Help needed please update has stopped all connectivity

Hi all,

Last night I updated avast and now I cannot access the internet at all. I have connectivity, but no browser can actually connect, I have tried chrome firefox and ie.

Weirdly I noticed that a load of games had been added to my laptop at the same time as the avast update, is there a fake update going around?

ANy ideas would be appreciated

Follow the guide and attach the logs. http://forum.avast.com/index.php?topic=53253.0

I can’t get online on the laptop.

well you are posting here…download on one…move over with usb stick

ok, sorry I was panicking a bit.

Have done first step and attach the log file. I’m going to run MBAM now

This is the AdwCleaner log:

AdwCleaner v2.002 - Logfile created 09/21/2012 at 16:11:24

Updated 16/09/2012 by Xplode

Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)

User : Dan - DAN-PC

Boot Mode : Normal

Running from : G:\adwcleaner.exe

Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Dan\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\pgwi6ost.default\searchplugins\fast-browser-search.xml
Folder Deleted : C:\Users\Dan\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Dan\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\ Internet Explorer v7.0.6001.18000

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\pgwi6ost.default\prefs.js

C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\pgwi6ost.default\user.js … Deleted !

Deleted : user_pref(“browser.search.defaultthis.engineName”, “Fast Browser Search”);
Deleted : user_pref(“browser.search.defaulturl”, "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&[…]
Deleted : user_pref(“browser.search.order.1”, “Fast Browser Search”);
Deleted : user_pref(“keyword.URL”, "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={B92[…]

-\ Google Chrome v [Unable to get version]

File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = “hxxps://isearch.avg.com/?cid={1BBA899D-DACC-41EC-8AB3-8B399887AD9D}&mid=f204b280356e47d09f0601d9bae42bf1-5fdd5ad9e8be2d1fe522a7ba0085b6faaa7320d1&lang=en&ds=tt014&pr=sa&d=2012-09-20 19:56:00&v=13.0.0.7&sap=hp”,
Deleted [l.17] : urls_to_restore_on_startup = [ “hxxps://isearch.avg.com/?cid={1BBA899D-DACC-41EC-8AB3-8B399887AD9D}&mid=f204b280356e47d09f0601d9bae42bf1-5fdd5ad9e8be2d1fe522a7ba0085b6faaa7320d1&lang=en&ds=tt014&pr=sa&d=2012-09-20 19:56:00&v=13.0.0.7&sap=hp” ]
Deleted [l.1335] : homepage = “hxxps://isearch.avg.com/?cid={1BBA899D-DACC-41EC-8AB3-8B399887AD9D}&mid=f204b280356e47d09f0601d9bae42bf1-5fdd5ad9e8be2d1fe522a7ba0085b6faaa7320d1&lang=en&ds=tt014&pr=sa&d=2012-09-20 19:56:00&v=13.0.0.7&sap=hp”,
Deleted [l.2144] : urls_to_restore_on_startup = [ “hxxps://isearch.avg.com/?cid={1BBA899D-DACC-41EC-8AB3-8B399887AD9D}&mid=f204b280356e47d09f0601d9bae42bf1-5fdd5ad9e8be2d1fe522a7ba0085b6faaa7320d1&lang=en&ds=tt014&pr=sa&d=2012-09-20 19:56:00&v=13.0.0.7&sap=hp” ]


AdwCleaner[S2].txt - [3510 octets] - [21/09/2012 16:11:24]

########## EOF - C:\AdwCleaner[S2].txt - [3570 octets] ##########

Ok, the Mbam scan has finished, still cant get online, it did find a couple of things which it removed.

Here is the log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Dan :: DAN-PC [administrator]

Protection: Enabled

21/09/2012 16:40:21
mbam-log-2012-09-21 (16-40-21).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393630
Time elapsed: 2 hour(s), 33 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:$RECYCLE.BIN\S-1-5-21-1330044878-194030504-820351046-1000$RU5TYOY.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Dan\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Dan\Downloads\DownloadSetup.exe (Affiliate.Downloader) → Quarantined and deleted successfully.

(end)

So when i try and connect now i get an error saying the Diagnostic Policy Service needs to be started manually, but when i try and do that I get an error message saying:

Windows could not start the Diagnostic Policy Service on Local Computer
Error 5: Access is Denied

here are the OTL logs

I just loaded the latest Avast on an old XP that I wanted to put anti-virus protection on. After I loaded it, I couldn’t open most websites. If I disable shields, I can open anything I like. Turn shields back on and I get “connection reset” or “cannot display page” messages. This happens with Firefox and Explorer.

But don’t I need the shields to be on?

Ok, so here is the aswMBR log

Just done an FSS scan and here is the log

still cant connect to internet, tried disabling shields which made no difference :frowning:

Is this a known issue? This all started last night when I tried to update Avast

Please start a thread here and follow instructions http://forum.avast.com/index.php?board=4.0
There are certified malware experts at the “viruses and worms” section.

Have you tried a “repair”? Programs and features>double click “avast”>scroll to and click “repair”>reboot. :slight_smile:

OK, started a thread in that forum. Tried to do repair and reboot but same issue, same error. So is this a known issue, is there malware that disguises itself as avast?