You have multiple processes loaded, starting on boot and running in the background. NONE of them need to start on boot. They are legitimate entries so the removal is Optional. To cut down on the internet activity as well as to free up some resources, I suggest you have HIJT remove them, then take each off of startup.
NOTE: The Optional removals are in green, some with descriptions.
Please reopen HijackThis to
'do system scan only.' Check each of the following if present:
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe>> Simple Star PhotoShow_Deluxe photo editing and organizing software;
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE>> monitor the status of the printer.
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe>> create labels after a music CD is burned using LightScribe discs.
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start>> Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe>> Default settings software
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe">> This program will alert you if another program attempts to change your browser's default search engine to something other than Yahoo.
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O4 - HKLM\..\Run: [ChangeResolution] C:\hp\bin\ChangeResolution.exe
Close all Windows except HijackThis and click on
"Fix Checked."
If you agree with the optional removals in the log, taker them off of Startup:
Start> Run> type in
msconfig> enter> Selective Startup> Startup tab> find each of the entries in the processes you have HJT remove> UNCHECK> when through click on Apply> OK
Start> Run> type in
'services.msc'> look for the following Service:
YahooAUService
Change Startup type to Manual> Close Services.
Please note: the first time you reboot after changing the Startup using
msconfig you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.
Please submit this file to Virus scan for identification:
Please go to
http://virusscan.jotti.org/en to upload these suspicious files for analysis.
- Browse to the following location and Copy the following files and paste in the Submit box:
File: getPlus_Helper.dll
File: Get1noarp
[b[Location: [/b]O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp[/b]
- Click on Submit.
- Wait for the scan. Paste the results in your next reply.
Rscan with HJT and paste new log in next reply.
Edit: Almost forgot: Go to Control Panel> Internet Options> Security tab> Restricted zone> Sites> type each of the following in> then click on ADD> click on Apply> OK when both have been added:
*.SearchAWeb.com
*.adMarketplace.com
Include the *: it is a Wold Card.