• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Weird Problem with Recycle Bin - Help

colinm1

OSNN Junior Addict
#1
A weird problem has just started with my Recycle Bin

If I delete files from C: HDD to recycle bin they do not show up in bin, also shows 0 bytes in bin. However if I right click and ask to empty bin, usual message askes " Do you want to delete these 7 files".

If I delete files from my second HDD D: they show up no problem, with appropriate no of bytes.

I have not installed any software and made no alteration to any of my window settings.

Have checked everything but this has got me beat, only started yesterday out of the blue, would appreciate any help on resolving this as very confusing not knowing if recycle bin contains any files awaiting deletion.

Thanks for your help.
 

mac1

OSNN Addict
#2
you could try this, it's actully for if the recycle bin is missing from the desktop, but you never know it might work.

copy the text below "between the lines" into notepad and save as a .reg file to somewhere like the desktop, then click it to run which will enter the details into the registry, reboot.

........................................................................

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
@="Shell32.dll,31"
"Full"="Shell32.dll,32"
"Empty"="Shell32.dll,31"
............................................................................

mac1
 

yoyo

_________________
#3
Do you by chance also get random IE popups since the problem started?

This recycle bin problem may be a side effect of a VX2 infection.

Copy and paste this command into Start - Run:

cmd /c more C:\Recycler\desktop.ini >> "%userprofile%\desktop\look.txt"

That should create a file look.txt on your desktop. Post the content here.
 

ksgareau

OSNN One Post Wonder
#4
Recycle-less bin...

Hi, I have the same problem on my WIN2K box. Here are my results...

[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{1E555F55-542A-4B7F-BC87-B105FCCF8B6D}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>


What does it mean?



yoyo said:
Do you by chance also get random IE popups since the problem started?

This recycle bin problem may be a side effect of a VX2 infection.

Copy and paste this command into Start - Run:

cmd /c more C:\Recycler\desktop.ini >> "%userprofile%\desktop\look.txt"

That should create a file look.txt on your desktop. Post the content here.
 

ksgareau

OSNN One Post Wonder
#6
Please forgive me for asking this... how do I know I can safely run this? I suppose it's a matter of trust... please give me a warm and fuzzy abuout this.
 

VenomXt

Blame me for the RAZR's
#7
i vouch for him. everyone here wants to help. we dont get pleasure out of messing up your comp more.. you would just have to post more about it.
 

j79zlr

Glaanies script monkey
Political User
#8
read the batch file, nothing mailicious. All it does is search for known string values for this spyware in system files.
 

ksgareau

OSNN One Post Wonder
#10
Hey Rocky, watch me pull a rabbit out of my hat....

Here's the output...
:rolleyes:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.
Find.bat is running from: C:\Documents and Settings\kgareau\Desktop\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

12/06/2004 11:32a <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 12,581,941,248 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

12/06/2004 11:32a <DIR> dllcache
07/13/2001 01:19p <DIR> GroupPolicy
07/13/2001 12:36p 21,692 folder.htt
07/13/2001 12:36p 271 desktop.ini
2 File(s) 21,963 bytes
2 Dir(s) 12,581,941,248 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32


------ Temp Files in System32 Directory ------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

05/21/2003 09:18a 44,032 msxml3r.tmp
05/21/2003 09:18a 24,576 msxml3a.tmp
12/19/2002 12:06p 1,129,472 msxml3.tmp
12/07/1999 04:00a 2,577 CONFIG.TMP
4 File(s) 1,200,657 bytes
0 Dir(s) 12,581,941,248 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"YComp 5.0.0.0"="Yahoo! Companion"


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\dtnetlib.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


------------- Locate.com Results -------------

No matches found.

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------


-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"OfficeScanNT Monitor"="\"C:\\Program Files\\OfficeScan NT\\pccntmon.exe\" -HideWindow"
"CClient"="C:\\PROGRA~1\\TALLYS~1\\TSCensus\\bin\\cclient.exe"
"Logitech Utility"="Logi_MwX.Exe"
"SoDA Startup"="C:\\Program Files\\Rational\\SoDAWord\\Wizards\\SodaStartup.exe StartUp"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



 

j79zlr

Glaanies script monkey
Political User
#13
I just missed your reply I guess.

Your output.txt log does not show any infection though. We can try the new removal tool though, download:

http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
 

ksgareau

OSNN One Post Wonder
#14
Ok, done.
Here's the log...

Just to let you know... my only symptom is that my recycle bin doesn't work (and I can't make it work). There doesn't appear to be any other problem. I'm sure it was caused by some "malware" because this condition began after I went to a "lyrics" site that immediately began downloading files that our corporate anti-virus caught... I quickly baled out of the site before it could finish and immediately began cleaning things up. The corporate AV got really testy about some of the stuff that was being forced at me... Long and short of it is that I was left with a recycle bin that doesn't work but whose icon shows full (permanently)...

Hope that helps...

L2MFIX find log 1.01
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\dtnetlib.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"YComp 5.0.0.0"="Yahoo! Companion"

**********************************************************************************
Files Found are not all bad files:

No matches found.
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

12/06/2004 11:32a <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 12,561,424,384 bytes free
 

jw50

OSNN Senior Addict
#16
j79zlr,

The l2mfix is supposed to fix the recycle bin on both NTFS and FAT32 so it might fix the recycle bin even if the malware has already been removed.
 

j79zlr

Glaanies script monkey
Political User
#18
Ok, try this open up the command prompt, go to Start > Run > "cmd"

enter the following commands:

attrib -r -s -h %systemdrive%\Recycler\desktop.ini
del %systemdrive%\Recycler\desktop.ini


Reboot, and hopefully your recycle bin should be working now.
 

Members online

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,013
Latest member
Pdawgintown