Hello. I need some help. Using Firefox, I get redirected sometimes when I click on one of my Google searches resulting in a blank browser window. Going back my Google search results and clicking on the desired link two or three times allows me to reach the webpage. Sometimes a new Firefox browser pops up with three tabs, two of which have miscellaneous ads. Through my searching I came across Hijack This and using the website http://hjt.networktechs.com/ to look up my Hijack This log and fixed the following because they appeared in red on the site:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

I also updated to adobe 9 and used the Microsoft website to deal with O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe. After all this my computer situation has not improved. Thank you in advance with any help.

Through my searching I came across Hijack This and using the website http://hjt.networktechs.com/ to look up my Hijack This log and fixed the following because they appeared in red on the site
Hi,

Never trust those online hjt scanners. By following their results you can get system into really bad state.


Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

Here are the requested logs.

Hi,

Do you still have redirecting issue? If yes, does it happen with both Firefox and Internet Explorer?

I get redirected in both Firefox and Internet Explorer using both Google and Yahoo. The redirection does not occur everytime. The following is a survey of the redirection in Firefox and IE giving a particular search subject and clicking a total of 10 search results in Yahoo and Google.

Firefox: Google redirection times: 4, Yahoo redirection times: 4

IE: Google redirection times: 3, Yahoo redirection times: 3

Firefox is my primary web browser. In the Firefox tab or the IE address bar, just before the webpage address or name I'm redirected to, most of the time, there is either a green globe like symbol or a fuzzy 2 like symbol.

Some examples of the webpages I'm directed to include:

1.sweetinspirations.com/search.php
2.phoenixlights.com
3. telarcrecords.com/search
4.soberrehab.com/result.php
5. orangecountydrivinglessons.com/result
6.underbyte.com/search
7. qlogix.com/result
8.medicasions.com/result
9. merchard.com/result

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Sorry for the long wait. Attached are the logs. I checked the use of google and yahoo in both firefox and IE. I did not get redirected in either search engine using both web browsers. I clicked on ten results in each search engine just as before.

Hi,


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Let recovery console to be installed.
Then post the resultant log.

Uninstall these:
Java 2 Runtime Environment, SE v1.4.2
Macromedia Shockwave Player



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

You have just installed something ESET related there. If it's the online scanner set it so that found items won't be removed and then run a scan with it.


Post back ESET report, a fresh dds log and above mentioned ComboFix resultant log.

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.