[Resolved] Avast won't open, and http doesn't work

[SafeSurf]

Word of caution...some malware can spread from an affected machine to an unaffected machine through a network.  Until we know what we are dealing with, we need to be careful with both machines now.

Try installing SuperAntispyware portable http://www.superantispyware.com/ as previously suggested and let me know how this works.

[SafeSurf]

Thank you Gargamel360 for your suggestion.    Hopefully this works for the OP.

[Classic]

Alternative?>>http://www.superantispyware.com/
Try the portable?

This worked. I put this file on my USB drive, brought it to the other machine, ran the update, and I'm now doing a full scan. I'll report what I find.

Thanks

[SafeSurf]

Remember...this USB drive is now considered infected.  Do NOT put it back in your other (non-infected) machine!

[Classic]

scan is done. how do I paste the results without connecting my USB?

I'll try something, give me a min...

[SafeSurf]

You did the scan on your infected machine...right?  Just copy and paste it in your post.

[Classic]

The infected machine cannot browse/view websites. I feel like I'm repeating myself a lot here.

[Classic]

Worked around that. Here's the log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/22/2010 at 02:18 AM

Application Version : 4.41.1000

Core Rules Database Version : 5390
Trace Rules Database Version: 3202

Scan type       : Complete Scan
Total Scan Time : 00:29:14

Memory items scanned      : 914
Memory threats detected   : 0
Registry items scanned    : 8257
Registry threats detected : 0
File items scanned        : 31341
File threats detected     : 353

Adware.Tracking Cookie
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@a1.interclick[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.mediafire[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@pointroll[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@content.yieldmanager[2].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@interclick[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@youporn[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.burstnet[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.pointroll[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tribalfusion[2].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediafire[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@realmedia[2].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@burstnet[2].txt
    .burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .paypal.112.2o7.net [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .www.burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adecn.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    www.burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    www.burstbeacon.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .burstbeacon.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .bs.serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .legolas-media.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .legolas-media.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .legolas-media.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revenue.net [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    acvs.mediaonenetwork.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    bc.youporn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cdn.insights.gravity.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cdn2.invitemedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cdn4.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cloudfront.mediamatters.org [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    content.yieldmanager.edgesuite.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    convoad.technoratimedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    core.insightexpressai.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    crackle.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    i.adultswim.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    ia.media-imdb.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    indieclick.3janecdn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.foxsports.com.au [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.ign.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.king5.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.mtvnservices.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.mtvu.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.onsugar.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.scanscout.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media1.break.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media2.firstshowing.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    mediaforgews.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    msnbcmedia.msn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    objects.tremormedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    s0.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    secure-it.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    secure-us.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    static.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    video.redorbit.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    www.naiadsystems.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    www.pornhub.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    www.three21media.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]

[SafeSurf]

I don't use SAS (the software I had you install that was suggested); I use MBAM.  Did SAS give you the option of putting infected items into quarantine?

Also, do you have any saved passwords on the infected machine?  If so, please delete them if you can.

Are you able to download anything at this time without having to waste more USB sticks?

[Classic]

I'm already familiar with SAS and how to use it. I thought this forum would help me to run Avast though, the software I actually paid to use. I truly apologize if I come off rude, but this problem is very frustrating for me, and your replies are somewhat redundant. I know you're just trying to help, but this is killing me right now.

I'm going to go rest and take another stab at this in the morning. If anyone else has any replies, please leave them. Thanks in advance.

[SafeSurf]

You have malware...that's the problem.  What I need to know is can you download anything to this machine.  I need to you download something now if you can.

[Classic]

What is it?

[SafeSurf]

We need to run more diagnostic tools, that is why I need to know if you can download.  I need you to download OTL:

OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide.  Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan.  It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.
Download OTL  to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Check the box that says Scan All Users
    * Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
          o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
          o Post both logs to your desktop.  Attach both logs to your next post.

I have asked our Certified Malware Expert, Essexboy, to follow up with you after you post your OTL logs.  He will ask you additional questions and give you more directions to help you with this problem.  I'm not sure if he will be here over the weekend, but please look for his post in this thread.

When your problem is resolved, we will help you with a massive PC clean up, updating of software, and everything else that is needed...a "Spring Cleanup" as it is called.

Edit:  If you have difficulty downloading OTL, go to Essexboy's Sticky on Avast http://forum.avast.com/index.php?topic=53253.0 and download it directly from there.

[Classic]

I can't run the OTL.exe file on the infected computer, even renamed. Is there a portable version?

[Classic]

I just read this but I can't run TFC either. It's not letting me run any recognized virus software.

Is there no way to just close this malware without rebooting? As soon as I do that, it's going to really screw over everything, I know this already.