Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

 Need expert opinions on my pc, Infected or not?

views
     
TSprelude23
post Nov 24 2007, 12:50 PM, updated 19y ago

fYeah!!
*******
Senior Member
2,497 posts

Joined: May 2005
Just wanna ask, you guys see any problem here?

-------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:30 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vttv.myvnc.com/player/index.jsp#
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DECFCFE8-9FAE-45FE-8D94-0D073BF85612}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

--
End of file - 6366 bytes
syazwanreno
post Nov 24 2007, 01:03 PM

Won (*3*) Chu Kiss Me?
******
Senior Member
1,269 posts

Joined: Apr 2007
From: Shah Alam
QUOTE
C:\Program Files\DAP\DAP.EXE

Democratic Action Party (DAP) whistling.gif (very suspected) whistling.gif
» Click to show Spoiler - click again to hide... «
TSprelude23
post Nov 24 2007, 01:36 PM

fYeah!!
*******
Senior Member
2,497 posts

Joined: May 2005
....serious ler...
cekutz
post Nov 24 2007, 01:52 PM

Getting Started
**
Junior Member
291 posts

Joined: Jan 2007
From: Usm n. tebal / Kepong
wah..too much too see..
what is the problem actually?
TSprelude23
post Nov 24 2007, 02:10 PM

fYeah!!
*******
Senior Member
2,497 posts

Joined: May 2005
whether my comp is infected or not
Liuteva
post Nov 24 2007, 05:31 PM

Empty.
*******
Senior Member
2,991 posts

Joined: Jun 2007
From: Johor
Didnt found any.. Correct me if i am wrong rclxub.gif
arafat
post Nov 25 2007, 01:49 AM

ROCK ON!
******
Senior Member
1,747 posts

Joined: Nov 2004
From: serdang selangor

u should post this in the technical support
Sempurna will help you
impreza_2007
post Dec 4 2007, 12:21 AM

Casual
***
Junior Member
315 posts

Joined: Dec 2007
From: Seksyen 18, Shah Alam, Selangor
info from hijackremote:

[IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


Last Detected: 1/21/2006 12:16:00 PM
Found on 2 PCs.

Users with this object complained of the following:

"there are always a lot of popups when i'm surfing the internet...and the number of those popups seems to be more and more.....most of those popups are adveritsments like: http://www.cli-tone.com.hk.... they keep poping up.... if there's popup, i'll close it immediately,,, but it will pop up again after a short while.... beside the popups, sometimes, there are some new icons on the desktop..... but i didn't install them.....when i saw these icons, i'll delete them, but weeks later, they may appear in my desktop again.... i can't remember the names of those icons... they were like "my cellular"..."my casino"... and something like that"
"trojan"
natakaasd
post Dec 4 2007, 05:18 PM

Look at all my stars!!
*******
Senior Member
2,188 posts

Joined: Nov 2005
Do you have adequate training from an official anti-malware school to give such a piece of advice? Are you aware that the entry is perfectly legitimate?

Please do not post help if you are not sure what it is in the first place.

Cheers!
impreza_2007
post Dec 4 2007, 11:56 PM

Casual
***
Junior Member
315 posts

Joined: Dec 2007
From: Seksyen 18, Shah Alam, Selangor
but i think no problem in ur pc..how much ur ram??..

Added on December 5, 2007, 12:03 am
QUOTE(natakaasd @ Dec 4 2007, 06:18 PM)
Do you have adequate training from an official anti-malware school to give such a piece of advice? Are you aware that the entry is perfectly legitimate?

Please do not post help if you are not sure what it is in the first place.

Cheers!
*
thnx smile.gif..just to give to more info..thnx again smile.gif..

Added on December 5, 2007, 12:07 am
QUOTE(impreza_2007 @ Dec 4 2007, 01:21 AM)
info from hijackremote:

[IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Last Detected: 1/21/2006 12:16:00 PM
Found on 2 PCs.

Users with this object complained of the following:

"there are always a lot of popups when i'm surfing the internet...and the number of those popups seems to be more and more.....most of those popups are adveritsments like: http://www.cli-tone.com.hk.... they keep poping up.... if there's popup, i'll close it immediately,,, but it will pop up again after a short while.... beside the popups, sometimes, there are some new icons on the desktop..... but i didn't install them.....when i saw these icons, i'll delete them, but weeks later, they may appear in my desktop again.... i can't remember the names of those icons... they were like "my cellular"..."my casino"... and something like that"
"trojan"
*
info from bleepingcomputer:

[IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

This is a valid program but it is not required to run on startup.

This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. The following information is a brief description of what is known about this file.

Name:
Imjpmig8.1

Filename:
IMJPMIG.EXE

Command:
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

Description:
Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)

File Location:
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

Startup Type:
This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.

This post has been edited by impreza_2007: Dec 5 2007, 12:07 AM
ariesboy2020
post Jan 24 2008, 05:52 PM

Getting Started
**
Junior Member
235 posts

Joined: Jan 2008
QUOTE(impreza_2007 @ Dec 4 2007, 11:56 PM)
but i think no problem in ur pc..how much ur ram??..

Added on December 5, 2007, 12:03 am

thnx smile.gif..just to give to more info..thnx again smile.gif..

Added on December 5, 2007, 12:07 am

info from bleepingcomputer:

[IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

This is a valid program but it is not required to run on startup.

This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. The following information is a brief description of what is known about this file.

Name:  
Imjpmig8.1

Filename: 
IMJPMIG.EXE

Command: 
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

Description: 
Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)

File Location:
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

Startup Type: 
This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
*
man u need not to delete that.. agree with natakun.... if u not sure... dont.... beside... IMJPMIG.EXE
just a keyboard tool from microsoft.... which is used to ease the input of Asian characters like chinese,arabic,japan,etc....

iby the way... this tool maybe can help u to determine whether it's virus or what...
http://www.softpedia.com/get/System/System...Inspector.shtml

it's still beta but it help me a lot...


u got ahkheap... go do online scanner at www.kaspersky.com and paste the log here.... something bothering me!

This post has been edited by ariesboy2020: Jan 28 2008, 12:24 PM
« Next Oldest · Security & Privacy · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0193sec    0.88    5 queries    GZIP Disabled
Time is now: 17th December 2025 - 09:07 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.