Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: yellow triangle with ! in it  (Read 5156 times)

0 Members and 1 Guest are viewing this topic.

unlovedwarrior

    Topic Starter


    Guru

  • someday this name will be known
  • Thanked: 13
    yellow triangle with ! in it
    « on: February 11, 2007, 11:04:30 AM »
    ok my friends got this when i was gone and i think i got it but can u guys look at my hijackthis log

    xp home

    avg free
    avg antispyware
    adaware
    spybot
    ccleaner
    everything updated

    am i missing anything
    Logfile of HijackThis v1.99.1
    Scan saved at 10:00:29 AM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\ivan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    unlovedwarrior

      Topic Starter


      Guru

    • someday this name will be known
    • Thanked: 13
      Re: yellow triangle with ! in it
      « Reply #1 on: February 11, 2007, 11:04:49 AM »
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170320697178
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


      soybean



        Genius
      • The first soybean ever to learn the computer.
      • Thanked: 469
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 10
      Re: yellow triangle with ! in it
      « Reply #2 on: February 11, 2007, 11:11:24 AM »
      I think we need a little more info.  What device is being marked with the yellow triangle with ! in it?  Maybe post a screen print of Device Manager?

      Or, are talking about something else, a yellow triangle with ! in it in some program?  .... What?

      unlovedwarrior

        Topic Starter


        Guru

      • someday this name will be known
      • Thanked: 13
        Re: yellow triangle with ! in it
        « Reply #3 on: February 11, 2007, 03:11:21 PM »
        srry it was in the task bar i just woke up and was *er - we don't need to know that*
        « Last Edit: February 11, 2007, 03:17:47 PM by Timothy_Bennett »

        oddjob



          Hopeful

          Thanked: 4
          • Experience: Beginner
          • OS: Windows 7
          Re: yellow triangle with ! in it
          « Reply #4 on: February 11, 2007, 04:04:41 PM »
          Hi

          You have a spywarequake infection and the log shows smitfraud as well.

          First go here and run through the removal instructions ....

          http://www.bleepingcomputer.com/forums/topic47826.html


          After that post a fresh HJT log AND an update on how your computer is operating now.


          OJ

          unlovedwarrior

            Topic Starter


            Guru

          • someday this name will be known
          • Thanked: 13
            Re: yellow triangle with ! in it
            « Reply #5 on: February 11, 2007, 05:55:06 PM »
            i thought i had smitfraud

            Logfile of HijackThis v1.99.1
            Scan saved at 5:10:19 PM, on 2/11/2007
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.5730.0011)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
            C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
            C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
            C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\MSN Messenger\MsnMsgr.Exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\LimeWire\LimeWire.exe
            C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
            C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\MSN Messenger\usnsvc.exe
            C:\Documents and Settings\ivan\Desktop\HijackThis.exe

            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
            O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
            O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
            O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
            O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            « Last Edit: February 11, 2007, 06:13:08 PM by unlovedwarrior »

            unlovedwarrior

              Topic Starter


              Guru

            • someday this name will be known
            • Thanked: 13
              Re: yellow triangle with ! in it
              « Reply #6 on: February 11, 2007, 06:13:37 PM »
              O11 - Options group: [INTERNATIONAL] International*
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170320697178
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
              O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
              O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
              O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
              O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
              O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


              oddjob



                Hopeful

                Thanked: 4
                • Experience: Beginner
                • OS: Windows 7
                Re: yellow triangle with ! in it
                « Reply #7 on: February 12, 2007, 03:25:38 AM »
                The log is clean now apart from Limewire and a couple of HJT entries.

                However, despite my request, you didn't say how your computer is operating now. We see things in logs but sometimes cannot be certain all is well unless you tell us. Remember .... HJT does NOT reveal all malware (contrary to popular belief). Far from it, in fact.

                Please let us know.

                I personally do not support illegal downloading using programs like Limewire but that is your choice. There are dangers in such activities.

                Many of the P2P programmes themselves come bundled with malware/spyware. But, say the prog itself is clean, the downloads may not be. P2P is a great way for malware writers to get mass distribution for their wares. There are some legit pay-per-song sites that are clean and if you want to download music then those are the places to go. Other than that my view is it's just not worth the risk.

                If you want to remove it then go to Add/Remove Programs and uninstall from there.

                As to the two HJT entries .... open HJT .... click on scan .... put tick/check marks next to both these entries IF they are still present.....


                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

                O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)



                Remember to close all open browser windows - including this one - before clicking on "Fix Checked" at the foot of the HJT window.


                Please post back to let us know how things are working now.


                OJ
                « Last Edit: February 12, 2007, 03:26:12 AM by oddjob »

                unlovedwarrior

                  Topic Starter


                  Guru

                • someday this name will be known
                • Thanked: 13
                  Re: yellow triangle with ! in it
                  « Reply #8 on: February 12, 2007, 08:40:11 PM »
                  its good... the limewire is my roommates

                  oddjob



                    Hopeful

                    Thanked: 4
                    • Experience: Beginner
                    • OS: Windows 7
                    Re: yellow triangle with ! in it
                    « Reply #9 on: February 13, 2007, 02:19:50 AM »
                    In my view your roommate isn't doing you any favours messing with LimeWire on the machine. It's almost bound to foul up at some point and could easily result in a messed up computer. Like I said ... if I were you I'd get rid of it.

                    Otherwise ... glad to hear all is well again.

                    If you are certain the machine has no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis.

                    More on System Restore ...

                    http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx


                    What may have lead up to your infection and help keep your computer free of malware …

                    http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

                    http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html

                    There is a little duplication but these tutorials are both well worth reading.

                    If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) …

                    http://www.ccleaner.com/


                    Also run through this before posting another HijackThis log …

                    http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html


                    Best wishes.


                    OJ
                    « Last Edit: February 13, 2007, 04:33:20 AM by oddjob »