Can't erase Trojan

[munecorey]

I really need help, my computer isn't working properly i have tried various solutions from this site. The program malwarebytes erases the trojan but after restart it comes back whith 3 or 5 more infections.

Here is my log dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by Rodrigo Zuniga at 16:05:44 on 2011-09-30

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2583 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\bthsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129

TCP: Interfaces\{4C3083A2-2755-4C38-8D54-ACB8F7E34145} : DhcpNameServer = 167.206.245.130 167.206.245.129

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\rodrigo zuniga\application data\mozilla\firefox\profiles\2y741i05.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: keyword.URL - hxxp://gbt.toolbarhome.com/search.aspx?srch=ku&q=

FF - plugin: c:\documents and settings\rodrigo zuniga\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\wolfram research\browser\8.0.1.2063897\npmathplugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-9 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-9 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-9 136312]

R2 bthsrv.exe;Bthsrv;c:\windows\system32\bthsrv.exe [2011-9-26 2660679]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-30 366152]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-9 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\ipsdefs\20110929.031\IDSXpx86.sys [2011-9-29 356280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-30 22216]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\virusdefs\20110930.002\NAVENG.SYS [2011-9-30 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\virusdefs\20110930.002\NAVEX15.SYS [2011-9-30 1576312]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-4-8 606056]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-30 18:48:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-30 18:48:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-30 06:48:28 586752 --sha-w- c:\documents and settings\rodrigo zuniga\application data\ixu979.tmp

2011-09-30 05:48:28 586752 --sha-w- c:\documents and settings\rodrigo zuniga\application data\ixu976.tmp

2011-09-30 04:48:32 586752 --sha-w- c:\documents and settings\rodrigo zuniga\application data\ixu962.tmp

2011-09-29 03:52:10 -------- d-sha-r- C:\cmdcons

2011-09-29 02:01:42 98816 ----a-w- c:\windows\sed.exe

2011-09-29 02:01:42 518144 ----a-w- c:\windows\SWREG.exe

2011-09-29 02:01:42 256000 ----a-w- c:\windows\PEV.exe

2011-09-29 02:01:42 208896 ----a-w- c:\windows\MBR.exe

2011-09-28 05:30:32 -------- d-----w- c:\documents and settings\rodrigo zuniga\application data\Malwarebytes

2011-09-28 05:29:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-28 05:13:11 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-28 05:12:37 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-09-28 04:38:38 -------- d-----w- c:\documents and settings\rodrigo zuniga\local settings\application data\Mathematica

2011-09-28 04:38:38 -------- d-----w- c:\documents and settings\rodrigo zuniga\application data\Mathematica

2011-09-28 04:33:14 -------- d-----w- c:\program files\common files\Wolfram Research

2011-09-28 04:33:14 -------- d-----w- c:\program files\common files\ResearchSoft

2011-09-28 04:33:14 -------- d-----w- c:\documents and settings\all users\application data\Mathematica

2011-09-28 04:28:58 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2011-09-28 04:28:58 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2011-09-28 04:28:58 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2011-09-28 04:28:58 369680 ----a-w- c:\windows\system32\ml32i3.dll

2011-09-28 04:28:58 335888 ----a-w- c:\windows\system32\mltcpip32.mlp

2011-09-28 04:28:58 260112 ----a-w- c:\windows\system32\ml32i2.dll

2011-09-28 04:28:58 253968 ----a-w- c:\windows\system32\ml32i1.dll

2011-09-28 04:28:58 167952 ----a-w- c:\windows\system32\mlmodule32.dll

2011-09-28 04:27:41 -------- d-----w- c:\program files\Wolfram Research

2011-09-28 04:03:37 -------- d-----w- c:\documents and settings\all users\SAS

2011-09-27 03:26:12 221184 ----a-w- c:\windows\system32\wmpns.dll

2011-09-26 15:33:15 -------- d-----w- c:\windows\system32\84229B2E4F71C911B1034E088A1B801C

2011-09-26 15:32:59 2660679 ----a-w- c:\windows\system32\bthsrv.exe

2011-09-25 23:37:56 -------- d-----w- c:\documents and settings\rodrigo zuniga\local settings\application data\Google

2011-09-19 22:50:12 -------- d-----w- C:\sas

2011-09-15 03:28:25 -------- d-----w- c:\documents and settings\rodrigo zuniga\application data\SAS

2011-09-15 03:28:22 98304 ----a-w- c:\windows\system32\sasperf.dll

2011-09-15 03:09:22 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL

2011-09-15 03:09:22 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL

2011-09-15 03:09:22 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL

2011-09-15 03:09:22 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL

2011-09-15 03:09:22 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

2011-09-15 03:09:22 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL

2011-09-15 03:09:22 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL

2011-09-15 03:09:22 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL

2011-09-15 03:09:22 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL

2011-09-15 03:09:13 -------- d-----w- c:\program files\Microsoft WSE

2011-09-15 02:51:58 -------- d-----w- c:\program files\SASHome

2011-09-15 02:45:41 -------- d-----w- c:\documents and settings\all users\application data\SAS

2011-09-15 02:45:05 -------- d-----w- c:\documents and settings\rodrigo zuniga\local settings\application data\SAS

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 16:06:18.85 ===============

Malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7836

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/30/2011 3:54:33 PM

mbam-log-2011-09-30 (15-54-33).txt

Scan type: Quick scan

Objects scanned: 191966

Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

ark.zip

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!