You MUST put the following into The Avenger, above the files;
Files to delete:

When you get to safe mode, try going to C:\Documents and Settings\username\Desktop and it should be there.

Okay, I found the SDFix in safemode following your guidance. When I got the prompt that says "Type Y to start, A to make a log, and N to exit," I typed "y," and when I hit enter, the program shuts down. Or at least I'm assuming it shuts down because it completely disappears. I'm not sure what I'm doing wrong.

Below is the Avenger log from when I tried to have those two mysterious files removed from my desktop. In Avenger I typed in "Delete these files," or however you said it on the other page, and then ran it. It basically says it can't find them.

Logfile of The Avenger Version 2.0, (c) by Swandog46

Platform: Windows XP


Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger


Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Documents and Settings\Charlie Kierscht\Desktop\CAGHQ7GL:Zone.Identifier" not found!
Deletion of file "C:\Documents and Settings\Charlie Kierscht\Desktop\CAGHQ7GL:Zone.Identifier" failed!
--> the object does not exist

Error: file "C:\Documents and Settings\Charlie Kierscht\Desktop\CATOMXHN:Zone.Identifier" not found!
Deletion of file "C:\Documents and Settings\Charlie Kierscht\Desktop\CATOMXHN:Zone.Identifier" failed!
--> the object does not exist

Completed script processing.


Finished! Terminate.

What happened the first time you ran SDfix? It must have run ok as you posted the log from it.
Can you list the problems you are still having.

I'm not sure why SDFix gave me trouble the second time.

Everything seems to be running fine now. The only things still going on are those two files that I can't get rid of from my desktop, and that SPRTCMD.EXE I get on start-up.

Do you think I'm in the clear now?

Maybe I spoke too soon. Windows Live OneCare just found and removed a trojan downloader, but, I suppose that's just part of being on the Internet.

What is SPRTCMD.EXE doing?

Do you have hidden files/folders set to show? If so, set it back to normal and see if those files go from your desktop.

Otherwise, tell me the full and complete filepath to them and we will try to clean them up.

The location for those mysterious files are as follows:

C:\Documents and Settings\Charlie Kierscht\Desktop

The names are: CAT0MXHN. and CAGHQ7GL.

I'm not sure if the hidden files option is on or not.

Concerning the other recurring issue, this is what happens. Upon start-up, the computer will load, and when it's all done, I get a message that comes up on the screen and it says:

SPRTCMD.EXE Unable to Locate Component (this is in the blue part of the box) This application has failed to start because LIBEAY32.dll was not found. Re-installing the application may fix this problem.

If I click "ok," it disappears, then shows up a second time, and when I click "ok" again, it goes away. I haven't the slightest idea what effect this is having on my computer if anything, and even less of an idea what application it's talking about.

SPRTCMD.EXE is something to do with the Dell support service. See if you can find it in msconfig and disable the startup.

You need to take a look in Folder Options to see if hidden files are set to visible.

Okay, removing the SPRTCMD from the msconfig start-up screen did the trick.

As far as the folder options, I can't find that. I looked on google and from what I could determine it should be under the tools section of IE, but it's not there.

What should I do?

No, it's not in IE. Look in the control panel. It should be there, otherwise open any windows folder and on the TOOLS Tab, there should be an option to enter the folder options from there.

That would explain why I couldn't find it!

So, I checked where you said, and it's set to not show hidden files/folders.

Hello. I wasn't sure if there was anything else I was supposed to do with those files that I can't remove from the desktop. I wasn't sure if they were related to any of the viruses or not.

And I wanted to take the opportunity to thank you for your help. I cannot possibly tell you how much I appreciate everything you did! I was frantic there, and you totally walked me through every step and got my computer back to normal. So thank you very, very much!

Is there somewhere I can leave a good rating for you, or do I mark it as case closed or what can I do?

Thanks again!

My apologies. I totally missed your previous post.
Can you go into the desktop folder and delete those files? If not, post back the full path including the file name.

No worries at all. I know it takes me a while to respond sometimes too.

I tried to delete those mysterious files from the desktop folder, but I still get the error that they cannot be moved. I tried scanning them with a virus program, and they appear to be fine, and the file size is 0K. But it's strange that I cannot get rid of them.

Here are the path names:

C:\Documents and Settings\Charlie Kierscht\Desktop\CAGHQ7GL
C:\Documents and Settings\Charlie Kierscht\Desktop\CATOMXHN


If you right click on those files and select Properties, are you able to hide them by selecting the 'Hidden' box and applying the setting?

No, that doesn't do anything.

I also notice that I cannot get rid of "Wild Tangent." I did some research and found out that it's related to some sort of gaming software. And if I remember right, I got a free game from the McDonald's Monopoly game several years ago, and even though I got rid of the game, the Wild Tangent portion remains. Is it something I should get rid of, or is it no big deal?

If you want, we can try deleting those two files and see how things go afterwards?
Wild Tangent is no biggy, but I usually get rid of it.

What should I do to delete the Wild Tangent? I saw something about Hijack This, but I didn't want to go messing with anything without the go ahead from you. It also sounds like Wild Tangent is in use by other things, so I wasn't sure what effect that would have on anything.

I cannot see wild tangent in the hijackthis log. It must be in your uninstall list.

What about the two desktop files? You want to try something that will maybe delete them?

Sure, I'd like to have to stop looking at them! The Wild Tangent comes up whenever I run SpybotSD. It keeps coming up as spyware, but if it's nothing to worry about, then I guess I won't worry about it.

SPRTCMD.EXE is something to do with the Dell support service. See if you can find it in msconfig and disable the startup.

You need to take a look in Folder Options to see if hidden files are set to visible.

I found the SPRTCMD.EXE as part of my ConcastDesktopSupport start-up. I had no Dell support service startups.

And, do I understand correctly that "hidden files" should be set to "visible"?


Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.