Hi,
Here’s a couple of long shot ideas, which may help for troubleshooting.

1. You used Revo Uninstaller for AVG. It is easy when using this uninstaller to delete more reg values than should be deleted, unless the tree for the reg entries is expanded, and only the bolded entries are removed.
   Solution: -Uninstall and re-install the programs subsequently affected, or
   -System restore to prior to the removal date, then re-run the AVG remover, or
   -Restore the registry from the backup (you make backups, of course?) then re-run AVG remover.

If that is not applicable,
2) You have used ZoneAlarm in the past. Is it fully uninstalled?

Any other security software installed in the past?
Are you running (or using the “run as” command) as an administrator when installing/uninstalling software?

Hi Tarq57, and thanks for your comments.

I will try uninstalling and reinstalling Avast later (next few hours - short of time right now).

ZoneAlarm does appear to be completely uninstalled. A search didn’t pick up any files, and I can’t see any remnants in the C drive.

No other security software installed in the past (not anti-virus, that is). I have tried Spyware Blaster (uninstalled now). I currently run Spybot Search and Destroy and Adaware. Other than Avast (and AVG until recently), that’s it.

OK simply saying it didn’t work as that doesn’t give much in the way of detail and the main issue is exactly what you entered (localhost and 12080 some missed one of the 0s off).

Earlier I asked if you had to use a proxy to connect to the internet (ISPs sometimes insist or using a web accelerator) ?

Though what is really getting me is everything is so intermittent it works, it doesn’t work as many of the suggestions we give including the one above are to correct fixed permanent problems.

So the problem in applying a fix/suggestion when it is an intermittent problem, could introduce its own issues and that has me totally stumped (and you have to ensure that you reverse any change that doesn’t work or we could be fighting the change).

David,

I entered localhost and 12080, as instructed.

I don’t think I use a proxy to connect to the net. Not sure where to check this, though.

The problem as described isn’t really intermittent - only once, for two page downloads using FF, has browsing been as normal when On-Access Protection Control has been on. The rest of the time - which is over a week now - the problem has been as described at all times when On-Access Protection Control has been on, and browsing has been normal at all times when On-Access Protection Control is off.

There is one other issue I have been experiencing that I haven’t mentioned until now because I assumed it was not related to Avast. I mention it now in case it does offer some clue to you tech-initiated folk as to what could be amiss with Avast and the browsers. It has been occurring for 2 weeks or so - ie: before I changed from AVG to Avast. Anyway, it’s this: autologin is not working in FF.

When this first started happening, which was suddenly one day, for no apparent reason, it also affected IE7. Sites I had been autologging into for literally months or longer suddenly asked me to log in. My username and PW were already filled out, but even when I ticked the box asking the browser to keep me logged in, it failed to do so next time I brought up the site(s). I restored the default settings in IE7, and that resolved the problem for that browser. The problem remains for FF, despite uninstalling and reinstalling it. Bewilderingly, last night I got a notice that FF had completed some upgrade (automatically…that is, I didn’t manually upgrade it), and soon after, autologin started working in FF. This morning, it had stopped working again in FF. IE7 remains OK for autologin.

I was wondering if I have some virus or spyware messing things up, but AVG did not detect anything, and I ran a thorough check including archives when I downloaded Avast - again, nothing detected. I’ve run scans with Adaware and Spybot, also, and they have detected nothing.

Maybe I need to reformat Win XP. I bloody hope not, but I’m starting to get desperate. I’d better log off now, because as you know, I am unprotected any time I am online. Will check back later after I’ve uninstalled and reinstalled Avast.

Thanks to all for your help to this point.

Well the problem with autologin (though I have no idea what one you might be using, I have never used it) I always log on to sites and don’t use a password, login manager, etc. but anything that is common for both browsers is possibly a factor. If you disable that would it make any difference.

I’m sorry as I’m totally clutching at straws here as I have never experienced what you are experiencing in the five years I have been on the forums. For me intermittent is obviously different something either works or it doesn’t no change, so when it works even for a short period without having done something. That I call intermittent especially when for no reason it fails again.

Well if you had to use one I would have thought it would be in the IE connection settings.

FF 3.0.10 has just been released so that may have been your auto update (I don’t have this enabled, I’m on dial-up and need to control what connects and what updates, etc.).

You could try these tools as adaware is IMHO a waste of hard disk space and S&D I’m no great fan of either.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.

Hi again, David.

The “autologin” I referred to is just the facilities inbuilt in IE and FF - I don’t have any specific separate autologin programs.

I uninstalled Spybot S&D, Adaware and Avast. Then I reinstalled Avast. The problem persists as before with both browsers.

I downloaded, installed and updated MalwareBytes Anti-Malware and ran it. It detected a single file, Rogue.Antispyware, which was in my Applications folder. I got rid of it using MBAM. Here is MBAM’s report:

Malwarebytes’ Anti-Malware 1.36
Database version: 2059
Windows 5.1.2600 Service Pack 2

30/04/2009 12:55:12 AM
mbam-log-2009-04-30 (00-55-12).txt

Scan type: Quick Scan
Objects scanned: 97053
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Ross B\Application Data\AntispywareBot (Rogue.AntiSpywareBot) → Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

Now I am about to install SUPERantispyware. If nothing else, at least you have the satisfaction of being responsible for my binning SpyBot S&D and Adaware in favour of the two programs you recommended!

Sheeyit, I just wish this damned browser issue with Avast could be resolved though.

Update!

I just installed Superantispyware, ran it, and it detected 17 Adaware cookies. I quarantined them, and now both IE and FF can be used to browse as normal WITH Avast’s On-Access Protection Control ON!!!

Maybe, at long, long last, the issue is finally resolved. It’s hard to believe the problem was caused by Adaware cookies, but that’s the only conclusion that can be made from where I sit…

Going to bed now (it’s nearly 2am here), so fingers crossed everything will still be fine in the morning. Will check back in to let you guys who have so kindly offered your advice and recommendations throughout this long thread know the situation. Sincere thanks to all.

Re Reply #25
There are some applications that can do the login stuff and that was something I was more concerned with. Since using two different methods/browsers to login that fails, seems to point in a totally different direction than say a common application for logon.

There is certainly some very strange goings on in your system but what is the question, I haven’t seen the like of.

Re MBAM results, good that it found a rogue application, though I’m surprised as these normally throw up pop-ups stating your infected/vulnerable, etc. and you would notice that. Though it is possible that it had other effects, possibly to make you consider (if pop-ups were present) buying it, etc.

Re Reply #26
The tracking cookies are a very minor issue and certainly not a security one, so once again I’m surprised (twice in one post) if they could have had this effect.

So it may be that the rogue detected by MBAM or possibly adware messed with your connections.

Thankfully it seems to be clear, fingers crossed and you now have two of the top anti-spyware/malware applications to compliment avast.

I can’t believe this. Just logged on this morning and the problem is back - while On-Access Protection Control is on, I get page load errors with IE7 ( “Internet Explorer cannot display the webpage etc”) and FF “Connection Interrupted etc”. What can I say? SHIIIIIIT!

Maybe it’s time to post a HijackThis log. http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
I feel a bit rude suggesting this, as I do not have the training to back it up by being able to actually analyze the log.
But there are folk at this forum who do have that ability.

Unfortunately I don’t know what to say other than what I did earlier what was found in the scans I wouldn’t have though would have been the cause so were back to this intermittent on off problem.

Whilst it isn’t ideal the only alternative would be to terminate the web shield. If doing this personally I would stop using IE and only use firefox with the NoScript add-on installed.

You say you have reinstalled before, but I don’t know if you have done a clean reinstall, so give this a shot.
Download the latest version of avast http://www.avast.com/eng/download-avast-home.html and save it to your HDD, somewhere you can find it again. Use that when you reinstall.

Download the avast! Uninstall Utility, find it here and save it to your HDD (if you didn’t already do that).

• 1. Now uninstall (using add remove programs, if you can’t do that start from the next step), reboot.- 2. run the avast! Uninstall Utility, reboot. If step 1 failed it may be necessary to run this from safe mode, once complete reboot into normal mode.- 3. install the latest version, reboot.

The HJT may show some possible connection issues.

Other than that I have no idea what else to suggest.

David, you have been tremendous in your efforts to assist - thank you. I’ve uninstalled and reinstalled several times now, as you suggest (although only once used the avast! uninstall utility), but after seeing what sort of responses come back re the HJT report, I’ll try again if necessary.

tarq57 - not rude at all! I am extremely grateful for any suggestions that might lead to a resolution of this situation, which is now REALLY getting under my skin.

So thanks! I’ve done as you suggest and have the HJT report, but can’t post it here as the message exceeds the maximum allowed length of 10000 characters! Can I attach it, or something?

Attach it by posting it in two (or if needed, three) posts.

When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).

Thanks, David - HJT report attached herewith.

Fix:
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
This is the Ask toolbar considered adware by some, but it doesn’t appear to be active so the entry should be removed.

Is this your ISP ?
Amnet IT Services Pty as that is what the IP address indicates in the O17 - HKLM\System\CCS\Services\Tcpip entry is.

Other than those I don’t see anything obvious, certainly not anything that might be related to this problem.

Hi again, David.

How do I remove the O3 - Toolbar, please? I’m not sure what it is or where it is!

Amnet IT Services Pty is my ISP, yes.

Bloody hell, it seems this problem is weird in extremis. It ain’t no virus, it ain’t spyware, it ain’t anything picked up by HJT - WTF is it? Sigh…

Thanks so much for your ongoing assistance, anyway, David.

Run HJT again (close any other windows except HJT), tick the box to the left of the suspect entry you wish to fix, click the Fix Selected Button.

I have been messing around with the Avast settings trying to isolate whatever might be causing the problem with my browsers, and find that stopping Webshield returns the browsers to normal function. UNtil now, I thought turning off On-Access Protection Control was the only way to get the browsers browsing normally.

I subsequently noticed on the Avast FAQ page, there is the following question and answer:
[i]
Q: I have installed avast! and I can no longer browse the Web. How can I solve this?

A: Check your firewall configuration. For the correct operation the Web Shield process (ashWebSv.exe or aswWebSv.exe) needs a permission to access the Internet (TCP port 80) and a permission to act as a server and accept incoming connections from localhost (the local machine) on TCP port 12080.[/i]

I have the Windows XP (Home, SP2) Firewall. Can anyone give me simple instructions for granting the Web Shield process “a permission to access the Internet (TCP port 80) and a permission to act as a server and accept incoming connections from localhost (the local machine) on TCP port 12080” please? Maybe not having done this is the problem??

The XP firewall has zero outbound protection so there is no need to apply anything to it.

The FAQ instruction related to firewall that monitor outbound traffic.