0

I followed the instructions on another thread and used MBAM and HJT and here is the log. for it. not sure if its fixed.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6561

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/13/2011 1:40:30 AM
mbam-log-2011-05-13 (01-40-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 350204
Time elapsed: 2 hour(s), 53 minute(s), 25 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 44
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 117

Memory Processes Infected:
c:\documents and settings\all users\application data\questscan\questscan127.exe (Adware.Agent.Gen) -> 1948 -> Unloaded process successfully.
c:\program files\questscan\questscan.exe (Adware.Agent.Gen) -> 432 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\questscan\questscan.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\program files\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Delete on reboot.
c:\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.SmartShopper) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\tin\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Delete on reboot.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Delete on reboot.
c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Delete on reboot.
c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\mp3tube toolbar (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images (Adware.Mp3Tube) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\questscan\questscan127.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\program files\questscan\questscan.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\program files\questscan\questscan.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Delete on reboot.
c:\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.SmartShopper) -> Delete on reboot.
c:\documents and settings\administrator\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\Sun\Java\deployment\cache\6.0\8\1d634208-1a37c036 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\questscan\uninstall.exe (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReports2) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\administrator\local settings\application data\nfy.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\18603812.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\pjudowmnnh.exe.vir (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\tin\application data\Adobe\plugs\mmc2441000.txt.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\DOCUME~1\tin\LOCALS~1\Temp\1453e8.tmp.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\wmob39.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\2492D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\1174A.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\ShowMsg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\uninstall.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\install.rdf (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\toolbar.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherloc.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherloc.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow-grey.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_partner.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_small.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\bg.jpg (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\feeditem.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\logo.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\news_refresh.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupsearchmp3.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupwindow.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savemp3_bg_hover.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savemp3_bg_normal.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savetomp3popup.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\toolbar.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3_disabled.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow_big.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\btn_close.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\dailyhotdeals.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\divider.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\facebook.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\games.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\icon-RSS.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\news.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\plainbutton.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup-musicicon.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\saveyoutubevideos.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\screensaver.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\search.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbar-grey-250.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbox.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\separator_line.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\shopping.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\watermark.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\youtube.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_tstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\flurries.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\hazy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mist.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sleet.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\thunderstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\weatherbug.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\windy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\mp3tube toolbar\pref.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\mp3tube toolbar\tbconfig.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\tin\application data\mp3tube toolbar\images\dailyhotdeals.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\divider.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\feeditem.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\games.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\savemp3.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\savemp3_disabled.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\screensaver.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\shopping.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\watermark.png (Adware.Mp3Tube) -> Delete on reboot.
c:\documents and settings\tin\application data\mp3tube toolbar\images\weatherbug.png (Adware.Mp3Tube) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:13 AM, on 5/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Nexon\Atlantica\Atlantica.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: WLSVC - Unknown owner - C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe

--
End of file - 3631 bytes

3
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by jholland1964
0

i dont use internet explorer. i use modzilla firefox. the video is opened in the background and i have no idea where its coming from. to disable it i have to go to task manager and manually disable IE only to have it come up later.

Edited by wuxia: n/a

0

I would advise the replacement of iexplorer with firefox

You should really read everything in the thread. The poster has stated that he does NOT use IE, he uses Firefox. You cannot "replace" IE it is part of the operating system, you don't have to use it but it cannot be removed.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.