Help Secure my PC

[Zarina]

Hello, I need assistance to get rid of a few infections on my pc.

MY CURRENT PC SPECS:

Windows XP Professional SP2

Nortons Antivirus 2008 with latest definitions

Malwarebytes Anti-Malware 1.28

Here is my logfile with latest information:

Malwarebytes' Anti-Malware 1.28

Database version: 1134

Windows 5.1.2600 Service Pack 2

9/18/2008 7:02:52 PM

mbam-log-2008-09-18 (19-02-52).txt

Scan type: Full Scan (C:\|)

Objects scanned: 184698

Time elapsed: 1 hour(s), 0 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Files Infected:

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP65\A0014895.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP65\A0014896.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP65\A0014897.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP65\A0014899.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP65\A0014900.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP70\A0017153.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP70\A0017152.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1BB5EA52-5B58-4471-A75A-19170EE84214}\RP70\A0017154.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.

C:\Documents and Settings\Zarina Ebrahim\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Repeatedly after boot-ups and new scans on another day, same error infections pop-up.

Please help how can effectively prevent the same infections from coming back after my software (MBAM & NORTONS) clean it up!

I am fragile but if someone could guide me in the Registry to clean up the mess.

Thank You

Zarina

[AdvancedSetup]

Hello Zarina and Welcome to Malwarebytes

Please follow the instructions posted here: Pre- HJT Post Instructions

Then post your requested logs here: Malware Removal - HijackThis Logs

Once you've provided the requested information someone will be happy to assist you in cleaning your system further.

[JeanInMontana]

Most likely Zarina is being reinfected from the illegal software she has downloaded. Shows up really plain in the Panda log http://www.malwarebytes.org/forums/index.php?showtopic=6392

[Guest ~BD~]

Repeatedly after boot-ups and new scans on another day, same error infections pop-up.

Thank You

Zarina

It seems as if you have been a little bit naughty!

Try turning off System Restore ........... and then turn back on again.

Dave

[JeanInMontana]

Dave that won't do much good... she has illegal software on her machine, often bundled with malware. Deleting System Restore points isn't going to do squat.

[Guest ~BD~]

Dave that won't do much good... she has illegal software on her machine, often bundled with malware. Deleting System Restore points isn't going to do squat.

OK - you're the expert!

D.