Last night I had to kill my firewall t get my modem reset (I did this with a rep from my ISP on the phone during a call I initiated). I (I know, very stupidly; it was late) forgot to switch my firewall back on. Today I looked up some song lyrics and my antivirus program threw a warning my way. I immediately re-engaged my firewall, downloaded the latest updates for Spybot, locked down the internet, then used the safely remove hardware tool to safely unplug the USB connection to he web. Unfortunately, apparently in that short time, the spyware in my system got quite a foothold. The first search revealed virtumonde and smithfraud-C and I think I've also got some win-32 in there as well. Where do I even start? Would doing a system restore to some date a few weeks back fix things, or is that not going to help?

I'm communicating from another PC I have for this, and I don't want to reconnect the infected one to the internet unless absolutely necessary until I know it's clean. If need be, I can transfer files to it via an external HD or USB flash drives.

Addendum: the computer in question is a hand-me-down, and I'm not sure I've got system restore discs for it, or I would have just saved any important files and reformatted the hard drive already.

Furthermore, should I assume all passwords saved on the infected machine are now compromised and reset everything via an uninfected PC?

More information (sorry about all the posts) apparenly something is trying to get rid of spybotSD according to the SpybotSD advisor software.

Sorry if I've missed some important step here; I'm new to this experience (i.e. trying to clean a computer instead of just "nuking" it with a factory reset) and if I'm missing something obvious let me know.

I'll be downloading that hijak logging program as soon as the infected system finishes up its boot scan and I can slap it on there; I'll then get a log posted.

Never mind. I'll start a new thread with the logfile. In my concern, I skimmed over things I shouldn't have in the instructions thread.

http://forums.spybot.info/showthread.php?t=43029