Firefox sends me to junk sites

[mollydoggy1971]

I'm using Windows 7 x86 Ultimate. I'm also using Firefox. When Googling something, about 50% or more of the time, instead of getting the link I clicked on, I get a junk site, which is always blocked by my Hosts file. I've run numerous AV, anti-sp[yware, etc. programs, and no luck. It seems like the second time I click on a link I get the proper link. I have run Hijack This!, and am pasting the log. Any help you all could give would be greatly appreciated...I'm quite frustrated with this issue!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:20 AM, on 12/22/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system\winmsr32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\mIRC\mirc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SoulseekNS\slsk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\eHome\EhTray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Tipard Studio\Tipard Video Converter\Tipard Video Converter.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[[[DELETED DUE TO POSTING REGULATIONS ABOUT NO LINKS]]]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Defender] C:\WINDOWS\system\winmsr32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [cdloader] "C:\Users\Mollydog\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [comusrGame] rundll32.exe "C:\Users\Mollydog\AppData\Local\comusrGame\comusrGame.dll", DllInit
O4 - HKCU\..\Run: [Microsoft Defender] C:\WINDOWS\system\winmsr32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SAM Broadcaster.lnk = C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe
O4 - Startup: Soulseek.lnk = C:\Program Files\SoulseekNS\slsk.exe
O4 - Startup: Zune.lnk = C:\Program Files\Zune\Zune.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer = 67.90.152.122,67.107.71.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer = 67.90.152.122,67.107.71.186
O17 - HKLM\System\CS2\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer = 67.90.152.122,67.107.71.186
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

--
End of file - 8902 bytes

 

[tipstir]

See I see no point to run all bunch of AV/SP an etc.. where the default from OS FW, UAE and download the MSE is more than enough security. Unless you do the BT stuff then PeerBlock for that purpose.

You got link re-direct problem. Go under safe mode and run your AV/SP an etc.. that you run and see if it catches anything?

Windows 7 U
Firewall
MSE
FireFox 3.5.6
Adblock Plus + also Subscribe to Malware Bad site list
Flash Block
CS Lite
Bettery Privacy
Privacy Plus

 

[mollydoggy1971]

See I see no point to run all bunch of AV/SP an etc.. where the default from OS FW, UAE and download the MSE is more than enough security. Unless you do the BT stuff then PeerBlock for that purpose.

You got link re-direct problem. Go under safe mode and run your AV/SP an etc.. that you run and see if it catches anything?

Windows 7 U
Firewall
MSE
FireFox 3.5.6
Adblock Plus + also Subscribe to Malware Bad site list
Flash Block
CS Lite
Bettery Privacy
Privacy Plus

I hate to seem picky, but I have almost no idea what you said to me. All those abbreviations mean nothing to me. I'm guessing that you have suggested to restart Windows in Safe Mode, then run the antivirus and such. I have done that, and nothing is found. If that's not what you suggested, please clarify so that I can try it out. Thanks for your help though!

 

[DelJo63]

the hijack log shows some 017 entries like

O17 - HKLM\System\CCS\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer = 67.90.152.122,67.107.71.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer = 67.90.152.122,67.107.71.186
O17 - HKLM\System\CS2\Services\Tcpip\..\{077BEC15-93A8-4061-8254-04B374EBC121}: NameServer = 67.90.152.122,67.107.71.186

and we find they belong to

Name: ns01.talk4free.com
Address: 67.90.152.122

*IF* your ISP is talk4free.com then these are correct, but if not, you need to find and reset the DNS addresses.

 

[mollydoggy1971]

the hijack log shows some 017 entries like
and we find they belong to
*IF* your ISP is talk4free.com then these are correct, but if not, you need to find and reset the DNS addresses.

talk4free.com is one of the DNSes of MagicJack (the cheap VOIP phone thing). I can't get that thing to work under 7 either, but is of no consequence.

 

[mollydoggy1971]

Anyone? Bueller? Bueller? Bueller? Anyone?

 

[mollydoggy1971]

Well, apparently nobody's willing to help me, so I thank the two people who made an attempt to help. I suppose I'll take my issue to a GOOD forum, where people will actually offer some assistance.