Les escribo porque me entraron varios virus que , en definitiva, me instalaron el famoso spysheriff, me cambiaron el fondo del escritorio, y (no se si es x eso) tengo cbloqueado el ctrl+alt+del.
Tambien llegue a la conclusión que tengo (o tuve ) el Troj/Dloader-FC, ya q tenia agregado el kernels.exe. (de otra pagina segui la indicacionde borrar del regedit la entrada: "disable taskmgr"

El spysheriff lo saque con el Ad-aware Se personal, el fondo lo saque a mano leyendo una respuesta de este foro (aunque tengo bloqueado en prop de pantalla , la pestaña escritorio)

Ahora me preocupan algunos archivos q estan en el msconfig , sobe todo
-el winstall q esta 2 veces, es peligroso? lo puedo borrar?
-como se si desinfecte la pc totalmente del troyano y/o spy?
-puede ser q un virus bloquee el comando ctrl+alt+del?

Este es mi log de hijackthis:

Logfile of HijackThis v1.99.0
Scan saved at 10:39:59, on 05/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Microsoft IntelliPoint\point32.exe
C:\Archivos de programa\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\PLANET\WL-8303\RtlWake.exe
C:\Archivos de programa\Avast4\aswUpdSv.exe
C:\Archivos de programa\Avast4\ashServ.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\E_S00RP1.EXE
C:\ARCHIV~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Archivos de programa\Avast4\ashMaiSv.exe
C:\Archivos de programa\Avast4\ashWebSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.ar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P62 "EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH1)" /O5 "TS001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P62 "EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH2)" /O5 "TS002" /M "Stylus CX3500"
O4 - HKLM\..\Run: [jaxidef] C:\WINDOWS\jaxidef.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Archivos de programa\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Archivos de programa\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Archivos de programa\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PLANET WL-8303.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sina.com.cn
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035e36f235a4a4d7fc15/netzip/RdxIE601_es.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106925629921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C774E-B3D6-4FB5-94B2-401B08225C9A}: NameServer = 192.168.50.1
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Archivos de programa\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Archivos de programa\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EPSON V3 Service2(03) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Registro de sucesos - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\ARCHIV~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Administración de IIS - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Lexar JD31 - Unknown - LxrJD31s.exe (file missing)
O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Publicación en FTP - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Protocolo simple de transferencia de correo (SMTP) - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Epson Printer Status Agent4 - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Publicación en World Wide Web - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Adaptador de rendimiento de WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe


.....todo esto al entrar a una web de cracks y serials...
desde ya. Muchas gracias y muy bueno el foro

Hola!!!

Estas usando una versión vieja de HijackThis.

Descarga HijackThis 1.99.1 y nos dejas tu nuevo log.

Saludos

Este es el log con la version nueva:
por favor que mi pc esta cada vez mas lenta!!


Logfile of HijackThis v1.99.1
Scan saved at 21:06:01, on 05/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Microsoft IntelliPoint\point32.exe
C:\Archivos de programa\Avast4\aswUpdSv.exe
C:\Archivos de programa\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Avast4\ashServ.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\E_S00RP1.EXE
C:\ARCHIV~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Archivos de programa\PLANET\WL-8303\RtlWake.exe
C:\Archivos de programa\Avast4\ashMaiSv.exe
C:\Archivos de programa\Avast4\ashWebSv.exe
C:\Documents and Settings\Business center\Mis documentos\ARIEL\BCX\HijackThis.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rsvp.exe
C:\Documents and Settings\Business center\Mis documentos\ARIEL\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P62 "EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH1)" /O5 "TS001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P62 "EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH2)" /O5 "TS002" /M "Stylus CX3500"
O4 - HKLM\..\Run: [jaxidef] C:\WINDOWS\jaxidef.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Archivos de programa\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Archivos de programa\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Archivos de programa\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PLANET WL-8303.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035e36f235a4a4d7fc15/netzip/RdxIE601_es.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106925629921
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C774E-B3D6-4FB5-94B2-401B08225C9A}: NameServer = 192.168.50.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\ARCHIV~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Sigue estos pasos:

1) Apaga Restaurar Sistema

2) Ver archivos ocultos

3) Pasa al menos 2 de estos Antivirus Online

4) Reinicia a prueba de fallos

5) Ejecuta HijackThis con todos los programas cerrados y dale fix a:

O4 - HKLM\..\Run: [jaxidef] C:\WINDOWS\jaxidef.exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Archivos de programa\Internet Explorer\iexplore.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

6) Busca y elimina estos archivos:

C:\WINDOWS\jaxidef.exe
C:\winstall.exe

Para archivos que no se dejen eliminar usa KillBox

7) Limpia el registro con RegSeeker y pasa Ad-Aware actualizado.

8) Elimina cookies y temporales de internet con Disk Cleaner y vacia la papelera.

9) Reinicia normal y nos cuentas los resultados.

Saludos

Ante todo, gracias por responder. Pero luego de seguir sus recomendaciones noto la Pc mas lenta aun. Al archivo winstall ya lo habia eliminado yo a mano.
Lo que sigo sufriendo es : la falta del administrador de tareas y tener bloqueado el fondo de escritorio.

Avisenme si necesitan otro log de hijaker.

Si, dejanos tu nuevo log.

sigo igual, y este es mi nuevo log:

Logfile of HijackThis v1.99.1
Scan saved at 18:37:55, on 12/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avast4\aswUpdSv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Microsoft IntelliPoint\point32.exe
C:\Archivos de programa\Avast4\ashServ.exe
C:\Archivos de programa\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Archivos de programa\PLANET\WL-8303\RtlWake.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\E_S00RP1.EXE
C:\ARCHIV~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Archivos de programa\Avast4\ashWebSv.exe
C:\Archivos de programa\Avast4\ashMaiSv.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Documents and Settings\Business center\Mis documentos\ARIEL\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P62 "EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH1)" /O5 "TS001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BL.EXE /P62 "EPSON Stylus CX3500 Series en Administrador (desde WEBSTITCH2)" /O5 "TS002" /M "Stylus CX3500"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Archivos de programa\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Archivos de programa\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PLANET WL-8303.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035e36f235a4a4d7fc15/netzip/RdxIE601_es.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106925629921
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://amd64remote.no-ip.org/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C774E-B3D6-4FB5-94B2-401B08225C9A}: NameServer = 192.168.50.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\ARCHIV~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Hola!!!

Tu log ya lo veo limpio, asi que descarga MWAV.exe y nos dejas un log de esta herramienta, a ver si encuentra algo. Este log es muy largo, por lo que te pido que sólo copies las entradas reconocidas como infectadas.

Saludos

Este es el log c las entradas infectadas:

Me encontro 3 virus.uno es un troyano c esta ruta: c:\windows32:bcca.dll, llamado troyan horse downloader small.46.t





Sat Jun 18 13:33:49 2005 => File C:\ARCHIV~1\RealVNC\VNC4\WinVNC4.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No

Action Taken.


Sat Jun 18 13:33:49 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Jun 18 13:33:50 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Sat Jun 18 13:33:50 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.
Sat Jun 18 13:34:03 2005 => Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.


Sat Jun 18 13:34:03 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mo duleUsage" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\Play365.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\Play365.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:

\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:05 2005 => Entry "HKCR\CLSID\{00112992-7879-4C49-A6B2-94D2AFE1B3A9}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:05 2005 => Entry "HKCR\CLSID\{009201B5-B76D-4636-860A-B771EBFD1E1C}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:05 2005 => Entry "HKCR\CLSID\{014A5F45-9945-480F-9C23-E193175E6FAA}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:05 2005 => Entry "HKCR\CLSID\{019B7163-7F7C-4D91-8A59-E0990B7EFEF9}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:06 2005 => Entry "HKCR\CLSID\{0B322C8D-3B27-4116-AA2B-BE88E8A191EC}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:06 2005 => Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax".

Action Taken: No Action Taken.

Sat Jun 18 13:34:07 2005 => Entry "HKCR\CLSID\{0E7EDFEE-C566-4AF8-8962-90ECFA6E916B}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:07 2005 => Entry "HKCR\CLSID\{0FCEAD9B-1DF3-4C30-98F6-ECB7C8EC8008}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:07 2005 => Entry "HKCR\CLSID\{17B7E6C9-76BA-454C-A341-8D126D0C1FC3}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:07 2005 => Entry "HKCR\CLSID\{19444049-3317-4DED-A59E-A3B292598D32}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:07 2005 => Entry "HKCR\CLSID\{1CC610F3-AF05-4777-A6EF-4CCDDD80ECC2}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{218CC5FF-D2F0-48E3-B95A-9F4FEA5ED7B3}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{23EF491D-744F-444E-9C1C-75618986C7AE}" refers to invalid object "C:

\WINDOWS\System32\kpji.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{280281B0-E3BC-46FE-966C-25A9BA62743C}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{283FA65A-7337-415E-9693-DA85DD9DBDF9}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{286B88CA-0277-46BC-BD6C-C272FD013013}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{29C52C80-CE9A-41F6-BDB2-9D09C778425A}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{2A08E659-AEF0-438A-9181-30BF844B4255}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{2A153098-F514-447A-A702-1C3A21BAD3B8}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{2A50CABE-7B71-43B3-810E-0853069C460E}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{2B3500F9-DFC6-4E7F-8B24-6B722F54BD80}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:08 2005 => Entry "HKCR\CLSID\{2CA6F8E1-224D-4A17-9740-0DDA65923053}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{342F11FE-A63E-40C2-BD90-E47B76D36246}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{386BC574-D230-403A-9D2C-4C9209226325}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3BBD0DA2-2660-4EE6-B6FF-9B5ED74D865D}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3D42B0CB-B0C7-413B-A93A-96CA95898D33}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3D77F763-3183-4144-BE4A-7F199B50454C}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3E8D9B29-0F39-4B6C-B9BB-9288D7AF10A9}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3EA29D37-3008-4699-B71F-7EAF6C4236D9}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3F097B0C-364E-4A20-9D13-7EA13296F460}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3F1F6FC7-3C1E-4619-900A-B70A63ED2FD8}" refers to invalid object "C:

\WINDOWS\System32\kpji.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{3F8FD9A2-7FC1-4581-A2C8-367777F925C6}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{401FD228-AE09-46E4-BD61-96E5B2A2FE54}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{41F1D302-6951-4AA9-96D1-7E9F46ED7334}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{422F3726-DADE-4BB1-9E53-BEBEC7150829}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{43C3FDD0-7D38-4F76-8D99-3A8EB51C6762}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:09 2005 => Entry "HKCR\CLSID\{44BE1747-DC65-4261-904F-17CA43E212B4}" refers to invalid object "D:\launch.

ocx". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{4783E5A3-39A4-4F19-990E-8A0AF4F62EFE}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{4B8878D3-C3C1-4498-AD76-ADD786B4062B}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Archivos

de programa\Yahoo!\Messenger\yhexbmes0521.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{4DACABB0-6F9A-4A2E-BB51-565B3CE90977}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{4F25BD59-04B2-445F-9D25-79C30CC69536}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{4FF9D329-7301-48B0-A959-24457815682F}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{537B9D4D-802F-4670-B202-435C25AC9296}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1

\pc\CONFIG~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{57E7984F-BE95-489A-AAD2-0E4C1A5E447A}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:10 2005 => Entry "HKCR\CLSID\{5C1F5DAD-2A5F-4F2A-BA32-2FE045AAD57D}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:11 2005 => Entry "HKCR\CLSID\{60D76735-12E4-406E-ACB6-E54166D9AD7B}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:11 2005 => Entry "HKCR\CLSID\{6150EE09-912D-477E-8B62-36DBD73BCB15}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:11 2005 => Entry "HKCR\CLSID\{676887F7-F038-4676-8701-CECE7A8386E2}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:11 2005 => Entry "HKCR\CLSID\{6F810934-BEB7-47E4-A11C-E8CB60A3F641}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:11 2005 => Entry "HKCR\CLSID\{7186D71C-51E4-4D1E-BB05-DBEC1BB0F629}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:11 2005 => Entry "HKCR\CLSID\{78AF351A-B054-4AB0-82FE-FC05F585CF73}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{8018F856-943D-49F6-A924-119386F9F902}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{81E8D003-03FE-4945-B49B-907ECF4A034F}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{82B49438-85EE-4ED9-85C6-4ED1AF7854EC}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{85B20EC8-3CC8-463D-976D-7E59664157DE}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{8739A3CB-BC4C-41F5-ABD3-4A98600ABB91}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{8D892745-2F7F-4264-B40F-D5E7C807DF3A}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{8ECD9AC3-DF04-4039-AAE9-2B75E028E559}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{8FB44AB1-1161-49C4-901A-2800A2448F00}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{91351951-59F1-4086-8FC9-4B3FB39864AC}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{91CC7980-94E1-4CED-8060-A7A81DC128B3}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{94BAB929-6DB8-42DF-9999-003FD7203A13}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{95562DC4-90F1-4085-956A-B05776963D28}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{977046B0-A87F-11d5-8FEA-FFFFFF000000}" refers to invalid object "C:\Archivos

de programa\Yahoo!\Messenger\messmod.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{988BD089-C736-4E13-B8FE-C4BE64BADF47}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll".

Action Taken: No Action Taken.

Sat Jun 18 13:34:12 2005 => Entry "HKCR\CLSID\{9B03B9D2-57EA-4710-B85E-40A9B3194ADD}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{A2A3B170-C8F2-4F24-A7CC-80AABB21D565}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{A5C854C4-334D-420A-A821-3ABD044400C1}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{A6616B31-4860-41E2-98E3-CA7649AF172F}" refers to invalid object "D:\launch.

ocx". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{AA536A64-64F3-4FF0-9BBA-044D94282FA3}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{AA6784AF-2D83-4125-A0B4-1DA2F5684390}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{AB72153D-7624-4C3F-A166-89B1623A67A2}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{AF205E59-0ABF-45BF-9C6D-5ED628F86EC5}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax".

Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{B1CB282A-403D-40BC-8C11-9223CD515633}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:13 2005 => Entry "HKCR\CLSID\{B7DD2B5E-309B-4391-BBAF-25550EA85418}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{BDF4DB4E-85A8-4039-8710-55EB99441007}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{C1AB3711-0DA2-42F9-B8FC-DC0D750DD1D0}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{C4EEE1F0-65CD-4268-93F8-F2E0D88B2114}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{C8BC2E29-BD9D-4EC1-9160-3F5CD69DD36F}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{C94394D9-6A62-4C18-8110-1AC1E9B33D05}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{CB683FA4-D7CC-4E45-8A8D-50CFE36B9E0F}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{CD63244D-3868-46A4-A6DD-DD03AD79AF70}" refers to invalid object "C:

\WINDOWS\System32\kpji.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{CE788F3B-9919-4EBF-8FE7-7C609AEB61C0}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{D1686EA6-5022-4581-B0C6-E5608B2FBB79}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{D1915C94-20B7-481F-B13E-64A9B19D498A}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{D8C011A1-451E-4CCB-9999-2D335EF61979}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:14 2005 => Entry "HKCR\CLSID\{D9717231-2536-4534-ACD3-ABCE6D3D63F6}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:

\WINDOWS\System32:bcaa.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{DFDEDA39-5F2E-4B53-A383-C755B14C5547}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{E042D1A5-104D-101C-B826-00DD01103DE1}" refers to invalid object "C:\PROGRA~1

\PLATINUM\ERWINE~1.2\erwcapi.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{E0A408BB-79C9-4291-B2AF-A60827F3FF48}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{E546C911-79A9-4A41-B3C4-68FEF5DDA5CC}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{E9F13244-A319-4D04-9825-D7F202D289C9}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{EAB68384-47AD-4F67-8FE2-C5677B078FB2}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{ED884AE6-42A9-466C-A368-DAA17F6CE7B6}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:15 2005 => Entry "HKCR\CLSID\{F01E1EC6-6A84-4212-85DE-BB980A2E6BCA}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{F15E6183-93AD-4D43-B724-4198D3DECFD8}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{F2618B92-6951-4524-ABAE-66949DF9C842}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{F2F5DCF0-7D57-45E1-9F47-522F49C85C35}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{F7B2FB32-D8E1-419C-97FB-7A6F9316D275}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{F8F42867-E3FC-4D8C-8FDA-7D18341654AD}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{F9061F05-2143-4DE6-8237-1EFA50B411C5}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{FA7A1948-7C2F-4539-9192-280351F5AC90}" refers to invalid object "C:

\WINDOWS\System32\lfef.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{FC5E259C-0CC9-4A0F-BB1D-E11708DC6A04}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax".

Action Taken: No Action Taken.

Sat Jun 18 13:34:16 2005 => Entry "HKCR\CLSID\{FE3130CE-C596-459F-8871-C350D14A7DA3}" refers to invalid object "C:

\WINDOWS\System32\phof.dll". Action Taken: No Action Taken.

Sat Jun 18 13:34:21 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801

}". Action Taken: No Action Taken.

Sat Jun 18 13:34:21 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C

10801}". Action Taken: No Action Taken.

Sat Jun 18 13:34:22 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-

599736F0D3A2}". Action Taken: No Action Taken.

Sat Jun 18 13:34:22 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-

599736F0D3A2}". Action Taken: No Action Taken.






Desde ya muchas gracias