I turned it back on to try to run a virus scan. It was still locking up and wouldn't let me do anything. I turned it off again and restarted in safe mode, and did a system restore (all I could think of to do). That allowed me to boot up normally and finally run a virus scan (ESET Smart Security). This is what showed up.....
G:\Cathy's\Downloads\setup_build7_138.exe - a variant of Win32/Kryptik.AKT trojan - cleaned by deleting - quarantined 
The G drive is a partition where we keep all of our data files (mine and my wife's), and the C drive is used for the operating system and applications.
Not sure why it went into my wife's files (Cathy's). I don't think her desktop wasn't even opened at the time. I did notice one other entry in my ESET virus logs......
10/2/2009 11:03:08 PM HTTP filter file hxxp://nzz.bkdowei.info/itoq/xd/pdf.pdf[/url] PDF/Exploit.Gen trojan connection terminated - quarantined PUPPETS-C348B05\Cathy Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
My wife mostly uses Firefox for her web browsing. I should probably do the same! <G>
Thought things were okay. I was looking at a Guitar Tab web site (one I've used with no problems in the past), and another PDF started loading. Not sure if it was another bogus PDF or what but it had me very concerned that I might be still infected. It delayed when I tried to close it, but probably mostly me being concerned. It may have been a normal occurence and not a bogus file at all. I did another virus scan and it came up clean.
The computer has been working just fine all day today so far, but I just want to know how I can verify that all is okay and that I'm not letting a trojan spread through my ingnorance.
Windows XP Home Edition SP2 (all critical updates have been done except SP3. I'm leary of it from things I've heard)
Have not made any recent system changes or installed new software in the last week as I recall.
This is a home computer, but is used for my small business (email, word processing, internet, etc.). 2 users, my wife and myself. No network.
Again, mostly just concerned that I could still be infected and not know it. Am I being paranoid, or is there some standard safety protocol steps that should be taken after a trojan like this has been detected and supposedly deleted?
Thanks in advance for any help or advice on this.
Edited by garmanma, 06 December 2009 - 03:22 PM.