Weird Problem with Recycle Bin - Help

colinm1

OSNN Junior Addict
Joined
10 Mar 2004
Messages
15
A weird problem has just started with my Recycle Bin

If I delete files from C: HDD to recycle bin they do not show up in bin, also shows 0 bytes in bin. However if I right click and ask to empty bin, usual message askes " Do you want to delete these 7 files".

If I delete files from my second HDD D: they show up no problem, with appropriate no of bytes.

I have not installed any software and made no alteration to any of my window settings.

Have checked everything but this has got me beat, only started yesterday out of the blue, would appreciate any help on resolving this as very confusing not knowing if recycle bin contains any files awaiting deletion.

Thanks for your help.
 
you could try this, it's actully for if the recycle bin is missing from the desktop, but you never know it might work.

copy the text below "between the lines" into notepad and save as a .reg file to somewhere like the desktop, then click it to run which will enter the details into the registry, reboot.

........................................................................

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
@="Shell32.dll,31"
"Full"="Shell32.dll,32"
"Empty"="Shell32.dll,31"
............................................................................

mac1
 
Do you by chance also get random IE popups since the problem started?

This recycle bin problem may be a side effect of a VX2 infection.

Copy and paste this command into Start - Run:

cmd /c more C:\Recycler\desktop.ini >> "%userprofile%\desktop\look.txt"

That should create a file look.txt on your desktop. Post the content here.
 
Recycle-less bin...

Hi, I have the same problem on my WIN2K box. Here are my results...

[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{1E555F55-542A-4B7F-BC87-B105FCCF8B6D}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>


What does it mean?



yoyo said:
Do you by chance also get random IE popups since the problem started?

This recycle bin problem may be a side effect of a VX2 infection.

Copy and paste this command into Start - Run:

cmd /c more C:\Recycler\desktop.ini >> "%userprofile%\desktop\look.txt"

That should create a file look.txt on your desktop. Post the content here.
 
Please forgive me for asking this... how do I know I can safely run this? I suppose it's a matter of trust... please give me a warm and fuzzy abuout this.
 
i vouch for him. everyone here wants to help. we dont get pleasure out of messing up your comp more.. you would just have to post more about it.
 
read the batch file, nothing mailicious. All it does is search for known string values for this spyware in system files.
 
Got it.. thanks, I'll post the results. Sorry, I'm just a little head-shy...
 
Hey Rocky, watch me pull a rabbit out of my hat....

Here's the output...
:rolleyes:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.
Find.bat is running from: C:\Documents and Settings\kgareau\Desktop\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

12/06/2004 11:32a <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 12,581,941,248 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

12/06/2004 11:32a <DIR> dllcache
07/13/2001 01:19p <DIR> GroupPolicy
07/13/2001 12:36p 21,692 folder.htt
07/13/2001 12:36p 271 desktop.ini
2 File(s) 21,963 bytes
2 Dir(s) 12,581,941,248 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32


------ Temp Files in System32 Directory ------

Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

05/21/2003 09:18a 44,032 msxml3r.tmp
05/21/2003 09:18a 24,576 msxml3a.tmp
12/19/2002 12:06p 1,129,472 msxml3.tmp
12/07/1999 04:00a 2,577 CONFIG.TMP
4 File(s) 1,200,657 bytes
0 Dir(s) 12,581,941,248 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"YComp 5.0.0.0"="Yahoo! Companion"


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\dtnetlib.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


------------- Locate.com Results -------------

No matches found.

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------


-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"OfficeScanNT Monitor"="\"C:\\Program Files\\OfficeScan NT\\pccntmon.exe\" -HideWindow"
"CClient"="C:\\PROGRA~1\\TALLYS~1\\TSCensus\\bin\\cclient.exe"
"Logitech Utility"="Logi_MwX.Exe"
"SoDA Startup"="C:\\Program Files\\Rational\\SoDAWord\\Wizards\\SodaStartup.exe StartUp"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



 
I just missed your reply I guess.

Your output.txt log does not show any infection though. We can try the new removal tool though, download:

http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
 
Ok, done.
Here's the log...

Just to let you know... my only symptom is that my recycle bin doesn't work (and I can't make it work). There doesn't appear to be any other problem. I'm sure it was caused by some "malware" because this condition began after I went to a "lyrics" site that immediately began downloading files that our corporate anti-virus caught... I quickly baled out of the site before it could finish and immediately began cleaning things up. The corporate AV got really testy about some of the stuff that was being forced at me... Long and short of it is that I was left with a recycle bin that doesn't work but whose icon shows full (permanently)...

Hope that helps...

L2MFIX find log 1.01
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\dtnetlib.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"YComp 5.0.0.0"="Yahoo! Companion"

**********************************************************************************
Files Found are not all bad files:

No matches found.
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is Local Disk
Volume Serial Number is BCB1-2535

Directory of C:\WINNT\System32

12/06/2004 11:32a <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 12,561,424,384 bytes free
 
ok, that looks fine, can you tell me whether your OS drive is formatted as either NTFS or FAT32?
 
j79zlr,

The l2mfix is supposed to fix the recycle bin on both NTFS and FAT32 so it might fix the recycle bin even if the malware has already been removed.
 
Ok, try this open up the command prompt, go to Start > Run > "cmd"

enter the following commands:

attrib -r -s -h %systemdrive%\Recycler\desktop.ini
del %systemdrive%\Recycler\desktop.ini


Reboot, and hopefully your recycle bin should be working now.
 
Well bust my BCNF ‘n call me normalized! This is gooder'n grits. We got us a winner!

Thank you.

KSG :-D
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back