Firefox sends me to junk sites

By mollydoggy1971
Dec 22, 2009
  1. I'm using Windows 7 x86 Ultimate. I'm also using Firefox. When Googling something, about 50% or more of the time, instead of getting the link I clicked on, I get a junk site, which is always blocked by my Hosts file. I've run numerous AV, anti-sp[yware, etc. programs, and no luck. It seems like the second time I click on a link I get the proper link. I have run Hijack This!, and am pasting the log. Any help you all could give would be greatly appreciated...I'm quite frustrated with this issue!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:30:20 AM, on 12/22/2009
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe
    C:\Program Files\Zune\Zune.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\SoulseekNS\slsk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Tipard Studio\Tipard Video Converter\Tipard Video Converter.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Defender] C:\WINDOWS\system\winmsr32.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Mollydog\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [comusrGame] rundll32.exe "C:\Users\Mollydog\AppData\Local\comusrGame\comusrGame.dll", DllInit
    O4 - HKCU\..\Run: [Microsoft Defender] C:\WINDOWS\system\winmsr32.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: SAM Broadcaster.lnk = C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe
    O4 - Startup: Soulseek.lnk = C:\Program Files\SoulseekNS\slsk.exe
    O4 - Startup: Zune.lnk = C:\Program Files\Zune\Zune.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone:
    O15 - Trusted Zone:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer =,
    O17 - HKLM\System\CS1\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer =,
    O17 - HKLM\System\CS2\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer =,
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

    End of file - 8902 bytes
  2. tipstir

    tipstir TS Ambassador Posts: 2,383   +105

    See I see no point to run all bunch of AV/SP an etc.. where the default from OS FW, UAE and download the MSE is more than enough security. Unless you do the BT stuff then PeerBlock for that purpose.

    You got link re-direct problem. Go under safe mode and run your AV/SP an etc.. that you run and see if it catches anything?

    Windows 7 U
    FireFox 3.5.6
    Adblock Plus + also Subscribe to Malware Bad site list
    Flash Block
    CS Lite
    Bettery Privacy
    Privacy Plus
  3. mollydoggy1971

    mollydoggy1971 TS Rookie Topic Starter

    I hate to seem picky, but I have almost no idea what you said to me. All those abbreviations mean nothing to me. I'm guessing that you have suggested to restart Windows in Safe Mode, then run the antivirus and such. I have done that, and nothing is found. If that's not what you suggested, please clarify so that I can try it out. Thanks for your help though!
  4. jobeard

    jobeard TS Ambassador Posts: 9,156   +598

    the hijack log shows some 017 entries like
    and we find they belong to
    *IF* your ISP is then these are correct, but if not, you need to find and reset the DNS addresses.
  5. mollydoggy1971

    mollydoggy1971 TS Rookie Topic Starter is one of the DNSes of MagicJack (the cheap VOIP phone thing). I can't get that thing to work under 7 either, but is of no consequence.
  6. mollydoggy1971

    mollydoggy1971 TS Rookie Topic Starter

    Anyone? Bueller? Bueller? Bueller? Anyone?
  7. mollydoggy1971

    mollydoggy1971 TS Rookie Topic Starter

    Well, apparently nobody's willing to help me, so I thank the two people who made an attempt to help. I suppose I'll take my issue to a GOOD forum, where people will actually offer some assistance.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...