Invisible file

[marco]

I installed Zone Alarm Firewall that detects program u78njcr.exe that says is located in C:\downloaded Program files\9b6e\. When I do a search, nothing is found. Can anyone Help?

[Melodi]

When you are searching are you setting the search assistant (do you have xp) to look in hidden files and folders and subfolders? Also you can open windows explorer, click on the C drive, double click 'downloaded program files' double click 9b6e delete it's contents then delete the folder

[marco]

I am running XP. I did look in hidden files, folders and subfolders but found nothing. Also, in the Downloaded Program Files directory there are no subfolders. I am curious to know what this program does.

[Melodi]

You probably don't want to know . Can you post an hjt log? Here is the last version http://www.majorgeeks.com/downloadget.php?id=3155&file=9&evp=3304750663b5529 82a8baee6434cfc13

[marco]

Your link was not available at the moment. Lately I downloaded ver 1.98.

Logfile of HijackThis v1.98.0
Scan saved at 7.56.04, on 10/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar\01.01.1629.0\it\msntb.dll
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programmi\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\MDT6\AcDcToday.ocx
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\MDT6\InstFred.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\MDT6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{467A3E66-D211-4613-8E71-414949D60781}: NameServer = 212.245.255.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{467A3E66-D211-4613-8E71-414949D60781}: NameServer = 212.245.255.2
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\PROGRA~1\FILECO~1\MICROS~1\REFERE~1\msref.dll

Marco

[marco]

dear Melodi,

can you help me with this file?

Marco

[marco]

This annoying file is blocked by my firewall everytime that I log on. What can I do? Help!

[AnnMarie]

Hi Marco - how many Downloaded Program Files folders do you have? C:\Downloaded Program Files is not the default location for XP. Do you also have that folder in C:\Windows?

[Melodi]

Sorry Marco:
I check my 'subscriptions' everyday and I see you posted that on the 12th and some how I missed it. Maybe I have too many subscriptions? Thank you AnnMarie

[marco]

Unfortunately I have this problem on my home PC and I will be away until thursday. Melodi, thank you for replying. Marco

[Melodi]

Marco:
I have sent you an email, so when you get a chance check your email Thank you

[marco]

I have added your email to my contact list. Tommorrow we can try with MSM Messenger at about 21:00 (GTM+2)

Marco

[Melodi]

Ok, sounds good I'm on Central Time and on Thursdays I work until 18:00, I have to do it from home as our ports for msn messenger are blocked at work.

[AnnMarie]

Do you still require help with your problem from Cyber Tech Help Marco? If not, I'll close this thread.

Melodi, while it's your prerogative to offer private assistance to whoever you wish to, that is not what this board is about. We all volunteer our time here, not only to help with a specific problem but to provide answers for others in need of help with the same problem. Using IM defeats our purpose and also offers no safeguard to the member concerned should they receive bad advice. Please think about this.

[Melodi]

Thank you AnnMarie