« previous next »
Pages: [1]

Author Topic: missing this file C:\WINDOWS\inetdata\winlogon.exe  (Read 2149 times)

Offline Tigerdh82

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
missing this file C:\WINDOWS\inetdata\winlogon.exe
« on: December 09, 2004, 03:07:36 AM »
Hi,

Hope someone can help, after clearing a rather major hijack problem (virus, trojan,dialers etc), using the usual Ad-aware 6.0, Spybot S&D, AVG, Norton, CWS Shredder, Giant Anti Spyware.
On start-up I recieve the message unable to locate C:\WINDOWS\inetdata\winlogon.exe mostly everything works OK except for my Outlook Express.

Please help if you can.

Logfile of HijackThis v1.97.7
Scan saved at 21:17:00, on 09/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan\My Documents\My eBooks\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://xtra.co.nz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xtra
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.cyberlink.com.tw/registration/r...e=Ryan&Lang=ENU
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://xtra.co.nz
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
missing this file C:\WINDOWS\inetdata\winlogon.exe
« Reply #1 on: December 09, 2004, 09:30:32 AM »
I'll look at your log later, gotta get to work,I can see a couple problems, nothing major
just some cleanup
« Last Edit: December 09, 2004, 09:30:53 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
missing this file C:\WINDOWS\inetdata\winlogon.exe
« Reply #2 on: December 10, 2004, 12:48:04 AM »
Very sorry I couldn't get back to you earlier

I need you to update your version of Hijackthis
It's outdated

Open Hijackthis>>>Config>>Misc Tools>>Check for updates online
If for some reason it won't updated


Download the latest version of Hijackthis from HERE or HERE
Save it to C:\Documents and Settings\Ryan\My Documents\My eBooks folder and allow it to overwrite your version

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important

I'll definitely be able to see it tomorrow
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

NEED THE BEST HELP FROM THE BEST

  • Guest
missing this file C:\WINDOWS\inetdata\winlogon.exe
« Reply #3 on: October 17, 2005, 08:27:29 PM »
i really need extreme help on how to get rid of these spywares and viruses.....i did the hijackthis scan heres my log if anyone can help



Logfile of HijackThis v1.99.1
Scan saved at 8:22:02 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ntje32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\auehudu.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\xhuuxem.exe
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\Common Files\AOL\1129167312\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1129167312\ee\AOLServiceHost.exe
c:\program files\common files\aol\1129167312\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129167312\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX03.157\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINDOWS/system32/msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ztuhw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: Class - {19B6C5BA-DF6C-D9DE-B148-3B4AA52F6A5D} - C:\WINDOWS\atlrt32.dll
O2 - BHO: Class - {75410B1D-8F7C-3E60-507B-64D48499FD0E} - C:\WINDOWS\system32\sysqr32.dll
O2 - BHO: Class - {DA6CEA00-1519-E3D0-4C94-736EFCA0786C} - C:\WINDOWS\system32\syszn.dll
O2 - BHO: Class - {FEC81D35-E086-4102-D235-8A516A66EB22} - C:\WINDOWS\system32\atlea32.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [qmzxtyb] C:\WINDOWS\qmzxtyb.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129167312\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\unuaid.exe reg_run
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [glttex] C:\WINDOWS\system32\xhuuxem.exe r
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "abetterinternet.aurora" "2"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\Email RemovedEXE" -b
O4 - Global Startup: America Online 7.0 Tray Icon.lnk.disabled
O4 - Global Startup: tdtn.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {B369818A-9A2B-44BA-AACD-59F55C37576A} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {B369818A-9A2B-44BA-AACD-59F55C37576A} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft® JavaScript® Console - {B369818A-9A2B-44BA-AACD-59F55C37576A} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {B369818A-9A2B-44BA-AACD-59F55C37576A} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[censored]ed.biz
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {009D41F8-D1CD-78DB-EAA0-2C2122A94FE7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {009E8BAD-0B38-1FBD-C309-2E7A6307B797} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {00CDC7DC-4B69-325C-3E69-26340B8804F9} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {00E55B75-91FC-7255-12FB-20925887D44D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {015C6116-4BCA-4EB0-7444-0DFA566F09B1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {01BCEB0C-6035-1A14-FAF5-5DAF024A6E32} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {02091E74-611A-5205-6EA4-382F138D5A57} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {02412141-DC2A-6DD6-D326-4581067C0DB8} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {0291C8DE-146D-0F09-B4A2-3F2B607919F2} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {02F302E2-7CD2-197F-6A73-3769501A19EA} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0308E0D2-FBAA-3AA8-28EA-2D4611EF32F3} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {031A612C-97C7-1E78-5F9C-399B0B37F83E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {035F49AA-113E-117C-84FD-4E2078AB9E53} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0375830E-CE0F-13DD-BE10-05B533D62207} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {038F4EF8-4048-39E4-E2D9-5004328237AE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {03AF90BD-C765-4BE0-289B-2B9401E1F110} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {03EEB8E8-BE42-1AF8-38F6-1C0C14825295} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {04E75DC3-43B0-113B-ACB5-2FA044A2082B} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {04F0316D-CA33-1116-4D2E-67DE3C0714B3} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0504014B-E9DD-1715-806F-60D65FD34823} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {05151DBC-1CD7-018D-FA60-3BD9082FA6A5} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0516C2BC-F384-04F5-10D2-69495198DA5C} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {0581B010-D346-7A05-5ACE-2E517F4682F8} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0594B382-9EAA-7C64-2E8E-1ABF1C33591F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {05C87224-6CFB-698A-467F-7AD64B3543C7} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {06623C8F-4F76-60F2-DF16-0D010C5A9315} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {06974081-B9A1-62BC-B246-3CCE5F0C285C} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {06AD8907-4B9B-70C7-8EF3-73D745E90464} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {06EC060A-CF81-48F2-F573-59A457791A79} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {06F39DD3-6C11-5F0D-F089-1B5C147C9080} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {072B55A7-8FA2-0707-6119-34693E59B665} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {07322A18-67D7-1ED0-E79E-6E0A5B56CF49} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {079F3102-719F-17C9-8FE9-09F173A4C6D4} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {07ECA872-87B2-5A5B-3E4D-797E5348ADF4} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {08176545-01CB-7D44-BBB5-2F492A39519D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {08285C25-9242-228D-A6C3-2293120AEB44} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {083990BC-B599-0315-2D3D-62DA136D1321} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {085FCD23-A515-5C06-A9DC-63111BD25895} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {086CEF6E-8748-522B-13FC-5F1D1F051713} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0894C4D2-1052-7643-807C-282D3AA4767C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {08BECE46-92CA-29E6-E6C7-17916594152A} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {08C5E0ED-A473-4CF2-92AB-6A4909E51D8B} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {08E009CB-182A-2ED1-88DC-7EA76027D3EB} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {0974F648-0574-6A4D-8359-5D84046E2B09} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {09759F57-D4FE-3E6A-6CBB-536E5783CFCF} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {099EECE6-0B0D-6423-5D1E-5E6E0F006582} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {09CB1955-C231-340E-B267-26E3407F20EF} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0A160470-B859-507C-1D16-6B8814628D89} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A882633-84E0-26C5-4E0D-1D3353CF00EA} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0A97A0C4-20A5-75C8-EEDA-6AC52ECA6CF3} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0AAF8575-D030-3462-82B9-34A8639DC7E2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0ABE91CF-DDB9-15AF-87F7-0B7C52C58D59} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0B0FB75C-ED33-058C-E209-0C4E592452B4} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0B2BB543-6772-315B-7D8C-3F1248874817} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {0B3FBF5B-B4F3-6960-ED73-137F78812A7B} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0B75BFA6-A1F9-2E9C-DC1A-53107CB8F181} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0B77A7AE-9C16-4282-9C4F-0E8E58407D68} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0B7BB35C-B914-2AB8-3B7B-211C34F8C03D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0C7F6691-D73D-0C66-95F4-6D5168E0852C} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0C9880A7-4B86-4441-C0F6-3939240F676F} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0CE981E9-9154-07F0-0A2C-09BE5F0DDBC4} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0CEEA2B4-4B6F-6150-5091-79B316D1BF65} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0E4BA530-96C8-216D-90CD-561C4739D821} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0E4E19B1-9A52-230A-60F0-3A3E3D054F15} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0E8B0F4B-EE66-7E4D-AB15-7FF308F460DD} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0EF410EA-84D6-64C3-95C3-042960513659} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0EF81227-1991-6DD0-1697-08E572ACA6A7} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0F05D655-9BF1-0FC9-066B-0D993E376037} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {0F141377-918F-5679-4ADA-77100F139D54} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0F8DB83B-6337-1252-2C01-382D7EF6A4AA} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {0FF17C1B-1CB4-0722-F907-68F732BDDE80} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {10250344-12BB-3146-AA0A-5F7B5A93A772} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {1089BC61-5069-101D-A816-23587C5F9AC9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1097D8DC-598E-1116-90CC-79327890515D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {10B087AA-ABF6-0CCF-A002-20223C1671B6} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {10E4FA8F-E351-4373-AA5D-50555DC9769A} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {10ECCC85-8964-53EB-09DE-0F413977E93E} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {111AF250-CCD9-18A8-B3FC-3826461A8195} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {11427233-F877-50E1-74B7-166B5BFAE99C} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {115AB7BC-1394-47FB-EC23-366F73E8506E} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {118037DF-103E-1379-BE1B-0FE3377A029B} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {11867F30-4D60-1833-75B4-767E4A99CD84} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {11B6D2E1-7889-6B8F-0879-53E0783588EF} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {11F5DAE3-C194-3099-9932-41A06B17CF9D} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {121D49D6-5211-0C0E-796E-23C16B1FF2B3} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {1231B204-EA96-4548-BD86-3CC44D90ECF1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {123DCC6A-C0E5-0495-B196-7F7F44866E25} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {12750FC1-13F2-1BB4-4FFB-04230155A859} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {13C6EE47-CF51-37CE-F01B-46C0424C850B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {13FD21FD-CEC6-6594-24E2-2A2A483E7909} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {14570902-E8D5-1288-208C-59501070559C} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {147CF03A-1C2B-4B0C-9D78-464003F48871} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {149FDC9B-FCBC-0927-3FF6-256A39D2299B} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {14B5F52D-B25E-5286-6D6D-499037DEA995} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {14E4F4C3-D295-6EE2-8290-013447E104AC} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {15E1F927-DEAE-27A3-3270-167928C8DFF9} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {16007F8D-4F0D-085F-CE45-123C44010174} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16349A90-4297-0E53-2DC3-45F472062441} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {1696D78D-0206-7809-4C31-617E3B2B85E5} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {169B827E-5A8A-18E0-5A58-27F639610348} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {169CCDC5-51B4-491B-AC25-588B3839507E} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {16C097A6-C504-0C6E-7D5E-39C42F8A5A44} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16D08E31-8FFA-495C-5FFF-000C75D4D811} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {171BCDD9-A04C-038B-86EC-304274098616} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {17687FE8-C48C-5007-6D15-34275B48FFCE} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {17912100-2850-0C0E-5526-337B3712FA85} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {179E575F-B931-41A9-0FE7-467612FB8AF9} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {1879D3B5-4120-11AF-BC30-2467655C6079} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {18940455-7521-2A1C-A80C-70C5595B5DB4} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {190E7E86-8D7C-6D9C-D092-542A21CE9871} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {19529891-02F7-73F0-B418-76A26DE46668} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {199F952B-35E7-6515-4D24-405721507120} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {19B4261F-BBF7-20AC-7256-1C2D38B02A8B} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {19B5B46A-09E2-17A4-55FC-436E4832174B} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {1A7D760B-EFE6-0859-F669-76426D1872C6} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {1AB6C1F2-5C00-58C4-89D2-4B056A8B1E26} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {1B3237BD-B41D-2805-2449-446714BA097F} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {1C8BA7CB-DBC7-1DBD-1249-7D153BF80B26} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {1CF9227F-E0B0-1441-A022-3AFC7584C043} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1D4B163C-FA4F-6276-9BD4-25585C31C412} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {1D898AC0-9B9C-094C-60A3-6E4A7A95988F} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {1DA9E2EF-17D5-1E55-F205-5BE1248D93D6} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {1DEC24B7-843B-1959-D048-37CE311D42BF} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {1EDCEC0C-C30F-2B01-6325-21385B601D62} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {1F5E023E-5FB6-6B2A-093F-11C367EE055F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1F681788-5C59-18D6-65BB-65640F381E9A} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {1F7F77C0-43FB-06FD-C45B-73A35933E2F7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1F8535D4-2435-3DB4-1734-488465CD2ED6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1FEFBBE5-3B72-1706-6554-2AF629D6939C} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {202E54F5-97C0-140F-5361-49FE56C2716E} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {207DA897-BA91-0173-4C4C-22EE3E1422F1} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2090FBC0-4C4B-60DF-D609-15910E00694C} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {20BCBAFB-F58D-4CC3-E6EE-693F7BA19DC5} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {212C24CB-E367-52EF-11EE-014570E6A772} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {21B7CA15-EFDA-4C9C-0BB2-61A200003CCC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {221CEA7D-86C2-7008-8380-60D55A513D73} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {225EDC07-2A9D-50AD-E1DA-4C3977F4A2E7} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {232743B2-66EC-7A9E-7615-5752365299DC} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2342F9B2-5C4A-5D8A-1FAD-540B0EB21CBF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2395EEA9-43A6-31CE-A574-75457DB5FA1E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {249C2D4A-1C2E-2065-83EB-3FE7487AFDD6} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {24DCA26D-70C4-5BE4-9D23-51066DB699E2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {24F8E935-1C74-0A1D-C5B5-74DC37F6F49F} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {25095B2A-61D5-3AC3-5BAA-7D8318C5E066} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {251C8E07-457A-42CD-2D8A-35C44D3F495A} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {252FC58D-60BD-329A-98AE-6088216182CC} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2571E5DA-8EC7-6F5A-D4A3-51711D49DDE3} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {258F91C1-EC96-3C91-6FE3-3D4E5E07499E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {260C108B-A84A-7DAB-837D-249A156CF44A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {267EA222-2379-7180-6146-2CE643632882} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {26A0BE40-FD29-2D08-E021-72E17C04B5EB} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {26DBBAF2-3989-7D82-7BED-380944EAF2E4} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {271AA91C-A022-1CC8-E2A4-02CD36192028} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2769D672-1D75-334F-2D78-56695EC74643} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {27727521-2CA7-0E35-B82F-39F62F7CF0CB} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {27B6A099-D013-2927-88AB-670B325EEB13} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {27C8710F-B97D-63E3-EC2B-66F21E237018} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {27FBB617-7312-436A-0912-60512F2616C8} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2817FEB0-4492-06E9-BF21-4C6948253D68} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {285688DE-1763-4CFB-170B-65DC0DD821A0} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {287D0AD3-CBB8-0849-4975-6991338C842A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {28B992AB-8987-1DFB-ECBE-3A1F7CC8000F} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {28E6B944-8DAF-6FC7-70CE-1BB83B0CAA2D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2941221A-DFB4-0CB2-123B-38C972C47C41} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {294D69C6-8373-4B92-5948-17F41E54EB4A} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2962BC4A-2E7F-2571-0F11-2CB97AAF6822} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2986542C-CA16-1CB6-FD77-10B93ADE620A} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2A3B9614-AEC6-1353-DFE0-741655E986B2} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2A4AF642-7047-3276-2A13-6B4E269A9F9F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2A8D645E-4EEC-62D2-BF67-287356A0753D} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2AA96CC6-4359-4C75-0F5F-56877BADBC59} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2ACC7C9F-95CC-5F6A-009A-7C782CF7E1F1} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2AE06BEB-11C7-4AED-84AD-473174837997} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B59B551-E4FB-643F-8C21-43E34459FB7D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2BDAF9B6-C046-41E5-8707-36E934D44B0D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2C09848A-F372-5D44-B3C1-2C2D7BAE9758} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2C443D30-FBCC-650E-0B1E-01FC31499337} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {2C49D0A3-5A41-1FF0-D1E5-3639605ADB7B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2CA7AE7F-E559-78EF-2FA4-2FC15337DDEB} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2CF6D24E-0A5D-62F9-8BC6-68ED71012984} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2D053D6E-502D-6034-B67C-39752A846DAD} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2D9CB466-1863-78D0-1025-783212C3787A} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2DD4A0C4-95C6-4DDD-2A2A-10EB3EBC160F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2DE54984-22BD-0F7A-5A69-10605066B85A} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2E05A146-5993-6575-6E3B-62EC685E7658} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2E32491C-522E-0274-C37C-37ED4B8A61FD} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2EB4BB99-6959-0EE2-33E6-66FB154A6EF5} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2EEC32CB-E98B-126B-7679-6EE739EB6DD0} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2F419F2E-8231-7FD6-B5B0-50A367088E44} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {2F6A4D4B-9E60-5D11-6484-051F12103555} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {2F8536FE-2413-6D89-A457-6EC90A4B2369} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {300566F5-AC69-7BD9-50D4-5058714464CB} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {302F2D6C-0D0D-1766-C719-58CF695B2CD6} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {303A30F6-A041-2848-4DFD-138F544C994A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {31724DF2-ED8B-65C9-C34C-657C3A3D3C1B} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3212E39C-1B77-3E5D-7BB1-48032003597C} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {324B39F1-37FB-754B-AD72-1EC068E83AD1} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {32988A08-14BD-026E-2A9B-6F41265BAB84} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {32A26C22-0709-5F62-C532-169D4960CF0D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {331A03C6-B193-610F-3908-18E64C56C1F9} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {337D5895-2E4F-7D45-2059-45D321F476C3} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {33D723FA-CFD5-26D5-2DFD-12BD4CACF40A} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {342FA56F-13CE-4A3B-E727-72DD24717E3F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {344D57DC-0D18-566C-B098-1D5303758774} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {34AEE834-E446-1DDC-EB55-6E8E17138AD9} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {34DFFC42-3ADF-1DD5-CB1F-2736541D8891} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {34E4780D-D510-0EAC-A0E1-1B467C884D5B} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {3531AEE2-74EE-4767-2474-53C206D3A6DD} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {354CF60F-8CC3-4028-EAC3-3A6C178B2F63} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3552268E-6C22-14E8-8B64-7B1C42101C19} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {35972FF9-71BE-558E-DB2E-533940463C35} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {35E415D6-341A-4F00-8685-798C2C3879CE} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {35F53687-6A94-2E1D-7A7A-12BE4398E84D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {362D3984-73E0-38CF-75DC-184238F020C6} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3661410A-A8FC-25BD-8FE8-4093514F9D61} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {368C2891-3DD8-52AA-A022-46216E025B0C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {37074E80-C525-62B6-B791-1334544C62BD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {370F5C16-2F1F-2481-DD00-650450DFC2BA} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {372A79D2-6BF9-5D71-EA0F-61496E8332D5} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {37C87376-F7E1-5DB0-621E-108B7AD0B0A6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {37DAFADA-444D-6421-3E9A-087E2BFC0F36} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.Email Removed/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {37E3BEBA-1096-514E-F967-258A739EF887} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {38497EF8-0286-2D0C-A492-3FB74F0BBF7F} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {3885F961-B816-3D51-86E0-03D966427092} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {38EBDB53-7356-48A6-D419-57123018244B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3900F1D9-1F8A-6E5F-1D3A-092F3F4E9614} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {390575C5-0861-5AE8-F9A4-29AF3DE5D044} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {390B03FB-01C4-0889-775E-11616D82A377} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {390E5F35-5514-2D32-774B-08120DE24056} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {39258443-C28D-6C1E-8BF9-3CD0051B8896} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {39B18D22-D7F1-2FFF-631F-5EE841DB9AB0} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {39C9A6A3-8A13-0F91-3F7C-63221C0096FC} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {39DD004B-9BF7-4BAE-2FB0-6131525CC89C} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {39FE4A39-55AE-0EC2-148A-4C6C50FC9EDC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3A25A9CF-D773-2A6F-7492-727A2EB3BF08} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {3A284FA8-0343-03C3-8B21-769D75F6F689} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3A287406-7B7F-5FB3-F71E-3CAA1E7EF008} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3A3ADAA9-BCBC-130E-2DD0-271F2ABF2E0B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3AE7E567-ADB9-699C-CAAD-2A7B46231DB6} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {3AF95B3E-169F-6914-F880-471C50B1F221} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3AFBC8E3-4503-7041-B2E4-4D2754720180} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3B3E8349-CD47-05B1-46CA-41991D11AA53} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B6090A8-5E48-35E2-360A-11C1775773DA} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {3B8E5D84-A4EA-2B5D-DF72-416B7FA1233C} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {3B9A3908-E99C-0FBA-0B23-1CA2170AD3BE} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3BA8C496-F49C-46F5-0E49-43756D48839B} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3BAC55BF-FF6B-5BDF-6385-1DA31A9429EA} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {3BB526C9-7FC4-1155-A4C0-750B10F60C6B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3C3E6BF2-AF13-4206-0BC4-7E83520D53F3} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {3CD59D88-9A58-6F7D-E7B1-3948551AC303} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3CE8C7FB-C1E6-63B2-1A4D-1E1D2FFA6D59} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {3D03586E-D682-06C4-AE72-3A0D385A9ED8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3D075298-F38E-4A60-7C2B-52CB2CC69AFA} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3E07ABD9-A617-1F01-6FFA-493C10C91118} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3E29A110-B6F8-47C3-88E3-395A3C9EA8C1} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3E506FE3-8C78-0A90-9E4D-20EE6BE12AFD} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {3E651620-BE67-7D27-C5CB-61080CD47A14} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3E70B272-6429-6B0B-8064-5E692FA218AF} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3E87D4B4-4F06-69CE-7E8B-256F16A49F69} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {3EF3E06E-811C-6F2E-E00F-54CB71CA98AC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F655BA0-1D95-5947-F178-2AB46B5192A4} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F8BBAB3-9A1B-20B2-BE9C-04D93C6671D2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3F9674EC-35B6-0EC5-E15E-2CEF78B00687} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {403AEE88-7524-0F5D-BBCC-3E7226A3F32C} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {40ECA96C-BF4A-5F29-11CB-16F573261A6A} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {40F147C6-2E92-091D-A3E5-377A38BE69D4} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {41398A7D-CB88-6C1E-804A-6C503CCD736B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4157A882-2402-7CB2-4585-338A35626AE0} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {417DFF56-FEA5-644D-B323-368912A60008} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {419C9B01-98E4-1EFB-3E83-7F9D6A3370FB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {41ACB7DC-C83C-1C2F-9F98-6C956C178427} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {420B8C5C-6E31-7E03-549B-65F50C8B1C74} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {42245E71-7DB8-6646-F1E1-2DB203B41478} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {423FD3CD-5C27-5F82-7168-4DC16C3FE97E} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {430C6929-2768-291C-6414-69B50AAF4826} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4315C923-73A9-65AD-B191-477B5FD18B9D} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {433A3F24-DA5C-6754-5850-68651BD39993} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {4365D748-3688-229B-6027-45657DE07A82} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {43990D1A-97C2-36ED-FFEA-1CC633CE2E2A} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {43A33782-D72E-19FE-5BDD-713B23C9AF06} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {43CBB508-3825-18DE-965A-1101338C309B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {43F6BD56-3104-6AF9-53AB-5A262E7ECA88} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {443B3670-5C99-73E8-5A98-156F74109088} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {444E9AEF-9717-2727-AC7E-1C2E0AB204D8} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {44E452B8-E130-2C14-0D6C-0D2759D89695} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {452DC19D-D2F9-4436-B147-475A770A51AD} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {45A2E162-D1EE-74C2-3F30-137731F26685} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {45E65813-AE1C-4868-3D2A-64FF7D0529F4} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {45F9BC20-AC35-1AB5-5770-757209D13C33} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {460089AE-4B31-2934-03A9-63C25C0B6BB7} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {462F4CFD-318B-3173-9A64-7BA53784D645} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {46D0E8FE-527C-1DFC-1F91-14BE5E7EEFD7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {46DED052-2A44-5342-DBD8-7CE20DABA8D4} - http://69.50.188.54/1/rdgUS208.exe
O16 - DPF: {4737D76D-CD62-1146-8BB5-793931D100D9} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {480C53CE-11C2-1B0F-E93F-703271466828} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {485C6350-4937-4942-AD9C-50DA71AA5432} - http://82.179.166.72/1/gdnUS208.exe
O16 - DPF: {492928A4-AC65-20E4-B201-52E20F4B7A02} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {493E1882-32DB-4EC0-B047-01E5103D7273} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {493E49A2-EE1C-40A4-C9F0-2C334E4FA754} - http://82.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
missing this file C:\WINDOWS\inetdata\winlogon.exe
« Reply #4 on: October 17, 2005, 08:42:42 PM »
This is a very old thread
I'm locking it

Any others needing help with their logs
Please register to the forum
It's free and simple
Post a fresh hijackthis in your own post

Please, Read this
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »