A few days ago, I made the mistake of downloading a free blu ray software, "Pot Player," which, unknown to me, also bundled a program with it called "Layer" onto my Windows 7 64 bit desktop. Immediately I noticed that both my browsers, Internet Explorer, and Google Chrome had been hijacked. My work forces me to use Internet Explorer, but I prefer to use Google Chrome for every day use. Initially, the hijacker would reveal searches through "us.yhs4.search.yahoo.com" on both browsers. I uninstalled "Pot Player" and "Layer" immediately through "control panel" and "programs and features." I then visited bleeping computer and sites like it for methods of eliminating the remaining malady. From the advice of one site, I employed adwcleaner, junk removal tool, malwarebytes, and hitman pro. Each found various elements for quarantine and deletion, and I did just this. I also deleted both browsers' histories and cookies, and reset the browsers to their original settings. I then deleted google chrome and reinstalled it.
Today, when I went to use chrome, I was given a captcha image and taken to ipv4.google.com. The same problem struck when I loaded internet explorer a second later. It was then that I began to suspect that I had a more pernicious software on my hands. I ran TDSskiller, but it did not detect anything. Sophos detected two files, one named "ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ" and another with a similar name, but did not recommend deleting them. I left them there as is.
Finally, on the advice of another bleeping computer thread, I have isolated several randomly named .tmp files in C:\Users\<user name>\AppData\Local\Temp that, when deleted, cause the browsers to work perfectly. The problem is, naturally, that they continue to reappear once the browser is reengaged.
I want to thank you for any assistance provided. I have used this site in the past for problems found on friends' and colleagues' computers and found it most helpful.