Weird virus

[ZomgGuitarz1234]

I ran spybot search and destroy and found a few virus called virtumonde, and at first it wasn't a problem so i just removed it and ran spybot to see if it fixed it and nothing showed up, then i ran a older version of nortorn (2006 came with the computer) and it found a virus and deleted it. Later a bunch of adds where popping up for no real reason, so i ran a virus check again and around 5 cases of virtumonde where there even though i havn't really downloaded anything. So i deleted them, then i started getting random blue screens of death, and google was working weird (instead of giving me a link to a web page it redirected me to some random page) and the adds returned. Seems like the problems only getting worse, does anyone know whats going on?


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:55:58 PM, on 1/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Unlocker\UnlockerAssistant.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nurufejid] Rundll32.exe "c:\windows\system32\nugevozi.dll",a
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01D59F8B-98BF-49AF-9D10-469A73EC9638}: NameServer = 83.149.115.157,4.2.2.1,68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{692011CD-7AA0-4480-8266-77220FD30E02}: NameServer = 83.149.115.157,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{01D59F8B-98BF-49AF-9D10-469A73EC9638}: NameServer = 83.149.115.157,4.2.2.1,68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: c:\windows\system32\zekafire.dll tabubidi.dll c:\windows\system32\webogori.dll kobiyulu.dll c:\windows\system32\bugirasa.dll c:\windows\system32\duzurosa.dll c:\windows\system32\fatopoze.dll c:\windows\system32\nugevozi.dll
O21 - SSODL: kimodiyab - {d31fa410-38cf-4878-8137-ac3240348606} - c:\windows\system32\zekafire.dll (file missing)
O21 - SSODL: jitezayup - {a5443cb4-53dc-4b17-9762-739ad441ed63} - c:\windows\system32\webogori.dll (file missing)
O21 - SSODL: narepepah - {7af44862-45fd-49f3-a57b-f188b72fa75d} - c:\windows\system32\bugirasa.dll (file missing)
O21 - SSODL: rumurevab - {09d60682-bb42-4b12-ba2a-075add4fe920} - c:\windows\system32\duzurosa.dll (file missing)
O21 - SSODL: jomimupon - {f15420e6-680e-4b0e-9363-934a000b207f} - c:\windows\system32\nugevozi.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: gahurihor - {d31fa410-38cf-4878-8137-ac3240348606} - c:\windows\system32\zekafire.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {a5443cb4-53dc-4b17-9762-739ad441ed63} - c:\windows\system32\webogori.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {7af44862-45fd-49f3-a57b-f188b72fa75d} - c:\windows\system32\bugirasa.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {09d60682-bb42-4b12-ba2a-075add4fe920} - c:\windows\system32\duzurosa.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {f15420e6-680e-4b0e-9363-934a000b207f} - c:\windows\system32\nugevozi.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8268 bytes
--------------------------------
I think its also preventing Microsoft malicious software remover from installing to, because every time i try to install it, it closes out.

It's getting worse, now something called 'internet security 2010' has installed onto my computer and is trying to get me to delete system32 and stuff. So somethings downloading these trojans onto my computer but i can't figure out what D:
---------------------------
Edit
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
Please don't add posts or wrap log in code unless requested.
Thanks

[Shaba]

Hi ZomgGuitarz1234

Is Norton up-to-date?

[ZomgGuitarz1234]

Yes I'm pretty sure it updated, the problem being this is a 2006 version.

it doesn't really matter now though, I can't even log in without being immedietly logged out now.

[Shaba]

Can you log in in safe mode?

[ZomgGuitarz1234]

Can you log in in safe mode?

I can use safe mode, but i cant log in. I can't log into admin either. I was told to use the windows disk to re-install it, but i don't have one because its a cheap laptop

[Shaba]

Laptops should have recovery partition in hard drive and/or recovery disks.

If there are none of them, you will need to contact vendor.

[ZomgGuitarz1234]

How would I access it? I think I've seen it before but only a few times (f drive)

[Shaba]

It depends on brand. Which brand it is?

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.