Avast Disabled, Searches Redirected, Services Crashing

A friend sent me his computer for me to diagnose, and so far the usual methods haven't been working. MalwareBytes produces nothing, and Avast's bootscan brings up nothing. There's nothing suspicious in the HiJackThis log as far as I can tell, either. I've also used Spybot S&D.

Anyway, this bug seems to have disabled my Avast On Access Protection permenantly. It redirects google searches to adware sites. It deleted the System Restore files. Also, I get crashing services that prompt for computer restarts (DCOM and Plug and Play). I suspect I have a rootkit, but you guys can probably guess better.

I also noticed that if I try to do a windows update to Vista SP2, I get thrown into a STOP 7B blue screen error. I'm only able to get out of this from a set of registry keys I've backed up. Don't know if that's related, but I had to disable windows update to prevent SP2 from installing

DDS (Ver_09-12-01.01) - NTFSx86
Run by TR PLASTER at 23:43:45.10 on Wed 02/10/2010
Internet Explorer: 8.0.6001.18882
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
uSearch Bar =
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\myesse~1.lnk - c:\program files\my essentials\usb me1001-usb\wireless utility\O-Maxwcui.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-11 05:41:41 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-11 04:46:52 0 d-----w- c:\program files\Sophos
2010-02-11 02:08:28 58962784 ----a-w- c:\windows\system32\confi.reg
2010-02-11 01:15:45 98816 ----a-w- c:\windows\sed.exe
2010-02-11 01:15:45 77312 ----a-w- c:\windows\MBR.exe
2010-02-11 01:15:45 261632 ----a-w- c:\windows\PEV.exe
2010-02-11 01:15:45 161792 ----a-w- c:\windows\SWREG.exe
2010-02-11 01:15:28 0 d-s---w- C:\ComboFix
2010-02-11 00:19:33 0 d-----w- c:\windows\system32\SPReview
2010-02-09 01:58:49 0 d-----w- c:\program files\TrendMicro
2010-02-09 01:54:06 0 d-----w- c:\program files\Microsoft
2010-02-09 01:54:04 0 d-----w- c:\program files\MSN Toolbar
2010-02-09 01:53:34 0 d-----w- c:\program files\MSN Toolbar Installer
2010-02-08 22:41:49 0 d-----w- c:\windows\system32\drivers\backup
2010-02-02 04:36:02 0 d-----w- c:\windows\system32\EventProviders
2010-02-02 04:34:55 0 d-----w- c:\users\trplas~1\appdata\roaming\Malwarebytes
2010-02-02 04:34:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 04:34:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 04:34:49 0 d-----w- c:\programdata\Malwarebytes
2010-02-02 04:34:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 01:32:31 0 d-----w- c:\program files\Ad-Aware SE Personal
2010-01-30 02:56:17 53328 ------w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-30 02:28:48 212 ----a-w- c:\windows\wininit.ini
2010-01-30 01:51:42 0 d-----w- c:\programdata\Alwil Software
2010-01-13 07:43:30 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 07:43:29 72704 ----a-w- c:\windows\system32\fontsub.dll

==================== Find3M ====================

2010-02-11 00:25:38 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-11 00:25:38 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-11 00:25:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-11 00:23:08 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-14 18:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-26 09:39:43 4609 ----a-w- c:\windows\1z90backdoor5325.dll
2009-12-21 14:02:04 8106 ----a-w- c:\windows\system32\671hac9zoo588.bin
2009-12-21 09:43:42 5990 ----a-w- c:\windows\20553spamb9taz.dll
2009-12-20 13:53:55 15809 ----a-w- c:\windows\system32\9da6zparse58.dll
2009-12-19 20:16:20 10899 ----a-w- c:\windows\system32\z87dthre5t92529.exe
2009-12-19 07:18:13 11058 ----a-w- c:\windows\4515a9dzare3137.dll
2009-12-18 01:18:15 15145 ----a-w- c:\windows\system32\9a39spar5e2295z.bin
2009-12-17 08:31:29 15457 ----a-w- c:\windows\system32\6b89viz31735.dll
2009-12-16 09:12:32 10553 ----a-w- c:\windows\system32\383sp955z.exe
2009-12-14 02:15:19 15272 ----a-w- c:\windows\65dczddwar95725.bin
2009-12-13 19:54:07 5331 ----a-w- c:\windows\system32\14729sp5mbzt628.bin
2009-12-11 09:09:12 4782 ----a-w- c:\windows\system32\9zaddw5re2703.dll
2009-12-09 14:28:37 14828 ----a-w- c:\windows\system32\30z99wor5430.dll
2009-12-06 04:44:09 15072 ----a-w- c:\windows\41b9s5eal55z.exe
2009-12-06 00:56:16 15907 ----a-w- c:\windows\90za5dware1827.bin
2009-12-03 21:21:04 15333 ----a-w- c:\windows\system32\90395trzj65d.dll
2009-12-02 18:29:14 13593 ----a-w- c:\windows\9a58spa5sz1470.dll
2009-12-01 00:06:09 9354 ----a-w- c:\windows\system32\2z906troj65b9.bin
2009-11-23 19:09:55 7252 ----a-w- c:\windows\715cvzr997.exe
2009-11-23 17:00:45 5662 ----a-w- c:\windows\system32\9459s5y2zd.bin
2009-11-20 21:23:07 6749 ----a-w- c:\windows\19671z5t-a9virus4db.bin
2009-11-20 13:32:05 2716 ----a-w- c:\windows\system32\97624zorm5a9.exe
2009-11-16 21:55:57 11744 ----a-w- c:\windows\4215vzr25669.dll
2009-11-16 13:23:45 15569 ----a-w- c:\windows\4a1zth5eat179469.dll
2009-11-16 11:33:11 5950 ----a-w- c:\windows\system32\96159yware2z95.bin
2009-11-16 08:05:50 5698 ----a-w- c:\windows\5254steaz899.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:44:44.91 ===============

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. In the custom scan box paste the following:
   
   CODE
   netsvcs
   msconfig
   safebootminimal
   safebootnetwork
   activex
   drivers32
   %systemroot%\system32\*.dll /lockedfiles
   %systemroot%\Tasks\*.job /lockedfiles
   /md5start
   eventlog.dll
   scecli.dll
   netlogon.dll
   cngaudit.dll
   sceclt.dll
   ntelogon.dll
   logevent.dll
   iaStor.sys
   nvstor.sys
   atapi.sys
   IdeChnDr.sys
   viasraid.sys
   AGP440.sys
   vaxscsi.sys
   nvatabus.sys
   viamraid.sys
   nvata.sys
   nvgts.sys
   iastorv.sys
   ViPrt.sys
   eNetHook.dll
   ahcix86.sys
   KR10N.sys
   nvstor32.sys
   ahcix86s.sys
   nvrd32.sys
   /md5stop
   %systemroot%\*. /mp /s
6. Push the button.
7. Two reports will open, copy and paste them in a reply here:
   • OTL.txt <-- Will be opened
   • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti