New User needs help with Trojan Downloader.xs

Discussion in 'Malware Help (A Specialist Will Reply)' started by cmj1530, Mar 31, 2008.

  1. cmj1530

    cmj1530 Private E-2

    Need help! For a couple of days, my Norton seems to have not been running, though I have no idea why.

    I have since purchased Norton Internet Security 2008, webroot spy sweeper, and Adwarealert. I have run all three, repeatedly. They always find some kind of cookies tracker or adware, then I can clean them. However, the root of the problem is never reached, and I repeatedly get (what appear to me to be) false warning msgs from windows.

    It tells me that I have a Troajan Downloader.xs.

    How can I get rid of this?
     
    cmj1530, Mar 31, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    First begin by uninstalling AdwareAlert which is very much not recommended. Spy Sweeper is more than sufficient to find any real problems that you may have. AdwareAlert is not!!

    Now please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Apr 1, 2008
    #2
  3. cmj1530

    cmj1530 Private E-2

    I have downloaded and run the SMITFRAUD in safemode.
    It seemed to help alot...but I still woke up to a couple of msgs
    on my computer this morning warning of spyware.
     

    Attached Files:

    cmj1530, Apr 1, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please skip the Special Removal Procedures and complete the rest of the READ & RUN ME and attach the logs that were requested.
     
    chaslang, Apr 2, 2008
    #4
  5. cmj1530

    cmj1530 Private E-2

    I seem to have fixed the problem by running that FRAUDFIX utility, then I renamed 3 pgms in the sys32 folder and disabled corresponding startup tasks. However, now everytime I close any IE session, I get a not PGM not responding error. When I click to get tech details on it, it directed me to a TXT file written out. It had this data in it:

    Any idea what's wrong still?


    <?xml version="1.0" encoding="UTF-16"?>
    <DATABASE>
    <EXE NAME="iexplore.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="HMMAPI.DLL" SIZE="38912" CHECKSUM="0xD85D870C" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Microsoft HTTP Mail Simple MAPI" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="HMMAPI.DLL" INTERNAL_NAME="HMMAPI" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1667F" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:15" UPTO_LINK_DATE="08/04/2004 07:56:15" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="iedw.exe" SIZE="18432" CHECKSUM="0xE7C215D4" BIN_FILE_VERSION="5.1.2600.3268" BIN_PRODUCT_VERSION="5.1.2600.3268" PRODUCT_VERSION="5.1.2600.3268" FILE_DESCRIPTION="IE Crash Detection" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3268 (xpsp_sp2_qfe.071206-1251)" ORIGINAL_FILENAME="iedw.exe" INTERNAL_NAME="iedw.exe" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB833" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3268" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3268" LINK_DATE="12/06/2007 10:05:49" UPTO_LINK_DATE="12/06/2007 10:05:49" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="IEXPLORE.EXE" SIZE="93184" CHECKSUM="0xE187626E" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Explorer" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="IEXPLORE.EXE" INTERNAL_NAME="iexplore" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23C72" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 06:00:33" UPTO_LINK_DATE="08/04/2004 06:00:33" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwconn.dll" SIZE="61440" CHECKSUM="0xDD04DAB" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwconn.dll" INTERNAL_NAME="icwconn" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11BD7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:14" UPTO_LINK_DATE="08/04/2004 07:56:14" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwconn1.exe" SIZE="214528" CHECKSUM="0xC9B5555" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwconn1.exe" INTERNAL_NAME="icwconn1" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3C746" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:19" UPTO_LINK_DATE="08/04/2004 05:59:19" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwconn2.exe" SIZE="86016" CHECKSUM="0x7DE2AFFE" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWCONN2.EXE" INTERNAL_NAME="ICWCONN2" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1DDE9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:22" UPTO_LINK_DATE="08/04/2004 05:59:22" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwdl.dll" SIZE="32768" CHECKSUM="0xF4CC9266" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Service MIME Mutlipart Download" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWDL.DLL" INTERNAL_NAME="ICWDL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x174A9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:16" UPTO_LINK_DATE="08/04/2004 07:56:16" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwhelp.dll" SIZE="172032" CHECKSUM="0xCBAB0AC0" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard Helper functions" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwhelp.dll" INTERNAL_NAME="icwhelp" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x33E62" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:17" UPTO_LINK_DATE="08/04/2004 07:56:17" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwres.dll" SIZE="61440" CHECKSUM="0xA488AA92" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwres.dll" INTERNAL_NAME="icwres" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1AA60" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:05" UPTO_LINK_DATE="08/18/2001 05:35:05" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwrmind.exe" SIZE="24576" CHECKSUM="0x70643FDC" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard Reminder" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWRMIND.EXE" INTERNAL_NAME="ICWRMIND" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13447" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:09" UPTO_LINK_DATE="08/04/2004 05:59:09" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwtutor.exe" SIZE="73728" CHECKSUM="0xF945F7EB" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwtutor.exe" INTERNAL_NAME="icwtutor" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16B27" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:08" UPTO_LINK_DATE="08/17/2001 20:49:08" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\icwutil.dll" SIZE="49152" CHECKSUM="0xB9156DF5" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwutil.dll" INTERNAL_NAME="icwutil" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF816" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:19" UPTO_LINK_DATE="08/04/2004 07:56:19" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\inetwiz.exe" SIZE="20480" CHECKSUM="0x3D8A325B" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="INETWIZ.EXE" INTERNAL_NAME="INETWIZ" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE297" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:25" UPTO_LINK_DATE="08/04/2004 05:59:25" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\isignup.exe" SIZE="16384" CHECKSUM="0xF8AB8D6E" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Signup" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ISIGNUP.EXE" INTERNAL_NAME="ISIGNUP" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x443C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:46" UPTO_LINK_DATE="08/17/2001 20:48:46" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\trialoc.dll" SIZE="40960" CHECKSUM="0x68F70073" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard Trial Reminder Helper" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="trialoc.dll" INTERNAL_NAME="trialoc" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x198FE" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:36:03" UPTO_LINK_DATE="08/18/2001 05:36:03" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="MUI\0409\mscorier.dll" SIZE="150016" CHECKSUM="0x474583EB" BIN_FILE_VERSION="2.0.50727.42" BIN_PRODUCT_VERSION="2.0.50727.42" PRODUCT_VERSION="2.0.50727.42" FILE_DESCRIPTION="Microsoft .NET Runtime IE resources" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® .NET Framework" FILE_VERSION="2.0.50727.42 (RTM.050727-4200)" ORIGINAL_FILENAME="mscorier.dll" INTERNAL_NAME="mscorier.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x29FD4" LINKER_VERSION="0x80000" UPTO_BIN_FILE_VERSION="2.0.50727.42" UPTO_BIN_PRODUCT_VERSION="2.0.50727.42" LINK_DATE="09/23/2005 07:14:22" UPTO_LINK_DATE="09/23/2005 07:14:22" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\nppdf32.dll" SIZE="77824" CHECKSUM="0x21D29EF2" BIN_FILE_VERSION="7.0.5.172" BIN_PRODUCT_VERSION="7.0.5.172" PRODUCT_VERSION="7.0.5.2005092300" FILE_DESCRIPTION="Adobe Acrobat Plug-In Version 7.00 for Netscape" COMPANY_NAME="Adobe Systems Inc." PRODUCT_NAME="Adobe Acrobat" FILE_VERSION="7.0.5.2005092300" ORIGINAL_FILENAME="NPPDF32.DLL" LEGAL_COPYRIGHT="Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1D654" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.5.172" UPTO_BIN_PRODUCT_VERSION="7.0.5.172" LINK_DATE="09/24/2005 04:44:16" UPTO_LINK_DATE="09/24/2005 04:44:16" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin2.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin3.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin4.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin5.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin6.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin7.dll" SIZE="131072" CHECKSUM="0xC58C4FED" BIN_FILE_VERSION="7.2.0.240" BIN_PRODUCT_VERSION="7.2.0.240" PRODUCT_VERSION="QuickTime 7.2" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Inc." PRODUCT_NAME="QuickTime Plug-in 7.2" FILE_VERSION="7.2" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Inc. 1989-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.2.0.240" UPTO_BIN_PRODUCT_VERSION="7.2.0.240" LINK_DATE="06/29/2007 06:18:53" UPTO_LINK_DATE="06/29/2007 06:18:53" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\RichFX\Player\nprfxins.dll" SIZE="569397" CHECKSUM="0x79C10EAB" BIN_FILE_VERSION="3.31.659.0" BIN_PRODUCT_VERSION="3.31.659.0" PRODUCT_VERSION="3.31.0659" FILE_DESCRIPTION="RichFX Basic Player" COMPANY_NAME="RichFX Inc." PRODUCT_NAME="RichFX Basic Player 3.31.0659" FILE_VERSION="3.31.0659" ORIGINAL_FILENAME="nprfxins.dll" INTERNAL_NAME="nprfxins" LEGAL_COPYRIGHT="Copyright © RichFX Inc. 2001" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.31.659.0" UPTO_BIN_PRODUCT_VERSION="3.31.659.0" LINK_DATE="11/11/2002 15:56:38" UPTO_LINK_DATE="11/11/2002 15:56:38" VER_LANGUAGE="English (United States) [0x409]" />
    </EXE>
    <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="984576" CHECKSUM="0xF0B331F6" BIN_FILE_VERSION="5.1.2600.3119" BIN_PRODUCT_VERSION="5.1.2600.3119" PRODUCT_VERSION="5.1.2600.3119" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF9293" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3119" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3119" LINK_DATE="04/16/2007 15:52:53" UPTO_LINK_DATE="04/16/2007 15:52:53" VER_LANGUAGE="English (United States) [0x409]" />
    </EXE>
    </DATABASE>
     
    cmj1530, Apr 9, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you do not follow the instructions that we give you then we cannot help you. Please follow the instructions already given. And please do not post an logs or file inline like you did in message # 3.
     
    chaslang, Apr 10, 2008
    #6
  7. cmj1530

    cmj1530 Private E-2

    I think I have already followed the instructions you've given to the best of my ability. Sorry about posting the log...but if I try to attach the TXT file, when I close the window that does your attachments, it causes my IE session to crash-and I can't post at all. I'm not real good with computers, so I'm trying! The Trojan problem seems to be under control now...but my IE sessions CRASH anytime I close them (or any sub-session within them, or popup within them,etc).
     
    cmj1530, Apr 11, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry but no you have not followed my instructions. You need to run the READ & RUN ME and attach the requested log files for your Windows version. 3 of the attachments are text files and the fourth is a ZIP file. Without logs, we cannot help you. If you cannot attach text files, try using another browser or put the text files into a ZIP file and try attaching that.

    Here is another browser you could try rather than IE: Mozilla FireFox
     
    chaslang, Apr 12, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds