Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Legit or Dirty????


  • Please log in to reply
4 replies to this topic

#1 b.esterline

b.esterline

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 10 November 2009 - 08:52 AM

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Thank you so much to anyone who may be able to give me a little advice

My concern is with the first three items. I ran hijackthis and they were there when they hadn't been before. I also
find it a little disconcerting that they don't show in task manager. I checked around online and found that the three of them
are sometimes legit and sometimes bad. I'm pretty sure I have the dirty ones but how can I tell the difference??
Thanks again!!

BC AdBot (Login to Remove)

 


#2 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:08:56 AM

Posted 10 November 2009 - 08:57 AM

Run SuperAntiSpyware

http://www.superantispyware.com/download.html

and

Malwarebytes

http://www.malwarebytes.org/mbam.php

On the SuperAntiSpyware Main Page,
you can also click on link at the bottom:

"Find out what's running on your computer!"

Very useful information; you can send in unknown
files for analysis; feedback if you supply email address
and there's a problem file or files.

If you still have doubts you should post the problem in the Forum

"Security - Am I infected? - What do I do?"

#3 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:56 AM

Posted 10 November 2009 - 09:29 AM

In the links below are BC's comments on those files.

http://www.bleepingcomputer.com/startups/imjpmig-2171.html
http://www.bleepingcomputer.com/startups/TINTSETP-5758.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:02:56 AM

Posted 10 November 2009 - 09:35 AM

It appears you have installed Microsoft IME (Input Method Editors) recently.

International communication keeps getting easier thanks to full-featured, high-performance IMEs. An IME is a program that allows computer users to enter complex characters and symbols, such as Japanese characters, using a standard keyboard. Microsoft is now offering two Global IMEs—Global IME 5.02 and Global IME for Office XP.

http://www.microsoft.com/windows/ie/ie6/do...me/default.mspx

IMJPMIG.EXE and TINTSETP.EXE are both Microsoft programs related to IME.

#5 b.esterline

b.esterline
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 10 November 2009 - 01:01 PM

Thanks for the help. I'm gonna go ahead and remove it. It may be harmless for all I know but what I do know is
1. Nobody knowingly installed IME and it was never there before
2. Some kind or another of garbage disguises itself as the IME programs I found
3. It certainly wouldn't be the first time we've had a piggyback issue. I can't tell you how many times I've reinstalled XP....
and I even recently had to replace my HD due to the fact that it was shot by viruses...etc which hubby was unwittingly infecting us with
by constantly downloading everything from retarded plugins to everybody's favorite havoc wreaking purple ape (I didn't even know he was avail. anymore)
3. It's not a required program and is certainly not worth the risk.


Thanks Again!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users