some major spyware problems

I have run through you page routine several times and have found multiple things. As of now the only thing that I can notice from all this stuff is that my homepage has been taken over and it sends me to syssecuritypage.com every time I open explorer. Also I am getting random popups when I go to pages and also when I do not have any explorer windows open.

After multiple run throughs with the deletion programs, it seems that winantiviurspro is the one that keeps showing up the most but in the process I have also seen all of the following come up in different deletion programs:
adware.yazzle
winantiviurspro
zlob
vlob
windows security center.antivirus override
virtumonde
vcodec
smitfraud-c

I also ran steps from specific threads involving these problems but they just keep coming back, I don't know if there is one thing that keeps putting them back on that I am missing or what but I cannot get rid of these.
Thanks in advance.

( It wouldn't let me upload more than 3 files, heres the rest )
~ LINKS REMOVED ~ SPD

 

That is because a single post is limited to three attachments. If you have more thatn 3 then use 2 posts. Don't link to logs on other servers, one doesn't know what they are going to get when they click on an unknown link.

I've removed your links. Post the logs.

 

ok heres the activescan and hjt

 

still waiting for some help, i seem to be able to get rid of everything, but even in safe mode counterspy keeps kicking up virtumonde and winlogonhook, even after i have it remove and i restart

in the counterspy log it lists several HKEYs under both and then tuvspqq.dll, i cant seem to get rid of that dll even in safe mode.

i have run the vundo fix (it comes up with nothing now) and the smitrem thing and i still cannot seem to get rid of it

i will post an updated hjt log, thanks again

 

Download
- Pocket Killbox

Follow the directions for the following procedures:
- SpywareQuake & SpyFalcon Removal Procedure
- Virtumonde aka Trojan Vundo Removal

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post the logs from SmitRem and VundoFix; along with a fresh HijackThis log.

 

ok I could not get rid of the pmnnl thing, it would remove it but it would be right back on there after, even in safe mode and even after trying to delete it with killbox, here are the new logs:

 

Follow the directions for Running WinPfind by OldTimer.

Post WinPFind.txt

 

heres the winpfind log

 

Start by downloading two tools we will need

- Process Explorer
- Pocket KillBox

Extract them to their own folder somewhere that you will be able to locate them later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)

- Run Process Explorer

In the top section of the Process Explorer screen double click on smss.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of pmnnl.dll once and then click the kill button. After you have killed all of the pmnnl.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on winlogon.exe and again click once on each instance of pmnnl.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of pmnnl.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on iexplore.exe and again click once on each instance of pmnnl.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on rundll32.exe and again click once on each instance of pmnnl.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on wrssdk.exe and again click once on each instance of pmnnl.dll and kill it. (If you do not find the dll, just continue on.)

Now just exit Process Explorer.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.tmp
C:\WINDOWS\system32\d9417edc.exe
C:\WINDOWS\system32\awttspq.dll
C:\WINDOWS\system32\hggdbbc.dll
C:\WINDOWS\system32\tuvspqq.dll
C:\Program Files\Common Files\{E40227DE-08A3-1033-0530-060525060001}\Update.exe

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Reboot to Safe Mode.

Open Windows Explorer; navigate to C:\Program Files\Common Files\{E40227DE-08A3-1033-0530-060525060001}; delete the entire folder.

Reboot to Normal Mode.

Now attach a new HJT log and tell me how the steps went.
Make sure you tell me how things are working now!

 

alright im pretty sure the spyware is gone, but upon one of my reboots i got a popup saying "sli mode disabled, one of your video cards has been removed"...

i had 2 video cards on sli mode and now one appears to not be working, im not sure if it had something to do with what i did or what, this computer is less than a week old i really doubt the video card fried already, any idea what happened?

heres a hjt log btw:

 

Your HijackThis log is clean.

Reinstall your Vidoe drivers. It's not unusual to reinstal some applicatins or drivers after an infection.

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.