I keep getting new dll's in system32 on startup that then connect my internet and pop up anti spyware ads. I can clear them with Superantispyware but they return under a different dll name at the reboot. I run Spybot and it finds Virtumonde. I have done everything on all the other Virtumonde replies on here and it keeps coming back. I managed to get rid in safe mode but on the reboot to normal windows it was back. There is nothing in the registry under any of the entries people advise to delete either. Would appreciate some help. Thank you.

Instructions for removal at Bleepingcomputer:

http://www.bleepingcomputer.com/forums/topic18610.html

Have you turned off system restore prior to scanning in safe mode then turning system restore back on afterwards?

Yes I did turn it off and on.

Cheers for the advice so far. I am trying the bleeping thing today.

Tried that. I have even more dll's popping up now. Superantispyware is showing at least 6 cases of Trojan Duncan Process whereas yesterday it was only one.

Got it! I ran Vundo fix from Bleeping computers then went to safe mode and ran VirtumondeBeGone from Bleeping computer. Back in normal windows I ran Superantispy and then Spybot. They both found aspects of the virus that they weren't finding originally and when they deleted these it was gone.

Cheers for the help and good luck to anyone else trying to get rid of this thing.

Thats awesome!, thanks for the follow-up post with successful removal method