TechSpot

Helper.sig folder at startup removal help needed

By meegans1
Apr 5, 2009
  1. Attached are my log files from the 8 step process. Any help would be appreciated.

    Thanks
     

    Attached Files:

  2. touch

    touch TS Rookie Posts: 978

    Hello :)

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe
    And save to the desktop.


    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://img.photobucket.com/albums/v6...FScriptB-4.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. meegans1

    meegans1 TS Rookie Topic Starter

  4. touch

    touch TS Rookie Posts: 978

    It looks clean. Please attach new hijackthis log, and tell how things are running ?
     
  5. meegans1

    meegans1 TS Rookie Topic Starter

    Latest Hijack log

    I've attached the latest hijack log. The computer seems to be functioning fine, the only artifact of helper.sig folder showing up at start up is that I still have the C:/Program Files/Common folder pop up at startup. I can close it and it goes away, everything seems fine. Since this is an empty folder, should I just delete it?

    Thanks.
     
  6. touch

    touch TS Rookie Posts: 978

    Ok.

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  7. meegans1

    meegans1 TS Rookie Topic Starter

    After running ComboFix

    Here's the ComboFix log after running it again with your CFScript text dragged in. When it rebooted the machine the Common folder did not pop up. Please let me know if you see anything in this log.

    Thanks again
     
  8. touch

    touch TS Rookie Posts: 978

    Just one more issue -

    Please download http://swandog46.geekstogo.com/avenger2/download.php
    by Swandog46 to your Desktop.
    Click on Avenger.zip to open the file
    Extract avenger2.exe to your desktop

    Start Avenger


    Copy/Paste all the text in the above quote box into the main window
    Click Execute

    The Avenger will automatically do the following:
    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions.

    This log file will be located at C:\avenger.txt

    Attach C:\avenger.txt in next reply, along with fresh hijackthis log
     
  9. meegans1

    meegans1 TS Rookie Topic Starter

    Touch,

    When I input the avenger script from your quote box I get a error message for Invalid syntax in command.

    Mark
     
  10. touch

    touch TS Rookie Posts: 978

    It happens sometimes, just continue, see if it reboot and produce a log
     
  11. meegans1

    meegans1 TS Rookie Topic Starter

    Avenger log

    Here's the avenger and Hijackthis log files. Avenger prompted me for a reboot but there was no brief black command box during reboot.

    Thanks for you help
     
  12. touch

    touch TS Rookie Posts: 978

    Run a scan with HijackThis. Check the following and hit 'Fix checked'
    O20 - AppInit_DLLs: dhpmnb.dll


    Reboot to safe mode ->
    Restart your computer.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.
    .


    Show hidden files and folders
    Click Start button, then go to Programs, Accessories and click on Windows Explorer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the "Hidden files and folders" heading please check Show hidden files and folders.
    Uncheck the Hide protected operating system files (Recommended) option.
    Click Yes to confirm.
    Click OK.

    Find and delete this file (if present)
    c:\windows\system32\dhpmnb.dll


    Reboot normally, attach fresh hijackthis log and tell how things are running now ?
     
  13. kritius

    kritius TS Guru Posts: 2,084

    Would the script not be,

    Start Avenger

    Copy/Paste all the text in the above quote box into the main window
    Click Execute

    The Avenger will automatically do the following:
    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions.

    This log file will be located at C:\avenger.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...