I’m having a problem that I need some direction on. I got a new computer and before I could install the Avast program I had to do some internet research on the internet. I became aware of the infection when I did a Google search and then clicked on the links and got redirected to other sites. I then installed the Avast program and when it ran it found the following 4 infections:
Btubeb [1].htm – in [1].htm – Modal [1].js – terms [2].pdf (which I put in the chest).
Subsequently I reran the complete scan and the program did not find anything. I continued to have the problem, and on three occasions the program blocked possible downloads (I couldn’t tell what it was blocking because the notice disappeared to quick.)
I ran Spybot and it came up clean. I ran Symantec’s scan and it came up clean as well When I tried to update both Windows and Avast I also got site pop ups. Doing Google search links continue to be redirected. I assume I have a registry problem?

Can anyone give me advice on how I can resolve this issue without reinstalling Windows?

Thanks
rolose

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

user choice needed! have conflict with symantics

To: Pondus,

thanks, I did both programs and will test it out shortly. They found the following:

Ran SuperAntiSpyware second. The logs are as follows:
SUPERAntiSpyware Log

Trace Rules Database Version: 2510

Scan type : Complete Scan
Total Scan Time : 00:21:25

Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 4412
Registry threats detected : 0
File items scanned : 45101
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.whaleads[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@videos.teensnow[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rts.pgmediaserve[1].txt

Trojan.Dropper/SVCHost-Fake
C:\WINDOWS\TEMP\BCOO.TMP\SVCHOST.EXE
C:\WINDOWS\TEMP\DBHT.TMP\SVCHOST.EXE

Malwarebytes Antimalware

Malwarebytes’ Anti-Malware 1.44
Database version: 3884
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/18/2010 8:29:57 PM
mbam-log-2010-03-18 (20-29-57).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 157227
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\documents and settings\all users\application data\apple computer\sp.DLL (TrojanProxy.Agent) → Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spservice (TrojanProxy.Agent) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\apple computer\sp.DLL (TrojanProxy.Agent) → Delete on reboot.

Looks like everything should work. I will purchase both items which should stop all this nonsense.

Again, many thanks, your help was appreciated.

Rolose

To Pondus

Although the programs did wonders in taking out malware and Adware I still have the problem. When I google anything I get the results of the search. Then when I click on anyone of the links (say PowerDVD), I get redirected to a advertisement sight. If I backspace and reclick on the same link I get another ad site.
Another solution thoughts?
Many thanks,
rolose

Follow this guide from Essexboy and post the OTL log HERE
http://forum.avast.com/index.php?topic=53253.0
if the log is big, look in down/left corner: additional options > attach

And you should update your IE6 to IE8 when Essexboy have done the fix
http://www.microsoft.com/windows/internet-explorer/default.aspx