pmnli.dll / Virtumondo will not go away

I return from fall break to discover that while I was gone, someone did something and my PC is infected with the Virtumondo malware. I definitely have this. It is popping up all kinds of crap on my computer. I see pmnli.dll in the process list. However, it refuses to get the (censored) off my PC, no matter what I do.

I have run all my virus removal / spyware removal tools. They all blithely skip over it as if it's fine. I have my definitions up to date as of today.

I have run HijackThis. It insists I do not have it. (I'd post a log but it won't let me save logs. Not sure if this is related.)

I ran VundoFix, which insists that I do not have it on my system, which is bull when I can SEE it in my system32 folder and I can also see it wreaking havoc.

I tried the manual removal process with Process Explorer and KillBox. Process Explorer lets me kill a few processes, but the damn thing still runs. It says it isn't in winlogon. It got rid of the accompanying file (don't recall name; it started with a b) but not pnmli.dll. KillBox will not let me delete it. Deregistering it does not work.

So my question is, how the bloody hell do I get this thing off my PC?

 

Hi callargh!
Welcome to Major Geeks. Please run the following scan and then follow the instructions in the box below. After you've finished the Combofix scan and the others which follow, please post the logs to us.

Run this utility:

After you've run Combofix, please follow the instructions and links in the box below!

abri

 

OK, ran ComboFix. pmnli did not seem to like this, as it went overdrive in popping up crap. Eventually, it found the file and deleted it. Taskbar disappeared (it also did this when I tried KillBox earlier) but the program kept going.

Got to the reboot point, but wouldn't reboot (said something about file-path not found) so I rebooted manually.

Logged back on. Took longer than usual but I believe it is gone. File's gone, it isn't showing up in the process list, nothing is popping up on my screen.

Got the log. Yes, indeed, it is gone, along with a lot of residual stuff.

Log attached.

 

Hi callargh!
Combofix took out a lot! I would bet quite a bit of money that your computer is not yet completely clean. Please continue with the instructions in the READ & RUN ME FIRST. Make sure to check through the add/remove programs list, as I think you have some programs that need uninstalling which are adding to your problems. Also, pay close attention to the READ ME instructions. You will need to have MSConfig in normal start-up mode, run CCleaner to clean out all your cookies and temp files and set your hidden files to be visible. The instructions are well laid out and well worth the time if you want us to help you further.
abri

 

It is with considerable embarrassment that I post these logs.

(NOTE: I couldn't run anything in safe mode - my keyboard is wireless and my mouse is USB, so safe mode means I have no way of doing anything. I don't have access to any other devices.)

I ran AVG because the other program would not run. This one seemed fairly...uh, prolific.

 

Other two logs:

 

Well yeah! I'm impressed! ... I'm ready to buy the program!! lol

I'm missing your hijackthis.log If you haven't run it yet, please go back to the READ & RUN ME and follow the instructions in Step 7 for installing HijackThis to the correct folder under C:\Program Files and for renaming it analyse.exe before you run it.

I have to work through the rest of the logs now and that takes some time, so thanks for being patient!
abri

 

HijackThis log attached. A lot of it is left over from msconfig.

 

Please explain what you mean?

abri