Internet Explorer constantly prompts to download file from login.dotomi.com

I've come across an issue that I can't seem to figure out.
So far, I've noticed that this only happens with the website kohls.com.
When using google to search it's common for the first few results to be paid ads. If I click the paid ad for Kohls, it goes to this URL

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CHoxzMrYSVc-XLIqMpgPV24CYAuLjs7kGqtPxq8MB69ePCQgAEAFgya6wiPSjwBCgAfbItuUDyAEBqgQgT9B3DMwYq2jSBe29odSYLFZ0S8K8w1rPK6r18dpJFUeIBgGAB6eWcpAHA6gHpr4b2AcB&ohost=www.google.com&cid=5Gj-o9EliVi3m5PHd2y4NqY-y_c4nCrOXbz5Rs8m8E-FH9M&sig=AOD64_17mJmh0QmM1oSszqVET0Fnq27CYQ&rct=j&q=&ved=0CBsQ0Qw&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D43500000072369989%26ds_s_kwgid%3D58500000000879388%26ds_e_adid%3D52356290954%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_url_v%3D2%26kwid%3D%5B*KeywordID*%5D%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3DKohls%26utm_campaign%3D%7BCampaignName%7D%26UTM_Adgroupid%3D%5B*AdgroupID*%5D

Then redirects to

http://ad.doubleclick.net/clk;212511676;33909568;n;u=ds&sv1=72369989&sv2=2015032573&sv3=119502;%3fhttp://www.kohls.com/?pfx=pfx_google_roi&cid=bsolo&kwid=p72369989&utm_source=google&utm_medium=cpc&utm_term=Kohls&utm_campaign=%7bCampaignName%7d&UTM_Adgroupid=58500000000879388&gclid=CIfCvcTMw8QCFQYIaQodPZEAyQ&gclsrc=aw.ds

...and never actually goes to the Kohls website.

I've also noticed (but only when using Internet Explorer) that if I go directly to kohls.com, when I search for items I am constantly being prompted to download a file from login.dotomi.com. The file it asks to download is the exact same as the web page that is being viewed (no matter what page your viewing). See attached PDF

This is happening with Internet Explorer, Chrome and Firefox.

I have run several programs in an attempt to find out what might be causing this issue, but have not found a solution.
I have tried the following programs:
AVG
kapersky
malwarebytes
ccleaner
hitmanpro
combobox

I'm currently running a full scan with microsoft malicious software removal tool, but it's found nothing so far and it's over 50% complete.

I have checked the hosts file and nothing out of the ordinary there either.

What am I missing?
download.pdf
MBischAsked:
Who is Participating?
 
MBischAuthor Commented:
I created the boot media and scanned the computer but nothing was found.
In the end, I created a new user profile and copied the data from the corrupted profile to the newly created user.
Everything is working great now.
0
 
KimputerCommented:
Are you at home, or are you talking about a corporate network (which means you don't have access to DNS server, UTM devices or other network firewalls/filters/scanners).
0
 
MBischAuthor Commented:
This is a home network, but also happens when I take the laptop to any other wifi hotspots, so I feel that it's something on the laptop itself.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
KimputerCommented:
Good catch, it's indeed the laptop itself (well, I'm about 99% sure).

Did you ever scan your laptop OUTSIDE of Windows (i.e. boot cd/usb). Usually if malware has the upper hand, scanning when Windows is already started is of no use.
0
 
MBischAuthor Commented:
I have not tried scanning outside of windows. What do you suggest that I use?
0
 
KimputerCommented:
Easiest to get are AVG boot cd/usb

http://www.avg.com/eu-en/download.prd-arl

Please note you should update (either by downloading manually and putting it on usb, then loading it after usb has been booted. Or if your network can be detected, you can do it online). Otherwise you're using a nov 2014 scanner.

Also try avira even if you found or didn't find any virusses:

http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/655
0
 
MBischAuthor Commented:
It was the solution to my problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.