Remove Virus, Hijackthis log included

Well the instructions clearly said not turn on Kaspersky's resident protection
. thats ok, BUT you should turn off Nortons auto protect. since you did make that minor error i have my doubts Kaspersky was updated properly, and with the extended database as the tutorial mention's. Please go read the tutorial once again.


Are these files, and folder present ?

C:\WINDOWS\isrvs <<< delete that folder
C:\WINDOWS\system32\boln.dll
C:\WINDOWS\system32\drivers\delprot.sys <<<<

If delprot is there do this then try to delete the file
Click on start, then run, and type cmd and press the ok button. Then type the following, type
sc delete delprot
and hit enter, then exit.

Download this batch file to your desktop, run it and post the results please.
http://forums.net-integration.net/index.php?act=Attach&type=post&id=134213

 

sorry i did not know that real time protection was on. I think that it automatically just stayed on since i installed in on the computer. However after turning that off my computer is now running at full speed. It would not let me delete the C:\WINDOWS\isrvs and the second one i couldn't find. The third one i found and followed your instructions. Here are the resutls for that program i had to run.

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ
DeviceNotSelectedTimeout REG_SZ 15
GDIProcessHandleQuota REG_DWORD 0x2710
Spooler REG_SZ yes
swapdisk REG_SZ
TransmissionRetryTimeout REG_SZ 90
USERProcessHandleQuota REG_DWORD 0x2710

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
NetWarn REG_SZ 0
Device REG_SZ Canon i560,winspool,LPT1:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
DisableSR REG_DWORD 0x0
CreateFirstRunRp REG_DWORD 0x1
DSMin REG_DWORD 0xc8
DSMax REG_DWORD 0x190
RPSessionInterval REG_DWORD 0x0
RPGlobalInterval REG_DWORD 0x15180
RPLifeInterval REG_DWORD 0x76a700
CompressionBurst REG_DWORD 0x3c
TimerInterval REG_DWORD 0x78
DiskPercent REG_DWORD 0xc
ThawInterval REG_DWORD 0x384
RestoreDiskSpaceError REG_DWORD 0x0
RestoreStatus REG_DWORD 0x1
RestoreSafeModeStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center
FirstRun REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x1
FirewallOverride REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\mfiltis
Date REG_SZ 3/3/2005
Excl REG_SZ
Sites REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_delprot
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_delprot\0000

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \SystemRoot\system32\drivers\delprot.sys
DisplayName REG_SZ delprot
DeleteFlag REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot\Security

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot\Enum

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
<NO NAME> REG_SZ Microsoft VM
ComponentID REG_SZ JAVAVM
IsInstalled REG_BINARY 01000000
Locale REG_SZ EN
KeyFileName REG_SZ C:\WINDOWS\System32\msjava.dll
Version REG_SZ 5,0,3810,0

 

Hello
I didnt suggest turning Off Kaspersky yet.

Download the attachment near the bottom of this post to your desktop.

Disconnect from the internet, rightclick on the file choose rename, and rename it to Fixme.reg, then run it and answer yes to the prompt.

Restart your PC into safe mode

delete
C:\WINDOWS\isrvs <<< delete that folder
C:\WINDOWS\system32\boln.dll delete
C:\WINDOWS\system32\drivers\delprot.sys <<<< delete
I suggest you do a full system scan with Both Norton and Kaspersky while still in safe mode. one at a time.



Restart back to a normal windows session., run new2bat.bat and post the results please and a fresh hijackthis log

 

did the run cmd trick and here are my results after running bat


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ
DeviceNotSelectedTimeout REG_SZ 15
GDIProcessHandleQuota REG_DWORD 0x2710
Spooler REG_SZ yes
swapdisk REG_SZ
TransmissionRetryTimeout REG_SZ 90
USERProcessHandleQuota REG_DWORD 0x2710

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Device REG_SZ EPSON Stylus C84 Series,winspool,Ne00:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
DisableSR REG_DWORD 0x0
CreateFirstRunRp REG_DWORD 0x1
DSMin REG_DWORD 0xc8
DSMax REG_DWORD 0x190
RPSessionInterval REG_DWORD 0x0
RPGlobalInterval REG_DWORD 0x15180
RPLifeInterval REG_DWORD 0x76a700
CompressionBurst REG_DWORD 0x3c
TimerInterval REG_DWORD 0x78
DiskPercent REG_DWORD 0xc
ThawInterval REG_DWORD 0x384
RestoreDiskSpaceError REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center
FirstRun REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\clsid\{5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}
<NO NAME> REG_SZ IE Update Class

HKEY_CLASSES_ROOT\clsid\{5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}\InprocServer32

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}
<NO NAME> REG_SZ IE Update Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}\InprocServer32

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\mfiltis
Date REG_SZ 3/18/2005
Excl REG_SZ
Sites REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_delprot
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_delprot\0000

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \SystemRoot\system32\drivers\delprot.sys
DisplayName REG_SZ delprot
DeleteFlag REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot\Security

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprot\Enum

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
<NO NAME> REG_SZ Java (Sun)
ComponentID REG_SZ JAVAVM
IsInstalled REG_DWORD 0x1
KeyFileName REG_SZ C:\Program Files\Java\jre1.5.0_02\bin\regutils.dll
Version REG_SZ 5,0,5000,0
Locale REG_SZ EN

 

Are you CyberDude ?