undeleteable file

Ive tried 5 different programs to remove spyware from my computer. They found and deleted some but missed others. I have found(by virture of Internet security) other files that try to access the internet but I cant delete them! I tried the attrib command -r but it still won't allow the files to be deleted! How do they do that? Is there a way to erase these files and folders?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

annasAuthor Commented:
I'm afraid that was too easy! the instruction said #1 turn off simple file sharing. those instructions didn't match up with the layout of mycomputer in XP anyway. there was no "tools folder" or any other tabs.
I decided to try to take ownership of the folder anyway. Right-clicked -properties-advanced got just one dialog box no tabs. No security tab and no owner tab.

In short none of the instructions pertained to my OS at all!
what OS is yours ?

Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

mOst spyware files that cannot be deleted are in use.  You will not see them in your processes list because they register themselves as system services rather than executable processes.  For many of them, you can go to your services.msc console and stop their services, then they can be deleted.
annasAuthor Commented:
I have WinXp Pro. What is services.msc console
Boot into safe mode.  (press f8 once per second repeatedly during bootup to get the menu - its only available for a short period, so you might miss it.)
Take ownership of the files and reset the permissions on everything so that you explicitly have full control.  Then try and delete it from the directory.  ALSO, look in the registry, (regedit.exe) and do a search for the file name.  If you find it, erase the entry.

BE WARNED.  If this file is needed by the operating system you can really screw yourself up.  Registry editing is not for the feignt of heart.
annasAuthor Commented:
taking ownership of files is what has me defeated right now Every link  to every tutorial leads to a tutorial that doesn't work. Spyware Nuker is one of the worst ones. as long as I have there webpage on I can type normally. but otherwise i can't. the typing is slow and suddleny without warning, jumps to uppercase. judging from what they say on their webpage, I know its them. they say "does your computer slow down...etc, it may have spyware on it. Their webpage open in a new window and I'm often unaware of it. I would like to eliminate them but i don't know how. This sort of thing should be a federal crime!
Just to make sure, did you use ad-aware yet?
the 100% guaranteed way to remove spyware/virii/etc

format C:

>>I have WinXp Pro. What is services.msc console <<

If you enter services.msc in Start->Run you will get a service control console.
annasAuthor Commented:
focusyn, I brought up services.msc. As far as I can tell everything is proper. There was something called scriptblocker that *wasn't* running and I thought it might be a good thing to turn it on, so I did After I went to the site for spyware nuker my typing is not sluggish anymore, and I've had no further trouble from them. I found a key in the registry that said "Domains" thre must have been thousands of subkeys under it, all bearing ad sounding names. It was impossible deleting them one by one so i deleted the key "Domains". I think the spware must have created this key.

 One problem I can't get rid of though is the text box and search button that startium.com has placed in IE6. I went to the site and posted a protest but it probley be ignored.

I don't see where the $79 program "Internet Security" has brought me any security at all. I had it set to block all traffic but they came through anyway.
The most sure-fire way to make sure you are clean is to clean install the OS.  However, barring that you can get rid of things through the registry.

Here are some additional techniques.  Get TweakUI and look at what services start...track down everything, find out what it is, and where its from.  Backup the registry and delete keys that you think are not wanted.  Use the task manager to list the running processes...find them all and make sure you know what each one is.

I find the clean reinstall is faster, but if you dont want that, then this is the methodology.
Sometimes virus / trojan installed itself as service, virus scanners usually cant delete these files.
If  you know the infectious file's name, note it down, open Task Manager (Ctrl + Alt + Delete , then select Task Manager)

look for it in the list, if you find it, let say its called "iamvirus.exe", right click on it and select 'End Process Tree'
if that fails, go into Control Panel and find your way to Administrative Tools , then Service, sort the services
by its staus, eg. Started, Stopped, using the column name on the top, now, go through the started services
which you would suspect it to be the troubled ones.  You may have to double click on each one of them and
see the actual file name.

I had this keylogger installed on my machine as service, I couldnt delete or stop it no matter what i do, until
I went into the Service window, stopped it, and removed it.

THe startium toolbar installs and registers it's own DLL's
You must manually go and unregister the DLLs with regsvr32
Th DLLs are:
C\windows\downloaded program files\bbarwnd.dll
c:\windows\downloaded program files\letssearchie.dll

***Kill the processes***
First thing you want to do is close all internet explorer windows, go in the task mabnager under processes and kill all instances of "letssearch.exe" and/or "uptodate.exe"

***Unregister the DLLs***
go to STart->Run and enter:
RegSvr32 /u C\windows\downloaded program files\bbarwnd.dll
and then
RegSvr32 /u c:\windows\downloaded program files\letssearchie.dll
This will unregister the two dlls, which are the control files for adding the garbage to Internet Explorer.  

***Clean up the registry***
Then run regedit and delete the following keys:
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{f20ae630-6de2-43ca-a988-7cd40c36ef0b}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{07b7f771-1b8e-4b7b-823e-ffac1732aa9e}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{337d0c1d-4053-4fab-af2b-45c2f7b0faa6}

***Delete the files***
Now go through Windows Explorer and delete the following list of files:
c:\Windows\downloaded program files\bbarwnd.dll
c:\Windows\downloaded program files\conflict.1\letssearch.exe
c:\Windows\downloaded program files\letssearch.exe
c:\Windows\downloaded program files\letssearchie.dll
c:\Windows\downloaded program files\lstoolbarconfig.inf
 Find the directory called "letssearch" which should be in C:\Program Files\ and delete it as well

Enjoy a computer without their POS software mucking it up

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.