1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Could not load or run C:\Windows\system32\pmnnl.exe

Discussion in 'Virus & Other Malware Removal' started by vivekrb, Jan 18, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    Hi

    The logs are below.

    I am getting this error when i try to open internet explorer

    "Cannot Find '::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}'. Make Sure path or internet address is correct"

    Adobe Flash Player ActiveX
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    ADSL USB Driver 2.0.1
    AppCore
    Apple Mobile Device Support
    Apple Software Update
    AV
    Azureus Vuze
    Bluetooth Monitor 3
    Camera Assistant Software for Toshiba
    ccCommon
    CD/DVD Drive Acoustic Silencer
    CutePDF Writer 2.3
    Desktop Dialer
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DVD MovieFactory for TOSHIBA
    FIFA 2005
    Free iPod Video Converter 1.34
    Google Desktop
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    IBM WebSphere Studio Application Developer 5.1.2
    iDump Build: 24
    Intel(R) Graphics Media Accelerator Driver
    Internet Worm Protection
    iTunes
    Java(TM) SE Runtime Environment 6
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Marvell Miniport Driver
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Accounting 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Small Business Connectivity Components
    Microsoft Office XP Professional with FrontPage
    Microsoft Project 2000
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Backward compatibility
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual SourceSafe NetSetup
    Mozilla Firefox (2.0.0.2)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    Norton AntiVirus
    Norton AntiVirus (Symantec Corporation)
    Norton AntiVirus Help
    Norton AntiVirus Parent MSI
    Norton AntiVirus SYMLT MSI
    Norton Protection Center
    oggcodecs 0.71.0946
    Picasa 2
    QuickTime
    Realtek High Definition Audio Driver
    RegCure 1.5.0.0
    Skype™ 3.5
    SPBBC 32bit
    Spelling Dictionaries Support For Adobe Reader 8
    SQLXML4
    Symantec
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TextPad 5
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Game Console
    TOSHIBA Hardware Setup
    TOSHIBA Media Center Game Console
    TOSHIBA Music
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    VideoLAN VLC media player 0.8.6
    WD Diagnostics
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    WinRAR archiver
    ZTE CDMA1X MODEM
     
  2. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Not sure if this will run in Vista.

    Download regsrch.zip to your Desktop.
    1. Unzip the contents of RegSrch.zip to a convenient location.
    2. Double-click on RegSrch.vbs.
    3. If you have an anti-virus installed it might prompt you about a running script.
    4. Please ignore this warning and allow the script to run.
    5. In the "Enter search string (case insensitive) and click OK..." box, paste this string:

    {2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}

    6. Click "OK" to search the registry for that string.
    7. Wait for a few minutes while it completes the search.
    8. Click "OK" to open the results in WordPad.
    9. Copy and paste the entire results into your next post.
     
  3. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "2559A1F4-21D7-11D4-BDAF-00C04F60B9F0" 1/19/2008 12:56:32 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]
    @="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
    "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

    [HKEY_USERS\S-1-5-21-4154296202-2140287005-1846677427-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
    "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

    [HKEY_USERS\S-1-5-21-4154296202-2140287005-1846677427-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
    "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\

    [HKEY_USERS\S-1-5-21-4154296202-2140287005-1846677427-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
    "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
    "{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

    I am also getting the error everytime I try to open Internet Explorer, But after clickin on ok it opens.
     
  4. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Lets try this

    Open IE7, click on Tools, Click on Internet Options, Click on Advanced Tab. Click on Reset. Reboot your computer and see if you still receive the error.
     
  5. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    I did the same thing. But it s still showing the same error ....
     
  6. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Type this command in the Run command
    regsvr32 /i shdocvw.dll

    Reboot your computer and let me know if the error still appears. thansks
     
  7. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    Hi

    I tried the same thing but it didn't work . I also got an error while running it

    The module "shdocvw.dll" was loaded but the entry-point DllRegisterServer was not found.

    Make sure that "shdocvw.dll" is a valid DLL or OCX file and then try again.

    Thnx
     
  8. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Let me check with some other experts.
     
  9. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Try unregistering and then re-registering:

    regsvr32 -u shdocvw.dll
    regsvr32 shdocvw.dll

    Record the errors exactly.
     
  10. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    I am getting the same error

    The module "shdocvw.dll" was loaded but the entry-point DllUnregisterServer was not found

    Make sure that the "shdocvw.dll" is a valid DLL or OCX file and then try again.
     
  11. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please go to Start ---> Run ---> type regedit and press enter.
    Navigate to the following key
    HKEY_CLASSES_ROOT
    CLSID
    {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}

    Right-click on the key and select Export, save it to your Desktop as Export.txt.

    In your next reply, please include the log. Thanks.
     
  12. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    Hi

    Here s the logs

    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: <NO NAME>
    Type: REG_SZ
    Data: Internet

    Value 1
    Name: LocalizedString
    Type: REG_EXPAND_SZ
    Data: @%SystemRoot%\explorer.exe,-7024

    Value 2
    Name: InfoTip
    Type: REG_SZ
    Data: @explorer.exe,-7004


    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: <NO NAME>
    Type: REG_EXPAND_SZ
    Data: %SystemRoot%\explorer.exe,-253


    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: <NO NAME>
    Type: REG_EXPAND_SZ
    Data: %SystemRoot%\System32\shdocvw.dll

    Value 1
    Name: ThreadingModel
    Type: REG_SZ
    Data: Apartment


    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: CLSID
    Type: REG_SZ
    Data: {25585dc7-4da0-438d-ad04-e42c8d2d64b9}


    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: Element
    Type: REG_SZ
    Data: {3c81e7fa-1f3b-464a-a350-114a25beb2a2}

    Value 1
    Name: InitString
    Type: REG_SZ
    Data: StartMenuInternet

    Value 2
    Name: opentext
    Type: REG_SZ
    Data: @shell32.dll,-12705

    Value 3
    Name: properties
    Type: REG_SZ
    Data: C:\Windows\system32\inetcpl.cpl

    Value 4
    Name: propertiestext
    Type: REG_SZ
    Data: @shell32.dll,-12704


    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM

    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM

    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM

    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: <NO NAME>
    Type: REG_SZ
    Data: {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}


    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM

    Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder
    Class Name: <NO CLASS>
    Last Write Time: 7/19/2007 - 4:13 PM
    Value 0
    Name: Attributes
    Type: REG_DWORD
    Data: 0
     
  13. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    You have a file i would like you to get anaylzed. Please go to VirusTotal. On the very top of the Website, you will see a Browse button. Use that to search for this file

    C:\Windows\System32\yfgttamw.dll
    C:\Windows\System32\darxywib.dll



    . Then Click on Send. This could take between 30 Second-a couple of minutes. When you get the Results, Open Notepad, please highlight the results, copy them to Notepad and save it as "Scan.txt". Save the text file "Scan.txt" to your desktop. Please include the file in your next post.
     
  14. vivekrb

    vivekrb Thread Starter

    Joined:
    Jan 18, 2008
    Messages:
    19
    Hey,

    Here are the logs. I have also saved them as a pdf, they are attached as well.

    File darxywib.dll received on 01.21.2008 03:49:59 (CET)Antivirus Version Last Update Result
    AhnLab-V3 2008.1.19.10 2008.01.18 -
    AntiVir 7.6.0.48 2008.01.20 -
    Authentium 4.93.8 2008.01.21 -
    Avast 4.7.1098.0 2008.01.20 -
    AVG 7.5.0.516 2008.01.20 -
    BitDefender 7.2 2008.01.21 -
    CAT-QuickHeal 9.00 2008.01.19 -
    ClamAV 0.91.2 2008.01.21 -
    DrWeb 4.44.0.09170 2008.01.20 -
    eSafe 7.0.15.0 2008.01.16 -
    eTrust-Vet 31.3.5470 2008.01.18 -
    Ewido 4.0 2008.01.20 -
    FileAdvisor 1 2008.01.21 -
    Fortinet 3.14.0.0 2008.01.20 -
    F-Prot 4.4.2.54 2008.01.21 -
    F-Secure 6.70.13260.0 2008.01.20 -
    Ikarus T3.1.1.20 2008.01.21 -
    Kaspersky 7.0.0.125 2008.01.21 -
    McAfee 5211 2008.01.18 -
    Microsoft 1.3109 2008.01.20 -
    NOD32v2 2808 2008.01.20 -
    Norman 5.80.02 2008.01.20 -
    Panda 9.0.0.4 2008.01.20 -
    Prevx1 V2 2008.01.21 -
    Rising 20.27.62.00 2008.01.20 -
    Sophos 4.24.0 2008.01.20 -
    Sunbelt 2.2.907.0 2008.01.17 -
    Symantec 10 2008.01.21 -
    TheHacker 6.2.9.191 2008.01.19 -
    VBA32 3.12.2.5 2008.01.21 -
    VirusBuster 4.3.26:9 2008.01.20 -
    Webwasher-Gateway 6.6.2 2008.01.20 -

    Additional information
    File size: 4451 bytes
    MD5: e8034fb086281725f4adab298e043036
    SHA1: 69f51ec1709d46417f25eca4d54b8db88906dc82
    PEiD: -


    File yfgttamw.dll received on 01.21.2008 03:45:01 (CET)Antivirus Version Last Update Result
    AhnLab-V3 2008.1.19.10 2008.01.18 -
    AntiVir 7.6.0.48 2008.01.20 -
    Authentium 4.93.8 2008.01.21 -
    Avast 4.7.1098.0 2008.01.20 -
    AVG 7.5.0.516 2008.01.20 -
    BitDefender 7.2 2008.01.21 -
    CAT-QuickHeal 9.00 2008.01.19 -
    ClamAV 0.91.2 2008.01.21 -
    DrWeb 4.44.0.09170 2008.01.20 -
    eSafe 7.0.15.0 2008.01.16 -
    eTrust-Vet 31.3.5470 2008.01.18 -
    Ewido 4.0 2008.01.20 -
    FileAdvisor 1 2008.01.21 -
    Fortinet 3.14.0.0 2008.01.20 -
    F-Prot 4.4.2.54 2008.01.21 -
    F-Secure 6.70.13260.0 2008.01.20 -
    Ikarus T3.1.1.20 2008.01.21 -
    Kaspersky 7.0.0.125 2008.01.21 -
    McAfee 5211 2008.01.18 -
    Microsoft 1.3109 2008.01.20 -
    NOD32v2 2808 2008.01.20 -
    Norman 5.80.02 2008.01.20 -
    Panda 9.0.0.4 2008.01.20 -
    Prevx1 V2 2008.01.21 -
    Rising 20.27.62.00 2008.01.20 -
    Sophos 4.24.0 2008.01.20 -
    Sunbelt 2.2.907.0 2008.01.17 -
    Symantec 10 2008.01.21 -
    TheHacker 6.2.9.191 2008.01.19 -
    VBA32 3.12.2.5 2008.01.21 -
    VirusBuster 4.3.26:9 2008.01.20 -
    Webwasher-Gateway 6.6.2 2008.01.20 -

    Additional information
    File size: 4451 bytes
    MD5: e8034fb086281725f4adab298e043036
    SHA1: 69f51ec1709d46417f25eca4d54b8db88906dc82
    PEiD: -
     

    Attached Files:

  15. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Can you export that key again and attach the txt file. Make sure you save it as Export.txt and Save type as Registration files (.reg. The output is not correct. Thanks.

    The header should start with this

    Windows Registry Editor Version 5.00
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/673184