Well I'm fairly new to all of this since I have never really had a problem with my computer up until now, but today I turned on my computer and this message popped up...

"globalroot\systemroot\system32\rotscxqueecpoon.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." I get this every time I try to run something on my computer.

And I'm not quite sure what to do about it. My Norton 360 doesn't want to scan, at all and my AVG is going insane popping up a few times a minute saying that there are many items infected all relating to the so-called error message I'm receiving. I haven't really done anything concerning this, except for reading up on it on these boards, but I was wondering if there was really anything that could help me remove this virus. I am running Windows Vista Home Premium 2007, Service Pack 1.

All I've really done so far is try to scan with Norton, which doesn't happen.

If anyone could help, I would be very appreciative. Also attached is my Rootrepel Log.

<<Edit:Edited the font for better view>>

My apologies on posting in multiple threads, I posted in the Norton 360 forum as I didn't originally see this one.  Below is the RootRepeal log.  I'm still running GMER.

 ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:            2009/06/20 09:47
Program Version:        Version 1.2.3.0
Windows Version:        Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5218000    Size: 98304    File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A8B000    Size: 8192    File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0563000    Size: 45056    File Visible: No
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF73E1000    Size: 323584    File Visible: No
Status: -

Here is the HiJack This log:

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:37 AM, on 6/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\WINDOWS\system32\lxdwcoms.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Talina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Talina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
O23 - Service: lxdw_device -   - C:\WINDOWS\system32\lxdwcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8088 bytes

Here is the ComboFix log:

ComboFix 09-06-19.01 - Talina 06/20/2009  8:20.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1023.677 [GMT -5:00]
Running from: c:\documents and settings\Talina\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090619-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Talina\Desktop\setup.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSIVXSERV.SYS
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MSIVXserv.sys


(((((((((((((((((((((((((   Files Created from 2009-05-20 to 2009-06-20  )))))))))))))))))))))))))))))))
.

2009-06-20 13:27 . 2009-03-12 09:03    165240    ----a-r-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-20 12:54 . 2009-06-20 12:54    --------    d-----w-    c:\documents and settings\Talina\Local Settings\Application Data\Help
2009-06-20 12:54 . 2009-06-20 12:54    --------    d-----w-    c:\program files\WinHex
2009-06-20 12:53 . 2009-06-20 12:53    --------    d-----w-    c:\documents and settings\Talina\Application Data\Mael
2009-06-20 12:52 . 2009-06-20 12:52    --------    d-----w-    c:\program files\HxD
2009-06-20 12:00 . 2009-06-17 08:00    89104    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\NAVENG.SYS
2009-06-20 12:00 . 2009-06-17 08:00    876144    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\NAVEX15.SYS
2009-06-20 12:00 . 2009-06-17 08:00    177520    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\NAVENG32.DLL
2009-06-20 12:00 . 2009-06-17 08:00    1181040    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\NAVEX32A.DLL
2009-06-20 12:00 . 2009-06-17 08:00    371248    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\EECTRL.SYS
2009-06-20 12:00 . 2009-06-17 08:00    101936    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\ERASER.SYS
2009-06-20 12:00 . 2009-06-18 02:07    259368    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\ECMSVR32.DLL
2009-06-20 12:00 . 2009-06-17 08:00    2414128    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\CCERASER.DLL
2009-06-19 23:26 . 2009-06-19 23:26    --------    d-----w-    c:\documents and settings\Talina\Application Data\Malwarebytes
2009-06-19 23:25 . 2009-06-17 16:27    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 23:25 . 2009-06-19 23:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-19 23:25 . 2009-06-17 16:27    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-06-19 23:25 . 2009-06-19 23:25    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-06-19 19:29 . 2009-03-16 20:03    533880    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-19 19:29 . 2009-01-29 21:50    276344    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:29 . 2009-01-29 21:50    292912    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:29 . 2009-01-29 21:50    447864    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:29 . 2009-01-29 21:50    396848    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-19 00:40 . 2009-02-05 20:06    23152    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-06-19 00:40 . 2009-02-05 20:06    51376    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-06-19 00:40 . 2009-02-05 20:05    26944    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-06-19 00:40 . 2009-02-05 20:04    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-06-19 00:40 . 2009-02-05 20:08    93296    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-06-19 00:40 . 2009-02-05 20:08    94032    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-06-19 00:40 . 2009-02-05 20:07    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-06-19 00:40 . 2009-02-05 20:07    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-06-19 00:40 . 2009-02-05 20:11    1256296    ----a-w-    c:\windows\system32\aswBoot.exe
2009-06-19 00:39 . 2009-06-19 00:39    --------    d-----w-    c:\program files\Alwil Software
2009-06-18 23:16 . 2009-06-18 23:28    --------    d-----w-    c:\documents and settings\Administrator\.housecall6.6
2009-06-18 23:12 . 2009-06-18 23:12    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-18 22:24 . 2009-03-12 09:03    36400    ----a-r-    c:\windows\system32\drivers\SymIM.sys
2009-06-18 02:20 . 2009-06-18 02:20    --------    d-----r-    c:\program files\Norton Support
2009-06-18 02:13 . 2009-01-29 21:50    276344    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.sys
2009-06-18 02:13 . 2009-01-29 21:50    292912    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-18 02:13 . 2009-01-29 21:50    447864    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-18 02:13 . 2009-01-29 21:50    396848    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvia64.sys
2009-06-18 02:08 . 2009-06-18 11:42    --------    d-----w-    c:\program files\Symantec
2009-06-18 02:08 . 2009-06-18 11:42    60808    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2009-06-18 02:08 . 2009-06-18 11:42    124464    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-18 02:07 . 2009-06-18 02:07    1290584    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-18 02:07 . 2009-06-18 02:07    136840    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-18 02:07 . 2009-06-18 02:07    800112    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-18 02:07 . 2009-06-18 22:30    --------    d-----w-    c:\windows\system32\drivers\NIS
2009-06-18 02:07 . 2009-06-18 02:07    --------    d-----w-    c:\program files\Windows Sidebar
2009-06-18 01:34 . 2009-06-18 01:40    --------    d-----w-    c:\windows\system32\CatRoot_bak
2009-06-17 16:23 . 2009-06-18 01:04    --------    d-----w-    c:\windows\system32\scripting
2009-06-17 16:23 . 2009-06-18 01:04    --------    d-----w-    c:\windows\l2schemas
2009-06-17 16:23 . 2009-06-18 01:04    --------    d-----w-    c:\windows\system32\en
2009-06-17 16:23 . 2009-06-18 01:04    --------    d-----w-    c:\windows\system32\bits
2009-06-17 16:13 . 2006-10-11 16:24    116224    ----a-w-    c:\windows\system32\dllcache\p2pnetsh.dll
2009-06-17 16:12 . 2007-04-18 12:46    474112    ----a-w-    c:\windows\system32\dllcache\shlwapi.dll
2009-06-12 20:16 . 2009-03-16 20:03    533880    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-05-29 01:56 . 2009-05-29 01:56    --------    d-----w-    c:\documents and settings\Talina\Local Settings\Application Data\DNA
2009-05-29 01:55 . 2009-06-20 13:28    --------    d-----w-    c:\program files\DNA
2009-05-29 01:55 . 2009-06-20 13:28    --------    d-----w-    c:\documents and settings\Talina\Application Data\DNA
2009-05-28 00:24 . 2009-05-28 00:24    390664    ----a-w-    c:\documents and settings\Talina\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 23:16 . 2009-01-09 03:25    102664    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2009-06-18 11:42 . 2009-06-18 02:08    805    ----a-w-    c:\windows\system32\drivers\SYMEVENT.INF
2009-06-18 11:42 . 2009-06-18 02:08    7386    ----a-w-    c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-18 02:08 . 2009-01-10 00:28    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2009-06-18 02:07 . 2009-01-10 00:27    --------    d-----w-    c:\program files\Norton Internet Security
2009-06-18 02:07 . 2009-01-10 00:22    --------    d-----w-    c:\program files\NortonInstaller
2009-06-18 01:03 . 2007-08-03 01:04    77423    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-17 23:43 . 2007-08-11 02:04    --------    d-----w-    c:\documents and settings\Talina\Application Data\BitTorrent
2009-06-17 23:20 . 2007-08-03 02:37    86656    ----a-w-    c:\documents and settings\Talina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 16:01 . 2008-09-29 18:37    256    ----a-w-    c:\windows\system32\pool.bin
2009-06-13 08:02 . 2007-09-02 16:38    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-29 01:56 . 2007-08-11 02:04    --------    d-----w-    c:\program files\BitTorrent
2009-05-13 23:31 . 2009-05-13 23:31    10134    ----a-r-    c:\documents and settings\Talina\Application Data\Microsoft\Installer\{2877881B-0736-42AB-B312-D4457D57E56D}\ARPPRODUCTICON.exe
2009-05-13 23:30 . 2008-09-29 13:33    --------    d-----w-    c:\program files\Common Files\Research In Motion
2009-05-07 15:44 . 2009-06-17 16:12    344064    ----a-w-    c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-03-04 03:33    827392    ----a-w-    c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2009-06-17 16:12    1846656    ----a-w-    c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 10:00    583168    ----a-w-    c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Talina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-25 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-29 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^Talina^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Talina\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe”=
“c:\Program Files\Yahoo!\Messenger\YServer.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\BitTorrent\bittorrent.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“c:\Program Files\DNA\btdna.exe”=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/18/2009 6:42 AM 310320]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/18/2009 7:40 PM 114768]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/18/2009 6:42 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/18/2009 6:42 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys [6/19/2009 2:29 PM 276344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/18/2009 7:40 PM 20560]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service –> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2/12/2009 9:13 PM 98984]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/18/2009 6:42 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/19/2009 12:24 PM 101936]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/29/2009 8:03 PM 115560]
.
Contents of the ‘Scheduled Tasks’ folder

2009-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1409082233-839522115-1004.job
- c:\documents and settings\Talina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 16:51]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 08:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes … 

scanning hidden autostart entries …

scanning hidden files … 

scan completed successfully
hidden files: 0



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
“ImagePath”=“"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1”
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > ‘winlogon.exe’(884)
c:\windows\System32\BCMLogon.dll

- - - - - - - > ‘explorer.exe’(3416)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\lxdwcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-20  8:33 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-20 13:33

Pre-Run: 4,175,233,024 bytes free
Post-Run: 5,357,129,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
217    — E O F —    2009-06-20 11:51
 

Dbeare:

Please only post the ones we ask for as they take up considerable space on the forum. 

The Rootrepeal log appears to have only the drivers section. We need all three sections as described by Dbrisendine.  The log will need to be split up into two or three posts in order to get the whole thing in.

The Gmer log also seems to have a great deal missing.  We need to see that one from the devices section down to the end.

Do not use Gmer to remove anything as it may cause damage to your operating system.

If you have Spybot, it should be removed, as should Avast.  Leave NIS in place. 

The rootrepeal program didn’t find anything in the other scans, just in the drivers section.  I have re-run it several times.  I will get the GMER log posted shortly.

Did the Rootrepeal log find nothing at all, or nothing that you recognized?  Just to confirm my understanding.

It reported that it found 0 Stealth Objects and 0 Hidden Services

Here is the GMER results from Devices to the end:

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                  aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                                      tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                                       tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                           tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                                        tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                                       tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Cdfs \Cdfs                                                                                                  tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@start                                                                  1
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@type                                                                   1
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@imagepath                                                              \systemroot\system32\drivers\MSIVXjptxtrjxgsbufkpaguqugpyoukdwabne.sys
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@group                                                                  file system
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules                                                               
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXserv                                                      \\?\globalroot\systemroot\system32\drivers\MSIVXjptxtrjxgsbufkpaguqugpyoukdwabne.sys
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXl                                                         \\?\globalroot\systemroot\system32\MSIVXndwkjmcnkotxujrrkiatnoqjsixnreem.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXclk                                                       \\?\globalroot\systemroot\system32\MSIVXhcvlodnbjtgqheqtknkgukfyymvswhmg.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start                                                                  1
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type                                                                   1
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath                                                              \systemroot\system32\drivers\MSIVXjptxtrjxgsbufkpaguqugpyoukdwabne.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group                                                                  file system
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules                                                               
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv                                                      \\?\globalroot\systemroot\system32\drivers\MSIVXjptxtrjxgsbufkpaguqugpyoukdwabne.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl                                                         \\?\globalroot\systemroot\system32\MSIVXndwkjmcnkotxujrrkiatnoqjsixnreem.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk                                                       \\?\globalroot\systemroot\system32\MSIVXhcvlodnbjtgqheqtknkgukfyymvswhmg.dll

---- EOF - GMER 1.0.15 ----
 

Dbeare:

Lovely!  Quads will be along later with one or two more chores for you to do.  Time zone issues slow things down for us as we are scattered all over the globe.

You can get a head start by going to this site and downloading Avenger. 

http://swandog46.geekstogo.com/avenger2/avenger2.html

Please do not attempt to do anything with it.  Quads will provide you with the information that you will need in order to use it. He may need to add more data once he looks at your Gmer log.

After you are finished, he may also ask you to go into the Avenger folder, where you will find a .zip folder.  He may ask to have that folder sent to him.

Will do, there is no huge rush on this as i’ve been working on it for a few days now.  As i’ve told my wife, this is why I run Ubuntu on my machine…lol.  Thanks again and I’ll download Avenger right away.

If enough people switch to Ubuntu and other O/S, it will take some of the heat off us Windows users while the malware writers work on that.

Hi

What happen is that Combofix didn't specifically target the Rootkit, leaving some parts behind.

With Avenger

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

3. In the "Input script here:" copy and paste the script between the lines

Drivers to disable:

MSIVXserv.sys

Drivers to delete:

MSIVXserv.sys

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\Windows\System32\drivers\MSIVXcdpppsenlsylcscnqblskitpopcfyxvb.sys

C:\WINDOWS\system32\drivers\MSIVXfpqebwwxpiswvenobbndeitvrjiwprcc.sys

C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys

C:\WINDOWS\system32\drivers\MSIVXuytmnaqqiptkkaxqoscjmihrxwtunyfi.sys

C:\Windows\system32\drivers\MSIVXwojkyruspcmcndwvtrsqfrxbcqwhqffw.sys

C:\WINDOWS\system32\\drivers\MSIVXjptxtrjxgsbufkpaguqugpyoukdwabne.sys

C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll

C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll 

C:\WINDOWS\system32\MSIVXtcpitqpqhykempvydbqnnhbnpsxftfbb.dll

C:\WINDOWS\system32\MSIVXgyusdbpapbginsojyucbcvvrtuhvwlnr.dll

C:\WINDOWS\system32\MSIVXxqfgfomfgbghveijmpekagedsvidtqfm.dll

C:\WINDOWS\System32\MSIVXedopmooyitxvmoohvyxeqwskwwtwajyb.dll

C:\WINDOWS\System32\MSIVXqexdxmxerxnimqrsmftejymvnxurvanw.dll

C:\WINDOWS\System32\MSIVXgmyithoahayunktybsjmrxutchtopeax.dll

C:\WINDOWS\System32\MSIVXvmxvyltxeqmdyirbpohftxtopikpvaxh.dll

C:\WINDOWS\System32\MSIVXndwkjmcnkotxujrrkiatnoqjsixnreem.dll

C:\WINDOWS\System32\MSIVXhcvlodnbjtgqheqtknkgukfyymvswhmg.dll

C:\WINDOWS\System32\MSIVXcount

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX 

Click "Execute" that should check for all of it and remove any left behind.

Quads 

I ran Avenger and it got rid of several things, but NIS is still popping up and saying i’m infected with Infostealer.  I’ve re-run ComboFix and it didn’t find anything and I’m going to re-run GMER to see if it still finds anything.  Is there possibly something I need to reset in Norton so it doesn’t keep popping this up, as everything is telling me that my computer is clean now.  Thanks again for everything!

Sometimes Norton will still warn about things that have been removed by another program.  If this is the problem, this should work.  Scroll down the post to "The Fix"

 http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=45354&query.id=179904#M45354

Let us know if that works.

This bit

Workaround

THE FIX:
It is not necesary to erase the complete Qbackup folder, neither you need to boot in safe mode also. QBackup folder (Quarantine Backup) is used by Norton AntiVirus component to store backup recoveries of repaired and removed threats when you fix/remove threats during the scan. It may also contain information about threats detected and retains the remediated data in your computer itself. It will be automatically recreated by Norton program when you run scan next time.
So to FIX this problem. Just open NIS2009 history,  GO to "unresolved security risk" Press "Remove*" the item failed to remove, wait for the "failed to remove" status, this will update the "*.qbi" file which have the history of the unresolved items. Then go to NIS2009 settings, go to "miscellaneous setting" and disable the Norton Product Tamper Protection under Miscellanious Settings. Then open your windows explorer and go to
  "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup"
and erase your most recently (updated, newly)  "*.QBI" file. The asteric it a long number as "{DDAB4332-ED04-4898-9C20-D231FDC4B0C5}.qbi" it will be a small file 1-10 KB. Only deleted this file. Close Windows explorer, go to NIS2009 reactived the  Norton Product Tamper Protection under Miscellanious Settings and you can enter to the HISTORY and you will find it is empty (clear).

Hope this will help to not erase the hole (complete) "Qbackup folder".

BEST REGARDS (SALU2 PARA LA RAZA)
TUFE (aka JC.WILCOX or SABROSO)

Quads 

I have been working for a couple of days trying to get rid of this.  Norton Internet Security keeps detecting it as Infostealer and gives several files beginning with msivx*.dll located in globalroot/systemroot/system32 that I can't find in my windows/system32 folder.  I have run avast anti-virus, along with malwarebytes anti-malware and removed a lot of stuff, but still am getting that this is being found by Norton.  I have run Combofix as well, and it is showing MSIVXSERV.SYS and MYWEBSEARCHSERVICE listed in the Drivers/Services.  I don't know where to go from here, does anyone have any help they can offer?  Thanks!

Sincerely,

Dustin Beare

Worked great, everything appears to be clean now.  Thank you both very much for your time and assistance. 

Hi dBeare, If you push one of those green buttons that you see in each post, it will mark the problem as solved for future users.  Choose the one that aided you in the solution.