You might also be able to remove the folder using a program called Total Commander. It is avaulable from the following link:
http://www.ghisler.com/
Printable View
You might also be able to remove the folder using a program called Total Commander. It is avaulable from the following link:
http://www.ghisler.com/
I noticed the timestamp changed on the first screenshot and the second
posted 11/14
11/12/2003 05:03 PM
posted 11/21
11/16/2003 11:51 AM
Something is (re)creating this folder
Maybe it's time for a Hijack This log???
Download this and run next press Scan and save log.
Don't make any changes yet, post the log back here.
Logfile of HijackThis v1.97.7
Scan saved at 10:31:27 AM, on 11/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\iHateSpam Outlook Express\iHateSpam Outlook Express Edition\piiserviceOE.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SETI@home\[email protected]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Aluria Software\DrSpeed\drspeed9x.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Rar$EX00.064\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [piiserviceOE] "C:\Program Files\iHateSpam Outlook Express\iHateSpam Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\[email protected] -min
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Dr.Speed.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Turbo Download! - file://C:\Program Files\Harris Digital Publishing\Turbo Surfer 3\dwtd.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...581.1111226852
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex...oadcontrol.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8681D4-CBE9-41C2-A1A4-B87DC9495AAE}: NameServer = 209.172.0.5 209.172.0.8
Anymore suggestions?
No, your log looks fine, I couldn't detect anything wrong with it.
If the timestamp changes it could be part of a program your running.
Sorry, no ideas for now.
Sorry, cant see anything too.
Im sure no one has given up here.
use partition magic and make a new partition on your harddrive, somehow copy the entire contents (except the mystery folder) of your regular partition to the newly created one (You could boot to a dos disk and do that if you have a fat file system, if not, I'm sure someone here knows another way.)
using partition magic delete the first partition, and expand the newly created partition to fill up the hard drive, then set that partition as active, reboot
I wouldn't have any idea how to copy everything over except the mystery folder. As it is I can not do anything with that folder!Quote:
Originally posted by SMS Avenger
use partition magic and make a new partition on your harddrive, somehow copy the entire contents (except the mystery folder) of your regular partition to the newly created one (You could boot to a dos disk and do that if you have a fat file system, if not, I'm sure someone here knows another way.)
using partition magic delete the first partition, and expand the newly created partition to fill up the hard drive, then set that partition as active, reboot
Bump
Try this:
Goto Start - Run - cmd
type in "attrib C:\*.* -h -s -a" and hit enter (don't type in the quotes though)
After it is done and you have the blinking cursor, close the command prompt and try deleting the mysterious folder again.
Brily's idea might work, but along with my idea to boot Win98 and do a deltree *.* (relying on the confirmation prompt to prevent accidently deleting important stuff), I think we're starting to tread on some thin ice here. We may be opening the doors to doing some serious harm, all for the sake of getting rid of this folder.
I think its time to ask bojovan how much of an issue this really is for him. If its more an annoyance than a real problem, it may be better to just live with it, rather than persue more and more drastic measures trying to get rid of it. (Always err on the side of caution, as me dear ol' Mum used to say!)
So, how 'bout it, bojovan. How much further do you want to go to get rid of this thing?
I totally agree dougj, if it isn't broke I wouldn't worry about it bojovan, but if you really want to progress further please let us know :D
Ever since my retirement I have made my computer and associated things my hobby, I find it very challenging! Yes I want to continue to try and resolve this problem. I find in to be very annoying not to be able to fix something that should be able to be fixed. I appreciate every bit off help I have got and hope to get. I feel this helps to keep me sharp and on top of things! I have protected myself with a ghost backup of my system, without it I would have been out of business long ago...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Bob>cd\
C:\>attrib C:\*.* -h -s -a
Unable to change attribute - C:\hiberfil.sys
Unable to change attribute - C:\pagefile.sys
C:\>
C:\>
C:\>
One more try.
Go to start > run regedit and scroll to this key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\MyComputer\NameSpace
Underneath there could be an unknown CLSID
Look in the right pane where they refer to. If you find one without a name or a name like "digital camera" or "synchronize", if you don't use it delete it.
But before you delete a key be sure to make an export of this key.
To do that highlight the key > file > export. Remember the path you export it to.