After starting up my comp I grt an error mesage saying RUNDLL
ERROR LOADING c:\ WINDOWS\SYSTEM32\MSA64CHK.dll
The specified module could not be found
Any help please?

Go to Start > Run > Msconfig, and choose the 'Startup' tab.

Locate the startup item called something like ContentDownload, FreeMP3download, CoolMP3, DownloadLegalMusic or similar, uncheck it, click OK, close Msconfig, and restart your computer.

That should do the trick.

Cheers,

_________________
Tony CLSID List

Tony, thanks for your reply. I did all the things you said in your post to me . All I have is
Ares (file sharing program)and when I uncheck it and reboot it is still there ,,the error message
I wish I could copy and paste it for you but it wont let me
I have run adaware till I am sick made a restore point..zilch.
This only hapened when my cousin put in Norton system works and Go back ..I took it out after he had gone . I prefer my own mcafee virus scan and firewall.Can you please help again
Thanks. Is it a part of my start uo or is it a trojan was reading about it in Google seemingly Rundll is somethig different than what I have
Cheers and please help
Chirp

Would you please do the following?

Go to our download page, and download Hijack This.

Unzip to a folder other than your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.

_________________
Tony CLSID List

Tony, Here is the log....
938c2cc0dc Margaret
Home
1502-4240-1125-0482-1088-9784

Windows XP 5.1
IA32
WinAspi: -
ahead WinASPI: File 'C:\Program Files\Ahead\Nero\Wnaspi32.dll': Ver=2.0.1.50, size=131072 bytes, created 25/06/2002 15:34:54
Nero Version: 5.5.10.9 (Nero Express)
Recorder: <LITE-ON LTR-52246S> Version: 6S0D - HA 2 TA 1 - 5.5.10.9
Adapter driver: <atapi> HA 2
Drive buffer : 2048kB
Bus Type : default (0) -> ATAPI, detected: ATAPI
CD-ROM: <ELBY DVD-ROM> Version: 1.0 - HA 0 TA 0 - 5.5.10.9
Adapter driver: <ElbyVCD> HA 0
Bus Type : default (0) -> SCSI, detected: ?

=== Scsi-Device-Map ===
CdRomPeripheral : ELBY DVD-ROM 1.0 ElbyVCD Port 0 ID 0 DMA: ?
DiskPeripheral : Maxtor 6Y080L0 atapi Port 1 ID 0 DMA: On
CdRomPeripheral : JLMS XJ-HD166S atapi Port 2 ID 0 DMA: On
CdRomPeripheral : LITE-ON LTR-52246S atapi Port 2 ID 1 DMA: On
=======================

AutoRun : 1
Excluded drive IDs:
CmdQueuing : 1
CmdNotification: 2
WriteBufferSize: 74448896 (0) Byte
ShowDrvBufStat : 0
EraseSpeed : 0
BUFE : 0
Physical memory : 511MB (523760kB)
Free physical memory: 190MB (194708kB)
Memory in use : 62 %
Uncached PFiles: 0x0
Use Static Write Speed Table: 0
Use Inquiry : 1
Global Bus Type: default (0)
Check supported media : Enabled (1)
Wizard: On

28.3.2004
CD-ROM (ISO)
00:31:02 #1 Text 0 File Isodoc.cpp, Line 7482
Iso document burn settings
------------------------------------------
Determine maximum speed : FALSE
Simulate : TRUE
Write : TRUE
Finalize CD : FALSE
Multisession : TRUE
Multisession type: : Start multisession
Burning mode : TAO
Mode : 1
ISO Level : 1 (Max. of 11 = 8 + 3 char)
Character set : ISO 9660
Joliet : TRUE
Allow pathdepth more than 8 directories : FALSE
Allow more than 255 characters in path : FALSE
Write ISO9660 ;1 file extensions : TRUE

00:31:02 #2 Phase 90 File dlgbrnst.cpp, Line 1653
Buffer Underrun Protection activated

00:31:02 #3 Text 0 File Reader.cpp, Line 115
Reader running

00:31:02 #4 Text 0 File Writer.cpp, Line 123
Writer LITE-ON LTR-52246S running

00:31:02 #5 ISO9660GEN -11 File geniso.cpp, Line 4546
First writeable address = 0 (0x00000000)

00:31:02 #6 Text 0 File Burncd.cpp, Line 3816
Turn on Track-At-Once, using CD-R/RW media

00:31:02 #7 Text 0 File ThreadedTransferInterface.cpp, Line 670
Setup items (original item values)
0: TRM_DATA_MODE1 (CTransferItem)
2 indices, index0 (150) not provided
original CD pos #0 + 3046 (3046) = #3046/0:40.46
relocatable, CD pos for caching/writing not required/required, no patch infos
--------------------------------------------------------------

00:31:03 #8 Text 0 File DlgWaitCD.cpp, Line 203
Last possible write address on media: 359845 (79:59.70)
Last address to be written: 17309 ( 3:52.59)

00:31:03 #9 Text 0 File DlgWaitCD.cpp, Line 208
Write in overburning mode: FALSE

00:31:03 #10 Text 0 File DlgWaitCD.cpp, Line 1452
Recorder: LITE-ON LTR-52246S;
CD type reading failed
ATIP Data: ?

00:31:05 #11 Text 0 File ThreadedTransferInterface.cpp, Line 822
Prepare recorder LITE-ON LTR-52246S for write in TAO
DAO infos:
==========
MCN:
TOCTYPE: 0x0 Session Closed, CD not fixated
Tracks 2 to 2:
TRM_DATA_MODE1, 2048/0x0, ISRC "", FilePos 0 307200 6545408

00:31:05 #12 Text 0 File ThreadedTransferInterface.cpp, Line 850
Removed 2 run-out blocks from end of track 2.

00:31:05 #13 Text 0 File ThreadedTransferInterface.cpp, Line 670
Setup items (after recorder preparation)
0: TRM_DATA_MODE1 (CTransferItem)
2 indices, index0 (150) not provided
original CD pos #0 + 3046 (3046) = #3046/0:40.46
relocatable, CD pos for caching/writing not required/required, no patch infos
-> TRM_DATA_MODE1, 2048, config 0, wanted index0 0 blocks, length 3044 blocks [LITE-ON LTR-52246S ]
--------------------------------------------------------------

00:31:05 #14 Phase 32 File dlgbrnst.cpp, Line 1653
Simulation started at 52x (7,800 KB/s)

00:31:05 #15 Text 0 File ThreadedTransferInterface.cpp, Line 1963
Verifying CD position of item 0 (relocatable, CD pos, no patch infos, orig at #0): write at #14264

00:31:05 #16 Text 0 File Mmc.cpp, Line 17361
Set BUFE: supported -> ON , SMART-BURN : ON

00:31:07 #17 Text 0 File ThreadedTransfer.cpp, Line 219
all writers idle, stopping conversion

00:31:18 #18 Phase 33 File dlgbrnst.cpp, Line 1653
Simulation completed successfully at 52x (7,800 KB/s)

00:31:18 #19 Phase 36 File dlgbrnst.cpp, Line 1653
Burn process started at 52x (7,800 KB/s)

00:31:18 #20 Text 0 File ThreadedTransferInterface.cpp, Line 1963
Verifying CD position of item 0 (relocatable, CD pos, no patch infos, orig at #0): write at #14264

00:31:18 #21 Text 0 File Mmc.cpp, Line 17361
Set BUFE: supported -> ON , SMART-BURN : ON

00:31:26 #22 Text 0 File ThreadedTransfer.cpp, Line 219
all writers idle, stopping conversion

00:31:27 #23 Text 0 File Mmc.cpp, Line 12402
<LITE-ON LTR-52246S > start Close Session

00:31:32 #24 Phase 37 File dlgbrnst.cpp, Line 1653
Burn process completed successfully at 52x (7,800 KB/s)

00:31:32 #25 Text 0 File Scsicmd.cpp, Line 406
SCSI not using temporary buffers
20 out of 20 temporary buffers allocated


Existing drivers:
File 'Drivers\atapi.sys': Ver=5.1.2600.1106 (xpsp1.020828-1920), size=86912 bytes, created 29/08/2002 12:00:00 (Adapter driver for rec)
File 'Drivers\ElbyVCD.sys': Ver=5, 0, 0, 1, size=22528 bytes, created 12/02/2004 16:52:40 (Adapter driver for src)

Registry Keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\AllocateCDROMs : 0 (Security Option)

[/quote][/code]

tony Imsn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

did it again is this right> sorry about this

What I'd like to see is a ENTIRE Hijack This log, not just the bottom part, as you showed us in your last reply.

Rightclick somewhere in that logfile, and select "Select All" from the context menu.

Now copy that, and show us the entire log.

_________________
Tony CLSID List

hi Tony hopr this is right

PatchSize_1112="000059322" PatchSize_1321.1="000058964" />
<File Name="CanvasUI.dll" Hash="248192220143046113053069195111000198220138046016245218077065" Size="000143717" PatchSize_1112="000035385" PatchSize_1321.1="000035737" />
<File Name="CnvsShrd.dll" Hash="145193244229230248164233196125165099144031222251027222174104" Size="000072995" PatchSize_1112="000010901" PatchSize_1321.1="000011202" />
<File Name="DAVAdptr.dll" Hash="250044236052232040248181141000065033045005245133251026042030" Size="000091395" PatchSize_1112="000037919" PatchSize_1321.1="000039966" />
<File Name="DGeneral.dll" Hash="169206230121083236195111177124245243251075061021229062059135" Size="000182223" PatchSize_1112="000038322" PatchSize_1321.1="000038298" />
<File Name="sealdef.dll" Hash="053020010068008210215102101221195179175255211215017067046129" Size="000035330" PatchSize_1112="000001263" PatchSize_1321.1="000001223" />
<File Name="mso.acl" Hash="150222244067028055176077001091055148233240002175158160179030" Size="000007604" />
<File Name="gdiplus.dll" Hash="057079122147042090233070183076186177073248061200127082250071" Size="000795864" PatchSize_1112="000137934" PatchSize_1321.1="000137707" />
<File Name="sqlse20.dll" Hash="076040099232238146065090108004163065061223019108219139149088" Size="000058032" PatchSize_1112="000016094" PatchSize_1321.1="000016625" />
<File Name="sqldb20.dll" Hash="045156003216034231238094200128041052209240193059225238080229" Size="000061572" PatchSize_1112="000016940" PatchSize_1321.1="000017102" />
<File Name="seal.dll" Hash="136137178191077073108147035082049103204255005080190047221063" Size="000310581" PatchSize_1112="000119779" PatchSize_1321.1="000119301" />
<File Name="micore.dll" Hash="140174101251133035001146255244187089170219046021163146140246" Size="000075593" PatchSize_1112="000022689" PatchSize_1321.1="000023563" />
<File Name="miprint.dll" Hash="236212140078061028107151180025100224064073207049137062074118" Size="000038018" PatchSize_1112="000001403" PatchSize_1321.1="000001279" />
<File Name="sealcfg.xml" Hash="172213164085191044098172245099118039019235243132028106227159" Size="000001524" PatchSize_1112="000000092" PatchSize_1321.1="000000092" />
<File Name="ucspell.dll" Hash="081228241143070217099031119249186174236066124081200201053131" Size="000035558" PatchSize_1112="000002923" PatchSize_1321.1="000002855" />
<File Name="hmssm9.dll" Hash="156056248232095060197241142135014040078244016219168114177107" Size="000263475" PatchSize_1112="000030884" PatchSize_1321.1="000030682" />
<File Name="msn8to9.dll" Hash="178045131187190146090107145252118096176174160054194009082043" Size="000040022" PatchSize_1112="000000864" PatchSize_1321.1="000000837" />
<File Name="calendar.mar" Hash="049120204086124072112049115253235087026078031132171183022227" Size="000150985" PatchSize_1112="000001395" PatchSize_1321.1="000001317" />
<File Name="mibas.mar" Hash="158029170240087247036181123074029198193055011109161160141132" Size="000134472" />
<File Name="miadv.mar" Hash="192223067114211077076170086031035092093108212172047191087016" Size="001830172" PatchSize_1112="000001159" PatchSize_1321.1="000001129" />
<File Name="printing.mar" Hash="070110153226171145021162105231066120012000216109094045190080" Size="000010473" />
<File Name="qos.mar" Hash="180133121203168206095024193043197178058144018120163064052116" Size="000040214" PatchSize_1112="000002154" PatchSize_1321.1="000001984" />
<File Name="mail.mar" Hash="107132043018115131221224251098227231156116207022218246248233" Size="000123653" PatchSize_1112="000010164" PatchSize_1321.1="000000591" />
<File Name="mailapi.dll" Hash="133157116169043090218004039198040248235198082053055176065119" Size="000241334" PatchSize_1112="000074385" PatchSize_1321.1="000076141" />
<File Name="mailares.dll" Hash="087056164075089142198030223034152094128221020038054082244222" Size="000013007" PatchSize_1112="000000786" PatchSize_1321.1="000000238" />
<File Name="mailmapi.dll" Hash="096198005213141073025142101102246035078111117240170182038006" Size="000007777" PatchSize_1112="000000265" PatchSize_1321.1="000000263" />
<File Name="mailres.dll" Hash="230010243090187247049059136184015020077032061219069157028141" Size="000326454" PatchSize_1112="000006290" PatchSize_1321.1="000000744" />
<File Name="mailui.dll" Hash="130009120237189040189074150175230050041005226153090142025093" Size="000571955" PatchSize_1112="000218065" PatchSize_1321.1="000222152" />
<File Name="mailutil.dll" Hash="091084173063046250110037127087025171217247098133129234255174" Size="000058903" PatchSize_1112="000008514" PatchSize_1321.1="000007628" />
<File Name="mailf.dll" Hash="231170007128124207245138150103000002004246210211006173039125" Size="000201528" PatchSize_1112="000106295" PatchSize_1321.1="000106333" />
</Group>
- <Group Name="EnhancedCanvas" Url="..%2F..">
<File Name="micd.mar" Hash="254205235186060042169198117236212010164066136101034054139158" Size="021684865" />
<File Name="Setup\encanvas.inf" Hash="193216165190105255254081009254054066123171040198037047060189" Size="000000701" />
</Group>
- <Group Name="Market" Url="..">
<File Name="market.mar" Hash="049172218160212107013218041112073211066071209172029232174164" Size="000598703" PatchSize_1112="000233833" PatchSize_1321.1="000008348" />
<File Name="market.ini" Hash="092098237036104185189035005132200152055108123013135197152177" Size="000000179" />
<File Name="Setup\msn.cif" Hash="041216165075206061114042036202000118164232149115225095240163" Size="000000632" PatchSize_1112="000000234" PatchSize_1321.1="000000104" />
<File Name="pac.mar" Hash="169247214128081210194026089108084145206219219243105199165076" Size="000002192" />
<File Name="signin.chm" Hash="210214156179137114125038017117173205004126228027021193202145" Size="000093421" PatchSize_1112="000091458" PatchSize_1321.1="000091645" />
</Group>
- <Group Name="Brand" Url=".">
<File Name="Setup\msn.inf" Hash="046125050075210101130064145127020151010221152190207095235119" Size="000005014" PatchSize_1112="000000151" PatchSize_1321.1="000000151" />
</Group>
</Files>
</Package>

No, it isn't right; that's not a Hijack This log. In fact I don't even know WHAT it is...

Please go back to my FIRST answer to you, and download and run Hijack This exactly like I explained.

_________________
Tony CLSID List

Logfile of HijackThis v1.99.0
Scan saved at 23:58:39, on 29/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\DOCUME~1\Margaret\LOCALS~1\Temp\HijackThis.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Standard Eval\fplaunch.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRA~1\PANICW~1\POP-UP~3\Popupscn.exe"
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Bug Eliminator] C:\Program Files\Bug Eliminator\Bug_Elim.exe /tray
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [Yahtzee.exe] C:\DOWNLO~1\YAHTZE~1.EXE /r
O4 - HKCU\..\Run: [ares] "D:\Ares Set up\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DownloadMP3] rundll32.exe C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:DownloadMP3:t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\DownloadMP3 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

Well, there's the item I was talking about, and which causes the error message:

There are however a few other issues as well.

Run Hijack This, check the following items, then presss Fix Checked:

R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)

O2 - BHO: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Yahtzee.exe] C:\DOWNLO~1\YAHTZE~1.EXE /r
O4 - HKCU\..\Run: [DownloadMP3] rundll32.exe C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:DownloadMP3:t

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185


Next, go to Add/Remove Programs, and, if listed, uninstall Viewpoint (Manager) and NavExcel.

Subsequently restart your computer, delete the C:\Program Files\NavExcel Search Toolbar folder if still there, and post a fresh log.

_________________
Tony CLSID List

Tony, did what you said.
The error message has gone
I could not fond in program files the navi exel toolbar and even put a search on it.
Here is my log
Logfile of HijackThis v1.99.0
Scan saved at 22:02:50, on 30/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Webshots\webshots.scr
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Margaret\My Documents\HijackThis.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Standard Eval\fplaunch.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRA~1\PANICW~1\POP-UP~3\Popupscn.exe"
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Bug Eliminator] C:\Program Files\Bug Eliminator\Bug_Elim.exe /tray
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [ares] "D:\Ares Set up\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\DownloadMP3 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

Well, your log looks OK now.

Have the following item fixed, and you'll be good to go:

O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\DownloadMP3 (file missing)

_________________
Tony CLSID List

Many thanks Tony
I wish you a Happy New year from Scotland. Can I stay here and visit other topics.? My hotmail account was hijacked awile ago but is now sorted with MSN so I would likw advice on anti spyware.
Here is my log now
Logfile of HijackThis v1.99.0
Scan saved at 00:37:28, on 31/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\Webshots\webshots.scr
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Margaret\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Standard Eval\fplaunch.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRA~1\PANICW~1\POP-UP~3\Popupscn.exe"
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Bug Eliminator] C:\Program Files\Bug Eliminator\Bug_Elim.exe /tray
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [ares] "D:\Ares Set up\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)