1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] WSHelper

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by theoldandgrey, Jul 6, 2015.

  1. theoldandgrey

    theoldandgrey Established Techie7 Member

    I am running Windows 7 SP1. Today on starting my PC I received the following WS Helper - DAQExp.dll is missing from your computer. I gather this is related to WindowShare which has been foisted on my PC. I eventually found it in Common Files but not in Control Panel. I do not know whether it has any other malicious attempts but I need to remove it. At the same time I received the following screenshot from Norton so are they related?

    upload_2015-7-6_15-15-33.png

    I have run Malwarebytes and it was clear and I have run Spybot Search and Destroy which found a few minor problems and I ran JRT with the following:

    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.3.2 (07.06.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by VL on 06/07/2015 at 11:28:54.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_VL

    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

    ~~~ Files

    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\productdata
    Successfully deleted: [Folder] C:\Users\VL\AppData\Roaming\productdata

    ~~~ FireFox

    Emptied folder: C:\Users\VL\AppData\Roaming\mozilla\firefox\profiles\k9mkfv8z.default-1428336704605\minidumps [1 files]

    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\VL\appdata\local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

    [C:\Users\VL\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\VL\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
    dpjamkmjmigaoobjbekmfgabipmfilij
    icpgjfneehieebagbmdbhnlpiopdcmna

    [C:\Users\VL\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\VL\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
    bakijjialdiiboeaknfpmflphhmljfkd,
    dpjamkmjmigaoobjbekmfgabipmfilij,
    icpgjfneehieebagbmdbhnlpiopdcmna

    Many thanks for any help you can give
     
    theoldandgrey, Jul 6, 2015
    #1
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    You've been to this forum before so you should know the drill...

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni, Jul 7, 2015
    #2
  3. theoldandgrey

    theoldandgrey Established Techie7 Member

    My apologies for that, as you say I should have known better but as you advised previously to do regular scans I misunderstood and thought it OK - I was wrong.

    I have tried to download FRST but my Norton Security will not accept and keeps removing it as a threat.
     
    theoldandgrey, Jul 7, 2015
    #3
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please don't create new topic to reply.
    Reply back in this very topic.
    This time I merged both topics.

    Surely Norton is wrong (you should report it).
    Disable Norton AV part and try again.
     
    broni, Jul 8, 2015
    #4