There I COPIED the C:\rundll32.exe onto the C:\Windows version and chose 'Overwrite=Yes'.
Of course there's still that rotten PDLL.DLL hanging around.. Did a FIND on it, right clicked, told Avast to look at it, virus found, move to Chest
Exactly where I was heading, Karl, though I thought it would have been a good idea to confirm C:\rundll32.exe was the clean file by scanning it at Jotti first. And quarantine is the best place for PDLL.DLL.
If you find C:\internat that's probably also a clean copy of the infected original, although from the sound of things this may have been deleted completely.
When you're back in town you will still need to take care of C:\Windows\svchost.exe (or .vir). This file properly belongs in the system folder but not the windows folder. You can quarantine C:\Windows\svchost.exe in that same manner you did PDLL.DLL
After that - run the safe mode scan with A-Squared, then post the hijackthis log.
