I too have the extremely annoying MSIVX rootkit on my computer. It doesn't seem to like Norton at all! I initially couldn't access NIS '09 or the Web so I had to go to safe mode to download MBAM. After I renamed it, MBAM found and got rid of a trojan DNS changer but couldn't get rid of the MSIVX rootkit. I have had to uninstall and reinstall NIS several times to get my machine to stop freezing, crashing, refusing to restart, et cetera. I currently do NOT have NIS installed due to the myriad of problems I've experienced related to it.
After doing some research, it appears that Quads may have the answers to my problems. I've got Root Repeal, GMER, and Avenger standing by ready for action. I've also uninstalled Spybot S&D.
I ran RootRepeal before but when I just tried again it gave me this: DeviceIoControl Error! Error Code = 0xc0000001. I have the earlier RootRepeal log if it is needed.
I think I may have started Avenger?
Here's my gmer log:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-30 21:33:43
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXwqrdqmcsxiumkiewehxkxvmmqyvvqyng.dll
Reg HKLM\SYSTEM\ControlSet001\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXfytrqmuupoegtloxggjoxcvhclxjqvlf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXwqrdqmcsxiumkiewehxkxvmmqyvvqyng.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXfytrqmuupoegtloxggjoxcvhclxjqvlf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXwqrdqmcsxiumkiewehxkxvmmqyvvqyng.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXfytrqmuupoegtloxggjoxcvhclxjqvlf.dll
---- Files - GMER 1.0.15 ----
File C:\Avenger\MSIVXcount 4 bytes
File C:\Avenger\MSIVXcount-ren-444 4 bytes
File C:\Avenger\MSIVXcount-ren-470 4 bytes
File C:\WINDOWS\system32\MSIVXcount 4 bytes
File C:\WINDOWS\system32\MSIVXfytrqmuupoegtloxggjoxcvhclxjqvlf.dll 56320 bytes executable
File C:\WINDOWS\system32\MSIVXwqrdqmcsxiumkiewehxkxvmmqyvvqyng.dll 23552 bytes executable
File C:\WINDOWS\system32\drivers\MSIVXbdewufkxvmdckqaturfhmxufxvakqpko.sys 78336 bytes executable <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----