TechSpot

Mouse pointer moving by itself on my Windows Vista laptop

Solved
By prasadvp
May 18, 2011
  1. Hai guys,
    Nice to meet you all here as I am new in this forum.
    I am facing the issue of my mouse pointer moving by itself erroneously on my Windows Vista laptop. Is this a virus/malware?? Please help me out to fix this problem.

    Thank you very much in advance.

    Regards
    Prasad
     
  2. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Did you try different mouse?
     
  3. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my Windows Vista laptop

    Hai,
    I tried different mouse and the same problem exist. I don't think there is a problem with the mouse. Please help me out..thanks...
     
  4. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. prasadvp

    prasadvp TS Rookie Topic Starter

    Hai,
    I completed all the steps as per the Updated 7-step Viruses/Spyware/Malware Preliminary Removal Instructions in TechSpot and the required logs are pasted below. Thanks for your reply. Please help me out.

    Regards
    Prasad.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6598

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    16-05-2011 22:06:37
    mbam-log-2011-05-16 (22-06-37).txt

    Scan type: Quick scan
    Objects scanned: 161255
    Time elapsed: 4 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{B36CB30A-6ED9-4C62-9A8A-7DE9FA234608} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ToolBand.XBTBPos00.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ToolBand.XBTBPos00 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RediffToolbar.RediffToolbar.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RediffToolbar.RediffToolbar (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\rediff toolbar\4.3\redifftoolbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.


    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-17 00:07:09
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
    Running: 8td7kp6g.exe; Driver: C:\Users\Prasad\AppData\Local\Temp\awliykod.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Prasad at 0:23:18.07 on 17-05-2011
    Internet Explorer: 7.0.6002.18005
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.91.1033.18.3066.1776 [GMT 5.5:30]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\TAMSvr.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\locator.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    C:\Windows\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Users\Prasad\Desktop\8td7kp6g.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Prasad\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://server.toolbar.rediff.com/toolbar/4.0/sidesearch.html?mode=toolbar
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    uSearch Bar = hxxp://server.toolbar.rediff.com/toolbar/4.0/sidesearch.html?mode=toolbar
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [<NO NAME>]
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
    mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
    mRun: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe
    mRun: [TosAutLk] c:\program files\toshiba\wirelesskeylogon\TosAutLk.exe -s
    mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    TCP: {FEB26F95-361B-43C4-ADB1-19B6066D2D55} = 10.62.64.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2007-6-28 42608]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-8-21 28792]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ids-di~1\20110510.001\IDSvix86.sys [2011-5-14 287792]
    R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-6-28 49152]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
    R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-5-27 628072]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-5-1 6144]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2007-6-28 2058776]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-5 224384]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-5 3658752]
    R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-4-26 100736]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-10-16 1251720]
    S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]
    .
    =============== Created Last 30 ================
    .
    2011-05-16 16:28:20 -------- d-----w- c:\users\prasad\appdata\roaming\Malwarebytes
    2011-05-16 16:28:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-16 16:28:09 -------- d-----w- c:\progra~2\Malwarebytes
    2011-05-16 16:28:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-16 16:28:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-09 19:05:28 -------- d-----w- c:\users\prasad\appdata\local\Apple Computer
    .
    ==================== Find3M ====================
    .
    2011-03-28 16:36:01 1409 ----a-w- c:\windows\QTFont.for
    .
    ============= FINISH: 0:24:03.51 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28-06-2007 04:42:33
    System Uptime: 17-05-2011 00:02:48 (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | uFC-PGA Socket | 2261/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 71.783 GiB free.
    E: is FIXED (NTFS) - 115 GiB total, 52.883 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office system
    Able2Extract v6.0
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    ALPS Touch Pad Driver
    AppCore
    AV
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Bluetooth Stack for Windows by Toshiba
    Camera Assistant Software for Toshiba
    ccCommon
    CD/DVD Drive Acoustic Silencer
    Crystal Reports 2008
    Etisalat 3G Modem
    Google Talk (remove only)
    Great Minds
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotspot Shield 1.56
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    Intel® Active Management Technology
    Intel® Matrix Storage Manager
    Internet Worm Protection
    Java(TM) 6 Update 6
    Jumblo
    K-Lite Codec Pack 3.2.0 Full
    Lippincott's Review for NCLEX-RN 8th Edition
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Studio
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files (English)
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft SQL Server VSS Writer
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCLEX Review 3000
    Nero 7 Essentials
    neroxml
    Nokia Connectivity Cable Driver
    Nokia Lifeblog 2.5
    Nokia NSeries Application Installer
    Nokia NSeries Content Copier
    Nokia NSeries Multimedia Player
    Nokia NSeries Music Manager
    Nokia NSeries System Utilities
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    Norton AntiVirus
    Norton AntiVirus (Symantec Corporation)
    Norton AntiVirus Help
    Norton AntiVirus Parent MSI
    Norton AntiVirus SYMLT MSI
    Norton Protection Center
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Ovi Desktop Sync Engine
    OviMPlatform
    PC Connectivity Solution
    Picasa 2
    Power Consumption Meter
    Presto! BizCard 5 SE (English Version)
    Presto! BizCard Component for Windows CE
    Presto! BizCard5 SE
    Realtek High Definition Audio Driver
    Rediff Bol
    Rediff Toolbar
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
    Saunders Q and A Review for NCLEX-RN
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Skype™ Beta 4.0
    SPBBC 32bit
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    Symantec
    Symantec Real Time Storage Protection Component
    SymNet
    TOSHIBA 180 Degrees Rotation Utility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Cooling Performance Diagnostic Tool
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA HDD Protection
    TOSHIBA Manuals
    Toshiba Online Product Information
    TOSHIBA PC Health Monitor
    TOSHIBA Recovery Disc Creator
    TOSHIBA SD Memory Boot Utility
    TOSHIBA SD Memory Utilities
    TOSHIBA Security Assist
    TOSHIBA Software Modem
    Toshiba TEMPRO
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Wireless Key Logon
    TRDCReminder
    TRORDCLauncher
    TrueSuite Access Manager
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinZip 14.5
    Yahoo! Messenger
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    How is mouse doing?

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my Windows Vista laptop

    Hai,
    Still the mouse problem is there(moving by itself). As per your instructions downloaded and run both aswMBR.exe and combofix.exe and the required log files are pasted below. Hope the issue will be fixed soon.Thank you very much for your support.

    Regards
    Prasad.


    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-20 13:05:10
    -----------------------------
    13:05:10.318 OS Version: Windows 6.0.6002 Service Pack 2
    13:05:10.318 Number of processors: 2 586 0x1706
    13:05:10.319 ComputerName: PRASAD-LAPTOP UserName: Prasad
    13:05:31.797 Initialize success
    13:06:43.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    13:06:43.350 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
    13:06:43.371 Disk 0 MBR read successfully
    13:06:43.376 Disk 0 MBR scan
    13:06:43.381 Disk 0 unknown MBR code
    13:06:43.390 Disk 0 scanning sectors +488396800
    13:06:43.425 Disk 0 scanning C:\Windows\system32\drivers
    13:06:51.794 Service scanning
    13:06:52.953 Disk 0 trace - called modules:
    13:06:52.980 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll acpi.sys iaStor.sys
    13:06:52.983 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868032d0]
    13:06:52.986 3 CLASSPNP.SYS[8a3158b3] -> nt!IofCallDriver -> \Device\THPDRV[0x86700778]
    13:06:52.989 5 thpdrv.sys[8a5a5439] -> nt!IofCallDriver -> [0x856c3418]
    13:06:52.992 7 acpi.sys[8068d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85160028]
    13:06:52.997 Scan finished successfully
    13:07:13.938 Disk 0 MBR has been saved successfully to "C:\Users\Prasad\Desktop\MBR.dat"
    13:07:13.946 The log file has been saved successfully to "C:\Users\Prasad\Desktop\aswMBR.txt"


    ComboFix 11-05-19.01 - Prasad 20-05-2011 13:28:49.1.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.91.1033.18.3066.1901 [GMT 5.5:30]
    Running from: c:\users\Prasad\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Hotspot Shield\HssIE\HsSIe.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-16 16:28 . 2011-05-16 16:28 -------- d-----w- c:\users\Prasad\AppData\Roaming\Malwarebytes
    2011-05-16 16:28 . 2011-05-16 16:28 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-16 16:28 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-16 16:28 . 2011-05-16 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-16 16:28 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-09 19:06 . 2011-05-09 19:06 -------- d-----w- c:\users\Prasad\AppData\Roaming\Apple Computer
    2011-05-09 19:05 . 2011-05-09 19:05 -------- d-----w- c:\users\Prasad\AppData\Local\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-28 16:36 . 2011-03-28 16:35 1409 ----a-w- c:\windows\QTFont.for
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
    @="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
    [HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
    2008-07-25 14:41 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
    "TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-05-27 451944]
    "TNRotate"="c:\program files\TOSHIBA\TNRotate\TNRotate.exe" [2008-06-12 607616]
    "TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13552160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-22 92704]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
    backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
    2008-05-09 10:49 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2008-04-22 06:33 184320 ----a-w- c:\program files\Apoint2K\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-04-29 06:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintNotifer]
    2008-09-03 12:47 712704 ------w- c:\program files\TrueSuite Access Manager\FpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\Prasad\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
    2007-10-31 21:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2007-05-15 11:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
    2007-09-28 15:03 75136 ----a-w- c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jumblo]
    2010-12-14 04:47 12948776 ----a-w- c:\program files\Jumblo.com\Jumblo\Jumblo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-12-20 12:38 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-26 17:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 12:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 11:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
    2010-07-02 08:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
    2008-06-03 01:38 367128 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwdBank]
    2008-09-03 15:20 3152384 ----a-w- c:\program files\TrueSuite Access Manager\PwdBank.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2007-05-15 11:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    2008-06-24 09:06 509816 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 13:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
    2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSDCR]
    2007-08-28 09:30 169296 ----a-w- c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
    2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbMonitor]
    2008-07-25 14:41 94208 ----a-w- c:\program files\TrueSuite Access Manager\usbnotify.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3292681905-1200308339-594442849-1000]
    "EnableNotificationsRef"=dword:00000002
    .
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 100736]
    R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-21 11264]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
    R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-09 242712]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]
    S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-25 42608]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-08-21 28792]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 13336]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20110510.001\IDSvix86.sys [2010-09-15 287792]
    S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-09-02 49152]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-10 40960]
    S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
    S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2008-05-27 628072]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2008-04-30 6144]
    S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-06-03 2058776]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
    S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LPDService REG_MULTI_SZ LPDSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-21 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Prasad.job
    - c:\program files\Norton AntiVirus\Navw32.exe [2007-01-14 12:09]
    .
    2011-05-20 c:\windows\Tasks\User_Feed_Synchronization-{BD9840F8-C3BB-47C1-82FA-962599BC45C3}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: {FEB26F95-361B-43C4-ADB1-19B6066D2D55} = 10.62.64.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-Google Update - c:\users\Prasad\AppData\Local\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-NDSTray - NDSTray.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
    MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-Yahoo Messengger - c:\users\Prasad\Desktop\system3_.exe
    MSConfigStartUp-Yahoo Messsengger - c:\windows\system32\SMSSS.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-20 13:34
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????:4f????`?q???q???q?? q?(
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-05-20 13:36:19
    ComboFix-quarantined-files.txt 2011-05-20 08:06
    .
    Pre-Run: 76,555,755,520 bytes free
    Post-Run: 76,282,609,664 bytes free
    .
    - - End Of File - - 689D33B10C4A18EA9E57C64AB026B1D7
     
  8. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  9. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my Windows Vista laptop

    Hai Broni,
    Thanks for your help. As mentioned in your reply I downloaded and scanned my laptop with both TDSSKiller and SUPERAntiSpyware and the corresponding logs are pasted below. Please check it and update how to fix this issue once. Thank you once again.

    Regards,
    Prasad.


    2011/05/22 23:29:47.0309 4884 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
    2011/05/22 23:29:47.0590 4884 ================================================================================
    2011/05/22 23:29:47.0590 4884 SystemInfo:
    2011/05/22 23:29:47.0590 4884
    2011/05/22 23:29:47.0590 4884 OS Version: 6.0.6002 ServicePack: 2.0
    2011/05/22 23:29:47.0590 4884 Product type: Workstation
    2011/05/22 23:29:47.0590 4884 ComputerName: PRASAD-LAPTOP
    2011/05/22 23:29:47.0590 4884 UserName: Prasad
    2011/05/22 23:29:47.0590 4884 Windows directory: C:\Windows
    2011/05/22 23:29:47.0590 4884 System windows directory: C:\Windows
    2011/05/22 23:29:47.0590 4884 Processor architecture: Intel x86
    2011/05/22 23:29:47.0590 4884 Number of processors: 2
    2011/05/22 23:29:47.0590 4884 Page size: 0x1000
    2011/05/22 23:29:47.0590 4884 Boot type: Normal boot
    2011/05/22 23:29:47.0590 4884 ================================================================================
    2011/05/22 23:29:47.0918 4884 Initialize success
    2011/05/22 23:30:58.0664 0936 ================================================================================
    2011/05/22 23:30:58.0664 0936 Scan started
    2011/05/22 23:30:58.0664 0936 Mode: Manual;
    2011/05/22 23:30:58.0664 0936 ================================================================================
    2011/05/22 23:30:59.0412 0936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/05/22 23:30:59.0553 0936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/05/22 23:30:59.0615 0936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/05/22 23:30:59.0724 0936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/05/22 23:30:59.0771 0936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/05/22 23:30:59.0912 0936 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/05/22 23:31:00.0005 0936 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/05/22 23:31:00.0146 0936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/05/22 23:31:00.0208 0936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/05/22 23:31:00.0302 0936 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
    2011/05/22 23:31:00.0364 0936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/05/22 23:31:00.0473 0936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/05/22 23:31:00.0520 0936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/05/22 23:31:00.0614 0936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/05/22 23:31:00.0676 0936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/05/22 23:31:00.0785 0936 ApfiltrService (95116e2bcfaf5a36af0369050e92b9a5) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/05/22 23:31:00.0941 0936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/05/22 23:31:01.0004 0936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/05/22 23:31:01.0144 0936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/22 23:31:01.0191 0936 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    2011/05/22 23:31:01.0300 0936 ATSWPDRV (4e6833f9591dc6a37e70dc188793f5be) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
    2011/05/22 23:31:01.0456 0936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/05/22 23:31:01.0534 0936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/05/22 23:31:01.0628 0936 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/22 23:31:01.0690 0936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/05/22 23:31:01.0784 0936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/05/22 23:31:01.0846 0936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/05/22 23:31:01.0893 0936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/05/22 23:31:01.0971 0936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/05/22 23:31:02.0033 0936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/05/22 23:31:02.0127 0936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/05/22 23:31:02.0361 0936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/22 23:31:02.0439 0936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/22 23:31:02.0532 0936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/05/22 23:31:02.0595 0936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/05/22 23:31:02.0688 0936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/22 23:31:02.0735 0936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/05/22 23:31:02.0766 0936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/22 23:31:02.0829 0936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/05/22 23:31:02.0860 0936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/05/22 23:31:02.0985 0936 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    2011/05/22 23:31:03.0063 0936 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/22 23:31:03.0203 0936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/05/22 23:31:03.0312 0936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/22 23:31:03.0437 0936 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/22 23:31:03.0531 0936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/05/22 23:31:03.0609 0936 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
    2011/05/22 23:31:03.0702 0936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/05/22 23:31:03.0780 0936 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/05/22 23:31:03.0905 0936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/05/22 23:31:04.0030 0936 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/05/22 23:31:04.0124 0936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/05/22 23:31:04.0248 0936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/05/22 23:31:04.0358 0936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/05/22 23:31:04.0436 0936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/22 23:31:04.0529 0936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/22 23:31:04.0576 0936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/05/22 23:31:04.0670 0936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/22 23:31:04.0716 0936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/22 23:31:04.0826 0936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/22 23:31:04.0872 0936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/05/22 23:31:04.0997 0936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/22 23:31:05.0091 0936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/22 23:31:05.0184 0936 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
    2011/05/22 23:31:05.0231 0936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/05/22 23:31:05.0278 0936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/05/22 23:31:05.0403 0936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/22 23:31:05.0512 0936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/05/22 23:31:05.0606 0936 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
    2011/05/22 23:31:05.0777 0936 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
    2011/05/22 23:31:05.0933 0936 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/05/22 23:31:06.0042 0936 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
    2011/05/22 23:31:06.0105 0936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/05/22 23:31:06.0198 0936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/22 23:31:06.0261 0936 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/05/22 23:31:06.0292 0936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/05/22 23:31:06.0432 0936 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20110517.001\IDSvix86.sys
    2011/05/22 23:31:06.0557 0936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/05/22 23:31:06.0651 0936 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys
    2011/05/22 23:31:06.0744 0936 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys
    2011/05/22 23:31:06.0776 0936 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys
    2011/05/22 23:31:06.0807 0936 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys
    2011/05/22 23:31:06.0947 0936 IntcAzAudAddService (2cbda4ac3ca4f300830e8650acda1e0b) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/22 23:31:07.0072 0936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/05/22 23:31:07.0119 0936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/22 23:31:07.0259 0936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/22 23:31:07.0322 0936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/05/22 23:31:07.0353 0936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/05/22 23:31:07.0384 0936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/05/22 23:31:07.0524 0936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/05/22 23:31:07.0602 0936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/22 23:31:07.0696 0936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/05/22 23:31:07.0758 0936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/05/22 23:31:07.0790 0936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/22 23:31:07.0883 0936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/22 23:31:07.0961 0936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/22 23:31:08.0086 0936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/22 23:31:08.0164 0936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/05/22 23:31:08.0211 0936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/05/22 23:31:08.0320 0936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/05/22 23:31:08.0367 0936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/05/22 23:31:08.0476 0936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/05/22 23:31:08.0554 0936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/05/22 23:31:08.0679 0936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/05/22 23:31:08.0726 0936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/22 23:31:08.0804 0936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/22 23:31:08.0850 0936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/22 23:31:08.0882 0936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/22 23:31:08.0991 0936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/05/22 23:31:09.0053 0936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/22 23:31:09.0162 0936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/05/22 23:31:09.0225 0936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/22 23:31:09.0318 0936 mrxsmb (66de1a2b389a1969ca1751b276108e45) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/22 23:31:09.0365 0936 mrxsmb10 (346611d7523b520faa86b76753cc9874) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/22 23:31:09.0412 0936 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/22 23:31:09.0506 0936 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    2011/05/22 23:31:09.0537 0936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/05/22 23:31:09.0584 0936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/05/22 23:31:09.0708 0936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/05/22 23:31:09.0786 0936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/22 23:31:09.0880 0936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/22 23:31:09.0927 0936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/22 23:31:09.0974 0936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/22 23:31:10.0083 0936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/22 23:31:10.0161 0936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/22 23:31:10.0270 0936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/05/22 23:31:10.0348 0936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/22 23:31:10.0473 0936 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110522.002\NAVENG.SYS
    2011/05/22 23:31:10.0535 0936 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110522.002\NAVEX15.SYS
    2011/05/22 23:31:10.0707 0936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/05/22 23:31:10.0769 0936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/22 23:31:10.0863 0936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/22 23:31:10.0910 0936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/22 23:31:11.0003 0936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/22 23:31:11.0034 0936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/22 23:31:11.0097 0936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/22 23:31:11.0284 0936 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2011/05/22 23:31:11.0471 0936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/05/22 23:31:11.0549 0936 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
    2011/05/22 23:31:11.0674 0936 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
    2011/05/22 23:31:11.0736 0936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/05/22 23:31:11.0830 0936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/22 23:31:11.0908 0936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/22 23:31:12.0017 0936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/05/22 23:31:12.0064 0936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/05/22 23:31:12.0314 0936 nvlddmkm (b712282a12ec33078e0b13e7226b7dff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/22 23:31:12.0594 0936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/05/22 23:31:12.0641 0936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/05/22 23:31:12.0688 0936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/05/22 23:31:12.0875 0936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/22 23:31:13.0016 0936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/05/22 23:31:13.0062 0936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/05/22 23:31:13.0156 0936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/05/22 23:31:13.0312 0936 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    2011/05/22 23:31:13.0374 0936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/05/22 23:31:13.0421 0936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/22 23:31:13.0530 0936 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/22 23:31:13.0608 0936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/05/22 23:31:13.0780 0936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/22 23:31:13.0811 0936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/05/22 23:31:13.0936 0936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/22 23:31:13.0983 0936 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/05/22 23:31:14.0108 0936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/05/22 23:31:14.0232 0936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/05/22 23:31:14.0279 0936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/22 23:31:14.0295 0936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/22 23:31:14.0342 0936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/22 23:31:14.0435 0936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/22 23:31:14.0466 0936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/22 23:31:14.0513 0936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/22 23:31:14.0607 0936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/22 23:31:14.0685 0936 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    2011/05/22 23:31:14.0700 0936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/22 23:31:14.0747 0936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/22 23:31:14.0856 0936 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/05/22 23:31:14.0888 0936 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/05/22 23:31:14.0919 0936 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/05/22 23:31:15.0028 0936 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
    2011/05/22 23:31:15.0106 0936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/22 23:31:15.0200 0936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/05/22 23:31:15.0293 0936 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/05/22 23:31:15.0402 0936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/22 23:31:15.0449 0936 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/22 23:31:15.0543 0936 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/22 23:31:15.0574 0936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/05/22 23:31:15.0746 0936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/22 23:31:15.0792 0936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/22 23:31:15.0839 0936 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/22 23:31:15.0933 0936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/05/22 23:31:15.0995 0936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/05/22 23:31:16.0026 0936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/05/22 23:31:16.0136 0936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/05/22 23:31:16.0198 0936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/22 23:31:16.0323 0936 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2011/05/22 23:31:16.0432 0936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/05/22 23:31:16.0526 0936 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
    2011/05/22 23:31:16.0635 0936 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
    2011/05/22 23:31:16.0744 0936 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
    2011/05/22 23:31:16.0806 0936 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/22 23:31:16.0853 0936 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/22 23:31:16.0962 0936 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/22 23:31:17.0025 0936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/22 23:31:17.0087 0936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/05/22 23:31:17.0181 0936 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
    2011/05/22 23:31:17.0228 0936 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2011/05/22 23:31:17.0337 0936 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
    2011/05/22 23:31:17.0384 0936 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
    2011/05/22 23:31:17.0415 0936 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
    2011/05/22 23:31:17.0508 0936 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2011/05/22 23:31:17.0555 0936 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
    2011/05/22 23:31:17.0664 0936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/05/22 23:31:17.0711 0936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/05/22 23:31:17.0836 0936 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    2011/05/22 23:31:17.0914 0936 Tcpip (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\drivers\tcpip.sys
    2011/05/22 23:31:18.0054 0936 Tcpip6 (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/22 23:31:18.0164 0936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/22 23:31:18.0210 0936 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/05/22 23:31:18.0304 0936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/22 23:31:18.0351 0936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/22 23:31:18.0398 0936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/22 23:31:18.0507 0936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/22 23:31:18.0569 0936 Thpdrv (f2ddede390f975ecabc89e4134853548) C:\Windows\system32\DRIVERS\thpdrv.sys
    2011/05/22 23:31:18.0585 0936 Thpevm (ee6fe4f18657c6afed533a5d8fd4af5c) C:\Windows\system32\DRIVERS\Thpevm.SYS
    2011/05/22 23:31:18.0772 0936 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
    2011/05/22 23:31:18.0803 0936 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2011/05/22 23:31:18.0897 0936 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
    2011/05/22 23:31:18.0959 0936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/22 23:31:19.0068 0936 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/22 23:31:19.0115 0936 TVALZ (4ddf2ba3093a1b258b6a806e6c417c84) C:\Windows\system32\DRIVERS\TVALZ.SYS
    2011/05/22 23:31:19.0209 0936 TVALZFL (758a5b01242cb5660f0103cd2e9595fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
    2011/05/22 23:31:19.0271 0936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/05/22 23:31:19.0349 0936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/22 23:31:19.0458 0936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/05/22 23:31:19.0536 0936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/05/22 23:31:19.0583 0936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/05/22 23:31:19.0677 0936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/05/22 23:31:19.0739 0936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/22 23:31:19.0848 0936 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
    2011/05/22 23:31:19.0911 0936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/22 23:31:19.0973 0936 USBCCID (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
    2011/05/22 23:31:20.0067 0936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/05/22 23:31:20.0176 0936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/22 23:31:20.0270 0936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/22 23:31:20.0394 0936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/05/22 23:31:20.0519 0936 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/05/22 23:31:20.0628 0936 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
    2011/05/22 23:31:20.0738 0936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/22 23:31:20.0816 0936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/22 23:31:20.0909 0936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/22 23:31:20.0987 0936 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    2011/05/22 23:31:21.0081 0936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/22 23:31:21.0143 0936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/05/22 23:31:21.0159 0936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/05/22 23:31:21.0237 0936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/05/22 23:31:21.0330 0936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/05/22 23:31:21.0393 0936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/05/22 23:31:21.0471 0936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/22 23:31:21.0549 0936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/05/22 23:31:21.0642 0936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/05/22 23:31:21.0752 0936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/05/22 23:31:21.0798 0936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/22 23:31:21.0798 0936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/22 23:31:21.0876 0936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/05/22 23:31:21.0986 0936 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/22 23:31:22.0095 0936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/22 23:31:22.0204 0936 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/05/22 23:31:22.0282 0936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/22 23:31:22.0438 0936 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/22 23:31:22.0563 0936 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/22 23:31:22.0625 0936 ================================================================================
    2011/05/22 23:31:22.0625 0936 Scan finished
    2011/05/22 23:31:22.0625 0936 ================================================================================
    2011/05/22 23:33:52.0728 3804 Deinitialize success



    SUPERAntiSpyware Scan Log-First Scan.
    http://www.superantispyware.com

    Generated 05/23/2011 at 00:12 AM

    Application Version : 4.52.1000

    Core Rules Database Version : 7113
    Trace Rules Database Version: 4925

    Scan type : Quick Scan
    Total Scan Time : 00:12:22

    Memory items scanned : 841
    Memory threats detected : 0
    Registry items scanned : 2800
    Registry threats detected : 0
    File items scanned : 9784
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Cookies\prasad@atdmt[2].txt
    media.kyte.tv [ C:\Users\Prasad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L6U5NQQE ]

    Trojan.Agent/Gen-Cryptor[Egun]
    E:\BOOKS\IN4SUITERE\FRONTEND\BIN\DBCONNSTRING.EXE
    E:\BOOKS\IN4SUITERE\FRONTEND\COMMON\RE KM DLLS\DBCONNSTRING.EXE



    SUPERAntiSpyware Scan Log-Second Scan
    http://www.superantispyware.com

    Generated 05/23/2011 at 10:04 AM

    Application Version : 4.52.1000

    Core Rules Database Version : 7113
    Trace Rules Database Version: 4925

    Scan type : Complete Scan
    Total Scan Time : 01:23:15

    Memory items scanned : 290
    Memory threats detected : 0
    Registry items scanned : 10698
    Registry threats detected : 0
    File items scanned : 170172
    File threats detected : 0
     
  10. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my Windows Vista laptop

    Hai Broni,
    Thanks for your help. As mentioned in your last reply post I downloaded and scanned my laptop with OTL and the corresponding log OTL.Txt is pasted below. OTL.Txt is split into two as it is exceeding 50,000 characters. Part of the OTL.Txt and Extras.Txt is posted in a seperate reply.Please check it and update. Hope the issue will be fixed soon. Thank you once again.

    Regards,
    Prasad.

    OTL logfile created on: 24-05-2011 16:38:56 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Prasad\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    2.99 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.28% Memory free
    6.18 Gb Paging File | 5.00 Gb Available in Paging File | 80.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 116.44 Gb Total Space | 70.63 Gb Free Space | 60.66% Space Free | Partition Type: NTFS
    Drive E: | 114.98 Gb Total Space | 55.63 Gb Free Space | 48.38% Space Free | Partition Type: NTFS
    Computer Name: PRASAD-LAPTOP | User Name: Prasad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========
    PRC - [2011-05-24 16:31:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Prasad\Desktop\OTL.exe
    PRC - [2010-12-01 01:49:06 | 000,268,848 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2010-10-16 00:12:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2010-10-16 00:05:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2009-11-14 14:04:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2009-10-16 15:43:28 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2009-07-18 08:42:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
    PRC - [2009-04-11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008-09-15 18:36:00 | 000,552,248 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
    PRC - [2008-09-02 11:36:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
    PRC - [2008-08-25 11:28:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    PRC - [2008-08-12 23:30:18 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008-07-10 19:28:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008-06-12 23:06:16 | 000,607,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe
    PRC - [2008-06-03 07:08:36 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    PRC - [2008-06-03 07:08:30 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
    PRC - [2008-05-27 17:42:44 | 000,451,944 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2008-05-27 17:42:18 | 000,628,072 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2008-05-13 07:42:00 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008-04-24 17:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2008-04-24 14:51:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    PRC - [2008-04-22 12:06:18 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2008-04-11 16:27:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2008-02-06 18:42:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    PRC - [2008-01-21 07:55:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
    PRC - [2008-01-17 20:57:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2008-01-17 20:57:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2007-11-21 21:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2007-09-12 19:57:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2007-05-15 17:25:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    PRC - [2007-01-10 14:29:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2007-01-10 14:29:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2007-01-05 16:49:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    PRC - [2006-10-23 00:54:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    ========== Modules (SafeList) ==========
    MOD - [2011-05-24 16:31:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Prasad\Desktop\OTL.exe
    MOD - [2009-04-11 11:51:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


    ========== Win32 Services (SafeList) ==========
    SRV - [2010-12-01 01:50:50 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010-12-01 01:49:06 | 000,268,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2010-10-16 00:12:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010-10-16 00:05:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2010-06-14 16:37:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009-11-14 14:04:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009-11-09 18:00:06 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009-11-09 18:00:06 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009-10-16 15:43:28 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2009-04-11 11:58:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008-09-15 18:36:00 | 000,552,248 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
    SRV - [2008-09-02 11:36:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
    SRV - [2008-08-25 11:28:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV - [2008-08-12 23:30:18 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008-07-10 19:28:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008-06-03 07:08:36 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2008-06-03 07:08:30 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
    SRV - [2008-05-27 17:42:18 | 000,628,072 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2008-04-24 14:51:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
    SRV - [2008-04-22 12:06:18 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008-04-11 16:27:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2008-02-06 18:42:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2008-01-29 19:08:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
    SRV - [2008-01-21 07:55:50 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
    SRV - [2008-01-21 07:55:34 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
    SRV - [2008-01-21 07:55:32 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
    SRV - [2008-01-21 07:55:32 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2008-01-21 07:53:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008-01-17 20:57:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007-11-21 21:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007-09-12 19:57:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007-09-12 19:57:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007-05-15 17:25:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2007-01-14 15:41:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc)
    SRV - [2007-01-10 14:29:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
    SRV - [2007-01-10 14:29:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007-01-10 14:29:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007-01-10 14:29:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2007-01-05 16:49:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
    SRV - [2005-09-23 08:31:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


    ========== Driver Services (SafeList) ==========
    DRV - [2011-05-18 13:30:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110524.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011-05-18 13:30:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110524.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011-05-10 13:30:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011-05-10 13:30:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010-09-23 00:49:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
    DRV - [2010-09-15 23:41:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ids-diskless\20110517.001\IDSvix86.sys -- (IDSvix86)
    DRV - [2010-05-11 00:11:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010-02-26 16:02:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010-02-26 16:02:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010-02-26 16:02:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010-02-17 23:55:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009-11-13 03:12:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2009-10-16 15:44:11 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009-08-03 20:37:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
    DRV - [2009-08-03 20:37:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2009-08-03 20:37:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2009-08-03 20:37:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2009-08-03 20:37:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2009-08-03 20:37:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2009-07-24 18:02:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009-07-24 18:02:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
    DRV - [2008-08-26 11:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008-08-23 01:44:00 | 007,570,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008-08-21 15:05:18 | 000,028,792 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
    DRV - [2008-08-14 14:22:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2008-08-12 22:53:30 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2008-07-25 20:11:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
    DRV - [2008-07-10 04:19:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2008-05-01 01:41:02 | 000,006,144 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2008-04-28 02:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008-04-22 12:06:18 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008-04-22 12:03:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008-03-28 00:09:58 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
    DRV - [2008-03-27 02:42:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2008-02-15 22:31:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008-01-21 07:53:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2008-01-21 07:53:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2007-12-17 13:15:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007-12-01 01:27:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007-12-01 01:27:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007-12-01 01:27:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007-11-09 10:31:42 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
    DRV - [2007-09-04 15:00:24 | 000,013,336 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
    DRV - [2007-07-30 16:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007-07-30 15:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007-05-15 17:25:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2007-05-15 17:25:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
    DRV - [2007-05-15 17:25:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
    DRV - [2007-04-14 04:19:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2006-10-23 21:02:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006-10-18 16:20:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-01-25 21:23:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-01-25 21:23:23 | 000,000,000 | ---D | M]

    O1 HOSTS File: ([2011-05-20 13:34:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
    O4 - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-3292681905-1200308339-594442849-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-3292681905-1200308339-594442849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
    ========== Files/Folders - Created Within 30 Days ==========
    [2011-05-24 16:31:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Prasad\Desktop\OTL.exe
    [2011-05-22 23:53:20 | 000,000,000 | ---D | C] -- C:\Users\Prasad\AppData\Roaming\SUPERAntiSpyware.com
    [2011-05-22 23:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011-05-22 23:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011-05-22 23:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011-05-22 23:52:25 | 011,214,496 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Prasad\Desktop\SUPERAntiSpyware.exe
    [2011-05-22 23:25:05 | 000,000,000 | ---D | C] -- C:\Users\Prasad\Desktop\tdsskiller
    [2011-05-22 23:20:12 | 000,000,000 | ---D | C] -- C:\Users\Prasad\AppData\Local\WinZip
    [2011-05-22 23:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    [2011-05-22 23:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2011-05-20 13:44:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
    [2011-05-20 13:36:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011-05-20 13:36:21 | 000,000,000 | ---D | C] -- C:\Users\Prasad\AppData\Local\temp
    [2011-05-20 13:27:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011-05-20 13:27:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011-05-20 13:27:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011-05-20 13:27:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011-05-20 13:27:16 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011-05-20 13:26:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-05-20 13:26:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011-05-20 13:04:16 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Prasad\Desktop\aswMBR.exe
    [2011-05-16 21:58:20 | 000,000,000 | ---D | C] -- C:\Users\Prasad\AppData\Roaming\Malwarebytes
    [2011-05-16 21:58:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011-05-16 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011-05-16 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011-05-16 21:58:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011-05-16 21:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011-05-16 21:56:09 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Prasad\Desktop\mbam-setup-1.50.1.1100.exe
    [2011-05-10 00:36:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011-05-10 00:36:03 | 000,000,000 | ---D | C] -- C:\Users\Prasad\AppData\Roaming\Apple Computer
    [2011-05-10 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Prasad\AppData\Local\Apple Computer

    ========== Files - Modified Within 30 Days ==========
    [2011-05-24 16:31:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Prasad\Desktop\OTL.exe
    [2011-05-24 16:25:52 | 000,765,820 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011-05-24 16:25:52 | 000,169,128 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011-05-24 16:25:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD9840F8-C3BB-47C1-82FA-962599BC45C3}.job
    [2011-05-24 16:19:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-05-24 16:19:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-05-24 16:19:37 | 000,118,622 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011-05-24 16:19:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-05-22 23:53:10 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011-05-22 23:52:35 | 011,214,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Prasad\Desktop\SUPERAntiSpyware.exe
    [2011-05-22 23:12:03 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2011-05-22 22:44:01 | 001,280,208 | ---- | M] () -- C:\Users\Prasad\Desktop\tdsskiller.zip
    [2011-05-20 13:34:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011-05-20 13:12:17 | 004,352,047 | R--- | M] () -- C:\Users\Prasad\Desktop\ComboFix.exe
    [2011-05-20 13:07:13 | 000,000,512 | ---- | M] () -- C:\Users\Prasad\Desktop\MBR.dat
    [2011-05-20 13:04:20 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Prasad\Desktop\aswMBR.exe
    [2011-05-17 00:19:13 | 000,625,664 | ---- | M] () -- C:\Users\Prasad\Desktop\dds.scr
    [2011-05-16 23:59:03 | 000,302,080 | ---- | M] () -- C:\Users\Prasad\Desktop\8td7kp6g.exe
    [2011-05-16 21:58:09 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-05-16 21:56:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Prasad\Desktop\mbam-setup-1.50.1.1100.exe
    [2011-05-14 10:03:09 | 000,077,824 | ---- | M] () -- C:\Users\Prasad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========
    [2011-05-22 23:53:10 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011-05-22 23:12:03 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2011-05-22 22:43:53 | 001,280,208 | ---- | C] () -- C:\Users\Prasad\Desktop\tdsskiller.zip
    [2011-05-20 13:27:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011-05-20 13:27:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011-05-20 13:27:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011-05-20 13:27:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011-05-20 13:27:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011-05-20 13:12:13 | 004,352,047 | R--- | C] () -- C:\Users\Prasad\Desktop\ComboFix.exe
    [2011-05-20 13:07:13 | 000,000,512 | ---- | C] () -- C:\Users\Prasad\Desktop\MBR.dat
    [2011-05-17 00:19:12 | 000,625,664 | ---- | C] () -- C:\Users\Prasad\Desktop\dds.scr
    [2011-05-16 23:59:01 | 000,302,080 | ---- | C] () -- C:\Users\Prasad\Desktop\8td7kp6g.exe
    [2011-05-16 21:58:09 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-11-24 10:33:03 | 000,005,382 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\Fg0kor.full.jpeg
    [2010-08-12 10:12:35 | 000,593,920 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010-08-12 10:12:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010-08-12 10:12:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2010-08-12 10:12:33 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010-07-23 09:11:45 | 000,009,235 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\5lN4m9.full.jpeg
    [2010-05-23 13:53:13 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010-05-23 13:53:13 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010-05-05 08:20:01 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
    [2010-04-19 22:34:24 | 000,000,000 | ---- | C] () -- C:\Users\Prasad\AppData\Local\debuggee.mdmp
    [2010-04-11 02:11:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2010-01-16 18:14:38 | 000,004,564 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\xjbbhj.full.jpeg
    [2010-01-16 18:00:21 | 000,005,405 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\BNcXST.full.jpeg
    [2010-01-16 16:07:28 | 000,005,820 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\default.full.jpeg
    [2010-01-16 16:06:48 | 000,004,974 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\tOOe5S.full.jpeg
    [2009-10-26 19:58:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009-10-20 21:58:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009-10-20 21:58:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009-10-20 21:57:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009-10-18 12:00:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009-08-03 16:37:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009-08-03 16:37:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009-07-20 00:12:16 | 000,077,824 | ---- | C] () -- C:\Users\Prasad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-07-01 23:17:44 | 000,118,622 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009-06-30 08:05:55 | 000,118,622 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009-05-28 08:39:01 | 000,000,680 | ---- | C] () -- C:\Users\Prasad\AppData\Local\d3d9caps.dat
    [2008-07-05 14:02:26 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008-07-05 13:47:32 | 000,007,124 | ---- | C] () -- C:\Windows\System32\drivers\HDACfg.dat
    [2007-12-21 21:16:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2007-06-28 04:39:25 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2007-06-28 04:39:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2007-06-28 04:39:25 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2007-06-28 04:39:25 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2006-11-02 18:26:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006-11-02 18:17:43 | 000,388,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006-11-02 16:03:01 | 000,765,820 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006-11-02 16:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006-11-02 16:03:01 | 000,169,128 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006-11-02 16:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006-11-02 15:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006-11-02 14:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006-11-02 13:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006-11-02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006-11-02 12:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005-12-07 14:01:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
    [2005-07-23 02:00:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
     
     
  12. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my Windows Vista laptop

    Hai Broni,
    Thanks for your help. As mentioned in your last reply post I downloaded and scanned my laptop with OTL. As the OTL.Txt is split into two as it is exceeding 50,000 characters,the second part of the OTL.Txt and Extras.Txt(fully) is posted in this seperate reply.Please check it and update. Hope the issue will be fixed soon. Thank you once again.

    Regards,
    Prasad.

    ========== LOP Check ==========
    [2010-01-16 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\AvatarCache
    [2010-04-19 23:15:21 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Business Objects
    [2011-05-12 19:37:19 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Jumblo
    [2011-01-25 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Nokia
    [2011-01-25 23:41:59 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\PC Suite
    [2010-01-16 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Rediff Bol
    [2010-01-16 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Rediff.com
    [2009-07-07 23:59:58 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Toshiba
    [2010-11-27 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Uniblue
    [2010-01-16 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\WallpaperCache
    [2011-05-23 14:59:17 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011-05-24 16:25:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BD9840F8-C3BB-47C1-82FA-962599BC45C3}.job

    ========== Purity Check ==========
    ========== Custom Scans ==========
    < %SYSTEMDRIVE%\*.* >
    [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009-04-11 12:06:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008-07-05 22:04:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011-05-20 13:36:19 | 000,017,031 | ---- | M] () -- C:\ComboFix.txt
    [2006-09-19 03:13:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011-05-24 16:19:25 | 3529,830,400 | -HS- | M] () -- C:\pagefile.sys
    [2008-09-18 14:34:31 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT
    [2011-05-22 23:33:52 | 000,068,970 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_23.29.47_log.txt
    < %systemroot%\Fonts\*.com >
    [2006-11-02 18:07:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006-11-02 18:07:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006-11-02 18:07:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010-02-27 11:04:27 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
    < %systemroot%\Fonts\*.dll >
    < %systemroot%\Fonts\*.ini >
    [2006-09-19 03:07:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
    < %systemroot%\Fonts\*.ini2 >
    < %systemroot%\Fonts\*.exe >
    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-01-21 07:53:39 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006-11-02 18:06:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006-10-26 21:26:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    < %systemroot%\REPAIR\*.bak1 >
    < %systemroot%\REPAIR\*.ini >
    < %systemroot%\system32\*.jpg >
    < %systemroot%\*.jpg >
    < %systemroot%\*.png >
    < %systemroot%\*.scr >
    < %systemroot%\*._sy >
    < %APPDATA%\Adobe\Update\*.* >
    < %ALLUSERSPROFILE%\Favorites\*.* >
    < %APPDATA%\Microsoft\*.* >
    < %PROGRAMFILES%\*.* >
    [2008-01-21 08:13:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    < %APPDATA%\Update\*.* >
    < %systemroot%\*. /mp /s >
    < %systemroot%\System32\config\*.sav >
    [2008-01-21 08:50:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008-01-21 08:50:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008-01-21 08:50:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006-11-02 16:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006-11-02 16:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
    < %PROGRAMFILES%\bak. /s >
    < %systemroot%\system32\bak. /s >
    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    < %systemroot%\system32\config\systemprofile\*.dat /x >
    < %systemroot%\*.config >
    < %systemroot%\system32\*.db >
    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010-04-19 22:48:40 | 000,000,574 | -HS- | M] () -- C:\Users\Prasad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    < %USERPROFILE%\Desktop\*.exe >
    [2011-05-16 23:59:03 | 000,302,080 | ---- | M] () -- C:\Users\Prasad\Desktop\8td7kp6g.exe
    [2011-05-20 13:04:20 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Prasad\Desktop\aswMBR.exe
    [2011-05-20 13:12:17 | 004,352,047 | R--- | M] () -- C:\Users\Prasad\Desktop\ComboFix.exe
    [2011-05-16 21:56:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Prasad\Desktop\mbam-setup-1.50.1.1100.exe
    [2011-05-24 16:31:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Prasad\Desktop\OTL.exe
    [2011-05-22 23:52:35 | 011,214,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Prasad\Desktop\SUPERAntiSpyware.exe
    < %PROGRAMFILES%\Common Files\*.* >
    < %systemroot%\*.src >
    < %systemroot%\install\*.* >
    < %systemroot%\system32\DLL\*.* >
    < %systemroot%\system32\HelpFiles\*.* >
    < %systemroot%\system32\rundll\*.* >
    < %systemroot%\winn32\*.* >
    < %systemroot%\Java\*.* >
    < %systemroot%\system32\test\*.* >
    < %systemroot%\system32\Rundll32\*.* >
    < %systemroot%\AppPatch\Custom\*.* >
    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
    < %PROGRAMFILES%\Internet Explorer\*.tmp >
    < %PROGRAMFILES%\Internet Explorer\*.dat >
    < %USERPROFILE%\My Documents\*.exe >
    < %USERPROFILE%\*.exe >
    < %systemroot%\ADDINS\*.* >
    [2006-11-02 18:06:17 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
    < %systemroot%\assembly\*.bak2 >
    < %systemroot%\Config\*.* >
    < %systemroot%\REPAIR\*.bak2 >
    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010-02-27 11:28:12 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010-02-27 11:27:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2007-06-28 04:39:14 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2007-06-28 04:39:14 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010-02-27 11:27:43 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb
    < %systemroot%\SYSTEM\*.bak2 >
    < %systemroot%\Web\*.bak2 >
    < %systemroot%\Driver Cache\*.* >
    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >
    < %ProgramFiles%\Microsoft Common\*.* >
    < %ProgramFiles%\TinyProxy. >
    < %USERPROFILE%\Favorites\*.url /x >
    [2011-03-08 11:46:01 | 000,000,402 | -HS- | M] () -- C:\Users\Prasad\Favorites\desktop.ini
    < %systemroot%\system32\*.bk >
    < %systemroot%\*.te >
    < %systemroot%\system32\system32\*.* >
    < %ALLUSERSPROFILE%\*.dat /x >
    [2011-05-24 16:19:37 | 000,118,622 | ---- | M] () -- C:\ProgramData\nvModes.001
    < %systemroot%\system32\drivers\*.rmv >
    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    < %PROGRAMFILES%\Microsoft\*.* >
    < %systemroot%\System32\Wbem\proquota.exe >
    < %PROGRAMFILES%\Mozilla Firefox\*.dat >
    < %USERPROFILE%\Cookies\*.txt /x >
    < %SystemRoot%\system32\fonts\*.* >
    < %systemroot%\system32\winlog\*.* >
    < %systemroot%\system32\Language\*.* >
    < %systemroot%\system32\Settings\*.* >
    < %systemroot%\system32\*.quo >
    < %SYSTEMROOT%\AppPatch\*.exe >
    < %SYSTEMROOT%\inf\*.exe >
    < %SYSTEMROOT%\Installer\*.exe >
    < %systemroot%\system32\config\*.bak2 >
    < %systemroot%\system32\Computers\*.* >
    < %SystemRoot%\system32\Sound\*.* >
    < %SystemRoot%\system32\SpecialImg\*.* >
    < %SystemRoot%\system32\code\*.* >
    < %SystemRoot%\system32\draft\*.* >
    < %SystemRoot%\system32\MSSSys\*.* >
    < %ProgramFiles%\Javascript\*.* >
    < %systemroot%\pchealth\helpctr\System\*.exe /s >
    < %systemroot%\Web\*.exe >
    < %systemroot%\system32\msn\*.* >
    < %systemroot%\system32\*.tro >
    < %AppData%\Microsoft\Installer\msupdates\*.* >
    < %ProgramFiles%\Messenger\*.* >
    < %systemroot%\system32\systhem32\*.* >
    < %systemroot%\system\*.exe >
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >


    OTL Extras logfile created on: 24-05-2011 16:38:56 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Prasad\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    2.99 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.28% Memory free
    6.18 Gb Paging File | 5.00 Gb Available in Paging File | 80.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 116.44 Gb Total Space | 70.63 Gb Free Space | 60.66% Space Free | Partition Type: NTFS
    Drive E: | 114.98 Gb Total Space | 55.63 Gb Free Space | 48.38% Space Free | Partition Type: NTFS

    Computer Name: PRASAD-LAPTOP | User Name: Prasad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3292681905-1200308339-594442849-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3311907F-82AB-4DC1-8D04-9E920B92EA41}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{572F5180-9C84-4569-BDD6-EB895A54038C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{62EF7753-E04E-49D0-8A27-2ECE5B0CC403}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1CC47E4B-10B3-42C3-9825-5BC44CDD66B5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{2D7456DC-4CCA-4B7E-897C-49A287C0A329}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{35EEAAE9-95AD-455D-85A4-A7EB05A622BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{4767E493-0C8F-40C7-BCEB-E9C2898D3BFF}" = protocol=17 | dir=in | app=c:\program files\jumblo.com\jumblo\jumblo.exe |
    "{4E4CE72A-86C7-412D-AC36-0F5D7E4731B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{71EBE50A-1444-486F-9975-BF44E7F4D805}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{78C25E64-92D0-4504-8EDF-9F6AC4EA8F88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AA1523DE-EF1D-4E51-8569-6332B0B973B9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{AD06ED8A-81EE-45AF-A6E4-CD64A4CF872D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{B2B902D4-A6E7-4890-BCCA-C99FAEDB534F}" = protocol=6 | dir=in | app=c:\program files\jumblo.com\jumblo\jumblo.exe |
    "{FC24CAA9-7552-42DA-BB1B-6ACB6BDBC533}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
    "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0
    "{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
    "{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
    "{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
    "{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}" = TOSHIBA 180 Degrees Rotation Utility
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
    "{3EABECB0-B86C-4206-9EAC-D1A230270A30}" = Presto! BizCard5 SE
    "{41B20968-B2E1-49C0-9508-CC1544D568F5}" = Presto! BizCard Component for Windows CE
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{54FC6A99-BDA1-4FE1-9A90-759A86CBA328}" = Symantec Real Time Storage Protection Component
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6F7F59D5-12F6-4571-9935-A2921AA17F78}" = Microsoft SQL Server 2008 Setup Support Files (English)
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
    "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
    "{7F3B0E97-447F-4199-84E3-7745BAA2E497}" = TOSHIBA Cooling Performance Diagnostic Tool
    "{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E94E18-54D6-42C1-8FC4-24DACEDC3395}" = Nokia NSeries System Utilities
    "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
    "{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
    "{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "{AE06365B-763D-4957-87AF-D51F121E716F}" = Power Consumption Meter
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
    "{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CB354C15-CAA1-4B8D-B333-DD7D262F1841}" = SymNet
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
    "{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
    "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
    "{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
    "{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EED6DFCD-3786-477A-B228-E89BB7D1CF92}" = Presto! BizCard 5 SE (English Version)
    "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
    "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
    "{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager
    "{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player
    "{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
    "{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
    "{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Able2Extract v6.0" = Able2Extract v6.0
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Etisalat 3G Modem" = Etisalat 3G Modem
    "Great Minds" = Great Minds
    "HECI" = Intel(R) Management Engine Interface
    "HotspotShield" = Hotspot Shield 1.56
    "InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}" = TOSHIBA 180 Degrees Rotation Utility
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
    "InstallShield_{7F3B0E97-447F-4199-84E3-7745BAA2E497}" = TOSHIBA Cooling Performance Diagnostic Tool
    "InstallShield_{AE06365B-763D-4957-87AF-D51F121E716F}" = Power Consumption Meter
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Jumblo_is1" = Jumblo
    "KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.0 Full
    "Lippincott's Review for NCLEX-RN 8th Edition" = Lippincott's Review for NCLEX-RN 8th Edition
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    "NCLEX Review 3000" = NCLEX Review 3000
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa2" = Picasa 2
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSet" = Intel(R) Network Connections Drivers
    "Rediff Bol" = Rediff Bol
    "Rediff Toolbar" = Rediff Toolbar
    "Saunders Q and A Review for NCLEX-RN" = Saunders Q and A Review for NCLEX-RN
    "SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3292681905-1200308339-594442849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 20-05-2011 04:17:01 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 22-05-2011 13:10:10 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 22-05-2011 14:47:57 | Computer Name = Prasad-Laptop | Source = EventSystem | ID = 4609
    Description =

    Error - 22-05-2011 14:49:11 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 22-05-2011 23:08:01 | Computer Name = Prasad-Laptop | Source = EventSystem | ID = 4609
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 23-05-2011 00:43:55 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 23-05-2011 00:54:30 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 23-05-2011 05:17:55 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 24-05-2011 06:51:08 | Computer Name = Prasad-Laptop | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7026
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 22-05-2011 23:09:14 | Computer Name = Prasad-Laptop | Source = Service Control Manager | ID = 7001
    Description =


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
      O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
      [2010-11-27 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Prasad\AppData\Roaming\Uniblue
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my windows vista laptop

    Hai Broni,
    Thanks for your help. As mentioned in your last reply post I downloaded and scanned my laptop with OTL Custom Scan/Fixes>Run Fix, SecurityCheck, TFC and ESSET Online Scanner and the respective logs are posted below. Please check it and update. Hope the issue will be fixed soon. Thank you once again.

    Regards,
    Prasad.


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster 2010\history folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster 2010\backup folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster 2010 folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Prasad\AppData\Roaming\Uniblue folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Prasad
    ->Temp folder emptied: 2103784 bytes
    ->Temporary Internet Files folder emptied: 46943702 bytes
    ->Java cache emptied: 414379 bytes
    ->Flash cache emptied: 10450 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Prasad
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05242011_215755

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Prasad\AppData\Local\Temp\~DF9D6F.tmp not found!
    File\Folder C:\Users\Prasad\AppData\Local\Temp\~DF9D87.tmp not found!
    File\Folder C:\Users\Prasad\AppData\Local\Temp\~DF9DC1.tmp not found!
    File\Folder C:\Users\Prasad\AppData\Local\Temp\~DF9DDF.tmp not found!
    File\Folder C:\Users\Prasad\AppData\Local\Temp\~DF9E18.tmp not found!
    File\Folder C:\Users\Prasad\AppData\Local\Temp\~DF9E2F.tmp not found!
    C:\Users\Prasad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIY9X399\topic165297[2].htm moved successfully.
    C:\Users\Prasad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\317J4ZG0\google_co_in[1].htm moved successfully.
    C:\Users\Prasad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton AntiVirus (Symantec Corporation)
    Norton AntiVirus Help
    Norton AntiVirus
    Norton AntiVirus SYMLT MSI
    Norton AntiVirus Parent MSI
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 6
    Out of date Java installed!
    Adobe Flash Player
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````



    C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
    E:\Softwares\HotSpotShield\HSS-1.43-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application
    E:\Softwares\UniBlueRegistryBooster2010\registrybooster.exe a variant of Win32/RegistryBooster application
     
  15. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe 
      E:\Softwares\HotSpotShield\HSS-1.43-install-anchorfree-238-conduit2.exe 
      E:\Softwares\UniBlueRegistryBooster2010\registrybooster.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  16. prasadvp

    prasadvp TS Rookie Topic Starter

    Mouse pointer moves by itself on my windows vista laptop

    Hai Broni,
    Thanks for your help. As mentioned in your last reply post I did everything. The log file of OTL Scan/Fix also got deleted while cleanup with OTL. So couldn't post the logs. The mouse pointer seems to be normal for sometime after doing as per your previous replies but the problem is shown again when the system is started after some time. Hope it will fix once and for all this time. Thank you once again.

    Regards,
    Prasad.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    At this point.....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck!
     
  18. prasadvp

    prasadvp TS Rookie Topic Starter

    Hai Broni,
    The problem of mouse pointer moving itself is still there after doing all things as per your replies. Please help me out. Should I need to create a new topic for this problem in Windows section again? Please advice and thanks for your previous replies.

    Regards
    Prasad
     
  19. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Exactly. Your computer is clean, so it must be something else.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.