15 replies to this topic

[Bob5280]

When I do a search on Dogpile.com and click on one of the search link my computeris being redirected
to CS.INFOSPACE.COM - but only momentarily - then I am taken to the search link that I had clicked on.
This is NOT happening in say Google. The exact URL that I am being taken to is:

http://cs.infospace....ashx?...e&ep=0
euip=70.22.218.33&npp=1&p=0&pp=3&pvaid=e0cec14a378248dbb3c2e5c1b8a15303&ru=http%3a%2f%2fwww.ebaumsworld.com%2fuser%2fblog%2fSpaceEagle%2fview%3d815664972f&s=dogpile&sid=794727687.869437799649.1312900556
&vid=794727687.869437799649.1312804680.5&hash=B25411A37CFFE88722536C68855C1E91

The URL contains a hash number.

I am also getting a tremendous amount of APHXXX.TMP files created in my C:\TEMP directory whenever I go to the Internet. When I open these files in Notepad - they appear to be webpage codings of places that I have surfed.

I have scanned with Ad-Aware Internet Security Pro and found nothing but cookies.

Any suggestions that you may have would be great.

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop. Post them back to your topic.

[Bob5280]

 dds.txt   13.28K   118 downloads

When I do a search on Dogpile.com and click on one of the search link my computeris being redirected
to CS.INFOSPACE.COM - but only momentarily - then I am taken to the search link that I had clicked on.
This is NOT happening in say Google. The exact URL that I am being taken to is:

http://cs.infospace....ashx?...e&ep=0
euip=70.22.218.33&npp=1&p=0&pp=3&pvaid=e0cec14a378248dbb3c2e5c1b8a15303&ru=http%3a%2f%2fwww.ebaumsworld.com%2fuser%2fblog%2fSpaceEagle%2fview%3d815664972f&s=dogpile&sid=794727687.869437799649.1312900556
&vid=794727687.869437799649.1312804680.5&hash=B25411A37CFFE88722536C68855C1E91

The URL contains a hash number.

I am also getting a tremendous amount of APHXXX.TMP files created in my C:\TEMP directory whenever I go to the Internet. When I open these files in Notepad - they appear to be webpage codings of places that I have surfed.

I have scanned with Ad-Aware Internet Security Pro and found nothing but cookies.

Any suggestions that you may have would be great.

Attached Files

•  attach.txt   25.8K   154 downloads

[Bob5280]

 dds.txt   13.28K   118 downloads

Attached Files

•  dds.txt   13.28K   79 downloads

[Blade81]

Hi,

You should keep only one of these: Ad-Aware, BitDefender or Microsoft Security Essentials. It's not recommended to have multiple antivirus programs installed and running.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
  Remember to re-enable them afterwards.
  
  
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[Bob5280]

Hi,

You should keep only one of these: Ad-Aware, BitDefender or Microsoft Security Essentials. It's not recommended to have multiple antivirus programs installed and running.
Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
  Remember to re-enable them afterwards.
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

I ran combofix but could find no Combofox text file. Attached are the DDS generated files

Attached Files

•  attach_2.txt   27.35K   220 downloads
•  dds_2.txt   13.3K   70 downloads

[Blade81]

Hi,

Please look for ComboFix.txt file in c:\ and c:\ComboFix locations. If you can't find one please run ComboFix again.

[Bob5280]

Hi,

Please look for ComboFix.txt file in c:\ and c:\ComboFix locations. If you can't find one please run ComboFix again.

I have searched for it and run Combofix a number of times and still no combofix.txt. When I use Windows search it finds a copy but when I click on it it says that the path is invalid. Also get a message on reboot (everytime combofix is run) that windows has recovered from a serious error.

Edited by Bob5280, 13 August 2011 - 03:51 PM.

[Blade81]

Hi,

Try to run ComboFix in safe mode making sure protection software is disabled. Also, I still recommend you uninstall extra antivirus programs to free system resources.

[Bob5280]

Hi,

Try to run ComboFix in safe mode making sure protection software is disabled. Also, I still recommend you uninstall extra antivirus programs to free system resources.

Took two tries in Safe mode to produce the Combofix.txt file. VERY scary infections on this computer. I am so glad that you are doing this - much appreciated believe me. I will attach all the files requested to this post

Attached Files

•  ComboFix.txt   19.23K   78 downloads
•  attach3.txt   27.02K   75 downloads
•  dds3.txt   12.35K   113 downloads

[Blade81]

Hi again,

Upload c:\windows\system32\kernel32.dll file to http://www.virustotal.com (choose to reanalyse if prompted) and post back a link to the results.

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
• Click Scan
• Wait for the scan to finish
• Copy and paste results as a reply to this topic.

[Bob5280]

Attached are the results

Attached Thumbnails

• 
• 
• 
• 

[Blade81]

Things look ok. It seems problem isn't in your system. Someone else mentioned about similar redirections in this topic.

Let's uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

[Bob5280]

Things look ok. It seems problem isn't in your system. Someone else mentioned about similar redirections in this topic.

Let's uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

I uninstalled Combofix. Thanks for the "heads-up" with Dogpile - probably something that they are doing. Thanks for sticking with this with my computer - much appreciated. I know that this is a step-wise procedure and is tedious - appreciate your patience.

[Blade81]

You're welcome

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !