hijack this

RussJK

Could you re-run it and press None again, but this time check the box next to 'Reg - Disabled MS Config items', and then Run scan.

I'd originally written instructions for OTS, but when I rewrote them for OTL I accidentally left the link to OTS instead of OTL - oops

atro1

this one

OTS logfile created on: 27/08/2011 17:56:38 - Run 2
OTS by OldTimer - Version 3.1.44.4     Folder = C:\Users\suzy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.75 Gb Total Space | 171.75 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.12 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SUZY-PC
Current User Name: suzy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 02:01:04 | 000,083,360 | ---- | M] (Microsoft Corporation)
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe -> [2008/10/24 16:52:56 | 002,954,552 | ---- | M] ()
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe -> [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia)
C:^Users^suzy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2011/06/06 12:55:28 | 000,937,920 | ---- | M] (Adobe Systems Incorporated)
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
DellSupportCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
dscactivate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe -> [2008/02/13 19:21:46 | 000,016,384 | ---- | M] ( )
ECenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\DELL\E-Center\EULALauncher.exe -> [2008/02/29 04:59:48 | 000,017,920 | ---- | M] ( )
ehTray.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Windows\ehome\ehtray.exe -> [2008/01/21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation)
EPSON SX110 Series hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Google Quick Search Box hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
GrooveMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation)
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
iKeyWorks hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Keyboard\Ikeymain.exe -> [2002/11/22 11:22:56 | 000,073,728 | ---- | M] ()
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2011/08/19 01:07:38 | 000,421,736 | ---- | M] (Apple Inc.)
Malwarebytes' Anti-Malware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware (reboot) hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe -> [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
Mamutu Guard hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
MSC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Microsoft Security Client\msseces.exe -> [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation)
PC Suite Tray hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -> [2011/06/16 15:21:06 | 001,500,160 | ---- | M] (Nokia)
Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2011/07/05 18:36:48 | 000,421,888 | ---- | M] (Apple Inc.)
RoxWatchTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions)
RtHDVCpl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2010/10/26 12:57:40 | 000,039,408 | ---- | M] (Google Inc.)
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"startup" -> 1 -> 
< End of report >

RussJK

Okay it looks fine, the appdata/roaming was just a start menu link - wanted to make sure it wasn't a program running out of the Appdata folder.

You will need to re-enable this one as it's Microsoft Security Essentials (the antivirus):
MSC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Microsoft Security Client\msseces.exe -> [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation)

Also you might want to let Secunia PSI run when it needs to, unless you manually update. In case you don't know what it is, it's a program that checks for updates to Windows and programs you have installed. Since you have Adobe Reader and Sun Java, it's very important for security reasons to keep them updated.

atro1

Thank you Russjk pc running much quicker! Saves my Blood Pressure !