Joined
·
2 Posts
I have been working on a client's computer (Dell D-Pent XP) that was infested with trojans and malware. Thought I had it all cleaned up and went to do a SP3 install. The install fails when it tries to find clbcatq.dll. I am running the install from a download saved to the desktop. It has been unblocked. I read somewhere that this can be caused by malware, but I can't find that link again, so I ended up here. I am posting the gmer.txt file. I ran the DDS tool before I saw the warning. It did not seem to do any harm but I will not post the results unless requested. Thanks for any help.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-13 22:08:51
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
Code F79B7A6C ZwEnumerateKey
Code F79B7E1C ZwQueryDirectoryFile
Code F79B7E1B NtQueryDirectoryFile
---- Devices - GMER 1.0.14 ----
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Modules - GMER 1.0.14 ----
Module \??\globalroot\systemroot\system32\drivers\clbdriver.sys (*** hidden *** ) F79B6000-F79BA000 (16384 bytes)
---- Processes - GMER 1.0.14 ----
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Dell\Media Experience\DMXLauncher.exe [436] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [468] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [664] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\ehome\mcrdsvc.exe [944] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1052] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x76FD0000
Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1180] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1508] 0x76FD0000
Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1616] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [1648] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [1724] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [1780] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2228] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\ehome\ehtray.exe [2360] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\eHome\ehmsas.exe [2400] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\eHome\ehSched.exe [2428] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\stsystra.exe [2468] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2768] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3056] 0x76FD0000
---- Services - GMER 1.0.14 ----
Service globalroot\systemroot\system32\drivers\clbdriver.sys (*** hidden *** ) [SYSTEM] clbdriver <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\clbdriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\ControlSet002\Services\clbdriver
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\ControlSet003\Services\clbdriver
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\ControlSet004\Services\clbdriver
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 7
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] http://update.microsofttransfer.com/adsensegen.php
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] update.microsofttransfer.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1
---- Files - GMER 1.0.14 ----
File C:\i386\clb.dll 10752 bytes executable
File C:\i386\clbcatex.dll 110080 bytes executable
File C:\i386\clbcatq.dll 498688 bytes executable
File C:\WINDOWS\system32\clb.dll 10752 bytes executable
File C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
File C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
File C:\WINDOWS\system32\clbcfg.dat 7641 bytes
File C:\WINDOWS\system32\clbdll.old 40960 bytes executable
File C:\WINDOWS\system32\drivers\clbdriver.sys 7168 bytes executable
File C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable
File C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable
File C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable
File C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\clbcatex.dll 110592 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\clbcatq.dll 498688 bytes executable
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-13 22:08:51
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
Code F79B7A6C ZwEnumerateKey
Code F79B7E1C ZwQueryDirectoryFile
Code F79B7E1B NtQueryDirectoryFile
---- Devices - GMER 1.0.14 ----
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Modules - GMER 1.0.14 ----
Module \??\globalroot\systemroot\system32\drivers\clbdriver.sys (*** hidden *** ) F79B6000-F79BA000 (16384 bytes)
---- Processes - GMER 1.0.14 ----
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Dell\Media Experience\DMXLauncher.exe [436] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [468] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [664] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\ehome\mcrdsvc.exe [944] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1052] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x76FD0000
Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1180] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1508] 0x76FD0000
Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1616] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [1648] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [1724] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [1780] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2228] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\ehome\ehtray.exe [2360] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\eHome\ehmsas.exe [2400] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\eHome\ehSched.exe [2428] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\stsystra.exe [2468] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2768] 0x76FD0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3056] 0x76FD0000
---- Services - GMER 1.0.14 ----
Service globalroot\systemroot\system32\drivers\clbdriver.sys (*** hidden *** ) [SYSTEM] clbdriver <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\clbdriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\ControlSet002\Services\clbdriver
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\ControlSet003\Services\clbdriver
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clb.dll
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0xB6 0x00 0xB6 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clbcatex.dll
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0xCF 0x24 0x2A 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\clbcatq.dll
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x2A 0x00 0x3E 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\[email protected] 0x6A 0xB7 0x9D 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\[email protected] driver
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\clbdriver.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\[email protected] driver
Reg HKLM\SYSTEM\ControlSet004\Services\clbdriver
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 7
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] http://update.microsofttransfer.com/adsensegen.php
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] update.microsofttransfer.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1
---- Files - GMER 1.0.14 ----
File C:\i386\clb.dll 10752 bytes executable
File C:\i386\clbcatex.dll 110080 bytes executable
File C:\i386\clbcatq.dll 498688 bytes executable
File C:\WINDOWS\system32\clb.dll 10752 bytes executable
File C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
File C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
File C:\WINDOWS\system32\clbcfg.dat 7641 bytes
File C:\WINDOWS\system32\clbdll.old 40960 bytes executable
File C:\WINDOWS\system32\drivers\clbdriver.sys 7168 bytes executable
File C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable
File C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable
File C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable
File C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\clbcatex.dll 110592 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\clbcatq.dll 498688 bytes executable
---- EOF - GMER 1.0.14 ----
