Help!! pmnnlkj.dll and pmnlj.dll

ggeiger · Jul 6, 2007

my winpatrol program started detecting today that I have both of these files trying to "add" themselves as new Internet Explorer Add-ons. I have tried deleting them with no success including using KillBox. I have included my hijackthis log for everyone to look at. Please help.

chaslang · Jul 6, 2007

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

CounterSpy - only for Windows XP, 2K, & NT users

AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users

Bitdefender - from step 6

Panda Scan - from step 6

runkeys.txt - the log from GetRunKey.bat

newfiles.txt - the log from ShowNew.bat

HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

ggeiger · Jul 8, 2007

Ok I followed the Read & Run Me first page and did all of the steps required however it appears as if the situation has worsened. First off the Bitdefender scan took over 3 hours so I went to bed thinking I would look at it in the morning. When I went to check on my computer I was notified by WinPatrol that the program mgrs.exe wanted to be added to the program startup setting. I've been denying it all day but it keeps coming up every few minutes along with pmnnlkj.dll and pmnlj.dll. I was unable to save the report from Bitdefender for some reason when I clicked on the link to save the file the pop up box never materialized. I will include all of the other logs please take a look and let me know what to do.

ggeiger · Jul 8, 2007

and runkeys.txt

chaslang · Jul 8, 2007

Please read all of the below message before doing anything.

You forgot to attach the new and required HJT log that was requested. It must be installed and renamed as requested in step 7 of the READ ME. You have the kind of infection that requires the renaming in order for it to show some of the problems. I need this log to work up a complete fix; however do not post one yet. I want to run something else to help us get started on fixing some of your problems. It will help reduce the amount of manual cleaning steps.

First you must do step 2 of the READ ME. It appears that you skipped this step.

Now download this file - combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now attach the below new logs and tell me how the above steps went.

GetRunKey

ShowNew

HJT - make sure it is renamed or it will not be useful

ggeiger · Jul 9, 2007

i apologize for the HijackThis mistake however I believe I got everything right this time. The computer seems to be running better now and I am no longer notified that mgrs.exe, pmmnlkj.dll, and pmnlj.dll are trying to start or add on anything on the computer. I have included all of the logs. Please take a look.

ggeiger · Jul 9, 2007

here is the hijackthis log

chaslang · Jul 9, 2007

That looks much better! Everything is clean, but I do have to ask about one item.

Did you knowingly install this Ask Toolbar which added the below to your system?
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

If you did not install it, then uninstall it. If you did install it then just leave. I have no definite info on whether it is good or bad so I'm just questioning it.

If you are not having any other malware problems, it is time to do our final steps:

If we used Pocket Killbox during your cleanup, do the below

Run Pocket Killbox and select File, Cleanup, Delete All Backups

If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.

If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.

If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.

If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.

If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.

If we had you run Avenger, you can delete all files related to Avenger now.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created

If you are running Windows XP or Windows ME, do the below:

go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

ggeiger · Jul 9, 2007

Thank You so much for you help. I will take a look at the Ask Toolbar but I believe I installed them. One thing I am not sure about is for some reason my automatic updates will not install. I am not sure if this was something that is Malware related or if I should repost this on the Software page however at about the same time I was having problems with the Malware, Windows has been unable to install the below updates. Please take a look and let me know. If this should be in another topic then let me know as well and again thank you so much for all the help!

ggeiger

Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB890859)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB894391)
Windows Genuine Advantage Notification (KB905474)
Security Update for Windows XP (KB935839)
Security Update for Flash Player (KB923789)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB930916)
Update for Windows XP (KB916595)
Critical Update for Windows XP (KB886185)
Windows Malicious Software Removal Tool - June 2007 (KB890830)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB888302)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB918118)
Update for Windows XP (KB922582)
MSXML 4.0 SP2 Security Update (KB927978)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB891781)
Security Update for Windows XP (KB920670)
Cumulative Security Update for Outlook Express for Windows XP (KB929123)
Security Update for Windows XP (KB925902)
Security Update for Windows Media Player Plug-in (KB911564)
Security Update for Windows XP (KB923689)
Update for Windows XP (KB910437)
Cumulative Security Update for Internet Explorer 6 for Windows XP (KB933566)
Security Update for Windows XP (KB896358)
Security Update for Windows Messenger (KB887472)
Update for Windows XP (KB931836)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB873339)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB924270)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB931784)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB885836)
Security Update for Windows XP (KB885835)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB899587)

chaslang · Jul 10, 2007

While malware can often cause issues with Windows Updates, there are many many other reasons that could also cause problems with this. You should post in the Software Forum. You don't need to post a list of what updates you need. You need to describe exactly what happens when you try to get updates. Also have you authenticated your Windows XP license with Microsoft at the Windows Update site. If you have not done this (and based on your HJT log it appears that you have not) then you cannot get updates.

ggeiger · Jul 10, 2007

Chaslang,

That would make sense I will just certify my windows xp on the Microsoft website. Thanks again for all of your help.

ggeiger

chaslang · Jul 10, 2007

You're welcome. Surf safely.

Log in or Sign up

Help!! pmnnlkj.dll and pmnlj.dll

ggeiger Private E-2

Attached Files:

hijackthis7.6.07.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

ggeiger Private E-2

Attached Files:

Activescan.txt

newfiles.txt

Report-Scan-20070708-011653.txt

ggeiger Private E-2

Attached Files:

runkeys.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

ggeiger Private E-2

Attached Files:

log.txt

runkeys.txt

newfiles.txt

ggeiger Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

ggeiger Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

ggeiger Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member