Steps done - need help finishing off helper.dll

Status
Not open for further replies.

Larryarms

Posts: 7   +0
(This is my third attempt to post, it will not load so I will try to put logs up seperately)

I have the problem where C:\Program Files\Common with helper.dll and helper.sig opens at start up. I have run the the programs and helper.dll has been detected and deleted, but the folder still opens with helper.sig.


I have run the steps and the logs are below.

Thank you in advance to anyone who helps, you do what I can not with a computer.

Thank you
 
I removed your pasted logs (Note: all logs must be attached)
But before removing it I noticed that you had "No action taken" of found issues...

-> No action taken on MBAM scan, for found issues
Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log
 
oh okay thanks

That is what I did, I did uncheck something but then I rechecked it and then hit "remove Selected" but I will try again.

Thanks again

My CCleaning log is huge. Sorry

here is 6 and 7

kimsland:

Here is the correct Malware log. I thought I did it correctly, and I did, I just uploaded the wrong log. I logged it before I removed and then created another log afterwards so here are those two logs.

Thank you again.

Sorry I just realized I screwed up you need the this log:

Sorry


**Again sorry**

I just saw the please edit to yourself also, and went to try to fix it but must already have been.

Thanks, I guess I just must need some sleep or something. Seriously I am very sorry.

***Update***

I will re-run the Malware again. Then restart and run HJT log again.

Thanks


*****Update 2*****

I will not be uploading the new logs tomorrow. It is running a little slower then I anticipated. I will go to sleep and hopefully not make as many mistakes during round 2

Also, I have figured out how to edit my posts, but how do I add my new uploads to the same list? I have not figured that one out.

****Update 3*****
We have bad weather here so I stayed up so I could shut down my PC after this finished here is the Malware log

"If you cannot follow my directions there is no use in me helping you, when it gets really hard"

I hope you were kidding since there was a wink at the end.

I tried figuring out for awhile how to upload new files without having to do a new post, but I couldn't (I left a message in my edit edpost saying I couldn't figure it out).

Sorry about the CCleaning log-I remembered that 3 logs were needed, it was a long, long day and by the time I saw that I screwed up you had already fixed it, which was pretty darn quick.

Thanks for the help, it is really appreciated, I promise I am not as dumb as I have come across in my posts. I am usually very on top of things.
 
Here is the Malware post.

It didn't find anything this scan it was all removed in the previous. I still don't know how to upload a file without a post, sorry.

Here is the HJT log

kimsland,

found a thread where they talk about an issue like I have and they ended up going with an option on Metallica's blog. The thread was titled Trojans/helper.dll/helper.sig by PsychoDave.

It seems to be the same issue folder opening C:program Files\Common with helper.dll and helper.sig.
 

Attachments

  • mbam-log-2008-12-14 (23-28-20)new.txt
    853 bytes · Views: 5
Am I still being helped?

Just wondering if you are helping me or not. Figured I would have heard something by now, at least saying it is being looked at.

Just wondering. Like I said, last week was not my week. If I upset you because my post is a mess, I'm sorry.
 
I think you would be best to un-install Symantec (Norton) Antivirus in full
And download the free but better antivirus Avira
And then update it and run a full scan.

Otherwise do the following:
Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
Avira log

I uninstalled Norton 360 and downloaded Avira.

Here is the log for that.

And again Kimsland thank you.
 
Well done :grinthumb

Although you have un-installed Norton 360, it is still existing on your computer
This is quite normal for this product, and to help you remove the product in full, Symantec (Norton) has devised a unique removal tool
Norton 360 Removal tool -> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Please download and run the removal tool
Follow all prompts, and then restart
After restart, run CCleaner one final time
And then please report back with how your computer seems to be running :)
 
Norton removal tool done, CCleaner done, and extras

I ran the Norton removal tool. Restarted. Then ran CCleaner. I then restarted.

The c:\program files\common still opened and helper.sig was in it, helper.dll has not reappeared since (I believe) Malwarebytes deleted it. I went online with explorer and tried to surf the net for a little while (but I didn't want to surf to much because I haven't heard if there is a patch for the ie hole exploit from last week). From the pages I went to I never got the buffer error and explorer having to close.

To be safe I ran Malware, Avira, and Super Anti-spyware once more. No major detections. I restarted and the c:\program files\common still opened and helper.sig was in it.

I then surfed a small bit more, still not IE crash.

I then began this post, and I did a Highjackthis.

So that is where I am, and here are also those logs if they are of use for you.
I figured better safe then sorry, hope that is okay.

Have a nice night.
**************************

Woo Hoo..I'm guessing we are almost there.

I ran HJT and fixed everything except the Zune one. I sometimes sync it sometimes don't. If you recommend to remove works for me and I'll go back and do it.

After the restart the folder did not open. It is still there, so I am guessing we move on to deleting it and wrapping this up. Let me know what you would like me to do next.
 
You can remove Zune (synching) software if you don't require this

Actually remove all these from running in HJT again (tick and fix)
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O18 - Filter hijack: text/html - {f4890008-9728-43f7-b088-6e4ae2d14818} - C:\WINDOWS\system32\mst122.dll

O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
 
well....

After I did the HJT the folder does not open when I start up any more. Can I just delete the common folder and helper.sig or do I have to do something else?

But,

I guess this line did not work in the fix:

O18 - Filter hijack: text/html - {f4890008-9728-43f7-b088-6e4ae2d14818} - C:\WINDOWS\system32\mst122.dll

Upon, I believe, my second restart Avira found this at startup and deleted it. It still shows up in HJT though.
 
Status
Not open for further replies.
Back