Win2000 Registry - Does anyone recognize this???

[clulessuser]

What is strange is that IE has been changed to my default browser...

UPDATE - However, FF tells me IT is the default browser... 

[ComputerVet]

Ok, scratch that. Here's A full write up on your question.

http://www.personal-computer-tutor.com/abc3/v29/vic29.htm

[clulessuser]

Thank you.  That confirms essexboy's original answer to my original question.

Perhaps I should start a new thread?  The information on past browsing is there in the registry due to this 'feature' of IE (whether IE Is the browser you actually use or not).  From what I've read so far, there are some 'bugs' that can decrypt and use this information for non-legitimate means, including some form of browser 'hijacking'.

If Avast cannot find it, what are other recommendations?

[Lisandro]

If Avast cannot find it, what are other recommendations?

The better will be a HijackThis log.

It will be good, too, if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

[clulessuser]

I just closed Firefox because I could not even connect to my ISP account page, much less to this forum...  Yet without changing my connection whatsoever, I open IE and have no problem bringing up these URLs...

PS:  So, something has not only changed my 'default' browser to IE, it changed my IE 'homepage' setting (back to MSN), and has done SOMETHING that lets IE connect to the Internet, but does not let Firefox and Thunderbird connect.

IE is not my preferred browser...

The better will be a HijackThis log.

Yes, I posted that earlier in this thread:

http://forum.avast.com/index.php?topic=28910.msg237143#msg237143

It will be good, too, if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

Well, my bandwidth shrinks over time as I stay connected.  But I will try to download one of these.

Thank you.   

[Lisandro]

SOMETHING that lets IE connect to the Internet, but does not let Firefox and Thunderbird connect.

Isn't Kerio blocking the other two? Can you uninstall Kerio for a while and test? Maybe disabling is not enough...

Yes, I posted that earlier in this thread:
http://forum.avast.com/index.php?topic=28910.msg237143#msg237143

But is it the same right now or it changed?
Is it that short or you're doing it at Safe Mode?

[ComputerVet]

You may also want to check and make sure firefox is using the same proxy settings as IE.
In IE Look in Tools - Options - Connections - LAN Settings and note what boxes are checked and any proxy server address info.

In firefox look in Tools - Options - Connection Settings - and match your IE settings.

[clulessuser]

SOMETHING that lets IE connect to the Internet, but does not let Firefox and Thunderbird connect.

Isn't Kerio blocking the other two? Can you uninstall Kerio for a while and test? Maybe disabling is not enough...

I have uninstalled and re-installed Kerio several times lately.   Kerio has not been getting along lately with my ISP's proxy & web accelerator.  I now seem to have the problem fixed.  Kerio was keeping a number of aps from communicating with the proxy and therefore with the Internet in general.

It seems to come down to this:  1) there are conflicts between Kerio and Avast, in 'plain mode' (no special settings), I can run either one or the other with no problem; 2) I had prepared some Avanced Packet Filters (Kerio's terminology for some special IP, protocol, & port settings) for Avast and had both running for awhile; 3) something did away with those APFs; 4) I now have only Avast Standard shield running and the AVS updating running; and 5) finally have Kerio and most (maybe all) applications communicating with the proxy and therefore the Internet.

Lastly, I now have a 'baseline' config saved for Kerio (some of this started with a recent Kerio update).

Yes, I posted that earlier in this thread:
http://forum.avast.com/index.php?topic=28910.msg237143#msg237143

But is it the same right now or it changed?
Is it that short or you're doing it at Safe Mode?

It has changed now because I made some changes.  But, yes, it is that short.  I have most every service that is not essential set to manual start right now while I've been trying to trace these weird problems.  That is why I included HijackThis's longer startup file, so everyone could see what is there but, for now, suppressed.

Here is Hijack this as of a few moments ago:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:07 AM, on 6/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
D:\ALWILS~1\Avast4\ashDisp.exe
D:\Aps\Remind!\remind.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
D:\Aps\FaxTalk\NOH\FTNohMGR.exe
D:\Aps\MS Office\Office\MSOFFICE.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Common Files\ISPCOMP\SystemTrayIcon.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
D:\APS\FIREFOX\MOZILL~1\FIREFOX.EXE
C:\Devices\nohijackthist\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] d:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Remind!] D:\Aps\Remind!\remind.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [NetOnHold] .\FTNOHMgr.EXE /autoload
O4 - Global Startup: FaxTalk MOH.lnk = D:\Aps\FaxTalk\NOH\FTNohMGR.exe
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = D:\Aps\MS Office\Office\MSOFFICE.EXE
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181312103709
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A803A6-D1C5-442C-A88B-F265B9CD0635}: NameServer = 205.188.146.145
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - d:\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - d:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

I've set HijackThis IE settings all to 'blank' for the moment, while I try to determine what is happening between IE and FX.  It looks like FX is running on the IE engine, which is possible, I just don't know why it is doing so.  Need to see if perhaps I need to update my Mozilla (when I get time...).

I've about come to the point of saying I just have a quirky machine with a quirky set-up.  Certainly, WIN2000 is old and no longer supported - a number of the root certs have expired and that does not help.  I updated one Verisign cert following Verisign's directions and that made Win2000 VERY unhappy. 

BTW, I downloaded and ran the AVG - which picked up a couple of adware files recently acquired (while my firewall was down), other than that, it found no real problem.

I will work on getting some of the other Avast shields back up with special Kerio settings, then work on enabling some of the other services one by one... 

Thanks for everyone's help!  You've been most patient and kind. 

[clulessuser]

You may also want to check and make sure firefox is using the same proxy settings as IE.
In IE Look in Tools - Options - Connections - LAN Settings and note what boxes are checked and any proxy server address info.

In firefox look in Tools - Options - Connection Settings - and match your IE settings.

Thank you for that suggestion.  Actually, when I looked, I found I needed to change the IE settings...  It's been awhile since I had used IE... 

[Lisandro]

Kerio has not been getting along lately with my ISP's proxy & web accelerator.

Which are your proxy settings? How avast is set? Can you post screenshots?

It seems to come down to this:  1) there are conflicts between Kerio and Avast, in 'plain mode' (no special settings), I can run either one or the other with no problem;

There isn't a conflict as far I could test... your computer could have some incompatibilities but avast has no conflict with *any* firewall.

It has changed now because I made some changes.  But, yes, it is that short.  I have most every service that is not essential set to manual start right now while I've been trying to trace these weird problems.  That is why I included HijackThis's longer startup file, so everyone could see what is there but, for now, suppressed. Here is Hijack this as of a few moments ago

Seems ok.

[clulessuser]

Which are your proxy settings? How avast is set? Can you post screenshots?

Beats the heck out of me!     I even had a chat with the NS ISP support service the other night and they could not answer that question.  Currently, Avast is set to 'direct connection' (only thing it likes), FX and TB are set to 'autodetect', and - though I changed it yesterday - IE is back to being set to 'Bypass proxy for local addresses'...

It seems to come down to this:  1) there are conflicts between Kerio and Avast, in 'plain mode' (no special settings), I can run either one or the other with no problem;

There isn't a conflict as far I could test... your computer could have some incompatibilities but avast has no conflict with *any* firewall.

Apologies again for my imprecise wording. 

As I said earlier:

Kerio has not been getting along lately with my ISP's proxy & web accelerator.

This has caused any incompatibilities...

Thanks again!

[Lisandro]

Avast is set to 'direct connection' (only thing it likes)

So, avast only works this way?

FX and TB are set to 'autodetect', and - though I changed it yesterday - IE is back to being set to 'Bypass proxy for local addresses'...

But local addresses aren't the case here... we're talking about Internet (non-local) connection.
In that windows with 'Bypass proxy for local addresses' option, above it it should have the main 'Proxy server' option. Is it checked or not? If it is checked, you use a proxy, click on 'Advanced' button and see the proxy settings. But I really doubt you use a proxy. What I can't understand is that you're saying this...

my ISP's proxy & web accelerator.
This has caused any incompatibilities...

I can't understand which proxy your ISP could be using...

[clulessuser]

Avast is set to 'direct connection' (only thing it likes)

So, avast only works this way?

No, it works best this way...

FX and TB are set to 'autodetect', and - though I changed it yesterday - IE is back to being set to 'Bypass proxy for local addresses'...

But local addresses aren't the case here... we're talking about Internet (non-local) connection.
In that windows with 'Bypass proxy for local addresses' option, above it it should have the main 'Proxy server' option. Is it checked or not? If it is checked, you use a proxy, click on 'Advanced' button and see the proxy settings. But I really doubt you use a proxy. What I can't understand is that you're saying this...

Not just I, my ISP's software says this:

Diagnostic Tests:
  Test 1 - DNS Test
    Resolved: www.cnn.com
    Resolved: www.yahoo.com
    Resolved: www.google.com
    Resolved: webaccelerator.isp.netscape.com
  Test 2 - Server Proxy Test
    Connected to server
  Test 3 - Direct Connect
    Connected directly
    Direct connection speed = 205.17 Kbps
  Test 4 - Proxy Connect
    Connected to accelerated client proxy
    Accelerated connection speed = 407.09 Kbps
  Test 5 - Features Enabled
    Acceleration: Very High
    Image Quality: Good
    Email: Disabled
    Popup Blocker: Enabled
Complete.

Yes, the box is checked in IE Internet Options.  But, since the dialer (as well as my MOH) uses a loopback, technically, isn't every connection 'local'?

I don't know much about networking.  Just learning some of the terminology myself.

I can't understand which proxy your ISP could be using...

Nor can I.   However, I think perhaps you might be using a more restricted definition of 'proxy' than my ISP (which is really AOL branded as Netscape).  How could one have a 'direct connection' to all of AOL via slipstream?   

[Lisandro]

Yes, the box is checked in IE Internet Options.  But, since the dialer (as well as my MOH) uses a loopback, technically, isn't every connection 'local'?

loopback is local, but you can be using another port (besides 80), so your proxy would be something like a port number and 127.0.0.1... but I need to know which port it uses to configure avast properly to update.