jennbee

Finally got ComboFix to run in safe mode. Log file now attached. I'm not sure if I previously mentioned that the last time we ran the ESET online scanner it identified something in the operating memory but did not give any option to clean or repair the issue. log.txt

Hi again, I recopied the script but we're still getting the syntax error message

Finally back to this task... I have tried to re-run ComboFix with the script provided , both in safe mode and regular. I am getting the message "the syntax of the command is incorrect" nothing more happens in the Combo Fix window after this point.

Will have to try this when I next have access to computer - unfortunately will be away from it now for another week.

Norton now uninstalled - ComboFix seems to have hung again...Autoscan window not getting past initial message "Scanning for infected files ... This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double" cursor remains blinking, but there is no evident disc activity occurring on the computer - we usually see the laptop's disc light flashing during any processes but this has ceased.

Having problems getting ComboFix running - we reinstalled to try again after it 'hung' - an no we didn't press any key etc after it had started...but after 20 min of inactivity we figured we better restart the machine. On running the reinstalled version of ComboFix, although we had Norton antivirus disabled (including killing its process in task manager) Combo fix kept saying it was active. After the selecting Yes after second N.AV active warning, another message came up asking if we were trying to run CFScript, but said CFScript misspelled! Suffice to say ComboFix now won't run

Hi again, I've run a whole bunch of the utilities listed in the early part of this thread on computer - ESET Online scanner eventually found a threat - attaching files from all programs ESETScan.txt AdwCleanerR5.txtAdwCleanerS3.txtComboFix.txtExtras.TxtOTL.Txtlog.txtmbar-log-2013-06-29 (12-54-19).txtsystem-log.txtTDSSKiller.2.8.18.0_29.06.2013_12.47.30_log.txt Hoping that now we've found something we can finally resolve

Sure - I'll concentrate on the old machine

Do you think I should aslo run tools on the that has not been experiencing the hijacking?

Minitoolbox result file attached. Result.txt One additional thing that has occurred is that we had the machine hooked up to my wireless network which is linked to an ADSL connection. While on my network Malwarebytes blocked many attempts to contact the ip addresses mentioned right back at the start of this grand adventure. We disconnected from that network and connected to an alternative, personal 3G wireless connection. While on the 3G network, attempts to contact the aforementioned ip addresses ceased. Although attempted connections have previously been experienced while on 3G network ( but not today) and browser still hijacked on this network. We tried to reconnect to my network but had no success reconnecting, even manually re-entering network security key - attempt to repair connection also failed. I have not yet attempted a restart of my wireless network - note the other computer using my network (running OS7 +IE10 / FF21) not experiencing any browser hijacking or attempts to connect to other ip addresses) Thought I'd mention this as I gather DNS and proxy details may be different if on a different network??

HI there, have been offline but now back on the case - will implement your June 23 recommendations today and let you know how I get on. jennbee

Redirects are still occuring, but not on every search result, and only in IE and FireFox - Chrome seems fine. Generally, first few searches are okay, then things degrade. The more searches we do seem to increase the number of search results affected by redirects. I haven't tested sufficiently to identify any pattern, and I'm not sure whether things reach a point where all results in top 10 results (or further) redirect. I did think that 'paid' search results (i.e. advert links top and in right column) seem more prone to redirect.

Rogue Killer file - after symantec uninstalled - note computer also had symantec WinFax Pro which was also uninstalled...maybe it was WinFax rather than Norton 360 causing the flagging, as we hadn't previously switched that off RKreport0_S_06232013_112644.txt

Latest RogueKiller log attached RKreport0_S_06232013_075727.txt

gmer text attached GMER.txt