[RESOLVED] Windows Problem - helpctr.exe virus?

G4mingEvolution

G4mingEvolution

New Member
#1
Windows Problem - helpctr.exe virus? process keeps spawning dozens of windows.

Im having an extremely irritating problem right now involving this process "helpctr.exe".

I only started receiving this issue after i installed the latest 2 windows updates. One was as security patch and the next was the windows malicious file remover update. I believe this issue started right after the first security patch because when i came back to my machine after awaking I noticed the issue (nothing had been running and my machine was idle and connected to aim/icq/skype as usual). Afterwards i installed the second patch which initiated MRT.exe and once that initiated my normal virus scanner popped up indicating there was a virus associated with a "senses.dll" which would be removed after reboot. I had to reboot because the amount of helpctr.exe processes filled my taskbar 10x and eventually froze my machine. As far as i know senses.dll was deleted after rebooting as i was unable to find it. I dont know whether or not it has anything to do with this issue or not.

Here is whats happening.

After booting up my machine and attempting to load anything or even click on the desktop a help file will load for whatever app i have opened up at that time. It keeps respawning over and over after i kill the processes. Eventually it stops for a while then after my machine is sitting for a while it respawns again.

Process = helpctr.exe, ive noticed it sometimes loads other help and support related exe's as well such as helpsvc.exe, winhlp32.exe and helphost.exe.

Another box pops up displaying "Help and support error - Windows cannot open help and support becuase a system service is not running. To fix this problem, start the service named " Help and Support:" - Every time i click x or ok it respawns again and keeps cascading across my desktop. I have to click it over 20-60 times before it will stop. When this happens a helpfile box pops up and is almost always present at the top left of my screen.

I cannot click on anything or run anything without the problem occuring. Whatever it is seems to take control over my keyboard as it seems. For example when i try to run netstat from cmd prompt it will show ZERO connections and then a white/pinkish screen pops up displaying the commands i just input. Im unable to type anything and sometimes when i attempt to backspace it just repeats what ive typed and im unable to complete it.

Another thing ive found weird is when i load up firefox Caret Browsing attempts to initate and gives me a prompt saying i can press f7 to enable/disable. I have to litterally click the x button or cancel over 50 times before it will disapear and most of the time it doesnt. REgardless im still unable to use firefox.

Right now im attempting to scan using trend micros online scanner via IE 7. I cannot run my normal virus scanning software because the help file issue ends up closing it after so many instances are opened. I should have results from this in another 4 hours or so if i dont continue having any more issues.


What have i tried to fix this? (none have worked)


I have tried


1) Deleting all instances from the below directories. Which does no good because they recreate of course.

C:\WINDOWS\Prefetch

C:\WINDOWS\pchealth\helpctr\binaries

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common

C:\WINDOWS\pchealth\helpctr\System\sysinfo


2) I have navigated to C;\Windows\inf\pchealth.inf and attempted reinstalling. It will get maybe a 3rd of the way through then it wont even recognize the files from my i386 folder from my windows xp pro sp2 install cd. The files ARE present yet it says they arent and wont copy. I attempt deleting the files from C:\WINDOWS\pchealth\helpctr\binaries and then selecting "retry" but it doesnt help becuase they recreate.


3) Checking msconfig and using an alternate bootload app to see if anything strange is loading up and nothing is.

4) Disabling and enabling the help and support service

5) Running my software virus scanners but im unable to even do this due to helpctr.exe respawning


*Am I running an antivirus? Yes, i run nod32 constantly and its up to date.

*Am i behind a firewall? Yes, im behind a router.

*Is my machine upto date with the latest service pack and updates? Yes


I cant seem to find anything new that relates to this issue. All i can find when searching is related to past issues that SP1 took care of.

Any ideas what is causing this or if its a virus? Its certainly not something normal and shouldnt be happening.

Thanks Kindly
 
G4mingEvolution

G4mingEvolution

New Member
#2
Just finished running through trend micros house call and it found a few low level viruses but nothing major.

After this i went through and

1) checked and cleaned registry
2) cleared all temp files
3) ran checkdisk

I rebooted and after windows loaded up i immediately got this popup -

"HELPCTR.EXE

Windows cannot find "helpctr.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

I closed it and about 2 mins later it popped back up again.

Ive checked whats loading with my system and this file isnt loading. (i checked under msconfig and using another app that will show hidden files)

I just opened command prompt and attempted to run netstat and again i got the same pink/grey box displayed on top of the cmd window that shows 0: netstat -a. Again i cannot type any other commands and can only close the cmd prompt window out.

Below is a screenshot of the cmd prompt issue:

(i cant replicate it again but when it occurs ill post it)

Just loaded firefox and again received the same popup and when i select "No" it will not go away. Im able to switch between tabs though and im able to type urls in, type on webpages etc but the box stays on top still. Also the titlebar of the firefox browser window is blinking like crazy almost like something is taking control of commands. After about clicking X on the popup 200 times it went away and the title bar stopped blinking. Following is the popup:

"CARET BROWSING

Pressing F7 turns Caret Browsing on or off. This feature places a moveable cursor on web pages, allowing you to select text with the keyboard. Do you want to turn Caret Browsing on?

Yes / No "


So far the other problems havent occured and im running through various apps on the machine as i type this. Regardless its evident there are still problems as i shouldnt be receiving that popup after booting, the firefox issues and the issue with cmd prompt.

------

After typing the above i have loaded up cmd prompt and im not having the issues. (i have IE open, firefox open, windows search running and also windows explorer open)

I just happened to look over and navigate back to firefox and the popup has popped up again along with the title bar blinking like crazy and this time i cannot navigate around or type anything. I then switched to cmd prompt which i left open and... the issue is there again. I closed it out and typed just a basic command to show what im reffering to. Here is a screenshot:





I just tried taking a screenshot of the various helpctr.exe files i found but received this error after pasting into irfanview and i cannot get the box to go away:

"clipboard01 - Warning: this file is already deleted/moved. The file doesnt exist !"

So i just loaded up an alternate application instead which is paint.net and i noticed similar activity to what was happening with firefox, only instead of just the applications title bar blinking one of my window panels within the application was blinking like crazy and im unable to click on anything when it stops blinking. However when it blinks i can select things. More proof to me that something odd is taking over my kb and executing some kind of commands.

I was able to get a screenshot finally and below are the different versions of helpctr.exe. Anyone know which would be correct?



So far it almost seems to me like something is executing commands which are screwing up the programs and causing these issues but im not sure.

Any ideas anyone?
 
G4mingEvolution

G4mingEvolution

New Member
#3
Figured it might be an issue with an old usb hub ive been using and or its cable so i removed it.

Powered on machine and had zero issues... Loaded up firefox, no issue. Loaded up a few other apps and seemed A-ok.. 10 minutes later i received a help popup on one of the apps i had open and.. all the same problems are happening again.

Trying alternate usb ports, then if no luck, a new kb.
 
G4mingEvolution

G4mingEvolution

New Member
#4
Ran at least 4 other online virus scanners, a BHO scanner and a spyware scanners. Nothing detected. Ran 2 software based virus scanners. Nothing detected. Machine was running IE and a few apps fine while idling the past 4 hours and just now the problems started to occur again. I noticed this time when i opened an image directly (utilizing irfanview) a random option dialog box opened every time instead of a help file. However with other apps the same problems are occuring.

I use a logitech G15 keyboard and logitech media play cordless mouse along with logitechs setpoint application.
 
G4mingEvolution

G4mingEvolution

New Member
#5
No problems letting it run over night. But again i only had a few things open such as firefox, IE and my virus scanner. I imagine ill start having issues again shortly, though i hope not.

I still havent switched usb ports or my keyboard. I did however update the logitech keyboard and mouse drivers.
 
jimbo1763

jimbo1763

Moderator
#6
Is it the machine in your sig?

Have you looked at the motherboard for leaking or bulging capacitors?
 
G4mingEvolution

G4mingEvolution

New Member
#7
Its not the machine in my sig (i need to remove that sig, ive totally stayed away from gigabyte mobo's due to all the problems i had with that specific board and another).

Board im running in the machine is an older board, Asus A7N8X-X. It has the latest bios and updates. Im running the latest nforce driver package(including the IDE controllers).

When i swapped out nic's and a video card last week i took a look over the board front and back and didnt notice anything. I just took a look over the front now and none of the capacitors look to be bulging or leaking.

Since the machine is still running (trying to push it as hard as possible to see if the problems occur again) i still havent tried alternate usb ports or swapped out the keyboard. To me it seems like something hardware related however i dont have anything thats bad as far as i know, and how the keyboard was still able to type during some of the issues makes me think its not the KB its self sending those commands.
 
G4mingEvolution

G4mingEvolution

New Member
#8
I was just checking Application issues under event viewer and I did notice a ton of logged events for "HHCTRL"

Description:

The description for Event ID ( 1904 ) in Source ( HHCTRL ) cannot be found.

The local computer may not have the necessary registry information or

message DLL files to display messages from a remote computer. You may be

able to use the /AUXSOURCE= flag to retrieve this description; see Help and

Support for details. The following information is part of the event:

res://ieframe,dll/dnserrordiagoff_webOC.htm.
http://go.microsoft.com/fwlink?LinkID=45840.
Viewing the link it appears to be related to a vulnerability in heml help. However its older and my windows updates should have had that patched already. I also found some mentioning about issues with MS office 03 and vulnerabilities in MS Access which i use. Just yesterday I removed that version though and installed windows Office 07 on the machine. I cant recall though if i was receiving any problems after i did this.

Under System in event viewer i do notice i had a bunch of DCOM errors and during the time those were happening there was also numerous events of Application Popup desribing that helpctr.exe failed to initialize.

DCOM Error:

DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service helpsvc with arguments "" in order to run the server:
{833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Application Popup:

Application popup: helpctr.exe - Application Error : The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Last edited:
G4mingEvolution

G4mingEvolution

New Member
#9
some additional Application Popup errors that were also occuring -

Application popup: hh.exe - Application Error : The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Application popup: iexplore.exe - Application Error : The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
for some reason there were also some identical to the above only iexplore.exe was capitalized (whether or not that means anything i dont know)

Application popup: IEXPLORE.EXE - Application Error : The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
whutsupdoc

whutsupdoc

Master of my Domain
#10
ok...wow.. what a mess!!!

first off, i know u ran a virus scan, but did u run ad-aware and spybot to check for malware???

try zonealarm, it will tell u what program is attempting to launch without permission.

disconnect from the internet when all the pop ups start and see what process is running/attempting the popups.


Try running this fix:

http://dougknox.com/xp/scripts_desc/fixwinxphelp.htm
 
G4mingEvolution

G4mingEvolution

New Member
#11
Tell me about it, definately a huge mess. :-[ . Has been driving me nuts all weekend.

I ran adaware and a few other adware elimination programs and also malware detecting programs. Ive found a few small nasties but nothing major since i usually keep all machines at home and office up to date and clean. Im still running through various scanners now to see if anything is picked up or apps im runing are potentially vulnerable.

I run process and port monitoring software on all machines and so far ive not noticed anything out of the ordinary. Of course if its a new rogue virus thats injecting itself into a common process im almost SOL until i can single it out or it gets picked up and added to virus dat tables.

One of the first things i did was take the machine offline when all of the issues started happening. They were still occuring so i ruled out the issue being something remotely controlled.

One of the first things i tried was manually replacing windows help using the .inf and trying a few other methods but none seemed to fix it. I took a look at the fix you linked and just applied it, *crossing fingers* now. I notice the author mentions "easy cleaner". I wonder which "easy cleaner" application hes reffering to. I do use "Toni Arts - Easy Cleaner" most of the time but its never caused any issues at all and ive been using it for years.

Thanks whutsupdoc. Great site btw, lots of handy tips there. Adding it to my favorites.
 
G4mingEvolution

G4mingEvolution

New Member
#12
I just had the machine powered down and open to reseat my PCI usb hub and add another harddrive. I also reconnected my usb self powered usb hub and connected it to a different port on my machine, (i dont think this could be causing the issue because it was present even after i removed it last time). I powered it back on and all seemed to be well. I moved some data around, formatted the new drive. Created some partitions..

Then after having an application open.... It started happening again. First the help file then within a few seconds the taskbard was filled with over 200 popups of the following (same as before)

HELP AND SUPPORT ERROR

Windows cannot open Help and Support because a system service is not running.

To fix this problem, start the service named "Help and Support".
When this is happening if i happen to click the desktop i get this error (same as before)

HELPCTR.EXE

Windows cannot find "helpctr.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
Enabling Help and Support doesnt fix the issue, and the Help and Support service isnt something required for normal machine operation. (I always leave it disabled).

Took machine offline and the issue is still respawning boxes. I opened up cmd prompt again and the same issues as before.. Only i noticed this time after i hit enter, the last command typed is automatically retyped, but only instead of instantly appearing its retyped out slowly. This could be lag from all the boxes which are opened and keeping opening, but i dont think so. Its similar to what happens when you press the up arrow key in cmd or a terminal window, only its not instant and appears as if it was retyped. If i hit enter it displays the command as usual then retypes itself again. If i hit space im able to space over one and type anything, backspace etc. Only i cannot backspace past the initial space. Im basically stuck at the end of the last command if i try that.

Upon checking event log..

Again there are hundreds of the same DCOM events and between the last burst the same Application Popup error describing helpctr.exe only i notice its "HelpCtr.exe" this time. The H and C are capitalized.

DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service helpsvc with arguments "" in order to run the server:
{833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Application popup: HelpCtr.exe - Application Error : The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
G4mingEvolution

G4mingEvolution

New Member
#13
I just deleted the contents of : c:\Documents and Settings\<USERNAME>\Application Data\Microsoft\HTML Help\. I then went into registry and edited the values for this key - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HELPCTR.EXE - (there was no value at all for the entry, simply blank)

Just ran hijackthis again and still nothing out of the ordinary found.

Ran adsspy and found no unordinary streams at least to my knowledge. (it did however list a large amount of my favorites)

Ran bholist and found not new rogue BHO's.

Ran startuplist and went through checking everything, couldnt find anything.

Ran spybot and came across some new entries (updated db this time). Removed those.

Problem is still happening.

This issue is a true pain in the @ss. Its definately at the top of my list of the worst problems ive had to resolve the past 6 months on machines.
 
DanceMan

DanceMan

Procrastinating Member
#14
I'm not expert in dealing with these issues, but I'd be tempted to boot into safe mode and choose a restore point prior to that windows update, if you still have one available.
 
G4mingEvolution

G4mingEvolution

New Member
#15
Well.. I finally switched keyboards. Im going to feel like a complete idiot if it turns out the KB was at fault. Though i guess this thread will help anyone else who has this issue as ive covered and tried almost everything i could find regarding the subject.

When the problems started happening again i unplugged my keyboard (its USB) and i noticed they stopped. I switched usb ports, waited for the problem to occur again and this time waited a bit long before pulling it. Repeated the process a few more times to make sure it wasnt lucky timing with w/e is causing it. Im running a different keyboard now (ps/2 type) and so far nothing has happened. If it turns out its the KB ill attempt to clean it and if that fails.. RMA.

If it doesnt turn out to be the KB my next step is going back to a previous restore point like youve suggested Since I cant boot into safemode anymore. System stalls on one of the sys files it loads. BTNHmanager.sys or something of the like. I believe its a boot manager i installed a while back, just havent looked into it yet.
 
Tuttle

Tuttle

Resident Cynic
#17
I know I'm coming in late, but I'm all for the keyboard theory. What you're seeing in both Firefox and the command prompt is the result of pressing F7, so if you're not pressing it I reckon the keyboard is sending scan codes all by itself.
 
G4mingEvolution

G4mingEvolution

New Member
#18
whutsupdoc, zero times. Its the original gaming edition of Logitechs G15 (quality kb, not cheap by any means and not the new watered down version). So it really upsets me that im having issues with it.



Tuttle, it appears thats the case here. Had zero problems afterwards with the new keyboard i swapped in.

Just to make sure that really was the case and so i didnt run into any other issues I went ahead and removed the driver that was causing issues when attempting to boot into safe mode.. but then my system hung on mup.sys. I gave up and just ran repair mode using my xp cd. However install had some issues finding files (even though they were present on the cd and in the i386 folder). I just canceled out all, finished installing windows..

Now ive ran into more issues. I installed sp3 via windows update but for some reason it doesnt recognize, it still shows me as having only sp2 and something screwed up the 200gb drive i added the other day. I cant view the partitions and it treats it as its unformatted. Ran maxtors utitilities thinking it would apply the fix to windows again to accept larger drives but it prompted me to add it as a new drive and format. Maxtor doesnt see it as well. Really great too... i had just finished backing up important data to that drive.

Now its time to fix yet another issue.. :-( Definately not a good week for me.
 
whutsupdoc

whutsupdoc

Master of my Domain
#19
could it be u might need a bios UPGRADE to run SP3??? ,,,,,, i know i had to upgrade my bios to run SP2!!!
 
B

buzz44

New Member
#20
The same problem, in the same time

I'm Italian, and excuse me if my English is not so good. I'm having the same problem. I will restart the installation of windows without using the usb-jack for the keyboard.
 

Associates