# R0000000000e3.clb What is this?



## ande (Jun 22, 2005)

Please can someone tell me what R0000000000e3.clb does? It is running as a substring in almost all running applications, but I cannot find out what it does. 

The path for this file C:\WINNT\Registration

I am occasionally getting an unexpected pop-up when sending emails in Outlook 2000, which say:

'a program is trying to access e-mail addresses you have stored in outlook. Do you want to allow this? If this is unexpected, it may be a virus and you should choose "No". 

When I press "No", I get the following error message:

'Run-time error '287': Application-defined or object-defined error'.

I have recently removed a Trojan virus from my machine, called Trojan.Tannick.B which was capturing my company email addresses and my online banking login details and sending these to an IP Address registered in Canada. At least, I thought I had removed this (all the files and registry values are deleted), but now I am not so sure as I keep getting the annoying pop-up in Outlook.

Any suggestions would be gratefully received.

Andy :4-dontkno


----------



## Geekgirl (Jan 1, 2005)

Hello and Welcome to TSF

Lets double check to see if you have something infecting your system. Please follow these instructions. Please post back any findings 

Scan your pc with *2* of these free online scanners:
*Panda ActiveScan*  
*RAV AntiVirus*
*Housecall* Be sure to put a check the box beside AutoClean
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Download / Install / Update / and Run: 
*Adaware SE * check for any updates before running it. 
Get the plug-in for fixing VX2 variants. You can download it at this *SITE*
To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Download and install *Spybot S&D* . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the *Fix Selected Problems* button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the  *Spybot DSO Exploit Fix* and install it over the current Spybot installation.


----------



## ande (Jun 22, 2005)

Dear TJ,

Thanks for your reply and excellent advice. 

I ran Panda antivirus and got the following log:

'
Incident Status Location 

Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\0F6D3875-E852-45AD-8F88-F6A1E2 
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\550122F9-B972-4F03-9089-CCC8E3 
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\94E7D776-6835-443F-BBE9-A9164A 
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\96180374-B26C-4741-8BF8-117296 
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\AC243876-6A95-45B0-88C8-320BDD 
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\BE062C1B-C7F1-424D-92DE-535AD4 
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\D33ED553-FA90-422B-BD21-F95258 
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\F7AAA56A-C1F6-48B0-B67B-10C498 
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\716C611D-E556-4059-A21D-96DDE3\FF29661C-EB00-4248-9916-05A508 
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E4198142-C16C-43EC-80CE-30ED97\69EE80D4-003D-4565-90DF-975E56 
Adware:Adware/Startpage.ZM No disinfected C:\RECYCLER\S-1-5-21-2015185663-521812203-1318725885-12266\Dc141\svchost.exe  
Adware:Adware/Startpage.ZM No disinfected C:\RECYCLER\S-1-5-21-2015185663-521812203-1318725885-12266\Dc142.dll 
Adware:Adware/Startpage.ZM No disinfected C:\RECYCLER\S-1-5-21-2015185663-521812203-1318725885-12266\Dc143.dll '

I ran Home visit, but didn't turn anything up. (I already have Trend Officescan installed and up-to-date on my pc).

I ran Adaware SE and got the following log:

'emory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category : Data Miner
Comment : 
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data : 
TAC Rating : 5
Category  : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from customizing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : NoToolbarCustomize
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted enabling of browser button restriction ability
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : SpecifyDefaultButtons
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of search button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Search
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of back button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Back
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of forward button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Forward
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of stop button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Stop
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of refresh button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Refresh
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of home button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Home
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of history button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_History
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted block of favorites button
Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Favorites
Data : 

Windows Object Recognized!
Type : RegData
Data : 
TAC Rating : 3
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
 Rootkey : HKEY_USERS
Object : S-1-5-21-2015185663-521812203-1318725885-12266\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data : 

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 50


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 50


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 01-01-2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 26-06-2010 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 52



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : 
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : 
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 54


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 54



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Adware, Spyware, Popups - They invade your privacy and harm your PC. Protect Yourself with NoAdware!.url
TAC Rating : 3
Category : Misc
Comment : Problematic URL discovered: http://www.noadware.net/?hop=boost4
Object : C:\Documents and Settings\ande\Favorites\Security\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55

14:09:02 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:13.614
Objects scanned:68087
Objects identified:24
Objects ignored:0
New critical objects:24'

On a different note, I have downloaded all critical Windows updates for my Win 2000 Pro system and have noticed that the shortcut for my web browser (IE 6) both on the quick launch toolbar and on the desktop is pointing to a new location '"C:\Program Files\INTERN~1\IEXPLORE.EXE", and there is a comment at the bottom of the shortcut properties dialog box '@shmgrate.exe,-11002'. 

Is this normal?

I have pointed the shortcut on my quicklaunch toolbar back to the original location '"C:\Program Files\Internet Explorer\IEXPLORE.EXE".

Please advise what I should do next?

Thanks again. 

Andy -razz:


----------



## Geekgirl (Jan 1, 2005)

Empty your temporary and temporary intenert files and also delete your cookies. Did you run Spybot S&D? 

Did you use a data Migration Tool to migrate your IE/Outlook settings? (from Windows NT to new W2K)


----------



## ande (Jun 22, 2005)

Dear TJ,

Thanks for your reply. Yes, I ran Spybot S&D and installed the DSO Exploit update and ran that as well. I have that running in the background constantly now on my PC, together with Counterspy and MS Antispyware.

I have deleted all temp internet files.

I haven't migrated from WinNT to W2K.

Thanks.

Andy


----------



## Geekgirl (Jan 1, 2005)

Let me look over a HJT log, if you need assistance with it I will then ask you to post it in the correct forum. 

Download and install: *HiJackThis*. 

*(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)* 

Then doubleclick HijackThis.exe, and hit "Do A System Scan And Save Log". Make sure all Windows and Browsers are closed.
When the scan is finished, best to save your text file in the same folder as where you put HiJackthis. 


Copy/Paste the info from your saved Hijackthis log file into here. I will not give you instructions in this forum for your log I am only wondering if this is a spyware/virus issue.
I really dont think that the R0000000000e3.clb files are an issue but I dont know what they do either :4-dontkno


----------



## ande (Jun 22, 2005)

Hi TJ, 

Thanks for all your help on this. Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:30, on 28/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\EXCHSRVR\bin\exmgmt.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINNT\System32\svchost.exe
C:\OfficeScan NT\PCCNTMON.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Optus\FACSys Desktop Client\facsys.exe
C:\HP 9100C\Link\hpnsjtr.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Documents and Settings\ande\My Documents\Softlib$\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Http://ourrb/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://ourrb/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ourrb/default_news.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Richards Butler
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: FACSys Desktop Client.lnk = C:\Program Files\Optus\FACSys Desktop Client\facsys.exe
O4 - Startup: HP Digital Sender Link.lnk = C:\HP 9100C\Link\hpnsjtr.exe
O4 - Global Startup: Interceptor.lnk = C:\Program Files\Hummingbird\PowerDOCS\Interceptor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=Http://ourrb/default.asp
O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: {716CC80D-E9FB-487A-91C2-299053BDD957} (GCOfficeTools.GCOfficeToolsAll) - http://ourbase/GCOfficeTools.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = richardsbutler.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = richardsbutler.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = richardsbutler.local
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Thanks. Andy


----------



## Geekgirl (Jan 1, 2005)

I dont see anything that brings up alarms, try to repair Outlook


----------



## ande (Jun 22, 2005)

*Resolved*

Thanks for your help on this. 

I tracked down the pop-up problem in Outlook, this was because of the mail disclaimer add-in used by the firm. Looks like this is not compatible with some of the newer security features with Outlook 2000, so I just disabled this add-in, problem solved.

I am still trying to find out what the .clb file does. Any ideas?

Thanks. Andy


----------



## ReeKorl (Mar 25, 2005)

Hi Andy,

Glad you got the problem sorted.... one question, are you using a clustered file server? If so, then I think that file is to do with the Component Load Balancing. Exactly what it _does_ I'm not sure on though.


----------



## Stu_computer (Jul 7, 2005)

Would you believe that clb file is your ICQ Contact List?
No?

Here are the other applications that use a clb extension:

cdrLabel Compact Disc Label
Corel Library
Office XP Developer Code Librarian (Microsoft)
Super NoteTab ClipBook Template
Total Club Manager Single Club Info (Electronic Arts Inc.)

Do you have any of these on your computer?


----------



## Stu_computer (Jul 7, 2005)

I haven't nailed it down yet but have found so far that R0000000000xx.clb is used in the .NET Framework and COM+ services (Enterprise Services), but WHO/WHY will take some time.


----------



## Stu_computer (Jul 7, 2005)

The R0000000000xx.clb file is created when installing windows along with a COM+.log file that looks like this

===================== COM+ =====================
Time: 3/6/2005 18:03:27.475
Type: Information
Category: CRM
Event ID: 4101
A new CRM log file was created for the System Application.


And the System Application is apparently DllHost.exe

Componentized Windows Services


----------

