[Don Stewart]

Phil,

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
is the one that goes away "Fix Checked", but always comes back and you determined that it had no file and thus was just clutter.

When I do "Fix Checked" to O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide does that just eliminate it from start-up only, not really deleting it all together?

PS-here is what Earthlink states about it's PCC:
The EarthLink Protection Control Center is organized into easy-to-manage sections for each of the individual protection tools, which includes EarthLink's AntiVirus, Spyware BlockerTM, ScamBlockerTM and Firewall protection.

Here is their new promotion or enhancement to PCC....for an additional $2.95 a month:

ATTACK SHIELD

Detect unknown viruses and spyware even before your antivirus software has been updated to combat them.

Reinforce traditional "reactive" antivirus software to improve the overall security of your computer.
Shield you against network viruses, which can infect your computer directly through the Internet without having to hide in email messages or attached files.

Differentiate between hostile programs and those that have been hijacked to perform malicious actions—assuring that no essential software is ever removed.

Work reliably—won't generate false alarms or impede your computer's performance.

Now sure how it does the detection (item 1) on unknown, but does this sound like a good addition?

Edited by Don Stewart, 28 February 2007 - 03:06 PM.

[Advertisements]

Hello Don

I've just returned from eye laser surgery place, they will do it for £795 per eye, that's £1590 as I have two, or in dollars around $3000. That's the cheap LASIK not wave front which is £1195 per eye, or £2390 or $4500.

Aren't you glad you don't live in the UK?

Anyway, yes that line is just clutter, it may even be Windows Defender that puts it back (it has always been known for that even when it belonged to GIANT). Removing it from start up will not harm or remove it from your PC.

If you are going to stick with Earthlinks Protection Programme, I would also run Spyware Blaster and MVPS hosts, they will not interfere at all.

Here are some facts and not hype:

All AV programmes have false positives.

No AV programme is anywhere near 100% successful

No antimalware scanner is anywhere near 100% successful

Every firewall will allow an attack at some stage, but it may ask you first.

You can test your firewall at http:\\www.grc.com Follow the signs for shields up and when you get to the page, request an all ports scan. It will then start probing to see if you answer its requests.

[Crustyoldbloke]

Hello Don

I've just returned from eye laser surgery place, they will do it for £795 per eye, that's £1590 as I have two, or in dollars around $3000. That's the cheap LASIK not wave front which is £1195 per eye, or £2390 or $4500.

Aren't you glad you don't live in the UK?

Anyway, yes that line is just clutter, it may even be Windows Defender that puts it back (it has always been known for that even when it belonged to GIANT). Removing it from start up will not harm or remove it from your PC.

If you are going to stick with Earthlinks Protection Programme, I would also run Spyware Blaster and MVPS hosts, they will not interfere at all.

Here are some facts and not hype:

All AV programmes have false positives.

No AV programme is anywhere near 100% successful

No antimalware scanner is anywhere near 100% successful

Every firewall will allow an attack at some stage, but it may ask you first.

You can test your firewall at http:\\www.grc.com Follow the signs for shields up and when you get to the page, request an all ports scan. It will then start probing to see if you answer its requests.

[Don Stewart]

Phil,
Did you actually do both eye's at the same time? Hope they are doing fine! Anyway, PC was running slow after all this and I decided to run a few of the downloads you suggested on 2-23. Was one of them a McAfee product that would have put a big red M icon on your desktop? Well I tried running it and it gave me an error. I'm attacing the error and a new HJT.

NOTE: the BLACK part of the error is now FLASHING on my screen every 7 seconds...VERY BAD! Hope you can help......have since deleted that program off my PC.

Logfile of HijackThis v1.99.1
Scan saved at 07:52, on 07-03-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
C:\Program Files\SiteAdvisor\5248\SAService.exe
C:\Program Files\Common Files\ADS\ADSService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120883553468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156023856312
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1976DA6-9326-4A05-B702-15699748D623}: NameServer = 207.69.188.185 207.69.188.186
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Aluria Software, a division of EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe" EarthLinkSafeConnectAgent (file missing)
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5248\SAService.exe

Edited by Don Stewart, 03 March 2007 - 10:19 AM.

[Crustyoldbloke]

Don

There is nothing wrong with Site Advisor, although some people have reported it as slowing the PC down some. All it does is highlight a site as known good, bad or not known. It really is intended, I think, for parents to put on PC's that their children use. Your protection service is seeing as something bad, so we call those false positives. If it interferes with your Earthlink Protection, get rid of it.

BTW, I thought you were going to uninstall Windows Defender from the add or remove applet in the control panel. It is running on your PC.

Please ensure that you install the MVPS Hosts file and update it every month.

Your log looks fine.

BTW, I only had the assessment for my eyes and those prices are too high for me. I have found a guy on eBay that does it and offers special prices to get his clinics working more of the time, so he's doing it soon. I will arrange a date on Monday next. I'm having both done for £1185 ($2275).

[Don Stewart]

Are you planning on doing both eyes at the same time....Wow! Scary! Deleted SiteAdv. that was causing pop-up every 7 seconds.

Regarding Hosts......after extracting files it creates another folder.....do I need to do anything after that?

PS-what is your thoughts about Tune-up Utilities software? Looking for anything to speed up my PC?

Edited by Don Stewart, 03 March 2007 - 11:45 AM.

[Crustyoldbloke]

Yes, both eyes at the same time. It only takes 20 minutes for the op.

Download and Install MVPS hosts file.

This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

Please go to: MVPS Hosts file

If you scroll down the MVPS page, you will see an animated folder next to hosts.zip Download that file to your desktop and right click on it, choose EXTRACT ALL and a window will open containing the files, double click mvps.bat and a DOS screen will open inviting you to press any key to continue. That's all there is to it.

Please bookmark/add to favourite this site as the file is updated every 14 days, so you need to do this once a month.

From now on, whilst surfing, you will notice some sites not loading and you may see the word “advertisement” on some pages, this is because the IP address of either the site or advertiser is known as bad and it is being blocked.

------------------------------------------------------------------

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2007 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

[Don Stewart]

Phil,
All seems to be well with my PC, THANKS to you. I hear nothing but good news about the eye surgery......only comments were mostly "why didn't I do it sooner".
Hey, not sure if you are or were a beer drinker, but I just discovered a great beer from Dunston, England named Newcastle. Normally I don't like dark beers, as they tend to leave an after taste in your mouth, but this one is an exception to the rule.......it's great.
PS-plan on making a donation to your cause (I have MS myself) and good luck with your eyes.

[Crustyoldbloke]

Don

Firstly may I thank you for your generosity?

I am sorry to hear of your MS, that's a real blow, awful condition. I have a friend who does voluntary work with MS sufferers.

Newcastle Brown Ale (Newkey brown as it is known) is quite smooth, but Boy's beer none the less. It is a big seller in the UK, especially the North East.

The eye thing is either now or never. I am myopic and have worn specs since I was 18. My vision lately is rubbish, so this takes the money from a planned holiday.

[Crustyoldbloke]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.