This is the code that came up in red on rkd check
*sv:symidsco<symidsco>path:c:\progra~1syman/~/\symdata\ids-di~1\20040&13..178\symidscosys
hijackthis
Logfile of HijackThis v1.99.0
scan saved at 21:31:30, on 20/12/2004
platform: windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 Sp2 (6.00.2900.2180)
Running processes:
C:\WINDOWs\system32\smss.exe
C:\WINDOWs\system32\winlogon.exe C:\WINDOWs\system32\services.exe C:\WINDOWs\system32\lsass.exe
C:\WINDOWs\system32\svchost.exe C:\WINDOWs\system32\svchost.exe C:\WINDOWs\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE
C:\Program Files\BT voyager 105 ADSL Modem\dslstat.exe
c:\program Files\BT voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe
c:\program Files\zone :Labs\zoneAlarm\zlclient.exe
c:\program Files\iolo\system Mechanic 5\StartupGuard.exe C:\PROGRA-1\COMMON-1\AOL\ACS\AOLacsd.exe
C:\WINDOWs\system32\ZoneLabs\i safe. exe C:\WINDOWs\system32\ZoneLabs\vsmon.exe C:\WINDOWs\system32\wscntfy.exe C:\WINDOWs\system32\ntvdm.exe D:\HijackThis.exe
RO - HKCU\software\Microsoft\Internet Explorer\Main,start page = http://my.freeze.com/
RO - HKCU\software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings,proxyoverride = 127.0.0.1
02 - BHO: AcroIEHlprobj class - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3} - c:\Program Files\Adobe\ACrobat 6.0\Reader\Activex\AcroIEHelper.dll
02 - BHO: ST- {9394EDE7-C8BS-483E-8773-474BF36AF6E4} - c:\Program Files\ AppS\ST\01.02.3000.1002\en-xu\stmain.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
02 - BHO: MSNToolBandBHO - tBDBD1DAD-C946-4A17-ADCl-64B5B4FF55DO} - c:\pr Files\MSN AppS\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
03 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADCl-64BSB4FF5SDO} - c:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O~ - Toolbar: &Google - {2318C2Bl-49&S-11d4-9B18-009027ASCD4F}. - c:-\p-rog flles\google\googletoolbar1.dlT
04 - HKLM\..\Run: [DSLSTATEXE] c:\program Files\BT voyager 105 ADSL Modem\dslstat.exe icon
04 - HKLM\..\Run: [DSLAGENTEXE] c:\program Files\BT voyager 105 ADSL Modem\dslagent.exe
04 - HKLM\..\Run: [%FP%Friendly fts.exe] "c:\Program Files\voyagerTest\ 04 - HKLM\..\Run: [zone Labs client] "c:\Program Files\Zone
Labs\zoneA 1 arm\zl cl i ent. exe"
04 - HKCU\..\Run: [system Mechanic Startup Guard] "c:\Program Files\iol Mechani c S\startupGuard. exe"
08 - Extra context menu item: &Google search - res://c:\program Files\Google\GoogleToolbar1.dll/cmsearch.html 08 - Extra context menu item: &search - http://bar.mywebsear...?p=zNXuk02944us
08 - Extra context menu item: Backward Links - res://c:\program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O~ - Extra context menu item: cached snapshot of page - res://c:\progr Flles\Google\GoogleToolbar1.dll/cmcache.html
08 - Extra context menu item: Similar Pages - res://c:\program Files\Google\GoogleToolbar1.dll/cmsimilar.html
o~ - Extra context menu item: Translate into English - res://c:\progr Flles\Google\GoogleToolbar1.dll/cmtrans.html
09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00COF0318AFE} C:\WINDOWs\system32\shdocvw.dll
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F79S683 c:\program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menultem: windows Messenger - page 1
hijackthis
{FBSF1910-Fll0-11d2-BB9E-OOCO4F79S683} - c:\Program Files\Messenger\msmsgs
016 - DPF: {OOB71CFB-6864-4346-A978-COA14SS6272C} (checkers class) -
http://messenger.zon...kr.cab30149.cab
016 - DPF: {11260943-421B-llDO-8EAC-OOOOCO7D88CF} (ipI.x ActiveX control) ~
http://www.ipix.com/viewers/ipixx.cab
016 - DPF: {14B87622-7E19-4EA8-93B3-9721SF77A6BC} (Messengerstatsclient cl http://messenger.zon...nt.cab30149.cab 016 - DPF: {lD4DB7D2-6EC9-47A3-BD87-1E41684EO7BB} -
http://imgfarm.com/i...entralInitialse
.O.8.cab
016 - DPF: {238F6F83-B8B4-llCF-8771-00AO24S41EE3} (citrix ICA client) -
http://www.uclan.ac....mote/wficat.cab
016 - DPF: {288CSF13-7ES2-4ADA-A32E-FSBF9D12SF98} (cR64Loader object) - http://www.miniclip....pGameLoader.dll
016 - DPF: {2917297F-FO2B-4B9D-81DF-494B63331S0B} (Minesweeper Flags Class http://messenger.zon...weeper.cab30149. cab
016 - DPF: {4A3CF76B-EC7A-40SD-A67D-8DC6B52AB3SB} (QDiagAoLccupdateObj cla http://aolcc.aolsvc....kup/qdiagcc.cab
016 - DPF: {8EOD4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerstatsClient Cl http://messenger.zon...ngerstatsClient. cab30149. cab 016 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031317S592} (zoneIntro class) - http://messenger.zon...ro.cab30149.cab
016 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (Heartbeatctl class) - http://fdl.msn.com/z...s/heartbeat.cab
016 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHupdateobj class) http://h30043.www3.h.../qdiagh.cab?323
016 - DPF: {F6BFODOO-OB2A-4A75-BF7B-F38S591623AF} (solitaire showdown clas http://messenger.zon...wn.cab30149.cab 016 - DPF: {FFFFOOO3-0001-10lA-A3C9-08002B23EOCC} - http://direct.data-line.us/gbn283.exe
023 - service: AOL connectivity service - America online, 1n.c.. ~
C:\PROGRA-1\COMMON-1\AOL\Acs\AOLacsd.exe
023 - Service: AOL spyware Protection service - unknown -
C:\PROGRA-1\COMMON-1\AOL\AOLSPY-1\\aolserv.exe
023 - service: CA Isafe - computer Associates International, Inc. ~ C:\WINDOWS\system32\ZoneLabs\isafe.exe
023 - service: Truevector Internet Monitor - zone Labs Inc. - C:\WINDOWS\system32\zoneLabs\vsmon.exe