Welcome to the Norton Community

Your sysprotlog does not show any signs of rootkit infection.

As a further check for virus activity please go to www.malwarebytes.org

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

Thanks for the quick reply. Maybe Norton did get rid of the rootkit, but i am continually getting an error message:

The application or DLL globalroot\device\ide\ideport\xxxxxxxxxx\xxxxxxxxx\tdlwsp.dll is not a valid windows image. Please check this against you installation diskette.  (xxxxxxxxx\xxxxxxxx) keeps changing.

This happens when I try to start just about any program and comes up multiple times when I reboot the system.

Is there something else I need to do or should I dwnld and run the prog you suggested?

Please do nothing further with it until Quads has a look at it.  We are seeing a few new rootkits that are infecting important system files.  The file will have to be identified and replaced with an uninfected version.

You should back up your important documents, photographs etc.

Do you have an operating system disc, or recovery discs?

Quads, the forum malware specialist will be available later due to time zone differences.  I strongly suggest waiting for his response.

Yes, I do have a Gateway recovery cd that came with my system. Unfortunately it states that the recovery process erases all data and files from the hard drive.

I don't know if it matters but my operating system is actually XP media center that has been updated to sp3.

I have a complete backup that is about a week old and was planning to manually copy any files created or updated since the back up to a thumb drive for later restore. There should only be a few Word and Excel files along with an ACT database. Will this cause a risk of reinfection?

It shouldn't be a problem copying data files, or My Documents folders.  If you have an infected system file, it is much deeper in the operating system. 

You don't necessarily need to run the recovery disc, but it may give you a way to replace the infected file by copying it from the recovery disc and replacing the infected one.

On one system, on another forum, the infected files were hard drive drivers.  When they were deleted, the computer could no longer find the hard drive.  That is why it is dangerous remediating malware infections.  When you remove them, you still want to be able to use your computer.

Hi

Could you please attach to a post the Malwarebytes log that shows the infections??  Also state when you have backed up everything you want.

2. Turn off System restore after and restart then see if Norton and or Malwarebytes still detect it  (I am wondering how the other thread fixed by turning off System Restore, if that is indeed correct).

Quads 

Quad,

I haven't downloaded and run the Malewarebytes yet but will do it now and post the results as soon as it is done.

Thanks

Hi

I want Malwarebytes updated to after the scan to in it's actual log confirm this

 Though I think "ideport" should have a number after it.

Quads