Could you disable these three plugins/extensions and let me know if the alerts stop

Torch Share
WorldWinner Firefox Launcher Plugin
Catalina Marketing Corporation

should these all be in firefox?

in firefox i found-
catalina savings printer 2.0.0.2
worldwinner firefox launcher plugin

in chrome I found
torch share-

I turned these off, but the problem persists— am I looking in the correct place to disable addons? should I be looking anywhere else?

I uninstalled torch, some web browser that I dont remember getting or ever using- since you mentioned disabling torch share, however that didnt solve anything either–

I cant seem to find a plugin/extension anywhere that specifically says catalina marketing corporation

I just tried to disable all addons/plugins/extensions in firefox and chrome, but I still get the same trojan horse warning-

It appears to be well hidden within either Firefox or Chrome (they do share some files)

At this stage the easiest option would be to fully uninstall Firefox and Chrome, then re-install

will I have to lose my bookmarks and plugins/extensions? or can I keep anything?

Ideally it would need to be a fresh start with regards to plugins/extensions, but export the bookmarks as they should not be a problem

ok sounds good-
I do this through add remove programs or some other way?

For firefox, first backup your bookmarks to the desktop
Then follow the steps here http://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
This is the important part as we do not wish to retain the bad plugin :

If you want to remove your Firefox user data and settings, put a check mark in the box that says Remove my Firefox personal data and customizations. If you select this option, Firefox will not preserve your bookmarks, saved passwords, and other data if it is installed again.

Same for Chrome here https://support.google.com/chrome/answer/95319?hl=en

strange thing-

I removed firefox, then chrome following instructions- I even removed left over firefox folder in C program files-

However when I went to download new firefox and reinstall it I then opened firefox and it had all of the plugins still there!
It had 3 less extensions, but it left 3 extensions in firefox and all 3 were disabled-- The plugins were all enabled!-

I have before screenshots of the addons if that is helpful at all-

I also tried to replicate the Trojan horse popup, and it is still there.

Yes could you show all the addons. Did you select remove all data and then delete the firefox folders before re-installing ?

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

yes I did all that before reinstall-

I will do this now-

here are scnreenshots

2 of 4

3 of 4

4 of 4

just got this in IE

Infection Details
URL: http://url4short.info/favicon.ico
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: URL:Mal

I got it by going to google and searching for:

https://www.google.com/search?q=HTML%3ARedirDL-inf+[Trj]+type+of+trojan&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#client=firefox-a&hs=zdw&rls=org.mozilla:en-US%3Aofficial&sclient=psy-ab&q=what+type+of+trojan+is+HTML:RedirDL-inf+[Trj]&oq=what+type+of+trojan+is+HTML:RedirDL-inf+[Trj]&gs_l=serp.3...10931.16746.1.16959.25.24.0.0.0.14.261.3178.0j23j1.24.0...0.0...1c.1.15.psy-ab.LguZXFN4_K8&pbx=1&bav=on.2,or.r_qf.&bvm=bv.47244034,d.aWM&fp=df2c1034d2b67a94&biw=1920&bih=1061

what type of trojan is HTML:RedirDL-inf [Trj]

Then when I clicked on the 4th thing listed it gave me that message— However when I try and click a second time the message does not come— Seems to have some kind of similar pattern?

http://www.drumcorpsplanet.com/forums/index.php/topic/154946-dcp-infected/

I ran TFC.exe

Do you have firefox set to synch as most of the addons/extensions are not part of the base package

Could you open a command prompt and type in the following pressing enter after it

ipconfig /flushdns

done