Recycle bin empty, where are files?

soul b · 03-18-2005, 12:11 PM

I recently posted this in the Windows XP forum and they tried to help but directed me here. When I delete my files they don't go to the recycle bin, and my computer asks me if I'm sure I want to delete them. I've checked to make sure my recycle bin properties are in order and they are. Also, the first time this happened, I noticed an extra my computer icon on the destop, as well as a my network places icon that was never there before after I rebooted my computer. I immediately deleted them, but they didn't show up in the recycle bin either. The bin is just empty, and the empty recycle bin option is greyed out. I've completed the Adaware, SBSD, HJT scans and did a full virus scan with AVG. I did not use the online scan, because last time I tried on this particular computer, it crashed. Please help once more, if it's not too much trouble.

Peace,
Soul

Here is my HJTA log:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:58:37 PM, on 3/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11a43a0a...p/RdxIE601.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

End of KRC HijackThis Analyzer Log.
====================================================================

greyknight17 · 03-18-2005, 12:23 PM

OK, I think I know what the problem is here.

Is that the only problem you are experiencing now? We'll fix that up now.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

c:\recycler\desktop.ini

Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.i...llInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11a43a0...ip/RdxIE601.cab

Restart and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

Go to c:\windows\system32\drivers\etc and open up the hosts file (no extensions) up in Notepad. There should be a bunch of lines with a # in front of them followed by a single line like:

127.0.0.1 localhost

If you have anything after that, please post them here.

soul b · 03-18-2005, 12:49 PM

There was no c:\recycler\desktop.ini on the computer. I looked and did a search. I deleted the HJT entries and when I opened the host file in notepad it was empty. I await your instruction.

soul

greyknight17 · 03-18-2005, 02:04 PM

Did you use KillBox to delete that file (c:\recycler\desktop.ini)? Is hidden/system files and folders enabled?

soul b · 03-20-2005, 11:43 AM

I couldn't find the file but I copied and pasted c:\recycler\desktop.ini from your post into the killbox program. I found the recycler after unhidding my system files, but when I opened it there was nothing in it. I checked the properties on it, and it said that it contains 150 files and 6 folders. Am I being hacked???

Soul

greyknight17 · 03-20-2005, 05:15 PM

Probably not. Are you still having problems with the recycle bin?

If so, go to Start->Run and type in cmd and hit OK. Then type in each of the following (hitting Enter after each line):

del /q c:\recycler\*.*
del /q a:h c:\recycler\*.*
exit

Try deleting files now.

soul b · 03-21-2005, 08:22 AM

Still having the recycle bin problem. This is what happened at the command prompt starting from c:

del /q c:\recycler\*.* - The system could not find the path specified
del /q a:h c:\recycler\*.* - The device is not ready

This is not normal right???

greyknight17 · 03-21-2005, 08:31 PM

Not sure. Try doing this in Safe Mode and see if it gives the same error.

soul b · 03-21-2005, 09:16 PM

didn't work in safe mode either.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd\

C:\>del /q c:\recycler\*.*
Could Not Find c:\recycler\*.*

C:\>del /q a:h c:\recycler\*.*
The device is not ready.

What do you think is the cause of this?

greyknight17 · 03-21-2005, 10:07 PM

Try typing these in:

dir c:\recycler\ > c:\files.txt
dir /a:h c:\recycler\ >> c:\files.txt
notepad files.txt

Post the contents here.

soul b · 03-21-2005, 10:25 PM

Here goes:

Volume in drive C is HP_PAVILION
Volume Serial Number is 7427-1CD8

Directory of c:\recycler

Volume in drive C is HP_PAVILION
Volume Serial Number is 7427-1CD8

Directory of c:\recycler

03/18/2005 01:30 PM <DIR> .
03/18/2005 01:30 PM <DIR> ..
02/13/2005 07:24 AM 165 desktop.ini
03/20/2005 04:11 PM <DIR> S-1-5-21-1417001333-1220945662-1801674531-1003
03/18/2005 01:30 PM <DIR> S-1-5-21-1417001333-1220945662-1801674531-500
09/19/2001 10:31 AM <DIR> S-1-5-21-2020637620-2857422465-3585186845-1003
09/19/2001 10:31 AM <DIR> S-1-5-21-2304659736-2826650621-2974146706-1003
01/29/2005 10:29 AM <DIR> S-1-5-21-2678003418-1294642078-4094575798-1003
09/19/2001 10:31 AM <DIR> S-1-5-21-839522115-448539723-682003330-1003
1 File(s) 165 bytes
8 Dir(s) 12,335,337,472 bytes free

greyknight17 · 03-23-2005, 08:48 AM

Go back into the command prompt (start->run type in cmd and hit Enter). Type in:

del c:\recycler\desktop.ini
exit

Restart. Any recycle bin problem now?

soul b · 03-24-2005, 10:02 PM

Didn't work.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\TEMP>cd\

C:\>del c:\recycler\desktop.ini
Could Not Find c:\recycler\desktop.ini

What do you think the problem is?

MicroBell · 03-24-2005, 11:14 PM

Open regedit and navigate to this key and check the bit....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket

There should be a DWord called NukeOnDelete and its data should be set to 0 to use the recycle bin. If it is set to 1, the recycle bin is bypassed.

If it already is set correctly.....try this...

Copy & paste the text in bold below into notepad and save it as recyclerem.bat (Set filetype to "All Files")

attrib -r -s -h %systemdrive%\Recycler
del %systemdrive%\Recycler
attrib -r -s -h %systemdrive%\Recycled
del %systemdrive%\Recycled
shutdown /r /t 0 /f

**Note** Make sure there is no extra spacings between the letters in the copy/paste commands.

Close all programs and doubleclick recyclerem.bat

Your computer will reboot and you should have a clean recycle bin.

soul b · 03-29-2005, 12:34 AM

It didn't work. after the reboot, the recycle bin seemed like it was back to normal. I rebooted the computer after testing the bin and it was back to square one. What is going on with my computer??? I'm clueless. Have you ever heard of anything like this before? I think I'm being hacked.

soul b · 03-30-2005, 10:44 AM

just moving this up

greyknight17 · 03-31-2005, 11:32 AM

OK, try this. Go to Start->Run and type in cmd and hit OK. Then type in the following:

attrib -s -r -h c:\recycler\desktop.ini
del c:\recycler\desktop.ini
exit

If that still won't fix it, try this:

Download VX2FinderNT (http://www.greyknight17.com/spy/VX2FinderNT.exe - if you have NT/2000/XP) or VX2Finder9x (http://www.greyknight17.com/spy/VX2Finder9x.exe - if you have 95/98/ME) and run it.

Click the [Restore Policy] button. This will restore the removed Debug privilege for Administrators, otherwise some utilities will not function properly.

Click on the [UserAgent$] button to remove the UserAgent key from the registry.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. After that's done, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and post the keys that you see listed there in the forum.

soul b · 04-04-2005, 09:03 PM

Thank you so much. I can now delete files with the option of restoring them from the recycle bin. The cmd thing worked even after the reboot. Thank you. You guys are the best.

Peace,
Soul

03-18-2005, 12:11 PM	#1 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	Recycle bin empty, where are files? I recently posted this in the Windows XP forum and they tried to help but directed me here. When I delete my files they don't go to the recycle bin, and my computer asks me if I'm sure I want to delete them. I've checked to make sure my recycle bin properties are in order and they are. Also, the first time this happened, I noticed an extra my computer icon on the destop, as well as a my network places icon that was never there before after I rebooted my computer. I immediately deleted them, but they didn't show up in the recycle bin either. The bin is just empty, and the empty recycle bin option is greyed out. I've completed the Adaware, SBSD, HJT scans and did a full virus scan with AVG. I did not use the online scan, because last time I tried on this particular computer, it crashed. Please help once more, if it's not too much trouble. Peace, Soul Here is my HJTA log: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 1:58:37 PM, on 3/18/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11a43a0a...p/RdxIE601.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe End of KRC HijackThis Analyzer Log. ====================================================================

03-18-2005, 12:23 PM	#2 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	OK, I think I know what the problem is here. Is that the only problem you are experiencing now? We'll fix that up now. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): c:\recycler\desktop.ini Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.i...llInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11a43a0...ip/RdxIE601.cab Restart and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. Go to c:\windows\system32\drivers\etc and open up the hosts file (no extensions) up in Notepad. There should be a bunch of lines with a # in front of them followed by a single line like: 127.0.0.1 localhost If you have anything after that, please post them here. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

03-18-2005, 02:04 PM	#4 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Did you use KillBox to delete that file (c:\recycler\desktop.ini)? Is hidden/system files and folders enabled? __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

03-20-2005, 05:15 PM	#6 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Probably not. Are you still having problems with the recycle bin? If so, go to Start->Run and type in cmd and hit OK. Then type in each of the following (hitting Enter after each line): del /q c:\recycler\. del /q a:h c:\recycler\. exit Try deleting files now. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

03-21-2005, 08:31 PM	#8 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Not sure. Try doing this in Safe Mode and see if it gives the same error. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

03-18-2005, 12:49 PM	#3 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	There was no c:\recycler\desktop.ini on the computer. I looked and did a search. I deleted the HJT entries and when I opened the host file in notepad it was empty. I await your instruction. soul

03-20-2005, 11:43 AM	#5 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	I couldn't find the file but I copied and pasted c:\recycler\desktop.ini from your post into the killbox program. I found the recycler after unhidding my system files, but when I opened it there was nothing in it. I checked the properties on it, and it said that it contains 150 files and 6 folders. Am I being hacked??? Soul

03-21-2005, 08:22 AM	#7 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	Still having the recycle bin problem. This is what happened at the command prompt starting from c: del /q c:\recycler\. - The system could not find the path specified del /q a:h c:\recycler\. - The device is not ready This is not normal right???

03-21-2005, 09:16 PM	#9 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	didn't work in safe mode either. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Administrator>cd\ C:\>del /q c:\recycler\. Could Not Find c:\recycler\. C:\>del /q a:h c:\recycler\. The device is not ready. What do you think is the cause of this?

03-21-2005, 10:07 PM	#10 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Try typing these in: dir c:\recycler\ > c:\files.txt dir /a:h c:\recycler\ >> c:\files.txt notepad files.txt Post the contents here. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

03-21-2005, 10:25 PM	#11 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	Here goes: Volume in drive C is HP_PAVILION Volume Serial Number is 7427-1CD8 Directory of c:\recycler Volume in drive C is HP_PAVILION Volume Serial Number is 7427-1CD8 Directory of c:\recycler 03/18/2005 01:30 PM <DIR> . 03/18/2005 01:30 PM <DIR> .. 02/13/2005 07:24 AM 165 desktop.ini 03/20/2005 04:11 PM <DIR> S-1-5-21-1417001333-1220945662-1801674531-1003 03/18/2005 01:30 PM <DIR> S-1-5-21-1417001333-1220945662-1801674531-500 09/19/2001 10:31 AM <DIR> S-1-5-21-2020637620-2857422465-3585186845-1003 09/19/2001 10:31 AM <DIR> S-1-5-21-2304659736-2826650621-2974146706-1003 01/29/2005 10:29 AM <DIR> S-1-5-21-2678003418-1294642078-4094575798-1003 09/19/2001 10:31 AM <DIR> S-1-5-21-839522115-448539723-682003330-1003 1 File(s) 165 bytes 8 Dir(s) 12,335,337,472 bytes free

03-23-2005, 08:48 AM	#12 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Go back into the command prompt (start->run type in cmd and hit Enter). Type in: del c:\recycler\desktop.ini exit Restart. Any recycle bin problem now? __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

03-24-2005, 10:02 PM	#13 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	Didn't work. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\TEMP>cd\ C:\>del c:\recycler\desktop.ini Could Not Find c:\recycler\desktop.ini What do you think the problem is?

03-24-2005, 11:14 PM	#14 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Open regedit and navigate to this key and check the bit.... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket There should be a DWord called NukeOnDelete and its data should be set to 0 to use the recycle bin. If it is set to 1, the recycle bin is bypassed. If it already is set correctly.....try this... Copy & paste the text in bold below into notepad and save it as recyclerem.bat (Set filetype to "All Files") attrib -r -s -h %systemdrive%\Recycler del %systemdrive%\Recycler attrib -r -s -h %systemdrive%\Recycled del %systemdrive%\Recycled shutdown /r /t 0 /f Note Make sure there is no extra spacings between the letters in the copy/paste commands. Close all programs and doubleclick recyclerem.bat Your computer will reboot and you should have a clean recycle bin. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

03-29-2005, 12:34 AM	#15 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	It didn't work. after the reboot, the recycle bin seemed like it was back to normal. I rebooted the computer after testing the bin and it was back to square one. What is going on with my computer??? I'm clueless. Have you ever heard of anything like this before? I think I'm being hacked.

03-30-2005, 10:44 AM	#16 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	just moving this up

03-31-2005, 11:32 AM	#17 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	OK, try this. Go to Start->Run and type in cmd and hit OK. Then type in the following: attrib -s -r -h c:\recycler\desktop.ini del c:\recycler\desktop.ini exit If that still won't fix it, try this: Download VX2FinderNT (http://www.greyknight17.com/spy/VX2FinderNT.exe - if you have NT/2000/XP) or VX2Finder9x (http://www.greyknight17.com/spy/VX2Finder9x.exe - if you have 95/98/ME) and run it. Click the [Restore Policy] button. This will restore the removed Debug privilege for Administrators, otherwise some utilities will not function properly. Click on the [UserAgent$] button to remove the UserAgent key from the registry. Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. After that's done, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and post the keys that you see listed there in the forum. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-04-2005, 09:03 PM	#18 (permalink)
soul b Registered User Join Date: Jan 2005 Posts: 22 OS: XP	Thank you so much. I can now delete files with the option of restoring them from the recycle bin. The cmd thing worked even after the reboot. Thank you. You guys are the best. Peace, Soul