Over 1 million tech questions and answers.

C:\program Files\common\helper.sig At Start Up

Q: C:\program Files\common\helper.sig At Start Up

Hello everyone, I am new to the forum and would like some help.Yesterday, my Norton AV found 2 viruses. It removed infostealer easily. Downloader, not so easy. I eventually deleted it in safe mode. The path was C:\WINNT\system32\msiebbar.dll. Once back in normal mode, I went ahead and deleted temporary internet files folder.Upon restart, and everyone after that, I now have a common files window pop up with helper.sig in it. I tried to find it in regedit with no luck. So, now I'm treading in unfamiliar waters, asking for help to something I know little about. Any help would be appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:24:33 AM, on 8/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINNT\System32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\WINNT\system32\atiptaxx.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINNT\system32\ctfmon.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\Nikon\NkView6\NkvMon.exeC:\WINNT\system32\java.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Messenger\msmsgs.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetRegO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cabO16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218078086389O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cabO18 - Filter hijack: text/html - {77d65348-dfa3-48b9-b111-fd07cd8c588e} - (no file)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe--End of file - 9291 bytesDeckard's System Scanner v20071014.68Run by Me on 2008-08-08 22:10:47Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 78% (more than 75%).Total Physical Memory: 192 MiB (512 MiB recommended).-- HijackThis (run as my name.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:11:06 PM, on 8/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINNT\System32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\WINNT\system32\atiptaxx.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINNT\system32\ctfmon.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\Nikon\NkView6\NkvMon.exeC:\WINNT\system32\java.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Mike Der\Desktop\dss.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\MIKEDE~1.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetRegO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cabO16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218078086389O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cabO18 - Filter hijack: text/html - {77d65348-dfa3-48b9-b111-fd07cd8c588e} - (no file)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe--End of file - 9332 bytes-- Files created between 2008-07-08 and 2008-08-08 -----------------------------2008-08-08 00:46:13 0 d-------- C:\Program Files\Trend Micro2008-08-07 01:51:42 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.22008-08-07 01:29:36 0 d-------- C:\WINNT\Prefetch2008-08-07 01:02:50 0 d-------- C:\WINNT\system32\scripting2008-08-07 01:02:46 0 d-------- C:\WINNT\l2schemas2008-08-07 01:02:44 0 d-------- C:\WINNT\system32\en2008-08-07 01:02:43 0 d-------- C:\WINNT\system32\bits2008-08-07 00:51:46 0 d-------- C:\WINNT\network diagnostic2008-08-06 18:13:11 0 d-------- C:\WINNT\pss2008-07-31 03:27:56 0 d-------- C:\Program Files\Common-- Find3M Report ---------------------------------------------------------------2008-08-07 21:08:39 0 d-------- C:\Program Files\Common Files\Symantec Shared2008-08-07 21:07:45 0 d-a------ C:\Program Files\Common Files2008-08-07 02:42:46 0 d-------- C:\Program Files\Norton SystemWorks2008-08-07 01:29:03 0 d-------- C:\Program Files\Messenger2008-08-07 01:02:43 0 d-------- C:\Program Files\Movie Maker2008-08-07 00:55:19 0 d-------- C:\Program Files\Windows NT2008-08-06 21:10:47 0 d-------- C:\Program Files\Java-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Synchronization Manager"="mobsync.exe" [04/13/2008 08:12 PM C:\WINNT\system32\mobsync.exe]"AtiPTA"="atiptaxx.exe" [12/02/1999 04:52 PM C:\WINNT\system32\atiptaxx.exe]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/02/2003 04:11 PM]"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [12/02/2003 04:11 PM]"SymTray - Norton SystemWorks"="C:\Program Files\Common Files\Symantec Shared\SymTray.exe" [08/29/2002 12:44 AM]"HPDJ Taskbar Utility"="C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe" [12/11/2001 08:33 PM]"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [03/25/2003 12:13 PM]"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [05/17/2005 01:25 AM]"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 10:33 AM]"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINNT\LOGI_MWX.EXE]"NWEReboot"="" []"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [04/13/2008 08:12 PM][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop"tscuninstall"=%systemroot%\system32\tscupgrd.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINNT\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]eapsvcs eaphostdot3svc dot3svcHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsnapagenthkmsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]AutoRun\command- F:\LaunchU3.exe -a-- End of Deckard's System Scanner: finished at 2008-08-08 22:12:41 ------------

RELEVANCY SCORE 200
Preferred Solution: C:\program Files\common\helper.sig At Start Up

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: C:\program Files\common\helper.sig At Start Up

Hi docder,Please download Brute Force Uninstaller .Right click the downloaded BFU folder, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive isClick "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download DeepDive Remover.Save it in the same folder you made earlier (c:\BFU).Then, please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe Behind the scriptline to execute field click the folder icon and select DeepDive.bfu Press Execute and let the program do it’s job. (Do not be startled as your taskbar will disappear for a little while.)Wait for the complete script execution box to pop up and press OK.Press exit to terminate the BFU program.A notepad file called BFUlogdeepdive.txt will be created on the systemdrive (usually the location will be C:\BFUlogdeepdive.txt). Post the content of that file please.When you reboot the folder should no longer come up.

Read other 6 answers
RELEVANCY SCORE 106.4

A folders with the pathname "C:/Program Files/Common" automatically opens at startup, and contains two files named "helper.sig" and "helper.dll". Something is causing my web browser to redirect to unwanted sites. My computer is also significantly slower than just a few weeks ago. My DDS.txt notepad is included below. Can you help? Many thanks!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 11:02:45.70 on Thu 04/23/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.101 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1... Read more

A:C:/Program Files/Common; helper.sig and helper.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 100.8

Hi,

I seem to be infected with helper.dll that is located in c:\program files\common. It pops up everytime I restart my computer and seems to be slowing everything down. I've looked at some of the other posts, but can't seem to find anything in my system registry. I've posted my registry from hijackthis. If someone could tell me what to delete, I'd really appreciate it! Thanks for your help.


Jeff

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:29 AM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c... Read more

A:Helper.dll in C:\Program Files\Common

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 99.6

Every time I reboot my computer I get a window with the Helper.dll file in it. This file is located at C:\Program Files\Common. If I close the window it reappears. When I close it the second time it stays closed. Start up is also VERY slow. PLEASE HELP!DDS (Ver_09-07-30.01) - NTFSx86 Run by Slavin at 10:08:38.35 on Tue 08/04/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.487 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\stsystra.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\PROGR... Read more

A:Helper.dll in C:\Program Files\Common Pop up on Startup

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 98.8

here is my problem. I read through other posts about this...but I figured every case is a bit different and I shouldn't follow other posts cause they were all a bit different.

I'm writing about our computer at the store I work at. We use it for our register and the past couple of days it has been very slow and on start up an Explorer window pops up and it's Program Files\Common and it has 4 icons helper.dll, _helper.dll, helper.sig and _helper.sig. I've run AdAware and deleted cookies and temp internet files and that doesn't seem to help. I've also just finished running Malwarebytes Anti-Malware and after restart after that finished the helper.dll and helper.sig icons were gone but the _helper.dll and _helper.sig were still there and it is still running slow. I've attached my Malwarebytes Log. This computer is a Gateway desktop running Windows XP. We have McAfee installed but I believe the subscription is ended so as soon as I get this figured out I'm going to have my boss set up a comcast email address to get the free subscription.

Any help would be great!!!! Thank you so much!

attached here is my HJT Log and my Malwarebytes log
 

A:Program Files\Common, helper.dll on restart, slowness

any help please...I know you're all busy, but I really don't want this to just go further and further without getting helped...it's been viewed 42 times already
 

Read other 1 answers
RELEVANCY SCORE 83.2

Hi All

I get the above window open whrn my pc boots up , how do i get rid of it please ....

A very happy Liverpool fan

Rich
 

A:C:\Program Files\Common at start up

Read other 16 answers
RELEVANCY SCORE 82

I looked through the past posts on this subject, but the advice doesn't apply in my situation.

Every time I start Windows the C:\Program files\Common folder opens up.
I have a hunch that it's to do with Install Shield. But I have no idea how to fix it. I have looked at my startup folder and there are no shortcuts to open this window.

I'm going to post my HJT log for your reference.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:52 PM, on 28/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\... Read more

A:C:\Program Files\Common opens on start up

Have you tried using MSCONFIG? You can disable all starups, test if problem is fixed, and then add back the option you need.
 

Read other 1 answers
RELEVANCY SCORE 82

Hi all

if you follow the link below you will see my problem , its still happning .. any ideas ? i have tryied all the tips and some of that i now of ..

http://forums.techguy.org/showthread.php?t=461485&goto=newpost

I cant see any thing wrong with this log but i thought i would include it .

Logfile of HijackThis v1.99.1
Scan saved at 09:06:19, on 24/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINDOWS\System32\lxcecoms.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\New Folder (2)\hijackthis\HijackT... Read more

A:C:\Program Files\Common opens at start up

Closing duplicate.

Please continue here:

http://forums.techguy.org/windows-nt-2000-xp/461485-c-program-files-common-start.html
 

Read other 1 answers
RELEVANCY SCORE 78

Good day. Let me start by letting you know that I have absolutely no computer expertise whatsoever - explanations of what to do will need to be simple. Sorry for what is going to be long posting, but I'd like to give complete background so that you can properly help me.Yesterday I was on MySpace before noon ~ this is the only site I had visited that is out of the norm for me. I'm pretty boring and regular with what I visit...and I do not download or click 'yes' on just any old box that pops up. Having said that, I absolutely did not download anything yesterday until well after the problem first cropped up. My protection settings are medium-high, and I was running AVG 8.0 (free).The problem: I began having trouble with some of my webpages freezing. It would seem to load, the little green bar at the bottom would be all green, I could see the web page, but the scroll bar would not move, neither the 'back' nor 'refresh' button would work, and I could not close or "x" out of IE. (I was using IE 7, my OS is Window XP, with Service Pack 3. I downloaded and am now using IE8.) In fact, I could do nothing at all except hit the power button on my laptop.The first time I assumed it was the site I was visiting, so when I got back online I went to a different site. It seemed slow to me, as did several other sites, and then the same freezing thing happened on another site. This was the second time I had to power off and then power back... Read more

A:Am I still infected? Had Common file w/contents helper.dll & helper.sig

Hi and welcome. Please post your lasst MBAM log. Then Rerun MBAM like this.Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SASFrom your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and cho... Read more

Read other 5 answers
RELEVANCY SCORE 78

I have a problem that may only be partially fixed. It just started happening yesterday. When my computer would start, a Windows Explorer window would pop up opened to a folder called Common. The path to this folder was C:\Program Files\Common.

Inside the folder, there were two files called helper.dll and helper.sig. I ran system restore and this made helper.dll disappear, but helper.sig remained and the Common folder would still pop up at boot up. I then changed the folder's name to RenamedCommonRenamed and changed helper.sig's name to RenamedhelperRenamedDotsig . Now the folder doesn't pop up when Windows starts, but the problem probably isn't totally fixed. I read somewhere that this problem can be related to malware called InfoStealer.Banker.D that tries to steal banking information , so I want to make sure the problem is fixed.

Here is the DDS log:
DDS (Ver_09-01-19.01) - NTFSx86
Run by 1 at 7:01:07.35 on Sat 01/31/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.226 [GMT -6:00]

AV: AVG 7.5.516 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avg... Read more

A:helper.dll and helper.sig malware pops up in Common folder

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 73.6

For the past several weeks a folder named common opens everytime I turn on my pc. This folder contains two files: helper.dll and helper.sig. Not sure what it is or where it came from. Any help would be greatly appreciated.

Heres the DDS.txt log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:05:02.79 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.132 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program... Read more

A:Common file, helper.dll, helper.sig

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 73.6

Can't get rid of helper.dll and helper.sig in common folder. Please helplisted below is the HJT logLogfile of random's system information tool 1.06 (written by random/random)Run by user at 2009-04-02 22:04:31Microsoft Windows XP Professional Service Pack 3System drive C: has 6 GB (31%) free of 20 GBTotal RAM: 512 MB (42% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:12 PM, on 4/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monito... Read more

A:Can't get rid of helper.dll and helper.sig in common folder

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,mattiedawg. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.Step1Please download GMER Rootkit Scanner from Here or Here.Extract the contents of the zipped file to desktop. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Step2Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at t... Read more

Read other 20 answers
RELEVANCY SCORE 68

Hi,

after installing a Canon printer driver, I am now getting an error:

Cannot access C:\Program Files\Common Files\microsoft shared\ink the file directory is corrupted.
I have tried running scan disc and it doesn't work and have tried from the command window and it stops 73% through and say can't go any further to maintain system integrity. I have also tried restoring from a back-up but it wont let me as well.

Any suggestions?

A:C:\Program Files\Common Files\microsoft shared\ink corrupted file directory

I have a similar problem, see other thread with same title.

Read other 1 answers
RELEVANCY SCORE 68

Hi,

I have been trying to install Microsoft Office and keep getting an error

Cannot access C:\Program Files\Common Files\microsoft shared\ink the file directory is corrupted. I have tried running scan disc and it doesn't work and have tried from the command window and it stops 73% through and say can't go any further to maintain system integrity.

Any suggestions?

Thank

A:C:\Program Files\Common Files\microsoft shared\ink corrupted file directory

Hi tonedef -

Welcome to the Tech Support Forum - Vista Support!

What version of Office are you trying to install (e.g, 2003 or 2007)?

Have you changed any file permission settings or "Taken Ownership" of any folders/files?

The "scan disk" that you mentioned running... was it "sfc /scannow"? If not, click on START | type cmd.exe in the Start Search box | right-click on cmd.exe | select Run as Admin

In the screen that comes up type the following:

sfc /scannow (space after sfc) - press ENTER

Let this run. Try Office re-install.

Good Luck. . .

jcgriff2

Read other 16 answers
RELEVANCY SCORE 68

Thanks to anyone who can help. I've searched for this topic and haven't found anything that worked for me. I posted this topic a couple days ago but just now it didn't show up; sorry if I've double-posted.

I'm trying to download itunes for the first time, but I get the error in the title when I try to run the itunes_setup.exe file. When I cancel, I get "The installer has insufficient privileges to access this directory: C:\Program Files\Apple Software Update. The installation cannot continue. Log on as administrator or contact your system administrator."

I checked and confirmed that I am the admin on my PC, and all accounts are set up with full access privileges to these folders. I also tried rebooting in safe mode and logging on as "Administrator" and running the .exe from a flash drive.

I think I had similar problems loading an XP Office Upgrade a few months ago; I finally just gave up. I have Spybot Search and Destroy; it says I'm clean, for whatever that's worth.

Please help! Thanks again.

A:error occurred with attempting to create directory C:\Program Files\Common Files

You are mostly likley on a limited account.
Are you using Xp
Are you the only account. There are other reasons but lets look at this option first

Go to control panel use accounts and click on your user name , it will say if you are and admin of the machine or you are using a limited account.

Take alook at that and post back

Read other 3 answers
RELEVANCY SCORE 68

Hi, I am tushar I am useing dell opetplex 620. From couple of days I am facing error in my SAP login "Failed to load resource DLL C:\Program Files\Common files\Shystem\OLE DB\ OLEDB32.DLL" and the application does't start. Can you help me guys. It is very urgent for me.

Thanks
Tushar

A:Failed To Load Resource Dll C:\program Files\common Files\shystem\ole Db\ Oledb32.dll

Here is what i found in the Microsoft KnowledgebaseLet us know if this works.

Read other 1 answers
RELEVANCY SCORE 68

An error accurred while attempting to create the directory C:\Program Files\Common Files
wont let me install some programs like msn i dunno why..
 

A:error accurred while attempting to create the directory C:\Program Files\Common Files

Bump
 

Read other 1 answers
RELEVANCY SCORE 68

Norton Antivirus has identified this Adware but can't delete it. It seems to be one of the Trojan Horses that, just when you least expect it, suddenly sends you off to a porn site. Can you please tell me how to eliminate it or point me in the direction of existing instructions, if there are any? Thanks. The HijackThis log (v1.99.0) is as follows.

Logfile of HijackThis v1.99.0
Scan saved at 23:57:34, on 08/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Sungard Vaulting Services\AgentSrv.EXE
C:\Windows\System32\Ati2evxx.exe
C:\WINDOWS\System32\cisvc.exe
C:\Windows\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NOR... Read more

A:Win32.Dluca.AX: File C:\program files\Common Files\System\ms1src.exe

Read other 11 answers
RELEVANCY SCORE 68

When I try to install any programs like skype and the last part of the installation I get an error occured while attempting to create the directory: C:program files\ common files
why is this happening? but more importantly how do I fix it?
Thanks for any help given

Read other answers
RELEVANCY SCORE 68

Hi there,

I have installed microsoft office 07 when first getting my laptop late last year and have had no problem until today. I find this appearing on my laptop upon trying to open up any microsoft office program: Error 2330. Setup cannot get attirbutes for the C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS. Verify that the file exists in your system and that you have sufficient permissions to update it.

When trying to open windows live messenger i get this message: The file or directory\Program files\common files\microsoft shared is corrupt and unreadable. Please run the Chkdsk utility and the same goes for trying to open winRAR and notepad.

I have tried to do the chkdsk utility but on cmd, was told access denied since i do not have sufficient privileges and need to invoke this utility running in elevated mode.

I should also add that my sister was using my laptop today and told me that these error messages came up when she first opened the laptop and said that my log on was even corrupted! (Note: I normally put my laptop to sleep but when my sister opened it this morning it had restarted instead of just waking up as it normally does)

Sorry for the long post but i thought I should be as detailed as i can even though i know very little about computers...

Any help will be greatly appreciated!

Thanks,
Hel3nz

Read other answers
RELEVANCY SCORE 68

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

This program keeps poping up in winpatrol dialog box trying to gain access to the startup page.
I keep denying it but every two minutes it pops up again. How do I stop this. What is this? Thanks!

A:C:\program Files\common Files\real\update_ob\realsched.exe -osboot

Do you have Real Player or Real-anything software installed?

The path you posted looks like an update mechanism to me.

Louis

Read other 15 answers
RELEVANCY SCORE 68

Hi, I use my Norton windows scan and I keep getting the message C:\Program Files\Common Files\Roxio Shared\DLLShared." I talked to Gateway Tech and they told me to back up all files and I did on a previous problem but one disc, the second one was corrupt (so it said). I lost everything. I am afraid to do this again they suggest I redo my windows from the very begining that always seems to be there answer. I cannot afford to lose data now. I am having that error message come up and I cannot use my send to drive E to copy discs properly so I got the updated version of Rioxio since the one I had was out dated so I moved up to Roxio 6 and I cannot do anything as far as coping files to disc. I am upset because a very important file is stuck in Roxio 6 that has my excel spreedsheet and it will not let me open it or copy it to CD. I hope this made sense. Please help if you can. I am running a gateway 700XL with XP Thanks
 

A:[Resolved] C:\Program Files\Common Files\Roxio Shared\DLLShared

Read other 11 answers
RELEVANCY SCORE 68

Hello, I found a folder I am not familiar with.

Named exodus, inside program files,common files.

It has chrome folder inside it,with crash reporter files etc.







I attached the update application.exe to virustotal, and kaspersky website
and they found nothing nor detected it as a virus.

I attached screenshots for your assistance. Thanks in advance.
 

Read other answers
RELEVANCY SCORE 67.6

Hello,Kaspersky gives me the following detection: detected: riskware Invader Running process: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeWhen I am on the desktop, it makes my monitor "refresh" without moving the icons and my cpu slower. Moreover, it takes about 5 minutes to load the "add/remove programs" menu.I am pretty sure I am infected...please help!HighjackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:06 PM, on 07/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\CyberLink\PowerDVD... Read more

A:Detected: Riskware Invader Running Process: C:\program Files\common Files\logishrd\lvmvfm\lvprcsrv.exe

Hi,

Don't worry about that alert from Kaspersky. The file is related with your Logitech Quickam

Read other 23 answers
RELEVANCY SCORE 67.2

Hi guys, I recently removed aol from my system the standard way of add/remove programs in the control panel. However when i did an advanced search of my system to see if it was fully removed, I found an aol file folder in program files, common files, which contains 357 files and 99 folders. Anyway when i right click on it and delete it i get a warning saying, renaming,removing or deleting "aol" could make some programs not work. are you sure you want to do this. My question is, Is it safe to delete this or will it affect any other progams on my pc that i still use. Please let me know. Thanks
 

A:Solved: Deleting aol from program files,common files

Read other 7 answers
RELEVANCY SCORE 67.2

here is my HijackThis logLogfile of HijackThis v1.99.1Scan saved at 1:06:00 PM, on 2/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Personal Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exeC:\WINDOWS\System32\GEARSec.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton Anti... Read more

A:C:\program Files\common

Hello,

I guess your Adobeupdater is causing this, because that's the only one I suspect in your log that starts up with Windows where I don't see it running in your processes. This one also runs from a subfolder of the Common Files folder and I guess Windows only reads "common" here since the full path is not between quotes in the registry.

So try next..
Check and fix next entry in Hijackthis (since this startup is not required anyway):

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

Reboot your computer.
Let me know if that solved the problem.

Read other 4 answers
RELEVANCY SCORE 66.8

When I turned on my computer today, a folder titled Common popped up with helper.sig inside. I looked up some information on it and it sounds like it needs to be removed but has to be done carefully as to not mess up the computer. I downloaded an ad-aware program from lavasoft that was recommended and it did find quite a few things my spybot program missed, but not the common folder. That came right back up again after I rebooted.

I'm not sure if this has anything to do with it, but we replaced out printer last night with a new one. Since that's the only thing I've done differently just before this common folder popped up, I was wondering if that could be the cause.

Help with removing the folder would be GREATLY appreciated. If it's some sort of virus, I really want to take care of it as soon as possible.

Thanks!!

A:Common Folder with helper.sig

Worth a read, http://forums.mcafeehelp.com/showthread.php?t=226217 AND http://www.bleepingcomputer.com/forums/ind...mp;#entry905165Rather than suggest that you attempt to solve this without advice/suggestions from those with more expertise in malware issues...I suggest that you post your situation at the BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ My reasoning for this...things change and what was recommended yesterday re malware...may not be today's solution.Louis

Read other 2 answers
RELEVANCY SCORE 66.8

I posted this in another section and someone suggested I add a plea for help here. When I turned my computer on the other day a folder popped up titled common and inside is helper.sig. I've read that it could either be a problem with a program installed or downloaded improperly or a virus....

We did buy an epson printer, replacing our hp (which we had problems with, attempting to remove and add a few times before giving up and buying the new one) so I was wondering if that could be the problem? Otherwise, am I infected and if so what can I do to get rid of this? I downloaded ad-aware by lavasoft, and although that picked up and removed several things my spybot didn't get, the common folder with helper.sig is still coming up when I turn on the computer.

Somebody please help me!!!!

Thanks!!

Denise

A:common folder with helper.sig

Hi, this is most likely not malware but let's check first before we do the next thing.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the pr... Read more

Read other 14 answers
RELEVANCY SCORE 66.8

Starting a couple days ago I started having a folder called "common" appear on my desktop every time I booted up. Inside the folder is a file called helper.dll. I've heard that this is a virus of some sort. Please help me get rid of this guy.

Thanks,

Ron

Below is the DDS text results, and attached is the Attach file.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ron at 15:52:43.70 on Fri 04/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2225 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
... Read more

A:Common Folder with helper.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

Hello

My computer has been running extremely slow these last few weeks. Upon boot up, a folder appears: Common, with helper.dll and helper.sig. I didn't know what these were, so I right clicked on both and deleted them from the folder. However, the Common folder still appears every time at start up. My other problem is my computer freezes and kicks me off the internet about every 5-10 minutes. I am a computer novice when it comes to the system itself and detecting malware or viruses.

So, I ran a scan with Mcafee and it quarantined one item. I then downloaded Adware and said I had over one thousand suspicious items, so I deleted them. Next, I downloaded Hijackthis and ran a scan. But, this seems very high-tech and I have no idea what I am supposed to delete. This is the report from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:21 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\S... Read more

A:Common Folder- helper.dss

Bump, please...thank you

Read other 1 answers
RELEVANCY SCORE 66.4

I have Winpatrol installed on my computer and have had a program try to add itself to my start up, It's ALG.exe but it's not the real alg that is fond in the system 32 folder. This one is in Program Files\Common and is clearly some kind of adware or worse because it shows to be software made by SornSoft named CPAX20,when I place my mouse over the alg.exe file it shows this info below the alg icon. when I go to the SornSoft site it has a program named CPAX version 2.0 and from reading about it it sounds like adware/spyware.

My question is if I can't find it running through WinPatrol, none of my other security software finds it. AVG, Malwarebytes, Obit 360, Spybot or spyware blaster, it is it safe to assume it isn't running. As I said Winpatrol caught it when it tried to add itself to my start up and I clicked do not allow. Also is there any other information about this alg.exe fake out there? Thanks for any help.

Read other answers
RELEVANCY SCORE 66

I have this alg.exe here .
C:\Program Files\Common Files\alg.exe is a virus !!! thank you team

A:C:\Program Files\Common Files\alg.exe is a virus!!

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 66

C:\Program Files\Common Files is corrupted. How do I fix this?
Whenever I startup my computer I get error messages about the directory C:\Program Files\Common Files is corrupt. I cannot access the folder because it says it is corrupted or unreadable and tells me to run CHKDSK.

I am running Windows Vista 64 Bit.

I ran CHKDSK and ended up with this.http://img.photobucket.com/albums/v6...t/Untitled.jpg

I did some more research and found out about CHKDSK F and did that and selected for it to run on computer restart. I than restarted my computer and it did a normal restart and did not run CHKDSK. Now I am stuck.

I can't install iTunes or anything.

Can you help?

A:C:\Program Files\Common Files is corrupted. How do I fix this?

Hi, the message you receive C:\Program Files\Common Files is that all, nothing after common files? Go to start ,all programs, accessories and right click on command prompt select "run as administrator" now at the prompt type:-


Code:
chkdsk /r press enter say "Y" to run at reboot
Restart your computer.

It requires that the command be run as administrator.

Read other 3 answers
RELEVANCY SCORE 66

in C:\Program Files\Common have 2 files
-helper.sig 51kb
helper.sig 52kb
thought it was part of macafee but started getting buffer overflows and transferred files very slowly.
couldnt run internet explorer (v6) so went to firefox and was able to get to internet.
it was suggested to upgrade to v8, which i did and now have acccess to internet again.
googled helper.sig and see that it is a virus or malware - not sure what.
~~~
how do i get rid of it and has it infected my backups?
###########

DDS (Ver_09-09-29.01) - NTFSx86
Run by Edward Haren at 22:11:20.29 on Fri 10/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1278.785 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre... Read more

A:infected with helper.sig in common folder

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 24 answers
RELEVANCY SCORE 65.6

My computer always loads the folder C:\Program Files\Common on bootup.Also, there are 3 error windows for missing .dll's. I will restart my computer now, and write them down so I can add them to this post.Thanks for any help!------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:00:59 PM, on 12/16/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.BINC:\Program Files\Common Files\Apple\Mobile Device Support\bin�... Read more

A:Program Files\Common opens at boot

Here are the files that error messages pop up for:

c:\windows\system32\mohasobi.dll
c:\windows\system32\terobila.dll
c:\windows\system32\biyedepu.dll

Thanks again, I really appreciate your time and expertise!

Read other 4 answers
RELEVANCY SCORE 64.4

Recently, I was invaded by tons of malaware and spyware. Nonetheless, I downloaded Spybot Search and Destroy, Ewido Security Suite, Ewido Malaware, Ad-aware, CwShredder and HijackThis! I got rid of much of the problem, but now I have noticed that my computer has slowed down tremendously.First, I continuously experience popups from ad.firstadsolution, they pop up 2-4 at a time, and happen approx. every five minutes.Second of course, my computer has drastically slowed down. Certain programmes experience a freezing state, but eventually go back to being unfrozen.Lastly, everytime my computer starts, C:\Program Files\Common opens and I have noticed that the programmes that once started up in my task bar in the corner, no longer start.Here is a copy of my HijackThis! report.-----------Logfile of HijackThis v1.99.1Scan saved at 2:10:53 AM, on 2/20/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\explorer.exeC:\WINDOWS\SYSC00.exeC:\WINDOWS\sys025144999911.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files... Read more

A:Ad.firstadsolution - Computer Slowdown - C:\program Files\common Opening

Also, I would like to add that regarding the problem of the folder opening every startup, I have checked msconfig and followed the steps prescribed in a previous thread that was posted on here some time ago - and still, nothing.

Read other 10 answers
RELEVANCY SCORE 64.4

Hi,

I have a brand new Dell Inspirion 1501 Windows XP SP2 laptop.I installed a few programs like Word Perfect 2002, Microsoft Office 2003 and a few other things just for some history. Well today out of nowhere, upon booting up my laptop this morning, this window pops up that says BORLAND SHARED...and I go back and find out that it is in the Program Files/Common folder. I did some searching on the web and it sounds like it could be some kind fo registry thing?? Thought the solutions some described seemed too complicated for me!! Please help!
 

A:Program Files/Common/Borland Shared popping up upon boot up

Read other 16 answers
RELEVANCY SCORE 64

Currently my setup (corporate network) uses the setting:
User Configuration\AdministrativeTemplates\Start Menu & Taskbar\Remove common program groups from Start Menu
As its a multiple user environment we don't want all users seeing all available applications on the server their accessing (Citrix XenApp environment). We use AppSense to manage shortcuts.
As a result of using this GPO setting, users Recent Programs on the Start Menu no longer show. That's the ability for the user click on Notepad, it appears on the Start Menu and retains on logoff. 
Is it possible to enable recent programs only, or a manual tweak or setting a registry key for recent programs only, without disabling "Remove common program groups from Start Menu"
 

Read other answers
RELEVANCY SCORE 56.4

I used an uninstaller to remove some files as the left over bits were slowing my computer down, the uninstaller was called REVO Uninstaller, but i unknowingly deleted something important for the start menu it appears because the start menu no longer displays the system files and folders and programs i installed.
http://i795.photobucket.com/albums/y...Untitled-1.jpg

So now, every program i had is still there, but i can't access it from the start menu, i have to go into my computer, then find the programs company name, then access it. I tried creating a new account but it has also affected that one so i am stumped as to what happened. I can ordinarily solve most of my computer's problems, but this one i cant seem to fix.

A:I uninstalled a program and now i can't see all my program files in the start menu, h

It looks like you are running in Classic Mode? Right click the Start button/Properties and choose Start Menu. instead of Classic Start Menu. You may be using a Default profile.
Go to C:\Users open up your original User Profile name. Copy the Start Menu, Desktop, Favorites, Music, Pictures etc and paste them into the new profile name you are using to log into.

Read other 7 answers
RELEVANCY SCORE 56.4

A few weeks ago, my friend opened her computer and this window popped up with helper.dll and helper.sig files showing up. She downloaded a few different malware/spyware/adware programs and ran them, not at the same time of course, and each time her computer seemed to remove those things and work normally.

Then, as time went by, the pop up kept showing up, then she would do the same, get rid of the files and so on. Today however, the pop up only showed the helper.dll files, without the .sig file. Her computer works normally, she scanned for viruses or any other treats, but nothing comes up from her antivirus program.

I was wondering if any of you know what can possibly be doing this and why does it keep repeating itself, if she removes those files with an antivirus program. It's obvious that something causes those files to get back in her system, or to not even remove them completely.


Thank you.

A:Helper.dll & Helper.sig files.

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 54

I'm working on a Helper Worm to combat and fix the effects of deadly viruses on the Internet (Some of you may recall the MS Helper Worm following the Blaster Worm) I know that using Batch, you can create referential points A :B) in which you can refer to using Goto and the referential point. Is there a setting similar to this in C++ (This is designed to work in Windows 7, by the way)
 

A:C++ Helper Worm Program

creating any worm is illegal, regardless of the intention. Just by posting your intentions you can almost certainly expect to have a visit from FBI or DHS and a possible long stay in an anti-terrorist facility
I am closing this topic before you do get into any trouble
 

Read other 1 answers
RELEVANCY SCORE 52.4

I have a machine I'm working on that has no internet.
The IP Helper service is set to Auto, but it will not start.
I get event 7023 error 50 the request is not supported when I try to start it.

I've done every virus scan, networking reset I can think of, found a script to re-register IP Helper, reinstalled drivers, ran the windows update fix it, and many other things I can't even remember now.

Anyone have some ideas?

UPDATE

I found a FixIt that repaired the IP Helper problem.
still have no internet access.
the full computer name, description, and workgroup fields all say "not available" despite having values entered.

Read other answers
RELEVANCY SCORE 52.4

I have a machine I'm working on that has no internet.
The IP Helper service is set to Auto, but it will not start.
I get event 7023 error 50 the request is not supported when I try to start it.

I've done every virus scan, networking reset I can think of, found a script to re-register IP Helper, reinstalled drivers, ran the windows update fix it, and many other things I can't even remember now.

Anyone have some ideas?

UPDATE

I found a FixIt that repaired the IP Helper problem.
still have no internet access.
the full computer name, description, and workgroup fields all say "not available" despite having values entered.

Read other answers
RELEVANCY SCORE 51.6

Hello,The moderator "garmanma" was helping me and I was able fix some of the problems I was having. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/195832/stubborn-virus-please-help/ ~ OB I believe I had a Vundo or WinFixer and he had me run a few programs that fixed my pop-up problem and my Windows Automatic updates problem. 'Helper.dll' does not show up on reboot or start-up anymore either. Now to what is still happening...'Helper.sig' is still popping up in a Common Files folder on reboot and start-up. I am unsure of how to get rid of this problem. I have run DDS and here is the DDS.txt log. I have also attached the attach.txt log.Thanks in advance for your help!DDS (Ver_09-01-18.01) - NTFSx86 Run by Michael Samson at 20:48:54.95 on Tue 01/20/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.307 [GMT -5:00]AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated)FW: PC-cillin Internet Security - Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\b... Read more

A:'helper.sig' on start-up and reboot

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,samndamson. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.Step1Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please post back:1.RSIT log.txt and info.txt. Thanks

Read other 18 answers
RELEVANCY SCORE 51.6

Hello to all,
Recently I had to restore a previous system image. My fault, not sure how, but I hit the o.k. button.
The problem I am experiencing is that normally in the Start>Programs Files you get a folder of installed programs. For some unknown reason the entry which was there, for Revo Uninstaller Pro disappeared and I'd like to get it back in place. Does someone have an idea on how to accomplish this. It was there after the Restore, but when it went to update, it failed the update and did a rollback, it is then that the Program Files entry vanished. Thanks for any help.
glennc

A:START>Program Files Problem

Is it in C:\Program Files?

Read other 7 answers
RELEVANCY SCORE 51.6

Hi, I was wondering what could be cause my computer to create a seperate folder called "Programs" inside of the All Programs Start Menu? The folder is an exact copy of the All Programs folder. Pretty much I have two copies of all the shortcuts and each program folder. I also began to notice that my Control Panel icons would randomly set from Medium Icons (default) to a Details view. This has never happened before and it happens about every other time i restart my computer. One other thing, my computer seems to be running a lot more now and it gets much hotter like it is having to work harder or something.

This all started after i wanted to see what Virtual PC 2007 was like but when i installed and tried it didnt work or somthing so i uninstalled it the next day. I dont know if that has anything to do with it but im guessing that might considering my system is clean from spyware/viruses. Thanks for your help.

A:Two Program Files in Start Menu

Ok now i been noticing this happening to different folders also, ill open a folder and all the icons will be set to some other view that i didnt even set them at. What could be doing this?

Read other 2 answers