Norton may have deleted the files after the infection was broken.
20:37:00.0292 2484 lvsrvlauncher (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\parport.dll
20:37:00.0417 2484 Suspicious file (NoAccess): C:\WINDOWS\system32\parport.dll. md5: 11028c6a84a967070cb1286550f2058f
20:37:00.0417 2484 lvsrvlauncher ( Backdoor.Multi.ZAccess.gen ) - infected
20:37:00.0417 2484 lvsrvlauncher - detected Backdoor.Multi.ZAccess.gen (0)
20:37:12.0527 2484 venturi2 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\TSHWMDTCP.dll
20:37:12.0589 2484 Suspicious file (NoAccess): C:\WINDOWS\system32\TSHWMDTCP.dll. md5: 11028c6a84a967070cb1286550f2058f
20:37:12.0589 2484 venturi2 ( Backdoor.Multi.ZAccess.gen ) - infected
20:37:12.0589 2484 venturi2 - detected Backdoor.Multi.ZAccess.gen (0)
Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
- Ensure that Combofix is saved directly to the Desktop <--- Very important
- Disable all security programs as they will have a negative effect on Combofix,
- Close any open browsers and any other programs you might have running
Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it.
Now drag the CFScript.txt into the ComboFix.exe
- If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
- When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
*EXTRA NOTES*
- If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
- If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
- If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
Quads
That has taken care of the main Rootkit
Now time to scan the hole system to find anything else before using another program to do the final script cleanup
Please read carefully
Please scan with ESET next Using Internet Explorer
I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Click on
- Check
- Click the
button. - Accept any security warnings from your browser.
- Under scan settings, check
and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load). - Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- Attach the resulting log in your next reply
If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Quads
Ok
1) Go into the Add / Remove Programs and select to shows Windows updates, so they are now also listed.
Find the update KB2536276-v2 and uninstall it, we will install a fresh copy later.
Download to your desktop the XP_netsvcs.reg.txt Right click the attachment link nd select "Save Link as" then the dialog box appears and you can take the .txt part off. Then run the file and have the data added to the registry.
3) Download OTL hxxp://oldtimer.geekstogo.com/OTL.exe (change the hxxp to http) save it to your Desktop.
Double click on OTL.exe to run it. Right click OTL.exe and select run as administator for Vista and Win 7.
Click the Scan All Users checkbox.
Change file age to 60 days
under 
Copy and paste what is below between the lines
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
mrxsmb.sys
/md5stop
Press the 
Quads
- �1995 - 2013 Symantec Corporation Legal Notice License Agreement Privacy Policy Cookies Site Map RSS
