I have a nuts issue with Firefox. Each time I do a search on Google, then right-click a link to open it in a separate tab/window, Firefox stalls for a couple of seconds, then opens some spam/advertisement link instead of the proper page.
- I have run SpyBot, SuperAntiSpyware, CCleaner and my PC is clean.
- I have tried to re-install Firefox and requested to delete all history and data. It did not solve the issue.
- I have deleted the content of my firefox/extensions folder, but it did not help.
- I have AGV anti-virus installed. It even says that the links are safe...
I searched other forums and websites for a solution, but could not find any. I am now posting this question here. Has anyone encountered this issue? How can I fix it?
EDIT
Often, a pop-up from Firefox asks me whether I want to save a file called 's'.
The issue does is not specific to a browser. It also happens with Chrome.
I ran recent versions of Ad-Ware, CCleaner, SpyBot, Emsisoft Anti-Malware, MalwareBytes and SUPERAntiSpyware, but it did not solve the issue.
EDIT 2
I have followed JdeBP's recommendations (obtain the IP addresses automatically via DHCP). I also found a strange entry in my registry which I have deleted. I rebooted, but the problem is still there.
When I perform a ipconfig /displaydns
, a get a long list of entries which seem to correspond to the spam I get. All of them have A (host) record set to 127.0.0.1
.
When I perform ipconfig /flushdns
followed by ipconfig /displaydns
, then entries are still there...
When I perform ipconfig /renew
, I get: No operation can be performed on Local Area Connection while it has its media disconnected
. I am not really sure what that means. I am accessing the Internet via wireless (not ethernet cable). When I switch off the wireless on my PC, I get the same message for Wireless Connection.
I have disabled the Local Area Connection and tried ipconfig /renew
, but it stalls...
EDIT 3
Here is the output of ipconfig /all. I am currently connected to the Internet via Wireless:
Windows IP Configuration
Host Name . . . . . . . . . . . . : NoKidding
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1D-BA-AC-D9-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-5D-EB-34-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::193:2bc9:cbb0:168b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.148(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : vendredi 10 juin 2011 2:10:57
Lease Expires . . . . . . . . . . : samedi 11 juin 2011 2:31:02
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268443997
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-91-8C-91-00-1D-BA-AC-D9-26
DNS Servers . . . . . . . . . . . : 167.206.245.130
167.206.245.129
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ccd8:6bfa:a3a4:7dfb%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.20.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : vendredi 10 juin 2011 2:18:29
Lease Expires . . . . . . . . . . : vendredi 10 juin 2011 10:31:02
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.20.254
DHCPv6 IAID . . . . . . . . . . . : 436228182
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-91-8C-91-00-1D-BA-AC-D9-26
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3419:22f2:c13b:e8fa%19(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.132.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : vendredi 10 juin 2011 2:19:04
Lease Expires . . . . . . . . . . : vendredi 10 juin 2011 10:31:04
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.132.254
DHCPv6 IAID . . . . . . . . . . . : 453005398
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-91-8C-91-00-1D-BA-AC-D9-26
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Primary WINS Server . . . . . . . : 192.168.132.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-D4-EA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::413a:949e:27db:860c%22(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.134.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 503840807
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-91-8C-91-00-1D-BA-AC-D9-26
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.lan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8C86257F-65F0-49A9-B3DF-A61CC7F73546}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A98786DD-7682-4826-88F4-A03BA1D824A5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A53A0A7E-6A3D-4A72-A11F-30A6322B957C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FC119556-5E94-4BAB-8451-5D240BF581A5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Apparently the DNS associate to the wireless is 167.206.245.130 which resolves to "vdns2.srv.prnynj.cv.net".
EDIT 4
I have noticed that I did not have a hosts
file. I don't know how I got into that situation. Windows 7 never complained about this.
Some backups of hosts
where there in the directory, including one made by SpyBot. I have created a new hosts file from it and rebooted, but I still face the same issue.
I have tried ipconfig /displaydns
again, and it still displays the problematic entries. These entries are not in my hosts
file:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...
127.0.0.1 www.zxsex2.info
127.0.0.1 zxsex2.info
127.0.0.1 zyban-zocor-levitra.com
# This list is Copyright 2000-2008 Safer Networking Limited
127.0.0.1 suportevendas.com
127.0.0.1 www.suportevendas.com
# End of entries inserted by Spybot - Search & Destroy
EDIT 5
Sorry, I retract. The problematic entries returned by ipconfig /displaydns
did appear in my hosts file
. So, I started with a fresh one:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
Here is where it gets REAL crazy. After rebooting my PC, display DNS returns:
Windows IP Configuration
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost
1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost
localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 28
Time To Live . . . . : 86400
Data Length . . . . . : 16
Section . . . . . . . : Answer
AAAA Record . . . . . : ::1
After going to google, search for some dummy term, then right-click any link to open a page in a new tab, I get the spam. When I perform display DNS again, I get:
Windows IP Configuration
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost
1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost
clickalmost.org
----------------------------------------
Record Name . . . . . : clickalmost.org
Record Type . . . . . : 1
Time To Live . . . . : 30
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 69.65.49.114
t3.gstatic.com
----------------------------------------
Record Name . . . . . : t3.gstatic.com
Record Type . . . . . : 5
Time To Live . . . . : 28
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : tbn.l.google.com
www.gregorypacks.com
----------------------------------------
Record Name . . . . . : www.gregorypacks.com
Record Type . . . . . : 5
Time To Live . . . . : 1785
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : gregorypacks.com
www.gap-system.org
----------------------------------------
Record Name . . . . . : www.gap-system.org
Record Type . . . . . : 5
Time To Live . . . . : 7185
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : turnbull.mcs.st-and.ac.uk
www.cityofgregory.com
----------------------------------------
Record Name . . . . . : www.cityofgregory.com
Record Type . . . . . : 5
Time To Live . . . . : 3585
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : cityofgregory.com
www.gregorysshoes.com
----------------------------------------
Record Name . . . . . : www.gregorysshoes.com
Record Type . . . . . : 5
Time To Live . . . . : 3585
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : gregorysshoes.com
twitter.com
----------------------------------------
Record Name . . . . . : twitter.com
Record Type . . . . . : 1
Time To Live . . . . : 7
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 199.59.148.10
Record Name . . . . . : twitter.com
Record Type . . . . . : 1
Time To Live . . . . : 7
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 199.59.148.82
Record Name . . . . . : twitter.com
Record Type . . . . . : 1
Time To Live . . . . : 7
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 199.59.149.198
online.wsj.com
----------------------------------------
Record Name . . . . . : online.wsj.com
Record Type . . . . . : 5
Time To Live . . . . : 34
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : online.wsj.akadns.net
www.gregory1.com
----------------------------------------
Record Name . . . . . : www.gregory1.com
Record Type . . . . . : 1
Time To Live . . . . : 14385
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 98.190.238.71
www.utrecsports.org
----------------------------------------
Record Name . . . . . : www.utrecsports.org
Record Type . . . . . : 5
Time To Live . . . . : 3585
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : utrecsports.org
adwords.google.com
----------------------------------------
Record Name . . . . . : adwords.google.com
Record Type . . . . . : 1
Time To Live . . . . : 251
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 72.14.204.112
localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 28
Time To Live . . . . : 86400
Data Length . . . . . : 16
Section . . . . . . . : Answer
AAAA Record . . . . . : ::1
www.newadvent.org
----------------------------------------
Record Name . . . . . : www.newadvent.org
Record Type . . . . . : 1
Time To Live . . . . : 3321
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 208.87.26.197
Some stuff is managing to pollute my DNS information just from browsing. And to make sure it was not in Firefox's history, I performed CCleaner before all that.
I start to believe it comes from the net and exploits a weakness in Windows 7 and browsers.
EDIT 6
I have tried to reboot in safe mode with network, then I started Firefox. The problem still happens. I restarted Firefox in safe (i.e., disabling all add-ons etc...). The problem still happens.
My home page is http://www.google.com
. I type KB66. The URL changes to:
http://www.google.com/#sclient=psy&hl=en&site=&source=hp&q=KB66&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=5014d35bb6efb157&biw=1280&bih=671
I right click on a link called 'www.faucetdirect.com › ... › Kingston Brass Tub and Shower' (for example) to open it in a separate tab (or window). The link in the new tab becomes:
http://7search.com/scripts/validation/v1/validate.aspx?x=dy9ygBqjMxLd%2fx4LgOz5nQ%3d%3d_nO1ntDEYzcueda6yqGuUEeCV6c3Bxc6tmw%2fI%2fM6cQTK3SaB9RpCN6iq7Oi6xnF6w0rps%2b%2bhP2MyCTu9vIpIX4yX3Rbb3DEqizuSnIrOMbXnjc%2bPLs5ynvpAR7ks6T%2b9EdGLnPWbO2Cu7Mv3V1w1MUhZAz6VAxhb3x4jYKaGcSRGjiUq%2bq0gHn2Ztqy2ZO0SJvCokHOYmlvuWGAEsf6xaAZ6sdsUfpzQXggpBWlZYwVIMNbCU9Y%2fhVzEWcKJ6XO4HZrlIhZwXAJ9%2brzRxqtwdegQ8fzHsM1DnhYe0kpgzZi4XCYIHjW%2fg5sf%2brshMYtgq
Sometimes, I get different links to other spam or search web sites.
When I right-click on the 'cached' linked to open content in a separate tab, I get:
http://webcache.googleusercontent.com/search?q=cache:Y5x8Fw4B-OgJ:www.faucetdirect.com/kingston-brass-kb66-px-double-handle-tub-and-shower-with-rough-in-single-function-showerhead-tub-spout-and-porcelain-cross/p1507409+KB66&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
I followed harrymc's recommendation regarding autoruns, I can't find something suspicious in my startup items.
I have been using this PC both in Europe and in the US and the issue happens in both locations.
P.S.: Yesterday, I also ran all anti-spyware, bot and anti-virus again and 0 issues were found.
For the records
Reformatting my PC from scratch solved the issue. I never thought I would have to go that far. Pffffff.....
ipconfig /all
. And are you using wired or wireless ?