Win2000 Registry - Does anyone recognize this???

system · 2007-06-21T14:59:44.000Z

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[WUWebControl Class]
InProcServer32 = C:\WINNT\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181312103709

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Sun Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

Enumerating Winsock LSP files:

NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\services.exe (autostart)
Application Management: %SystemRoot%\system32\services.exe (autostart)
avast! iAVS4 Control Service: “d:\Alwil Software\Avast4\aswUpdSv.exe” (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: “d:\Alwil Software\Avast4\ashServ.exe” (autostart)
avast! Mail Scanner: “d:\Alwil Software\Avast4\ashMaiSv.exe” /service (manual start)
avast! Web Scanner: “d:\Alwil Software\Avast4\ashWebSv.exe” /service (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (autostart)
Computer Browser: %SystemRoot%\System32\services.exe (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Crystal WDM Audio Codec Driver: system32\drivers\cwbwdm.sys (manual start)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (manual start)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (autostart)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system)
GlidePoint PS/2 Touchpad Filter: system32\DRIVERS\glideps2.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
HID Input Service: %SystemRoot%\system32\hidserv.exe (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
i

system · 2007-06-21T15:00:24.000Z

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IntelC51: system32\DRIVERS\IntelC51.sys (manual start)
IntelC52: system32\DRIVERS\IntelC52.sys (manual start)
IntelC53: system32\DRIVERS\IntelC53.sys (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (manual start)
Workstation: %SystemRoot%\System32\services.exe (autostart)
LexBce Server: C:\WINNT\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (manual start)
Messenger: %SystemRoot%\System32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
mohfilt: system32\DRIVERS\mohfilt.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (autostart)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (autostart)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCI Utility: ??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PCIUtil.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
S3Inc: System32\DRIVERS\s3mt3d.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (manual start)
RunAs Service: %SystemRoot%\system32\services.exe (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (disabled)
SNMP Service: %SystemRoot%\System32\snmp.exe (disabled)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Sunbelt Personal Firewall 4: “C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (manual start)
TVICHW32: ??\C:\WINNT\system32\DRIVERS\TVICHW32.SYS (manual start)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
User Profile Hive Cleanup: D:\utils\UPHClean\uphclean.exe (autostart)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Enumerating Windows NT logon/logoff scripts:
No scripts set to run

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT ‘Wininit.ini’:
PendingFileRenameOperations: Registry value not found

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Registry key not found

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Registry key not found

End of report, 27,684 bytes
Report generated in 0.381 seconds

essexboy · 2007-06-21T18:13:04.000Z

hidusb.sys is for the usb hub. Have you placed a new hub on your system or started using a usb device

system · 2007-06-21T18:33:20.000Z

Thank you, I just found the same information from another utility.

Yes, 3 months ago I installed a new Lexmark All-in-One device. It was working fine, then the scanner stopped working. Lexmark says ship the machine to them and they’ll send a new one. I think it is a driver problem. This is one of many problems that have been arising lately. The Lexmark set-up sets it up automatically as as ‘server’ printer, though it is only used as a local printer. I’ve disabled the server service for the moment (a couple of days ago). It prints just fine. The scanner/copier stopped working about a month ago.

I am connected with only Avast’s network & web shield at the moment (no firewall). Sunbelt is looking at my FW problem.

BTW, I tried DavidR’s Drop My Rights (took awhile to find it, the link here is out of date), but it tells me that it cannot find an entrance through the ADVAVI32.dll.

system · 2007-06-21T18:44:22.000Z

Your Hijackthis log shows an O17 entry which typically indicates a domain hijack. The address appears to point to an AOL proxy server, but I don’t see the typical signs of an AOL installation. If this entry doesn’t point to your ISP I suggest you remove it.

system · 2007-06-21T19:00:48.000Z

ComputerVet post:14:

Your Hijackthis log shows an O17 entry which typically indicates a domain hijack. The address appears to point to an AOL proxy server, but I don’t see the typical signs of an AOL installation. If this entry doesn’t point to your ISP I suggest you remove it.

In terms of ‘branding’, my ISP is Netscape & the 'dialer is Netscape. In terms of proxies, servers, & DNS, it is really AOL - I just do not have the AOL bells & whistles.

AFAIK, the entry is as it should be. Here is a 'diagnostics report from my NS Web Accelerator:

System Information: Thu Jun 21 14:03:28 2007 Microsoft Windows 2000 Professional Service Pack 4 (Build 2195) Disk space (C drive) Available space to user = 1069 MB Total space = 4024 MB Free space on drive = 1069 MB Memory Usage Load = 91% Total Physical = 127 MB Free Physical = 10 MB Complete.
Internet Settings:
IE Version = 1.2
Active Connections
Netscape
Local Area Network
All Connections
Netscape
Server = “http=127.0.0.1:5400”
Bypass = “;127.0.0.1:5400;update.microsoft.com;windowsupdate.microsoft.com;windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;.nai.com;.networkassociates.com;mcafee.com;.mapquest.com;.phobos.apple.com;update.adobe.com;admin.isp.netscape.com"
Local Area Network
Server = “http=127.0.0.1:5400”
Bypass = ";127.0.0.1:5400;update.microsoft.com;windowsupdate.microsoft.com;windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;.nai.com;.networkassociates.com;mcafee.com;.mapquest.com;.phobos.apple.com;update.adobe.com;admin.isp.netscape.com”
Listening TCP Ports
ANY:135
ANY:445
ANY:1025
ANY:1029
ANY:1034
ANY:44334
ANY:44501
127.0.0.1:5400
127.0.0.1:12080
127.0.0.1:12110
127.0.0.1:12143
172.147.109.113:139
Complete.

Registry Information:
Local Machine - SlipStream (Installation)
InstallerVer = “1.0”
Current User - SlipStream
RSH = “webaccelerator.isp.netscape.com”
RSIP = “205.188.146.146”
PEL = “update.microsoft.com”
Popup Blocker
Unregistered
Internet Settings
Default browser
C:\Program Files\Internet Explorer\iexplore.exe
6.00.2800.1106
User Agent = “Mozilla/4.0 (compatible; MSIE 6.0; Win32)”
Proxy Enable = 1
Proxy Server = “http=127.0.0.1:5400”
Enable Http 1.1 = 1
Proxy Http 1.1 = 0
Max Connections 1.0 = 16
Network Settings
Complete.

LSP Information:
Could not start process
Complete.

Branding Information:
$COMPANY$ = “Netscape”
$APP$ = “Netscape Web Accelerator”
$APPSHORT$ = “Netscape Web Accelerator”
$SERVICE$ = “Netscape Internet Service”
$EMAIL$ = “Netscape Email Accelerator”
$LOGIN$ = “Enter your Netscape screenname/password.”
$ISP$ = “ISP”
$CUSTSERV$ = “Netscape Member Services”
Complete.

Process Information:
Memory Information
Page Fault Count = 2142
Total Usage = 2392 KB
Peak Usage = 5756 KB
Modules
ntdll.dll 5.00.2195.7006
comctl32.dll 5.81
gdi32.dll 5.00.2195.7133
kernel32.dll 5.00.2195.7099
user32.dll 5.00.2195.7133
advapi32.dll 5.00.2195.7038
rpcrt4.dll 5.00.2195.7085
wininet.dll 6.00.2800.1593
msvcrt.dll 6.10.9844.0
shlwapi.dll 6.00.2800.1907 (xpsp2.070219-1040)
crypt32.dll 5.131.2195.6926
msasn1.dll 5.00.2195.6905
oleaut32.dll 2.40.4522
ole32.dll 5.00.2195.7059
rasapi32.dll 5.00.2195.6920
rasman.dll 5.00.2195.6824
ws2_32.dll 5.00.2195.6601
ws2help.dll 5.00.2134.1
tapi32.dll 5.00.2195.6664
shell32.dll 5.00.3900.7105
iphlpapi.dll 5.00.2195.7097
icmp.dll 5.00.2134.1
mprapi.dll 5.00.2181.1
samlib.dll 5.00.2195.6944
netapi32.dll 5.00.2195.7108
secur32.dll 5.00.2195.6695
ntdsapi.dll 5.00.2195.6666
dnsapi.dll 5.00.2195.7100
wsock32.dll 5.00.2195.6603
wldap32.dll 5.00.2195.7017
netrap.dll 5.00.2134.1
activeds.dll 5.00.2195.6601
adsldpc.dll 5.00.2195.6993
rtutils.dll 5.00.2168.1
setupapi.dll 5.00.2195.6622
userenv.dll 5.00.2195.7002
dhcpcsvc.dll 5.00.2195.7085
version.dll 5.00.2195.6623
lz32.dll 5.00.2195.6611
psapi.dll 4.00
imagehlp.dll 5.00.2195.6613
sensapi.dll 5.00.2195.6627
clbcatq.dll 2000.2.3529.0
sdicore.dll 3.2.12
msafd.dll 5.00.2195.6602
wshtcpip.dll 5.00.2195.6601
rsabase.dll 5.00.2195.6619
Complete.

Diagnostic Tests:
Test 1 - DNS Test
Resolved: www.cnn.com
Resolved: www.yahoo.com
Resolved: www.google.com
Resolved: webaccelerator.isp.netscape.com
Test 2 - Server Proxy Test
Connected to server
Test 3 - Direct Connect
Connected directly
Direct connection speed = 91.74 Kbps
Test 4 - Proxy Connect
Connected to accelerated client proxy
Accelerated connection speed = 206.76 Kbps
Test 5 - Features Enabled
Acceleration: High
Image Quality: Very Good
Email: Disabled
Popup Blocker: Enabled
Complete.

system · 2007-06-21T19:03:20.000Z

What is strange is that IE has been changed to my default browser…

UPDATE - However, FF tells me IT is the default browser… ???

system · 2007-06-21T20:11:05.000Z

Ok, scratch that. Here’s A full write up on your question.

http://www.personal-computer-tutor.com/abc3/v29/vic29.htm

system · 2007-06-21T21:54:57.000Z

ComputerVet post:17:

Thank you. That confirms essexboy’s original answer to my original question.

Perhaps I should start a new thread? The information on past browsing is there in the registry due to this ‘feature’ of IE (whether IE Is the browser you actually use or not). From what I’ve read so far, there are some ‘bugs’ that can decrypt and use this information for non-legitimate means, including some form of browser ‘hijacking’.

If Avast cannot find it, what are other recommendations?

Lisandro · 2007-06-21T22:21:11.000Z

cluelessuser post:18:

If Avast cannot find it, what are other recommendations?

The better will be a HijackThis log.

It will be good, too, if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

system · 2007-06-21T22:32:43.000Z

I just closed Firefox because I could not even connect to my ISP account page, much less to this forum… Yet without changing my connection whatsoever, I open IE and have no problem bringing up these URLs…

PS: So, something has not only changed my ‘default’ browser to IE, it changed my IE ‘homepage’ setting (back to MSN), and has done SOMETHING that lets IE connect to the Internet, but does not let Firefox and Thunderbird connect.

IE is not my preferred browser…

Tech post:19:

The better will be a HijackThis log.

Yes, I posted that earlier in this thread:

http://forum.avast.com/index.php?topic=28910.msg237143#msg237143

Tech post:19:

It will be good, too, if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

Well, my bandwidth shrinks over time as I stay connected. But I will try to download one of these.

Thank you.

Lisandro · 2007-06-22T12:00:29.000Z

cluelessuser post:20:

SOMETHING that lets IE connect to the Internet, but does not let Firefox and Thunderbird connect.

Isn’t Kerio blocking the other two? Can you uninstall Kerio for a while and test? Maybe disabling is not enough…

cluelessuser post:20:

Yes, I posted that earlier in this thread:
http://forum.avast.com/index.php?topic=28910.msg237143#msg237143

But is it the same right now or it changed?
Is it that short or you’re doing it at Safe Mode?

system · 2007-06-22T12:33:17.000Z

You may also want to check and make sure firefox is using the same proxy settings as IE.
In IE Look in Tools - Options - Connections - LAN Settings and note what boxes are checked and any proxy server address info.

In firefox look in Tools - Options - Connection Settings - and match your IE settings.

system · 2007-06-22T16:20:39.000Z

Tech post:21:

cluelessuser post:20:

SOMETHING that lets IE connect to the Internet, but does not let Firefox and Thunderbird connect.

Isn’t Kerio blocking the other two? Can you uninstall Kerio for a while and test? Maybe disabling is not enough…

I have uninstalled and re-installed Kerio several times lately. Kerio has not been getting along lately with my ISP’s proxy & web accelerator. I now seem to have the problem fixed. Kerio was keeping a number of aps from communicating with the proxy and therefore with the Internet in general.

It seems to come down to this: 1) there are conflicts between Kerio and Avast, in ‘plain mode’ (no special settings), I can run either one or the other with no problem; 2) I had prepared some Avanced Packet Filters (Kerio’s terminology for some special IP, protocol, & port settings) for Avast and had both running for awhile; 3) something did away with those APFs; 4) I now have only Avast Standard shield running and the AVS updating running; and 5) finally have Kerio and most (maybe all) applications communicating with the proxy and therefore the Internet.

Lastly, I now have a ‘baseline’ config saved for Kerio (some of this started with a recent Kerio update).

Tech post:21:

cluelessuser post:20:

Yes, I posted that earlier in this thread:
http://forum.avast.com/index.php?topic=28910.msg237143#msg237143

But is it the same right now or it changed?
Is it that short or you’re doing it at Safe Mode?

It has changed now because I made some changes. But, yes, it is that short. I have most every service that is not essential set to manual start right now while I’ve been trying to trace these weird problems. That is why I included HijackThis’s longer startup file, so everyone could see what is there but, for now, suppressed.

Here is Hijack this as of a few moments ago:

Logfile of HijackThis v1.99.1 Scan saved at 10:59:07 AM, on 6/22/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
D:\ALWILS~1\Avast4\ashDisp.exe
D:\Aps\Remind!\remind.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
D:\Aps\FaxTalk\NOH\FTNohMGR.exe
D:\Aps\MS Office\Office\MSOFFICE.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Common Files\ISPCOMP\SystemTrayIcon.exe
C:\Program Files\Netscape Internet Service_NSWatchman.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
D:\APS\FIREFOX\MOZILL~1\FIREFOX.EXE
C:\Devices\nohijackthist\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..\Run: [avast!] d:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Remind!] D:\Aps\Remind!\remind.exe
O4 - HKLM..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM..\Run: [NetOnHold] .\FTNOHMgr.EXE /autoload
O4 - Global Startup: FaxTalk MOH.lnk = D:\Aps\FaxTalk\NOH\FTNohMGR.exe
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = D:\Aps\MS Office\Office\MSOFFICE.EXE
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Sun Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181312103709
O17 - HKLM\System\CCS\Services\Tcpip..{75A803A6-D1C5-442C-A88B-F265B9CD0635}: NameServer = 205.188.146.145
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - d:\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - d:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

I’ve set HijackThis IE settings all to ‘blank’ for the moment, while I try to determine what is happening between IE and FX. It looks like FX is running on the IE engine, which is possible, I just don’t know why it is doing so. Need to see if perhaps I need to update my Mozilla (when I get time…).

I’ve about come to the point of saying I just have a quirky machine with a quirky set-up. Certainly, WIN2000 is old and no longer supported - a number of the root certs have expired and that does not help. I updated one Verisign cert following Verisign’s directions and that made Win2000 VERY unhappy. :

BTW, I downloaded and ran the AVG - which picked up a couple of adware files recently acquired (while my firewall was down), other than that, it found no real problem.

I will work on getting some of the other Avast shields back up with special Kerio settings, then work on enabling some of the other services one by one… :

Thanks for everyone’s help! You’ve been most patient and kind.

system · 2007-06-22T16:26:52.000Z

ComputerVet post:22:

You may also want to check and make sure firefox is using the same proxy settings as IE.
In IE Look in Tools - Options - Connections - LAN Settings and note what boxes are checked and any proxy server address info.

In firefox look in Tools - Options - Connection Settings - and match your IE settings.

Thank you for that suggestion. Actually, when I looked, I found I needed to change the IE settings… It’s been awhile since I had used IE… :-X

Lisandro · 2007-06-23T01:30:56.000Z

cluelessuser post:23:

Kerio has not been getting along lately with my ISP’s proxy & web accelerator.

Which are your proxy settings? How avast is set? Can you post screenshots?

cluelessuser post:23:

It seems to come down to this: 1) there are conflicts between Kerio and Avast, in ‘plain mode’ (no special settings), I can run either one or the other with no problem;

There isn’t a conflict as far I could test… your computer could have some incompatibilities but avast has no conflict with any firewall.

cluelessuser post:23:

It has changed now because I made some changes. But, yes, it is that short. I have most every service that is not essential set to manual start right now while I’ve been trying to trace these weird problems. That is why I included HijackThis’s longer startup file, so everyone could see what is there but, for now, suppressed. Here is Hijack this as of a few moments ago

Seems ok.

system · 2007-06-23T21:22:45.000Z

Tech post:25:

Which are your proxy settings? How avast is set? Can you post screenshots?

Beats the heck out of me! :-\ I even had a chat with the NS ISP support service the other night and they could not answer that question. Currently, Avast is set to ‘direct connection’ (only thing it likes), FX and TB are set to ‘autodetect’, and - though I changed it yesterday - IE is back to being set to ‘Bypass proxy for local addresses’…

Tech post:25:

cluelessuser post:23:

It seems to come down to this: 1) there are conflicts between Kerio and Avast, in ‘plain mode’ (no special settings), I can run either one or the other with no problem;

There isn’t a conflict as far I could test… your computer could have some incompatibilities but avast has no conflict with any firewall.

Apologies again for my imprecise wording.

As I said earlier:

cluelessuser post:23:

Kerio has not been getting along lately with my ISP’s proxy & web accelerator.

This has caused any incompatibilities…

Thanks again!

Lisandro · 2007-06-24T13:15:45.000Z

cluelessuser post:26:

Avast is set to ‘direct connection’ (only thing it likes)

So, avast only works this way?

cluelessuser post:26:

FX and TB are set to ‘autodetect’, and - though I changed it yesterday - IE is back to being set to ‘Bypass proxy for local addresses’…

But local addresses aren’t the case here… we’re talking about Internet (non-local) connection.
In that windows with ‘Bypass proxy for local addresses’ option, above it it should have the main ‘Proxy server’ option. Is it checked or not? If it is checked, you use a proxy, click on ‘Advanced’ button and see the proxy settings. But I really doubt you use a proxy. What I can’t understand is that you’re saying this…

cluelessuser post:26:

my ISP’s proxy & web accelerator.
This has caused any incompatibilities…

I can’t understand which proxy your ISP could be using…

system · 2007-06-24T22:35:31.000Z

Tech post:27:

cluelessuser post:26:

Avast is set to ‘direct connection’ (only thing it likes)

So, avast only works this way?

No, it works best this way…

Tech post:27:

cluelessuser post:26:

FX and TB are set to ‘autodetect’, and - though I changed it yesterday - IE is back to being set to ‘Bypass proxy for local addresses’…

But local addresses aren’t the case here… we’re talking about Internet (non-local) connection.
In that windows with ‘Bypass proxy for local addresses’ option, above it it should have the main ‘Proxy server’ option. Is it checked or not? If it is checked, you use a proxy, click on ‘Advanced’ button and see the proxy settings. But I really doubt you use a proxy. What I can’t understand is that you’re saying this…

Not just I, my ISP’s software says this:

Diagnostic Tests: Test 1 - DNS Test Resolved: www.cnn.com Resolved: www.yahoo.com Resolved: www.google.com Resolved: webaccelerator.isp.netscape.com Test 2 - Server Proxy Test Connected to server Test 3 - Direct Connect Connected directly Direct connection speed = 205.17 Kbps Test 4 - Proxy Connect Connected to accelerated client proxy Accelerated connection speed = 407.09 Kbps Test 5 - Features Enabled Acceleration: Very High Image Quality: Good Email: Disabled Popup Blocker: Enabled Complete.

Yes, the box is checked in IE Internet Options. But, since the dialer (as well as my MOH) uses a loopback, technically, isn’t every connection ‘local’?

I don’t know much about networking. Just learning some of the terminology myself.

Tech post:27:

I can’t understand which proxy your ISP could be using…

Nor can I. However, I think perhaps you might be using a more restricted definition of ‘proxy’ than my ISP (which is really AOL branded as Netscape). How could one have a ‘direct connection’ to all of AOL via slipstream? ???

Lisandro · 2007-06-24T23:05:25.000Z

cluelessuser post:28:

Yes, the box is checked in IE Internet Options. But, since the dialer (as well as my MOH) uses a loopback, technically, isn’t every connection ‘local’?

loopback is local, but you can be using another port (besides 80), so your proxy would be something like a port number and 127.0.0.1… but I need to know which port it uses to configure avast properly to update.

Announcements