Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspicious.Mystic Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 13th, 2010, 1:27 pm

I downloaded and ran the scan. It didn't find anything, but here is the log:

2010/11/13 12:23:56.0750 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 12:23:56.0750 ================================================================================
2010/11/13 12:23:56.0750 SystemInfo:
2010/11/13 12:23:56.0750
2010/11/13 12:23:56.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 12:23:56.0750 Product type: Workstation
2010/11/13 12:23:56.0750 ComputerName: YOUR-28P8EYAFN8
2010/11/13 12:23:56.0750 UserName: pc3
2010/11/13 12:23:56.0750 Windows directory: C:\WINDOWS
2010/11/13 12:23:56.0750 System windows directory: C:\WINDOWS
2010/11/13 12:23:56.0750 Processor architecture: Intel x86
2010/11/13 12:23:56.0750 Number of processors: 2
2010/11/13 12:23:56.0750 Page size: 0x1000
2010/11/13 12:23:56.0750 Boot type: Normal boot
2010/11/13 12:23:56.0750 ================================================================================
2010/11/13 12:23:58.0609 Initialize success
2010/11/13 12:24:05.0250 ================================================================================
2010/11/13 12:24:05.0250 Scan started
2010/11/13 12:24:05.0250 Mode: Manual;
2010/11/13 12:24:05.0250 ================================================================================
2010/11/13 12:24:07.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 12:24:07.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/13 12:24:08.0078 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 12:24:08.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 12:24:08.0421 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/11/13 12:24:08.0578 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2010/11/13 12:24:08.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 12:24:08.0765 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/11/13 12:24:08.0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 12:24:08.0937 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 12:24:09.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 12:24:09.0484 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/13 12:24:09.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 12:24:10.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/13 12:24:10.0171 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys
2010/11/13 12:24:10.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 12:24:10.0906 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 12:24:11.0000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 12:24:11.0203 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/13 12:24:11.0359 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/13 12:24:11.0546 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/11/13 12:24:12.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 12:24:12.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 12:24:12.0718 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 12:24:12.0843 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 12:24:13.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 12:24:13.0578 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 12:24:14.0093 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/13 12:24:14.0468 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/13 12:24:14.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 12:24:14.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/13 12:24:14.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 12:24:14.0921 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/13 12:24:15.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/13 12:24:15.0125 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 12:24:15.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 12:24:15.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 12:24:15.0562 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/13 12:24:15.0671 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 12:24:15.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 12:24:16.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 12:24:16.0515 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/13 12:24:17.0093 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
2010/11/13 12:24:17.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 12:24:17.0703 IntcAzAudAddService (12a9dafe2266b6fa6ddbce1847347751) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/13 12:24:18.0000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/13 12:24:18.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/13 12:24:18.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 12:24:18.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 12:24:18.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 12:24:18.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 12:24:18.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 12:24:18.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 12:24:18.0531 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 12:24:18.0625 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 12:24:18.0703 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 12:24:18.0781 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
2010/11/13 12:24:18.0859 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/11/13 12:24:19.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 12:24:19.0046 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 12:24:19.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 12:24:19.0203 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 12:24:19.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 12:24:19.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 12:24:19.0375 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 12:24:19.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 12:24:19.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 12:24:19.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 12:24:19.0625 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 12:24:19.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 12:24:19.0718 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/13 12:24:19.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 12:24:19.0843 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/13 12:24:20.0093 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101113.003\NAVENG.SYS
2010/11/13 12:24:20.0234 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101113.003\NAVEX15.SYS
2010/11/13 12:24:20.0406 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 12:24:20.0484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/13 12:24:20.0562 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 12:24:20.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 12:24:21.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 12:24:21.0031 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 12:24:21.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 12:24:21.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 12:24:21.0312 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/13 12:24:21.0406 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2010/11/13 12:24:21.0500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 12:24:21.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 12:24:21.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 12:24:21.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 12:24:21.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 12:24:21.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/13 12:24:21.0937 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 12:24:22.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 12:24:22.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 12:24:22.0203 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 12:24:22.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/13 12:24:22.0359 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/11/13 12:24:22.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 12:24:23.0250 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 12:24:23.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 12:24:23.0453 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/13 12:24:23.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 12:24:23.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 12:24:23.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 12:24:23.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 12:24:23.0968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 12:24:24.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 12:24:24.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 12:24:24.0171 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 12:24:24.0375 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2010/11/13 12:24:24.0562 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/13 12:24:24.0609 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/13 12:24:24.0671 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/13 12:24:24.0890 SCREAMINGBDRIVER (024411d283226deb158b88a465cb555c) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2010/11/13 12:24:25.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 12:24:25.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/13 12:24:25.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 12:24:25.0593 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/13 12:24:25.0671 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 12:24:25.0750 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 12:24:25.0906 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2010/11/13 12:24:26.0000 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2010/11/13 12:24:26.0078 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 12:24:26.0171 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/13 12:24:26.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 12:24:26.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 12:24:26.0640 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS
2010/11/13 12:24:26.0750 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2010/11/13 12:24:26.0859 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/13 12:24:27.0046 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS
2010/11/13 12:24:27.0218 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
2010/11/13 12:24:27.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 12:24:27.0562 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2010/11/13 12:24:27.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 12:24:27.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 12:24:27.0890 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 12:24:28.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 12:24:28.0343 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 12:24:28.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 12:24:28.0921 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 12:24:28.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 12:24:29.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 12:24:29.0156 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 12:24:29.0234 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 12:24:29.0296 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/13 12:24:29.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 12:24:29.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 12:24:29.0781 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 12:24:29.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 12:24:30.0000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/13 12:24:30.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/13 12:24:30.0140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 12:24:30.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 12:24:31.0000 ================================================================================
2010/11/13 12:24:31.0000 Scan finished
2010/11/13 12:24:31.0000 ================================================================================
2010/11/13 12:25:13.0937 Deinitialize success
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm
Advertisement
Register to Remove

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 14th, 2010, 7:47 am

Jon14,
I didn't do the file replacements correctly.
You will need to get copies of these two files from a clean XP (SP3) machine.
I know you mentioned this as a possibility earlier.
winlogon.exe
explorer.exe

I would suggest putting them on a flash drive

On the clean machine, the files will be located in these folders:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe

They are both also available from this folder:
C:\WINDOWS\system32\dllcache\

When you have them on a flash, copy and paste them directly into the main directory of the C:\drive on this machine.
They will show as this:
C:\explorer.exe
C:\winlogon.exe

From there we will attempt to do the replacements correctly.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 14th, 2010, 12:05 pm

Alright, I grabbed the two off my recently reformatted desktop PC and threw them into the C drive.

Also, do you know if this laptop is (or was) infected or just Norton acting up?
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 14th, 2010, 5:02 pm

Jon14,
This laptop was definitely infected. It was not acting up.
If your other machine is also an XP machine with Service Pack 3 installed, and you loaded those two files into the C: drive main directory, please proceed-
If your other machine is not XP or does not have SP3 installed, let me know.
We will get this thing.
---------------------------------------------
Run OTL
  • Double click the OTL icon to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Documents and Settings\All Users\Documents\Server\hlp.dat
    [override]
    C:\WINDOWS\system32\dllcache\explorer.exe|C:\explorer.exe /replace
    C:\WINDOWS\explorer.exe|C:\explorer.exe  /replace
    C:\WINDOWS\ERDNT\cache\explorer.exe|C:\explorer.exe /replace
    C:\WINDOWS\system32\winlogon.exe|C:\winlogon.exe  /replace
    C:\WINDOWS\ERDNT\cache\winlogon.exe|C:\winlogon.exe /replace
    C:\WINDOWS\system32\dllcache\winlogon.exe|C:\winlogon.exe /replace
    [stopoverride]
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Run SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    explorer.exe
    explorer.dat
    winlogon.exe
    winlogon.dat
    hlp.dat
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 14th, 2010, 6:28 pm

Well I did the OTL part and it restarted the computer. I left for a while and come back, and it is in a constant restart. It won't go on in safe mode either. Just restarting. Is this what I think it is?
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 15th, 2010, 8:35 am

Jon14,
I am afraid that your only recourse will be to do a complete Reformat/Re-install of Windows, or use the system recovery option at startup to put the box back to its "as purchased" state..
You should be able to look up the PC model number and determine which Function key to tap while booting to enter its System Recovery mode.

Some of the newer infections, unfortunately, want to have control of your PC, and will not allow any kind of orderly removal.
This is especially true of those that replace legitimate windows system files with infected look-alikes.
In this case, we attempted the correct replacements, but I don't think we were able to identify all the corrupted system changes.
These infections change often, and we are always trying to gain an understanding of how each works, but we are playing "catch up".

Since we don't know a lot of detailed knowledge about this infection, I would assume that any critical data stored on or passed through this machine could have been stolen. Precautions about any account numbers , passwords, etc. would be prudent.
Sorry we were not more successful.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 15th, 2010, 11:42 am

I had a feeling that was the case when it didn't work the first time. So I have two questions now:

For the reformat, will I need the windows disc at all? I don't think I am going to be able to get that and even if I had it, this laptop doesn't have a disc drive and I don't have the external disc drive either. When I turn it on, it has the two options - "Start Windows XP", or "Start Windows XP Recovery Mode", something along those lines.

And more importantly, my data on the laptop. I really wish I had backed it up before I did that attempted fix, but is there any way I can backup even some of what was there? I really needed about 20GB of what I had on there, so please let me know on that.

Other than that, thanks for the help, I had no idea it would turn out like this when I posted the topic.
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 15th, 2010, 3:58 pm

Jon14,
If you know exactly what folders the data resides in, (like all of your My Documents folder) a PC shop can probably pull out the hard drive temporarily and use another PC to copy files off it to some other media, then return the hrad drive to the laptop.
This must be a netbook, and I wish I had known that; I would have said something when we started.
Netbooks really need an imaging program that will run from, (and boot from) a flash drive, like Terabyte image.

I didn't know it would turn out like this either, although I was afraid of the possibility, and mentioned it in my second post
Jon14,
Your system may be broken beyond repair.

After you have made the choice about saving data, you will need to start the machine and tap the correct key to select the manufacturer's System Recovery.

There is a 6Gb special partition on the hard drive which has the original Windows XP system stored on it.
As soon as you press the start button you need to start tapping a certain Function key to bring up the System recovery option.
If you tell me the make and model of the machine, I can possibly find out what F-key you need to tap to start the recovery process.
I don't know the exact wording used by your manufacturer for its recovery screen..

If you start the boot process and see a brief black screen that gives you THESE two choices
1. Microsoft Windows Recovery Console
2. Microsoft Windows XP Home (highlighted)
AND..If it times out in a few seconds and attempts to boot Windows normally, then you are NOT on the correct screen.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 15th, 2010, 5:37 pm

Yes, you're right, it's an Asus EEE PC 1000H Netbook. I should have stated that at the way start. This thing can definately use a reformat, since it's slowed up ridiculously over the past year, and you say that I can do that without the disc/drive? That's perfect in my case.

Now it just comes down to the media on there and whether I should save it or not. I know I had lots documents in the My Documents folder, a big folder and some notepad documents on the desktop, and everything in the C: drive (aside from the system folders) that I relied on. I'd say only about 10% of that I would really like to save. So at least I know of all the locations where my stuff is. Also, and this is something I have no clue what to do, there was a secondary drive in there, that had plenty on it. This drive's recovery is not a must, but I would like to recover it. Do you know what I would do about that one? Or will the reformat not touch that drive and leave it as is?

Also, I know a lot of these recovery programs claim to be able to recover files after a format, and I have a few of these programs lying around somewhere. Do you think they would be able to get at least some of the files back after the format?
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 15th, 2010, 7:51 pm

Jon14,
After checking the user guide for the machine, Asus has seen fit to provide the System Recovery only as part of their supplied Support Disk.
That means that you can only get access to a re-install after getting a USB CD Drive, reading the manual, and using their supplied original DVD to restore the system. (Most other brands provide the recovery partition separately on the resident hard drive and do not need a separate USB CD drive).

If you have the disk and the user guide, you do need to purchase a USB CD drive to re-install.
User guide is here , #27 on the list:
http://www.laptop-software.com/asus/asu ... p-drivers/

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 15th, 2010, 7:55 pm

So I guess that's what i'm going to have to do then. I checked Nextag and they have them for this exact model for $6?!? Wow, that's pretty cheap! I know I can possibly borrow one from a friend, but for $6, why not just buy my own? Also, what do yoiu think about the second half of me previous post? The part about my secondary drive, and the media recovery programs.
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 15th, 2010, 8:00 pm

Jin14,
Re-check my previous post. I edited it while you were posting.
There is NO secondary partition, according to the User Guide, unlike most other netbooks. And there is no media recovery program except the one from Acer on their DVD.
A $6 CD drive may not work.
I would prefer one for at least $20.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 15th, 2010, 8:05 pm

This is the one i'm looking at and it seems to be getting good reviews:

http://www.amazon.com/dp/B001RKS7AC/ref ... B001RKS7AC

Also, when you would go into My Computer on the laptop, there were two drives listed (C & D). Both were 80GB I believe. Are you saying they were really the same drive, just shown seperately? Also, for the media recovery, I meant those programs that you can download/buy that claim to be able to recover deleted media. They claim they can recover data from a reformatted computer as well, like this one:

http://www.ptdd.com/datarecovery/recove ... tition.htm
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: Suspicious.Mystic Virus

Unread postby askey127 » November 16th, 2010, 7:56 am

Data recovery programs make risky attempts to recover files that have been DELETED, in the event they have not been overwritten.
In your case, that won't do any good because recovering deleted files is not the problem.
The kind of recovery you need returns ALL the thousands of Windows files to their original state.
After that, the machine needs to get all the updates from Microsoft, and have one Antivirus installed.

You are right about the two partitions on your laptop. I just didn't know it was like that.
The Recovery procedure will put the all the system files back on one of the partitions, and won't likely touch the other one.
If your valuable data is on the same drive that has all the new system files (C:) , The data will likely get overwritten when Windows is recovered. Did you put any data on the D: drive? If so , that D: drive data might be spared by the whole process.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspicious.Mystic Virus

Unread postby Jon14 » November 16th, 2010, 11:57 am

I had data on both drives, the more important data being in the My Documents and root folder of the C drive. I would like to get the data back, but I don't know if i'd pay the money to a PC shop for that, as it's not that important. And you're saying that after a reformat, those programs are useless? Not sure what I should do here. I think I will be getting a drive soon on Amazon, and finding all the required discs first.
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware