Home > Hijackthis Log > HiJackThis Log - Download.Trojan - Pmnnn.dll

HiJackThis Log - Download.Trojan - Pmnnn.dll

When I rebooted after the scan, I double checked the settings and they were set as instructed. Also, on the Party Poker programs, I previously uninstalled those quite some time ago but the files files were still in the Program files folder. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. There might be something else apart from Vundo on the PC. have a peek at these guys

If you are asked to reboot the machine choose Yes.) Click the red Moveit! Choose a language, click "OK" and then click "Next".Read the "License Agreement" and click "I Agree".Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".After setup completes, click This uninstaller will remove all elements from all Kazaa versions, as well as all of the bundled software that comes with it. I only see: end processs, end process tree and set priority, and I cant end winlogs process because it is too important or something....

Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 9141 bytes Back to top #12 __RiP_ChAiN_ __RiP_ChAiN_ Eh, whatever goes here. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [SunKistEM] It seems that this worm is prettymuch gone, or atleast disfigured to such an extent that it can't function.As fot the prevx I have the trial setup downloaded and I'll install Thanks for help bartsdadhomer18-10-2005, 08:04 PMTry The Ewido Suite http://www.ewido.net/en/ Make sure you update the definitions after installing and Trojan Remover http://www.simplysup.com/ Make sure you update the definitions after installing Speedy

If you are not logged in as an Administrator, the System Restore tab will not be displayed. Turn your computer back on. I appreciate the help!Malwarebytes' Anti-Malware 1.03Database version: 371Scan type: Full Scan (C:\|)Objects scanned: 79291Time elapsed: 23 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 14Registry Values Infected: 1Registry If you're unsure please do not run it!

There were 200+ entries on the panda scan for spyware.Incident Status Location Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.com.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Rob bartsdadhomer18-10-2005, 09:56 PMTurn off System Restore Run CCleaner to remove all temp files Install Ewido & update Run Ewido in both normal & safe mode in each account on the When the scan is finished, click on "Click here to export the scan results" Save the report to your desktop then come back here and attach it to your next reply. Unzip it first and put it in its own folder.

here is what I did if it helps anyone go here http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=16923#M16923 It will take you to here http://www.atribune.org/forums/index.php?showtopic=447&hl=killvundo read post # 2 and follow directions. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator Which version of Norton did you have installed?I have no idea, all i know is that i recently had the harddrive replaced by hp invent, so it sould be pretty recent. Some of the symptoms I still get are automatic occasional opening of IE to random sites, my comp is pretty slow, and continue to get trojan detection from my antivirus software

jwcalho18-10-2005, 08:20 PMtrojan remover did not find anything. http://www.bullguard.com/forum/10/cannot-remove-mlljidll-and-pmn_24626.html If someone got my college pw and change dit they could drop all my classes, so I had to check :(. Here's the link: http://pressf1.pcworld.co.nz/search.php?searchid=184427 jwcalho19-10-2005, 09:51 AMOK THESE ARE NO LONGER VISIBLE AFTER SCANS, I think it fixed them R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html - Nasty R1 - HKLM\Software\Microsoft\Internet Back to top #11 mlott132 mlott132 Topic Starter Members 8 posts OFFLINE Local time:12:24 PM Posted 30 July 2007 - 07:47 PM Here are the results from the antivirus scan

My computer is behaving much better now. http://tenten10.com/hijackthis-log/hijackthis-log-feb-17-07.php Thanks for help Speedy Gonzales18-10-2005, 08:42 PMDownload Hijackthis then and post a log here.. Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-26 22:21]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-10-14 02:16:41][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnn] C:\WINDOWS\system32\pmnnn.dll 2007-07-15 14:54 266336 C:\WINDOWS\system32\pmnnn.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]R0 agpCPQ;Compaq AGP Bus Allow the ActiveX control to install when prompted.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [SunKistEM] Several functions may not work. WD external hard Drive interfering... check my blog In the last 3 days there were 0 new threads and 0 reply posts.

Click Apply. 6. If that were true, you had nothing to worry about anyway so checking wouldn't have been a problem. It may ask you to log-off/reboot at the end, if it does please do so. ---------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until

Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CABO16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter

Check "Turn off System Restore" 5. Btw you may have to delete the C:\WINDOWS\System32\implib.dll in safemode.Post back with a new hijackthis log and what the three scanners have found. opium 22.07.2006 01:53 QUOTE(Don Pelotas @ 22.07.2006 00:47)Yes, does it have a fiewall included?I don't think so how do I check? Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.

If you don't know or understand something, please don't hesitate to say or ask!! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exeO9 - Extra button: AT&T Yahoo! I was downloading some stuff and AVSystem Care automatically started installing on my computer and I couldn't get it to quit. news Unfortunately it did not let me save a report.

Don Pelotas 22.07.2006 03:31 QUOTE(opium @ 22.07.2006 01:29)Hmm i can't unlock the implib.dll file can you explain how to change the privliges or local security serrings to do so?Are you on Your system may take longer than usual to load; this is normal. Updating Java: Go to Start > Control Panel double-click on the Software icon > add/remove programs. Superantispyware especially, I'm scanning with Kaspersky now, for some reason it wouldn't open the window in safty mode.

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater The Spybot icon in the System tray should now be now colorless. Kill all this stuff in HJT, and see what you get. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {827F77FD-1ED8-4b77-B22A-AC491B064E82} - (no file)O2 - BHO: (no name) - {BFCFD34A-4F1B-47E0-86AB-F3505152C207} - C:\WINDOWS\system32\pmnnn.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -

Java version is Scan started at 1:41:11 PM 4/17/2006 Listing files found while scanning....