Helper.sig folder at startup removal help needed

Status
Not open for further replies.

meegans1

Posts: 6   +0
Attached are my log files from the 8 step process. Any help would be appreciated.

Thanks
 

Attachments

  • hijackthis.log
    10.1 KB · Views: 5
Hello :)

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.


Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
c:\windows\system32\dhpmnb.dll

http://img.photobucket.com/albums/v6...FScriptB-4.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
It looks clean. Please attach new hijackthis log, and tell how things are running ?
 
Latest Hijack log

I've attached the latest hijack log. The computer seems to be functioning fine, the only artifact of helper.sig folder showing up at start up is that I still have the C:/Program Files/Common folder pop up at startup. I can close it and it goes away, everything seems fine. Since this is an empty folder, should I just delete it?

Thanks.
 
Ok.

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
c:\windows\system32\dhpmnb.dll
Folder::
c:\program files\Common

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
After running ComboFix

Here's the ComboFix log after running it again with your CFScript text dragged in. When it rebooted the machine the Common folder did not pop up. Please let me know if you see anything in this log.

Thanks again
 
Just one more issue -

Please download http://swandog46.geekstogo.com/avenger2/download.php
by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop

Start Avenger


Registry values to replace with dummy:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs

Copy/Paste all the text in the above quote box into the main window
Click Execute

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.

This log file will be located at C:\avenger.txt

Attach C:\avenger.txt in next reply, along with fresh hijackthis log
 
Touch,

When I input the avenger script from your quote box I get a error message for Invalid syntax in command.

Mark
 
Avenger log

Here's the avenger and Hijackthis log files. Avenger prompted me for a reboot but there was no brief black command box during reboot.

Thanks for you help
 
Run a scan with HijackThis. Check the following and hit 'Fix checked'
O20 - AppInit_DLLs: dhpmnb.dll


Reboot to safe mode ->
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
.


Show hidden files and folders
Click Start button, then go to Programs, Accessories and click on Windows Explorer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading please check Show hidden files and folders.
Uncheck the Hide protected operating system files (Recommended) option.
Click Yes to confirm.
Click OK.

Find and delete this file (if present)
c:\windows\system32\dhpmnb.dll


Reboot normally, attach fresh hijackthis log and tell how things are running now ?
 
Would the script not be,

Start Avenger

Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows | AppInit_DLLs

Copy/Paste all the text in the above quote box into the main window
Click Execute

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.

This log file will be located at C:\avenger.txt
 
Status
Not open for further replies.
Back