Tech Support Forum banner
Status
Not open for further replies.
1 - 19 of 19 Posts

·
Registered
Joined
·
32 Posts
well im sure this has been asked before but im getting a little yellow triangle with an exclamation point in the center in my task bar. it doesnt respond to hover or right or left clicks. I show no errors in my device manager and am a little confused as what it means. yesterday was the first time i noticed it. I noticed a pretty substantial drop in performance while playing crysis today. it went from silky smooth to slight shuddering in very calm scenes. starting to get annoyed. system specs as follows are intel q6600 g0 stepping clocked at 3.0ghz, dk lan party MB not sure which one, 4gb of corsair dominator mem, nvidia gtx460 gpu stock clock. i dunno what other info to give. ill post a hijack this log to maybe get you guys a clue if its malware.

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:34 PM, on 3/29/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - D:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7417 bytes


any help would be greatly appreciated.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #8 ·
well i went to run system restore today took awhile due to another issue i created lol. anyway evidently system restore was turned off as there are no system restore points what so ever. what now?
 

·
Administrator, Manager, Microsoft Support, MVP
Joined
·
34,403 Posts

·
Registered
Joined
·
32 Posts
Discussion Starter · #14 ·
ok trend micro is gone and mse installed. heres the wmi log:



AutoReboot=TRUE
Caption=
DebugFilePath=%SystemRoot%\MEMORY.DMP
DebugInfoType=2
Description=
ExpandedDebugFilePath=C:\Windows\MEMORY.DMP
ExpandedMiniDumpDirectory=C:\Windows\Minidump
KernelDumpOnly=FALSE
MiniDumpDirectory=%SystemRoot%\Minidump
Name=Microsoft® Windows Vista™ Home Premium |C:\Windows|\Device\Harddisk0\Partition1
OverwriteExistingDebugFile=TRUE
SendAdminAlert=FALSE
SettingID=
WriteDebugInfo=TRUE
WriteToSystemLog=TRUE




AllocatedBaseSize=4393
Caption=C:\pagefile.sys
CurrentUsage=0
Description=C:\pagefile.sys
InstallDate=20081225220947.785246-480
Name=C:\pagefile.sys
PeakUsage=0
Status=
TempPageFile=FALSE
 

·
Administrator, Manager, Microsoft Support, MVP
Joined
·
34,403 Posts
Well, according to those numbers, you are using -0- MB virtual memory.

Check Device Manager - any red/ yellow flags?
START | type devmgmt.msc | "view" tab | "enable hidden devices"
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #16 ·
at that time the yellow triangle wasn't up but interesting what MSE found. a bunch of exploits a trojan and a trojan downloader. if the triangle pops again ill post a new log.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #18 ·
well mse did delete the files and i have a post open for those guys with no response yet. crysis crashed again and the triangle was back. heres the log:



AutoReboot=TRUE
Caption=
DebugFilePath=%SystemRoot%\MEMORY.DMP
DebugInfoType=2
Description=
ExpandedDebugFilePath=C:\Windows\MEMORY.DMP
ExpandedMiniDumpDirectory=C:\Windows\Minidump
KernelDumpOnly=FALSE
MiniDumpDirectory=%SystemRoot%\Minidump
Name=Microsoft® Windows Vista™ Home Premium |C:\Windows|\Device\Harddisk0\Partition1
OverwriteExistingDebugFile=TRUE
SendAdminAlert=FALSE
SettingID=
WriteDebugInfo=TRUE
WriteToSystemLog=TRUE




AllocatedBaseSize=4393
Caption=C:\pagefile.sys
CurrentUsage=146
Description=C:\pagefile.sys
InstallDate=20081225220947.785246-480
Name=C:\pagefile.sys
PeakUsage=234
Status=
TempPageFile=FALSE
 

·
Administrator, Manager, Microsoft Support, MVP
Joined
·
34,403 Posts
Hi -

There is nothing out of the ordinary with the last posted virtual memory numbers at all. The numbers show -

- 4 GB RAM
- 146 MB current virtual memory usage
- 234 MB peak virtual memory usage since last reboot
- OS install/ initial system boot-up - 25 December 2008

I see your thread in Security Forum. They are very busy and request 72 hours before you bump the thread.

http://www.techsupportforum.com/forums/f50/system-slowing-and-yellow-triangle-issue-563011.html

I see Trend Micro in the reports. At this time, given that you have posted in Security, please don't make any changes to your system. The logs you posted need to represent the current state of your system.

I must now close this thread. After Security has declared your system clean, if you have further system issues, please send me or other MS Staff a PM and this thread will be reopened.

Regards. . .

jcgriff2

`
 
1 - 19 of 19 Posts
Status
Not open for further replies.
Top