Computer was infected, did a system restore but things still not quite right.

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

So finally it looks like one of these many scans found something. I hope the report is what you need because I was unable to do one of the options.
•Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
After selecting all, when I clicked on CURE it did not give me the option of reporting incurable. The only actions I had were the ones listed as not choosing.

Here is the file I saved:

Dc15.com;C:\RECYCLER\S-1-5-21-796845957-616249376-117609710-1003;Trojan.Siggen2.25631;;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;;

That is all I got. Hope it is what you need.

Hello.

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-09 18:50:34
-----------------------------
18:50:34.359 OS Version: Windows 5.1.2600 Service Pack 3
18:50:34.359 Number of processors: 4 586 0x502
18:50:34.359 ComputerName: ERIC-9FEECA1834 UserName: Eric
18:50:35.640 Initialize success
18:50:41.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:50:41.093 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
18:50:43.125 Disk 0 MBR read successfully
18:50:43.125 Disk 0 MBR scan
18:50:43.125 Disk 0 Windows XP default MBR code
18:50:45.125 Disk 0 scanning sectors +976752000
18:50:45.140 Disk 0 scanning C:\WINDOWS\system32\drivers
18:50:49.671 Service scanning
18:50:50.515 Disk 0 trace - called modules:
18:50:50.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:50:50.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5ecab8]
18:50:50.531 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a5f6f18]
18:50:50.531 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a610940]
18:50:50.531 Scan finished successfully
18:51:22.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
18:51:22.109 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"

Just bumping this up..its been almost 48 hrs and I'm anxious to get this trojan off my computer.

Hi,

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

2011/06/12 00:22:09.0734 3516 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/12 00:22:10.0156 3516 ================================================================================
2011/06/12 00:22:10.0156 3516 SystemInfo:
2011/06/12 00:22:10.0156 3516
2011/06/12 00:22:10.0156 3516 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/12 00:22:10.0156 3516 Product type: Workstation
2011/06/12 00:22:10.0156 3516 ComputerName: ERIC-9FEECA1834
2011/06/12 00:22:10.0156 3516 UserName: Eric
2011/06/12 00:22:10.0156 3516 Windows directory: C:\WINDOWS
2011/06/12 00:22:10.0156 3516 System windows directory: C:\WINDOWS
2011/06/12 00:22:10.0156 3516 Processor architecture: Intel x86
2011/06/12 00:22:10.0156 3516 Number of processors: 4
2011/06/12 00:22:10.0156 3516 Page size: 0x1000
2011/06/12 00:22:10.0156 3516 Boot type: Normal boot
2011/06/12 00:22:10.0156 3516 ================================================================================
2011/06/12 00:22:11.0046 3516 Initialize success

How is your computer running now?

I am going to say things appear better. Some things were very subtle and I haven't had a lot of time on the computer lately. I will say several of my issues improved when I switched to Google Chrome instead of IE. The one scan did say something about a trojan though so I am assuming it wasn't all in my head or my internet explorer. Right?

What other issues are you experiencing?

I am experiencing no issues at this time as long as we use google chrome. With IE, Facebook is very choppy when scrolling. Email on MSN wasn't opening up all the time and some video links weren't working. I don't know if this is a cause for concern or if I just need to use Google Chrome in the future.

Hi,

See if this helps:

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

I did run this...not sure if it made a difference or not. Facebook is still very choppy on IE only. And Google Chrome loads everything almost instantly whereas IE takes a few seconds.

IE is always that way. Chrome is just a faster browser and you have gotten used to the speed of Chrome.

So before this thread is closed. What do you recommend I install on my computer for protection? Obviously what I have is not sufficient since I think this is my 3rd problem in a year. I have the free version of AVG 2011 and the free version of MalWarebytes Anti-malware.

AVG should suffice. Remember don't install more than 1 antivirus.