Ok, so in the last few days when I start my machine or restart it a window pops up. C:\Program Files\Common In the window are Helper.dll, Helper.sig, _helper.dll and _helpre.sig. Ive run Ad-Aware full scan as well as SuperantiSpyware and so far the only file other than spyware that has been deleted is _helper.dll. Im still going through the steps that are advised in UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions


Any help would be appreciated


Dave

Ok, ive stopped on step 9. I downloaded CCleaner and ticked all the boxes but got tones of warning messages upon doing so...now im not so sure I want to run that. Will not ticking every box leave a possibility of missing some sort of spyware/malware/virus?

I ended up running the CCleaner a few times untill 0 files were found and deleted...

Ran Panda Antirootkit programme, no rootkits found

once you finish post the 3 logs here

hijackthis
SAS or MBAM
ComboFix

Here is the HJT Log, SAS and ComboFix to follow

Attached Files

hijackthis log.txt (14.5 KB, 4 views)

Post a fresh hijackthis log after you have ran SAS and ComboFix

Just ran ComboFix and reran SAS...here are the logs

Rerunning HJT now...

Attached Files

	SUPERAntiSpyware Scan Log - 08-21-2008 - 12-11-11.log (2.5 KB, 3 views)
	combofix log.txt (22.2 KB, 2 views)

Here is the new HJT log

Attached Files

hijackthis log.txt (14.9 KB, 3 views)

* Click here to download FindAWF.exe and save it to your desktop.

• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
• Come back here to this thread and attach the AWF.txt file in your next reply.

heres the AWF log file...

Attached Files

awf.txt (5.4 KB, 4 views)

post a fresh hijackthis log

fresh HJT log as of 9:55pm 8/21

Attached Files

hijackthis log.txt (14.9 KB, 5 views)

any verdict?

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

=================================================

Now run hijackthis and place a check next to the items below then click on fix items then exit hijackthis and reboot.

O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

====================================

Please run an on-line virus scan at http://www.kaspersky.com/virusscanne...can</font></b> or if that doesnt work, you can use TrendMicro or BitDefender. (Please make sure to post the results of the scan(s) in your next reply)

Dave if you resolve it can you let me know the steps. I have the exact same problem as you. My computer keeps restarting also.

here is the new HJT Log

The virus scan detected and deleted a bunch of infected files but for some reason the log didnt save...

There were a ton of Trojans and some worms

Attached Files

hijackthis log.txt (14.5 KB, 3 views)

Download & Install SDFix

• Download SDFix & save it to your Desktop.
• Double click SDFix.exe & it will extract the file to %systemdrive%
  (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode

• Restart your computer & start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix

• Open the extracted SDFix folder & double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
• Attach Report.txt back here

Ok, I ran SDFix, here is the report...not sure what it says but after rebooting and finishing the Common folder opened and still has the helper.dll, helper.sig and _helper.sig files

Attached Files

sdfix.txt (5.0 KB, 1 views)

ComboFix

• Download ComboFix to your desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System




Download the file**& save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction