http://www.freshdeals.com/simple.php?uvx=j5ZcFBmJuCXCtdM-sUmVku_3h5kt2wmeRhHjOe2Y13iq-Adan2kuBp5oNqekqD4KGxMB64TzS6WIML3kd3z8UohOloc-uC6Da01Ot7-CVqLzXt57KK6fLBUaJA5OXnHrMkog9IyuPk4Q6HUwrqmhB3CUYe8ZqPV5tFmcton0Q3Y6WeuiRcJIi3dvWfyupcqbRJyza7WFIIUu0Yvga4V_1Rm4TAoKNn7sZ6XM4oL5UDO05gdOCqipgkBNmOqtZ11jaMJ9NFrjj9C4apErUBbunhM-nSQJ1rkimqUboyTbRmsY8a6GjlbOPwTILVh4lSwwkbSJ0lBRoZEzgYzWN3v9f50fr-evQV95-p5hbdALoBGe71rBt6Xj8TZpHSYIHkCd92zOSG_pN_FTb5klxWp7cY17y2lgBg423PKaqs0P8Nqgb13MHXMyIe0QF0tU4Dh9T3YYv-j8MSifLO46acY4XDwhqyMwX5s63LlLaYagtU8Sxnj3ah3vWbvJJBH1GpDx1Faz6_I13YA*
What ever that is?
The next thing I noticed was Google Chrome could not open anything.
I'm currently running ZoneAlarm Internet Security Suite. I've been in contact with them and they had me try the following which have not helped...
-Run both ZoneAlarm Ultra Deep Scan and Rootkit scans while booted into Windows safe mode
-Run Windows Malicious Software Removal Tool while booted into Windows safe mode
-Run MalWareBytes full scan while booted into Windows safe mode
-Do a Windows System Restore to several placed as far back as March 5th while booted into Windows safe mode
-Clean out prefetch and %temp% directories
ZoneAlarm tech support pretty much told me they were out of ideas.
Here is a list of items ZoneAlarm has found and quarantined the last two days, however thier website had no info for these items...
-Exploit.JS.Pdfka.bta
-Exploit.JS.Pdfka.bul
-HEUR:Trojan.Win32.Generic
My latest ZoneAlarm scans do not find anything.
Here is the latest scan from MalWareBytes...
Malwarebytes' Anti-Malware 1.44
Database version: 3879
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
3/18/2010 7:48:59 AM
mbam-log-2010-03-18 (07-48-59).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Objects scanned: 295828
Time elapsed: 22 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is the contents of my DDS.txt file...
DDS (Ver_10-03-17.01) - NTFSx86
Run by Darren at 10:05:32.64 on Thu 03/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2105 [GMT -4:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\lotus\smartctr\smartctr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Darren\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Darren\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\darren\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EPSON Stylus Photo R260 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibna.exe /fu "c:\windows\temp\E_SF1.tmp" /EF "HKCU"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DelReg] d:\msi\overclockingcenter\DelReg.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Version Cue CS2] "d:\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "d:\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "d:\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotuss~2.lnk - d:\lotus\smartctr\smartctr.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246847664375
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-3-18 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-18 317072]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-3-18 486280]
R2 PD91Agent;PD91Agent;d:\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-5 1691480]
S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\drivers\dyusb.sys --> c:\windows\system32\drivers\DYUSB.sys [?]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 PCAlertDriver;PCAlertDriver;c:\progra~1\msi\msiwdev\NTGLM7X.sys [2006-6-7 27648]
S3 PD91Engine;PD91Engine;d:\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [2008-4-14 17920]
=============== Created Last 30 ================
2010-03-18 14:02:41 0 ----a-w- c:\documents and settings\darren\defogger_reenable
2010-03-18 08:54:26 72584 ----a-w- c:\windows\zllsputility.exe
2010-03-18 08:54:25 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-03-18 08:53:37 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-18 08:53:36 0 d-----w- c:\windows\system32\ZoneLabs
2010-03-18 08:53:34 423031 ----a-w- c:\windows\system32\vsconfig.xml
2010-03-18 08:51:44 0 d-----w- c:\windows\Internet Logs
2010-03-18 08:49:24 0 d-----w- c:\docume~1\alluse~1\applic~1\ZA_PreservedFiles
2010-03-17 20:22:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 20:22:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 18:12:55 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-17 16:15:15 0 d--h--w- c:\documents and settings\darren\Recent(2)
2010-03-17 16:08:17 0 d-----w- c:\docume~1\darren\applic~1\Malwarebytes
2010-03-17 15:22:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 02:28:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-13 04:43:47 0 d-----w- c:\program files\NVIDIA Corporation
2010-03-13 01:22:55 10 ----a-w- c:\windows\WININIT.INI
2010-02-17 08:35:23 0 ----a-w- c:\windows\ativpsrm.bin
==================== Find3M ====================
2010-03-18 12:10:24 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-28 02:56:20 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-28 02:56:20 22328 ----a-w- c:\docume~1\darren\applic~1\PnkBstrK.sys
2010-01-28 02:54:56 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-28 02:54:51 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-28 02:54:51 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-21 13:23:08 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-01-21 13:23:08 177152 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-08 03:17:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-08 03:17:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
============= FINISH: 10:06:58.82 ===============
I'm afraid IE redirects and broken Google Chrome may be just the tip of the iceberg. Any help would be greatly appreciated.