PCPrivacy Cleaner Infection - Help needed

Beau · June 28, 2008

I've gotten infected. PCPrivacy Cleaner windows open up. I ran Spybot and found Virtumonde, Virtumonde.dll, Mediaplex and tradedoubler. I asked it to fix problems, and with next reboot, had the same issues. I have downloaded HiJack this and ran a scan which I will post the log below. I am running Windows 2000. I have Avast installed and running. Any suggestions will be appreciated. Thanks.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:11:33 AM, on 6/28/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\TapeWare\TWWINSDR.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINNT\system32\wfxsnt40.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINNT\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1F3161B1-B32F-48E3-804F-D89531D950A6} - C:\WINNT\system32\cdrt.dll

O2 - BHO: (no name) - {39D67F39-6F48-438A-80A2-F86FE363C215} - C:\WINNT\system32\hgGabYQI.dll

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {8305BB4B-417B-4C18-8293-F993A3811FB9} - C:\WINNT\system32\yayaYpQj.dll (file missing)

O2 - BHO: (no name) - {902C8236-E940-461D-85D2-5BEDB72CA028} - C:\WINNT\system32\pmnoMdcC.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: (no name) - {C42B9704-BD8B-43F8-83AD-3E17053D31E4} - C:\WINNT\system32\byXOiIxy.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar4.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\Msdxm.ocx

O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [0c5e9153] rundll32.exe "C:\WINNT\system32\pygtomel.dll",b

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA9116] command /c del "C:\WINNT\system32\pmnoMdcC.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC5157] cmd /c del "C:\WINNT\system32\pmnoMdcC.dll_old"

O4 - HKCU\..\Run: [WinTOTAL Scheduler] C:\WIN2000\guru.exe

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted IP range: 206.161.125.149

O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.arcountydata.com/wfica.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab

O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://C:\win2000\CONTENT\cabs\alaWeb.CAB

O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124328765215

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.....;/bin/cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/bi.....;/GoogleNav.cab

O16 - DPF: {6D251D8B-FD68-4BA2-83D5-1A0A245830C3} (alaWeb.clsSolutionCenter) - file://C:\win2000\CONTENT\cabs\alaWeb.CAB

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab

O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfvi...iewerSetup.cab

O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - http://vault.alamode.com/cab/vfd.cab

O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\win2000\CONTENT\cabs\alaGrid.CAB

O16 - DPF: {C118AE9E-3A30-4B96-9C1C-295AA4A1262A} - http://vault.alamode.com/cab/vaultinstall.cab

O16 - DPF: {D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} (SystemChecker.CheckerCtrl) - http://jonesboro.fnismls.com/Paragon...temChecker.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.fcmidsouth.com/dana-c...erSetupSP1.cab

O20 - Winlogon Notify: hgGabYQI - C:\WINNT\SYSTEM32\hgGabYQI.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe

--

End of file - 10356 bytes

JeanInMontana · June 28, 2008

Hi Beau and welcome to Malwarebytes. Please download MBAM, update it and run a quick scan. Post that log and a new HJT log, we will see what you have going on.

Beau · June 28, 2008

Thanks Jean. I'm at the office right now. As soon as I get home I'll get er done.

Beau · June 29, 2008

I ran Malware three times and still have some trojans. Now, I can open a brower, search in Google, then click to go to a link, but it goes to a different webpage. Here's the last log. Thanks.

Malwarebytes' Anti-Malware 1.19

Database version: 899

Windows 5.0.2195 Service Pack 4

5:27:56 AM 6/29/2008

mbam-log-6-29-2008 (05-27-56).txt

Scan type: Full Scan (C:\|)

Objects scanned: 131232

Time elapsed: 47 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINNT\system32\hgGabYQI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

mbam_log_6_29_2008__05_27_56_.zip

Edited June 29, 2008 by JeanInMontana
To add log, post them in replies please.

JeanInMontana · June 29, 2008

OK please post logs in the reply not as an attachment. I need a new HJT log also.

Beau · June 30, 2008

Sorry. Here they are.

Malwarebytes' Anti-Malware 1.19

Database version: 899

Windows 5.0.2195 Service Pack 4

5:27:56 AM 6/29/2008

mbam-log-6-29-2008 (05-27-56).txt

Scan type: Full Scan (C:\|)

Objects scanned: 131232

Time elapsed: 47 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINNT\system32\hgGabYQI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

______________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:44:18 PM, on 6/29/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\TapeWare\TWWINSDR.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\wfxsnt40.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WIN2000\guru.exe

C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1F3161B1-B32F-48E3-804F-D89531D950A6} - C:\WINNT\system32\cdrt.dll

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {63C327D2-34A1-4C17-8AFB-DAE3CDAE96F8} - C:\WINNT\system32\cdrt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {8305BB4B-417B-4C18-8293-F993A3811FB9} - C:\WINNT\system32\yayaYpQj.dll (file missing)

O2 - BHO: (no name) - {902C8236-E940-461D-85D2-5BEDB72CA028} - C:\WINNT\system32\pmnoMdcC.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: (no name) - {C42B9704-BD8B-43F8-83AD-3E17053D31E4} - C:\WINNT\system32\byXOiIxy.dll (file missing)

O2 - BHO: (no name) - {E4D57B00-8210-4892-B475-04C85AE0FE8F} - C:\WINNT\system32\cdrt.dll