmp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/internet-work/HOME/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = VBS001_demo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {357e7739-1538-4bb4-a1f5-e6621116f739} - C:\WINDOWS\system32\cryC71.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6843e6f4-7792-4fb3-b811-3b550d620109} - C:\WINDOWS\system32\iisdit.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp11.tmp.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GBMLite7Agent] C:\Program Files\Genie-Soft\GBMLite7\GBMAgent.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\mlifef.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [GBMLite7Agent] C:\Program Files\Genie-Soft\GBMLite7\GBMAgent.exe
O4 - HKCU\..\Run: [GBMPro7Agent] "C:\Program Files\Genie-Soft\GBMLite7\GBMAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: c:\windows\system32\geeddca.dll
O20 - Winlogon Notify: cryC71 - C:\WINDOWS\SYSTEM32\cryC71.dll
O20 - Winlogon Notify: iisdit - iisdit.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\contact7\Application Data\tmpF.tmp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe

--
End of file - 9673 bytes

I appreciate any help on this.. Thanks

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.


@echo off
sc stop DomainService > batreport.txt
sc delete DomainService >> batreport.txt
del /a /f "C:\WINDOWS\system32\cryC71.dll" >> batreport.txt
del /a /f "C:\WINDOWS\WebAssist.dll" >> batreport.txt
del /a /f "C:\WINDOWS\system32\tmp11.tmp.dll" >> batreport.txt
del /a /f "C:\WINDOWS\mlifef.dll" >> batreport.txt
del /a /f "c:\windows\system32\geeddca.dll" >> batreport.txt
del /a /f "C:\WINDOWS\SYSTEM32\cryC71.dll" >> batreport.txt
del /a /f "C:\Documents and Settings\contact7\Application Data\tmpF.tmp.exe" >> batreport.txt
notepad.exe batreport.txt
exit


Save it to your Desktop as cleanup.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanup.bat


Download UnDLL by ESET from here (http://www.nod32.it/tools/undll.zip)
Unzip/extact it to a folder on the desktop
Double click on UNDLL.EXE to start UnDLL
Click on Select infected DLL
Locate and select this file:
C:\WINDOWS\system32\cryC71.dll
Click Open
UnDLL will now attempt to delete the DLL file
If asked to restart your PC, click No
Repeat the above steps for the following files:

C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\mlifef.dll
c:\windows\system32\geeddca.dll
Once you have used UnDLL on all the files, restart your PC manually


Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {357e7739-1538-4bb4-a1f5-e6621116f739} - C:\WINDOWS\system32\cryC71.dll
O2 - BHO: (no name) - {6843e6f4-7792-4fb3-b811-3b550d620109} - C:\WINDOWS\system32\iisdit.dll (file missing)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp11.tmp.dll
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\mlifef.dll",forkonce
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\cryC71.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\cryC71.dll
O20 - AppInit_DLLs: c:\windows\system32\geeddca.dll
O20 - Winlogon Notify: cryC71 - C:\WINDOWS\SYSTEM32\cryC71.dll
O20 - Winlogon Notify: iisdit - iisdit.dll (file missing)

Then close all windows except HijackThis and click Fix Checked

Restart

Locate cleanup.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal
Once it has finished, it will open a notepad window, copy & paste the contents of that window as a reply to this topic, along with a new HijackThis log

I'm posting the results as you suggested


SERVICE_NAME: DomainService
TYPE : 10 WIN32_OWN_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x1
WAIT_HINT : 0x0
[SC] DeleteService SUCCESS


And the hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:43 μμ, on 29/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\xampp\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
c:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/internet-work/HOME/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = VBS001_demo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GBMLite7Agent] C:\Program Files\Genie-Soft\GBMLite7\GBMAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [GBMLite7Agent] C:\Program Files\Genie-Soft\GBMLite7\GBMAgent.exe
O4 - HKCU\..\Run: [GBMPro7Agent] "C:\Program Files\Genie-Soft\GBMLite7\GBMAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe

--
End of file - 8354 bytes


Am I OK?

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php), you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Restart
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.
Note: only do this once, and not on a regular basis
Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Two good antivirus programs free for non-commercial home use are Avast! (http://www.avast.com/eng/avast_4_home.html) and Antivir (http://www.free-av.com/)
Two good paid for antivirus programs are NOD32 (http://www.nod32.com/) and Bitdefender (http://www.bitdefender.com/)
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall (http://www.personalfirewall.comodo.com/)or Zonealarm (http://www.zonelabs.com/store/content/home.jsp)
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here (http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx) to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it at least once a month
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster from here (http://www.javacoolsoftware.com/sbdownload.html)
Install and use Spybot Search & Destroy
Instructions are located here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Make sure you update, reimmunize & scan regularly
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
Run Spybot Search & Destroy
Click on Mode, and then place a tick next to Advanced mode
Click Yes
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
Click on Add Spybot-S&D hosts listNote: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
Click Start > Run Type services.msc & click OK
In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services windowFor a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187)
Install a-squared Free & update and scan with it regularly
a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here (http://www.emsisoft.com/en/software/free/)
Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer (http://www.emsisoft.com/en/software/antidialer/) which provides some real time protection against premium rate dialers
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date