[.ShellClassInfo] [email protected]%SystemRoot%\system32\shell32.dll,-2197
Followed both versions of suggested resolutions for deleting the Desktop.ini file, and got nowhere. The Desktop.ini file containing -2197 did show up in a few of the files, AND on the start menu---and so I killed them (or so I thought). But the document still pops up every time I log in to the Restricted account, but *NOT* the admin account.
The weird part here is, I went through three tries at removal and then decided to just remove the Restricted account altogether, through the Control Panel. That part went fine. Then I created a new Restricted account (same name as before)---and it came back with every single one of my original settings for that original account. (That part seriously spooked me: I thought gone was gone.)
Any ideas here? Am I dealing with a rootkit down beneath the OS? If so, will I need a special tool for TRULY wiping the drive, for a totally fresh install? Or---can this be solved with less drastic means than a reinstall? I do have a copy of Rootkit Revealer but discovered it makes even less sense to me than a HijackThis log.