Still having Dcads problems...

I downloaded what I thought was a program I was looking for the other day and stupidly installed it even though it looked a little off. I ended up installing ads by dcads on my computer instead. After experiencing major problems with pop-ups I searched and found a few threads here and the malware removal guide. After following the malware removal guide to the best of my ability the problem was much much better but I still receive pop-ups while running firefox. I don't know where to go from here so I'm posting the logs and hoping someone can help me...

 

Hi Justmsc,
Welcome to Major Geeks!

We'll be looking at your logs and get back to you. This takes some time, so thanks for being patient.
abri

 

Hi justmsc,
Please do the following:

1) Disable your guest account if it's not already been done.

2) Next go to add/remove programs and uninstall the below:

Viewpoint Manager (Remove Only)
Viewpoint Media Player
MySidesearch Search Assistant

3) Do you have both of the antivirus programs below running? Please uninstall one or the other. AVG Antivirus can be uninstalled via add/remove programs. If you decide to uninstall the Symantec, please run the Norton Removal Tool (SymNRT)

AVG Anti-Virus 7.1
Symantec AntiVirus


4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Did you set the below control? If not, please fix it as well.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After you click fix, just close hijackthis.


5) Download and install Erunt. Use it to create a backup of your registry.

6) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

7) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

8) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

9) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


10) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log. Also, let me know if the registry patch (REGEDIT4) gave you a success message.


How are things running now?

abri

 

I did everything on the list and I attached the log files below. I haven't seen any pop-ups yet but they usually take some time to come up when I'm surfing firefox. I'll just run through everything I did and I'll post again if I still have problems or if you happen to see problems in the new logs...

1) Guest acct already disabled

2) Removed all three programs from the list

3) Uninstalled AVG Anti-Virus

4) Selected the lines given, exited all other windows, and clicked fix. The following lines could not be found which I assume is because I of the programs uninstalled in step 3:

O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

But I did have the 06 line and selected to fix that line as well

5) Backed up my registry

6) Copied and applied RegEdit4 patch with a success message

7) Uninstalled Windows Messanger

8) Deleted files with Avenger

9) Used ATF Cleaner and used the Firefox browser tab as well as the main tab but I kept my passwords for Firefox

10) Ran file and attached logs

Thanks for the help. Hopefully this is the end of Dcads.


- Well, I have the logs but I don't have any attach button in Firefox and the attach button doesn't work in IE right now so I can't attach any of the logs. Maybe it was something I did that got rid of the button? I'm in advanced mode

 

Hi JustMsc,
I'm sure it's not something you did but rather problems with the website. Please try the attachments again and make sure to click on the Remember Me button when you log in.
Thanks.
abri