[linnealand]

Hello there! I'm totally at a loss!

I installed kaspersky, and a warning came up that warned me of an intruder. I clicked the button to block it, and then I started thinking that perhaps it was actually asking me if I wanted to block Firefox.

Ever since then, I've had a big problem with Firefox and internet explorer! Some pages will open, including my email and this forum, but anything I type into the address bar or try to access via Google or other search engines just goes into loading mode forever. The pages never go through!

I tried removing kaspersky through "add or remove programs," but it said that I wasn't authorized to remove it. I tried removing it manually, which looked like it was working, but if I go back to "add or remove programs" it's still there. When I try to remove it now, a message shows up saying that a program has to be installed for it to be removed.

I tried installing a new version of avast, and it looks like it went through just fine. It found infection (trojan-gen), and I deleted the files, but the web problem is still there. :(

I have tried fully clearing out what I could through spybot and I have run a "standard" scan from avast in safe mode. I even removed Firefox and installed the new version of Firefox from scratch. Still, I can't access those web pages.

One of the times I went into safe mode, I was actually able to use Google. I thought the problem was solved, but as soon as I went back into normal mode, I found myself at square one.

I'm so desperate to resolve this problem. Please, please, please help me to figure out what to do. Also, if there is any way to solve it without having to access the internet from another computer, it would be *much* preferred. Can I? Thank you for your help!

[Credendovidis]

It sounds to me that you have instructed your firewall to block these sites. And so it does, and you can't access these sites any more.
Just check the firewall settings and change the block data for websites you like to visit.
Next time your firewall asks you if you agree with blocking something, think twice what you are doing before clicking "yes"!

===

Programs like that are provided with an un-install file which can be found in "All Programs".
Only way to remove remaining parts now is if you know precisely what to do, when to do, where to do.
Fortunately there is also another in-official option : RE-INSTALL kaspersky the normal way.
Once installed, go to All Programs, go to the kaspersky directory, click on un-install.
Now all important and blocking items will be removed. Do not use "configuration screen, software, select kaspersky, and delete".
After de-installing everything you may go to Win XP, Program Files, and delete remaining kaspersky directory and files. Note : AFTER the program has been deleted by it's own software only.

Success !

[linnealand]

So you think that it's just kaspersky that is creating this problem?

How can I be sure that it's not the result of an infection?

Also, which is a better program - kaspersky or avast? I have found that kaspersky picks up things that other programs miss, but it might be too good for inexperienced computer novices like me. It puts a lot of choices in my hands, which allows for human (my) error. But maybe I'm wrong?

One more thing. It took a lot of time to get to where I am with this computer problem. Is there any way of knowing if whatever is left from kaspersky won't interfere with other programs? Usually whenever I install a new anti-virus program it displays and forces me to remove whatever anti-virus program was there to start with. Nothing came up when I installed avast.

Does anyone have a link for the trial version of kaspersky? Apparently I can follow some links through this forum, but I can't go to the pages myself... :(

[linnealand]

By the way, the infections that have been found are:

Win32:Trojan-gen (other) - found in 3 files
Win32:Generic-DZ (1 file)
Win32:CTX (looks like it's been there for a long time?)

Will avast be able to clear everything out by itself?

Also, my kaspersky didn't have a firewall. I also tried disabling everything that was there before I tried to remove it.

I do have windows firewall, and I went there to make sure that Firefox and IE are open for business. Still, no go.

[linnealand]

thanks to a link I found in the forum, I was able to download hijackthis. Here is my logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:59 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KE.EXE
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Faith Museum\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Toshiba
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {2EAA184D-1DE5-4F3B-8E84-335EBB5C4669} - C:\WINDOWS\system32\ljJDUlJa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8710FC9F-0816-49D7-AE14-4BA5269E838C} - C:\WINDOWS\system32\efcCspNE.dll (file missing)
O2 - BHO: {f4163215-dc6c-2df9-ae84-10934421f82a} - {a28f1244-3901-48ea-9fd2-c6cd5123614f} - C:\WINDOWS\system32\touehkcq.dll
O2 - BHO: (no name) - {D35D8887-F989-4989-8BBD-ADD563412572} - C:\WINDOWS\system32\pmnlmnND.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\.. \Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\.. \Run: [nwiz] nwiz.exe /install
O4 - HKLM\.. \Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\.. \Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\.. \Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\.. \Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\.. \Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\.. \Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\.. \Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\.. \Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\.. \Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\.. \Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\.. \Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\.. \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\.. \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\.. \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\.. \Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\.. \Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\.. \Run: [586e93d5] rundll32.exe "C:\WINDOWS\system32\myhwlbgl.dll",b
O4 - HKLM\.. \Run: [BM5b5da049] Rundll32.exe "C:\WINDOWS\system32\tynkpiqi.dll",s
O4 - HKCU\.. \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\.. \Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KE.EXE /FU "C:\WINDOWS\TEMP\E_SB4.tmp" /EF "HKCU"
O4 - HKCU\.. \Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\.. \Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Anyway - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181636590859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181604890543
O17 - HKLM\System\CCS\Services\Tcpip\.. \{E80CFB21-872D-4E30-A765-E0D00F704741}: NameServer = 212.216.112.112,85.37.17.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll tkuddfsp.dll qsymcqje.dll
O20 - Winlogon Notify: efcCspNE - efcCspNE.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! IAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DVD-RAM_Service - Matsua Electric Industrial Co. Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11173 bytes

[linnealand]

Please help! I'm totally desperate. I have to use my computer for several very important projects, and I'm off in a foreign country without anyone to lend a hand. :(

[linnealand]

Okay, I'm back. I'm very, very sad that no one helped me to try to work through this problem! Creden, it was good of you to post something, but I wish I could say that it fixed the issue. Where are the experts here? :(

After waiting for days for a response, and then trying to fix it myself out of desperation, I lost all access to the internet. I wound up having to pay someone a huge fee to correct it. It turns out it was something really simple.

I wish someone had stepped up!

Aren't there computer experts at AMHD? Or it is just wishful thinking?

[JBeaucaire]

I'm sorry no one here had the prior experience to help with your particular problem. I know it can be frustrating.

As Credendovidis suggested, it sounded like something to do with your firewall. Just for completeness, what was the problem and the solution? Perhaps it will serve to aid the next person who comes here with that particular problem.

[linnealand]

Thanks for getting back to me!

I'm not very computer savvy (at all), so I can't remember exactly what was done. There were some things (maybe .dlls?) that would open up whenever I turned on my computer that blocked the web pages. The guy who took care of it was speedy, so it was hard to keep up. I wish I could tell you more so that, like you said, whoever else runs into the problem I had would be closer to a solution, but I would have no idea how to fix it if it happened again.

Well, once again, thank you. :)