Trying to remove Dcads from my computer

Hi,
I've been following one of your earlier threads (31/12/07), trying to remove Dcads.
I seem to have the same issue as Renreq and so I have attached the 3 reports you mentioned in said thread.
Thanks Graham

 

Hi gramknox!
Welcome to Major Geeks!

1) Go to add/remove programs and uninstall the below:

- Java 2 Runtime Environment, SE v1.4.2_04
- Java(TM) 6 Update 2

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Do the following belong to programs you know or want to keep? If not, please fix them as well.
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab

After you click fix, just close hijackthis.


3) In the above step, if you decided not to fix and get rid of the program Stumbleupon (an internet tracking software), then you will need to remove several of the entries below from the Avenger fix before you continue.
They are (here for you in quotation marks):

"Folders to delete:
C:\Documents and Settings\User\Application Data\StumbleUpon
C:\Program Files\StumbleUpon"

and this key here

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}"



4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

6) Please run C:\MGTools.exe again (located under C:\ ) and attach a fresh MGlogs.zip along with the Avenger log.


Let me know how things are running now?

abri

 

Hi abri,
Thanks for the help, I haven't seen any pop-up window attempts so far.
The reports you asked for are attached.
Should I uninstall all these malware protection programs now and just keep my Norton on? My computer is taking nearly 10 minutes to start up now and I was thinking it was all these protection tools.
Thanks,
Graham

 

Hi grahamknox,
It shouldn't take 10 minutes for your computer to start up unless the dcads is damaging something when we remove it. If you would like, you can return to a restore point just prior to when we did the last fix and see if your bootup time is better. This will make the pop-ups come back, but it would be useful information. Tell me if you decide to do this and if it shows an improvement in your bootup time. It will still be possible to remove the dcads, but it would be helpful to know if any of the steps you did in the last post led to this delay. If you've never done this before, System Restore is located under Start / All Programs / Accessories / System Programs / System Restore. Choose the option to return to an earlier restore point and when you click on next, you'll get a calendar with highlighted dates. Choose a date closest to now, but before you ran the instructions in the last post.
Thanks.
abri