Hello All,
Amazingly my firefox has evidently been hijacked. I am writing this from my seamonkey browswer. In fact, various things on my computer haven't been functioning well lately.
Anyway, my firefox is oftentimes directed to some commercial site like coupon mountain, and other ad sites like maybe family circle or elle or such. I've tried engaging malware programs such as spybot, malwarebytes, hijackthis, and maybe a couple of others. The taskmanager says that spybot is running but no interface ever shows. I tried reinstalling it as well. The hijack this and malwarebytes download exe programs downloaded but the only thing that happens when i double click on them is an hourglass shows for several seconds. I made a new firefox profile which doesn't help at all. When I do a google search for something to try to fix things it often doesn't display the search or redirects to an ad site that is unrelated to the link i clicked on in the google search.
This is creepy since i thought firefox was a really secure browser. I have installed some of the addons but i thought those were secure as well.
Let me know if you can help, although you would have to tell me how to get hijackthis running first if you need one of those logs.

Thanks in advance!

Please download GooredFix from one of the locations below and save it to your Desktop Download
Mirror #1 Download
Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

OK, here 'tis....

GooredFix v1.92 by jpshortstuff
Log created at 01:48 on 19/03/2009 running Option #1 (eArmyU Student)
Firefox version 3.0.6 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="c:\program files\siber systems\ai roboform\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

Nothing showing there.

Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it.

==

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.

RECONNECT TO THE INTERNET

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

Downloaded Superantispyware. Got the superantispyware.exe loaded ok, which i presume is the installer. However, upon double clicking that it exibits the same behaviour as the other spyware programs when double clicked, that is, the hourglass appears for some seconds and then nothing. I cannot find another icon on the desktop that could be the SASW run icon, which is not the installer program. I also looked on the traybar or whatever the bar is with the start menu button.

PS,..the hostexpert part went OK.

I'm gonna have to sign off for awhile as it is very late here, but I'll check back in tomorrow. Thanks Capt. Crunch for your help.

Delete the MBA-M installation file that is on your pc at present.
Go back to download MBA-M again. Click on the link to download it. Select the "Save" option.
When the panel pops up to ask you where you wish to save the file, before choosing where, rename the file. I chose "bambam" in my screenshot just as an example,
Once you have saved it, try again to install it.

Well, that name switcheroo seemed to get it to start installing. but it is hung indefinitely at the please wait while installing box. Maybe it is because a spybot box appeared and asked that a startup registry change was OK, and I chose refuse because the startup on my computer is already incredible slow. OOps,...stand by, a window just appeared from the malwarebytes, so something is happening, albeit very slowly. Trouble is, I have to take off now so I have to leave things as they are for now.
I guess I know the spybot is working in the background, even though I couldn't get a gui for it to do a scan or anything.
After some minutes, I cannot see an interface for the malwarebytes, or anything on the start tray bar. Should I try installing again and allow spybot to let a startup change be placed?

Thats what I would do