If you don't have NoScript installed on Firefox, you're wide open to any drive-by downloads that are not detected by the AV.

Most browsers default to allowing a certain level of script permission. From what I've seen, that default level is not very secure.

Another useful add-on that might have prevented this is a "super-cookie" (flash cookie) cleaner, it's another add-on for Fx, and called BetterPrivacy.

I don't know whether that would have prevented it, as I don't know the vehicle for the browser hijack.

Definitely recommend running MBAM, also.