Directory and files there but can't delete, move or rename

[Ztruker]

The folder C:\ProgramData\Microsoft\Windows\Start Menu\Favorites\Hijack This is really there. I can open it in Windows Explorer and click on the links in it and they work.

If I try to delete, rename or move it I get an error.

From a Command Prompt, I get an error when I use the dir command:

>dir "C:\ProgramData\Microsoft\Windows\Start Menu\Favorites\Hijack This"
Volume in drive C is D370_C
Volume Serial Number is C89E-70E8

Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Favorites

File Not Found

If I do a dir of Favorites, it shows the Hijack This folder being there.

>dir "C:\ProgramData\Microsoft\Windows\Start Menu\Favorites"
Volume in drive C is D370_C
Volume Serial Number is C89E-70E8

Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Favorites

06/27/2012 09:40 PM <DIR> .
06/27/2012 09:40 PM <DIR> ..
03/25/2011 07:15 PM <DIR> Bookmarks Toolbar Folder
03/21/2011 08:09 PM <DIR> Florida
03/21/2011 08:09 PM <DIR> FPL
03/21/2011 08:09 PM <DIR> Fun Latin
03/25/2011 08:33 PM 141 Get Bookmark Add-ons.URL
07/27/2011 08:17 PM 211 Google.url
03/21/2011 08:09 PM <DIR> Hijack This
03/21/2011 08:09 PM <DIR> Hobbies and Lifestyles

Trying to delete from Windows Explorer gets this error:



Tried LockHunter and it says it's not locked but does not allow me to Delete it.

I'm stumped, any ideas?

 

[UsernameIssues]

Try Unlocker. It might be the same as LockHunter, but it seems worth a try. Just be careful to deselect the crapware that it wants to install. See this post.

 

[MilesAhead]

Try opening Explorer then look in Task Manager to make sure it's the 64 bit Explorer. If somehow you are launching 32 bit versions then you will get system folder redirection kicking in.

If Explorer is 32 bit it will have the '*' in Task Manager.

 

[lehnerus2000]

Are there any "invisible characters" in the folder name (e.g. extra spaces or weird characters at the end)?

 

[Ztruker]

explorer.exe - no * so 64 bit.
There is a trailing blank (x'20') but I've tried specifying that from various places, still no joy.
I'll give Unlocker a try as LockHunter is not doing me any good.

If nothing else, maybe I can find a program that will allow me to edit the file structure as it exists in the NTFS file system. Anyone know of one?

 

[Ztruker]

Installed Unlocker but it never shows in the right click Context Menu.

 

[MilesAhead]

Installed Unlocker but it never shows in the right click Context Menu.

Did you install the 64 bit Unlocker? There's distinct 32 and 64 bit versions since it's implemented as a DLL.

64 bit Explorer can't load 32 bit DLL shell extensions.

 

[MilesAhead]

Hmm I just tried to open ProgramData\Favorites on my 32 bit system and got an Access Denied. Maybe it's a take ownership issue? Dunno' since I only use Start Menu when forced into it.

 

[FliGi7]

Have you tried doing any of this in Safe Mode?

What was the genesis of this issue? Were you just trying to remove HiJack This one day? Or was there malware you might have contracted that warranted the install of HiJack This and now you can't remove it?

 

[Ztruker]

That was it, needed the 64 bit version. Installed it and was able to delete the folder..... Many thanks

 

[FliGi7]

But, why was this problem occurring in the first place? That's what I would want to figure out.

 

[gregrocker]

Take Ownership Shortcut?

 

[MilesAhead]

That was it, needed the 64 bit version. Installed it and was able to delete the folder..... Many thanks

Glad you got it.

 

[Ztruker]

I tried Take Ownership manually and via the context menu entry but it had no effect.

I don't know what was wrong or how it got messed up, I'm just happy it's gone. If I run across another I'll try again to figure out what the real problem is.

 

[gregrocker]

I wonder what else Unlocker does besides take ownership and delete. I want to see if it makes deleting the Windows folder easier.

 

[MilesAhead]

I wonder what else Unlocker does besides take ownership and delete. I want to see if it makes deleting the Windows folder easier.

I think one of the techniques it uses is the RunOnce registry key. When it asks if you want to mark a file for deletion that can't be deleted on the spot, it puts the delete command in RunOnce. It fires before the Windows logon. You can do stuff like deleting index.dat files using RunOnce.

 

[Ztruker]

In this case, the folder was deleted without having to reboot so there is something else Unlocker does that manually deleting or using LockHunter did not do.

 

[MilesAhead]

In this case, the folder was deleted without having to reboot so there is something else Unlocker does that manually deleting or using LockHunter did not do.

The main function is to close handles held by other processes. That's what gives the "file is in use by another process" error. Explorer is especially notorious for not letting go of files even though it is done using them.

 

[FliGi7]

I wonder what else Unlocker does besides take ownership and delete. I want to see if it makes deleting the Windows folder easier.

I think one of the techniques it uses is the RunOnce registry key. When it asks if you want to mark a file for deletion that can't be deleted on the spot, it puts the delete command in RunOnce. It fires before the Windows logon. You can do stuff like deleting index.dat files using RunOnce.

RunOnce programs don't run until user logon.

My guess is that the file unlocker programs run as SYSTEM to close file handles, which makes it more effective at getting rid of the locks.

 

[MilesAhead]

I wonder what else Unlocker does besides take ownership and delete. I want to see if it makes deleting the Windows folder easier.

I think one of the techniques it uses is the RunOnce registry key. When it asks if you want to mark a file for deletion that can't be deleted on the spot, it puts the delete command in RunOnce. It fires before the Windows logon. You can do stuff like deleting index.dat files using RunOnce.

RunOnce programs don't run until user logon.

My guess is that the file unlocker programs run as SYSTEM to close file handles, which makes it more effective at getting rid of the locks.

I think you are mistaken. Here's the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

I use a program started by that key to delete index.dat files. If they were locked as they would be after login, it would not work. Also I get a long pause before I get the desktop. Another indication it's running before login.

I think we're getting tangled up with 2 different scenarios. One is if it deletes the file immediately. The other is marking it for deletion on next boot. The on next boot scenario is where is uses RunOnce.

Anyway, this is all speculation. If you want to know run Unlocker under a monitor or debugger.