compstuid.dll and clbcatix.dll Help!

So I've actually run through this forum here: http://forums.majorgeeks.com/showthread.php?p=823403 and attempted to remove these two programs that way, as well as security task manager. Unfortunately, they keep coming back and I can't get them to go away. I'm really not sure what to do anymore and I've pretty much run out of ideas.

I've attatched a hackthis log. Help me please?

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender (Step 6)
• Panda Scan (Step 6)
• HijackThis

 

Alright. I've done the whole tutorial and I strongly believe my computer is still infected >.< I'll go ahead and post all of the files you need here.

Unfortunately, my bitdefender scan is 252.00 kb instead of the 250 requested. What would you like me to do with that?

 

PS. Here's my hijackthis logfile for now.

 

First you need to relocate your HJT to a safer location. For example C:\Program Files\HJT.

Please see the below thread on how to install and run Spy Sweeper.

• Running Spy Sweeper...

When you return from scanning, please attach the SS log with a fresh HJT log.

 

Alright, here's the two newest logs- and I moved my hjt into my program files and off of my desk top.

Thanks for being patient with me.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

Anti-Virus-Pro

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll
O2 - BHO: C:\WINDOWS\system32\clbcatix.dll - {D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} - C:\WINDOWS\system32\clbcatix.dll

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll
O20 - Winlogon Notify: ddayw - C:\WINDOWS\system32\ddayw.dll (file missing)
O20 - Winlogon Notify: winrcq32 - C:\WINDOWS\

Again, make sure ALL browser windows are closed when you click FIX.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Anti-Virus-Pro ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

I think the compstuid.dll and clbcatix.dll are finally gone. My Prevx isn't finding anything and they don't pop up in hijackthis anymore. The only weird thing thats happening now is when I try to open internet explorer- it takes about three minutes for any window to open at all. Also, when I sign onto aol, it'll stop at 'checking password' and seems like it freezes, but after a few seconds it'll finally log on.

Thanks so much though. I think I'm much closer to the norm that is my computer.

 

Your HJT log looks good, are you having any further problems?

 

The only problem I'm having is with internet explorer. It takes five minutes for anything to pop up when I click to open up the browser or when I click on a link in- lets say- an msn IM window. Then when it finally does open, it freezes for about a minute or so. What could be causing that?

Yay for a clean computer otherwise!

 

Just to confirm, will you run and attach the logs from the tools in the READ ME "ShowNew" and "GetRunKeys".

If you will attach these new logs so we can make sure nothing is hiding around.

 

Yup, here are the two new shownew and runkey files.

 

Your logs look ok to me, I would post this in the Software Forum and see what they can come up with.

 

Alright, thank you so much for you help ^.^

 

Your Welcome!