running on Micrsoft Windows Vista (SP1 not yet installed but has been downloaded automatically).

Downloaded & updated SPYBOT 1.6 & ran as administrator & it detects but cannot clean the virtumonde infections.

I believe virtumonde is linked to file in users\appdata\temp folder named yaywwwpi.dll which cannot be deleted & is named in dozens of registry entries including run keys that I have deleted in registry but they immediately reappear. Same wit cmds run32dll entry for it in msconfig, can uncheck & restart but it still loads.

Micro AntiVirus blackmail screen pops up as soon as web browser (MSIE) is opened.

Key strokes keep getting intercepted and so all keystroke typed do not appear on docs or web pages.

Tried boot with F8 but won't boot to safe mode. (Windows Vista).

Help please I don't know how to get rid of this problm.
Thanks
Perry

BEFORE you POST
(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) ;)


Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here. :)

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.