X-Rigger said:
I need some help getting my Laptop back.
I had some crap in msconfig startup such as:
kybrdff_18
dfndrff_E2
kpmnleuA
cselect
glossary
I deleted them out of the registry, but it did not help any.
Any time I try to install anything to clean it up it shuts it down. I even
triued Windows Defender and it shut it down. I tried safemode but could do
nothing.
I can run Adaware & spybot but they say everything is okay. I try to run AVG
anf it tries to open but closes right away.
Some services disable each time I reboot so I cannot run Windows Update
either.
Automatic Updates
ClipBook {wont start either]
Messenger
Network DDE
Network DDE DSDM [This has to be started before the other DDE will start]
Security Center
Windows Firewall/ICS [Cannot open the properties to change it to manual or
automatic]
Any ideas will be gratefully appreciated
Bruce
If you're deleting registry entries you aren't affecting the files.
These files will probably be in one or more of any of the temporary internet
files folders, or temp folders. As well, they will probably be in the
\Windows and \Windows\System32 folders, and likely marked as hidden and
system. And, these specific files are probably being generated by
something else in one of the same places. They may be .exe or .dll files.
To get rid of them, you need to delete these files as well as the registry
entries. And you need to shut off System Restore, because the restore
points will be compromised.
If you can boot to Safe Mode, use Hijack This to help identify the files
and the keys they are regenerating.
http://www.spywareinfo.com/~merijn/programs.php#hijackthis
Do a search for content.ie5, and delete all the folders it finds. There
will be at least one for each account. they will be regenerated.
Deleting these can take some time. Also search for all temp folders, and
empty them. ccleaner can help greatly with this, but you may have problems
installing.
www.ccleaner.com
Process Explorer can show you the names of the files that are actually
loaded and running, which is a huge help:
http://www.sysinternals.com/Utilities/ProcessExplorer.html
Also, go to a command prompt, navigate to the Windows and system32 folders,
and issue this command:
dir /ah
and you will see a list of the files and folders marked as hidden. there
should be some, but if you see the files you are suspicious of, change their
attributes with this command:
attrib -s -h <filename.ext>
once that's done, you will be able to view the files in Explorer, and to
rename them (to *.bad, for example) or delete them.
In Explorer, go to those two folders and sort by date. If you see files
that were *just* created, you can be suspicious. As well, sort by
extension and look carefully at each .exe and .dll file. If you find one
that should *not* be there, check its date, re-sort by date, and you may
find other related files with the same datestamp.
If you can remove the drive and attach it to a USB case or connector on a
running XP install, you can then scan it with an online virus scanner, such
as Trend Micro's Housecall. This will be up to date and relatively immune
to compromise.
http://housecall.trendmicro.com/
While you have the drive out, you can back up your data files. Be sure
that virus scanning software is running and up to date as you do this; it
will monitor the files as they are copied and notify you of infection.
HTH
-pk