Please post the Rootrepeal log here for us to look at.  Do not perform any of the actions you may have seen in other posts.  Each  problem is completely individual and if you get things in the wrong order you can ot be assisted.

Please run RootRepeal  as in this post  http://community.norton.com/norton/board/message?board.id=Norton_360&message.id=13889#M13889

 

And GMER, http://www.gmer.net/  and "Scan" then "Save"  the log,   then due to the possible side post the log on http://pastebay.com/   and PM me the link. Use your Norton Name on Pastebay

 

Quads 

 

I have your logs, I just have to script

 

Quads 

Hi RegalEagle

 

 

Your GMER log is actually cut short, possibly due to a character limit

 

Last line shown ".text"

 

Please paste the rest of the log from "---- Devices - GMER 1.0.15 ----"   and below 

 

Thanks

 

Quads 

 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Processes - GMER 1.0.15 ----

Library         \\?\globalroot\systemroot\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [876]  0x10000000                                                                                                                 

---- Services - GMER 1.0.15 ----

Service         C:\WINDOWS\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys (*** hidden *** )                                                 [SYSTEM] MSIVXserv.sys                                                                                                       <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys                                                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start                                                                              1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type                                                                               1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath                                                                          \systemroot\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group                                                                              file system
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv                                                                  \\?\globalroot\systemroot\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl                                                                     \\?\globalroot\systemroot\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk                                                                   \\?\globalroot\systemroot\system32\MSIVXgyusdbpapbginsojyucbcvvrtuhvwlnr.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys                                                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start                                                                                  1
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type                                                                                   1
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath                                                                              \systemroot\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group                                                                                  file system
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules                                                                               
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv                                                                      \\?\globalroot\systemroot\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl                                                                         \\?\globalroot\systemroot\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk                                                                       \\?\globalroot\systemroot\system32\MSIVXgyusdbpapbginsojyucbcvvrtuhvwlnr.dll

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys                                                                   79872 bytes executable                                                                                                       <-- ROOTKIT !!!
File            C:\WINDOWS\system32\MSIVXcount                                                                                                          4 bytes
File            C:\WINDOWS\system32\MSIVXgyusdbpapbginsojyucbcvvrtuhvwlnr.dll                                                                           52224 bytes executable
File            C:\WINDOWS\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll                                                                           26624 bytes executable

---- EOF - GMER 1.0.15 ----

Thanks Now I have a complete log to look through and script

 

Quads 

Hi

 

 Go to http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=53509#M53509

 

Download Avenger, when you get to step 3. Use the script below instead of the one on the other post as I have added your random files. SO

 

3. In the "Input script here:" copy and paste the script between the lines 

 

---

Drivers to disable:

MSIVXserv.sys

 

Drivers to delete:

MSIVXserv.sys

 

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\system32\drivers\MSIVXfpqebwwxpiswvenobbndeitvrjiwprcc.sys

C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys

C:\WINDOWS\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys

C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll

C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll 

C:\WINDOWS\system32\MSIVXtcpitqpqhykempvydbqnnhbnpsxftfbb.dll

C:\WINDOWS\system32\MSIVXgyusdbpapbginsojyucbcvvrtuhvwlnr.dll

C:\WINDOWS\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll

C:\Windows\System32\MSIVXcount

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX 

---

 

 It will create a log afterwards.

 

Quads 

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "MSIVXserv.sys" found!
ImagePath:  \systemroot\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys
Start Type:  4 (Disabled)

Rootkit scan completed.

Driver "MSIVXserv.sys" disabled successfully.
Driver "MSIVXserv.sys" deleted successfully.

Error:  file "C:\Autorun.inf" not found!
Deletion of file "C:\Autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "D:\Autorun.inf"
Deletion of file "D:\Autorun.inf" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\drivers\MSIVXfpqebwwxpiswvenobbndeitvrjiwprcc.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\MSIVXfpqebwwxpiswvenobbndeitvrjiwprcc.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys" deleted successfully.

Error:  file "C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll" not found!
Deletion of file "C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll" not found!
Deletion of file "C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\MSIVXtcpitqpqhykempvydbqnnhbnpsxftfbb.dll" not found!
Deletion of file "C:\WINDOWS\system32\MSIVXtcpitqpqhykempvydbqnnhbnpsxftfbb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\MSIVXgyusdbpapbginsojyucbcvvrtuhvwlnr.dll" deleted successfully.
File "C:\WINDOWS\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll" deleted successfully.
File "C:\Windows\System32\MSIVXcount" deleted successfully.

Error:  registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIVXserv.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

 

 

 

 

It looks good - Norton found one spyware program during a quick scan and quarantined it, MalwareBytes downloaded and is scanning - nothing so far.  I'll set Norton on a full scan tonight as well.  Everything seems to be working correctly, so I thank you heartily.