What is C:\\filename

My grandson has visited **** sites. I have installed noadware and in the scan what appears to be a number of **** files, possible trojans appear as C:\\filename. What is C:\\ I can't locate it. Thank you

 

oldbear--Cannot answer your question, but I agree that the chances are high that your grandson has spyware, etc., on that PC. Suggest the following procedures.
http://www.windowsbbs.com/showthread.php?t=37074
When the scans have permitted deletion as needed of the spyware executables, then he probably can just delete those files. (I assume he has looked in ControlPanel|Add/Remove for any opportunity to remove suspicious programs.)

 

WELSHJIM: Tried the scan and it came up no problems. Also DL some of the programs referenced and again no problems.
PETEC: The site for ewido shows for WinXP doesn't mention 98SE

The computer is mine. The noadware shows a number of files that are definitely **** in C:\\ is it possible to have hidden directories or partitions that windows explorer won't show when everything is checked including hidden files?

My Thanks for the help.

 

Thank You. I don't think noadware is showing false files.There are too many and they are all in C:\\ which must be a hidden folder?? The files are mostly xx.PIF or xx.SCR with a few xx.exe for good measure.
Please move this if you think it may help and thank you for your help while on this forum.

 

This is the HJ log
Logfile of HijackThis v1.98.2
Scan saved at 5:33:10 PM, on 7/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ACROREAD\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\Program Files\NeoTracePro\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

Let me know what to get rid of.

 

Your HijackThis log is clean, nothing to delete.
Noadware is giving you false positives, in order to get you to pay for it, a rip off, scam, a con, selling you the Brooklyn bridge, take your choice.
C:\ is not a hidden folder, as it isn't a folder. It is called the ROOT of the drive, as it is where everything begins, or where all the folders are ultimately connected to.
How to find it.
Open Windows Explorer, click on the icon that looks like a hard drive, it will have C: next to it. You will see files named like this, not all will be there.
Config
Autoexec
Dblspace
Drvspace
Command
Detlog
Bootlog
Msdos
Io
These legit files are all located at C:\.

 

Thank you for yor help. I knew C:\was the root. The problem was the software was showing not C:\ but C:\\. I thought the double slash might be a hidden directory in the root section. In any case I won't worry about it any more.
Again my thanks

 

oldbear--If you have not already, I would think you can put those C:\\files into the Recycle Bin. Wait a week before deleting just to see if there is any effect on the operation of the PC. If not, Delete them. (as mentioned in my post #2 above, I assume you have looked into Control Panel|Add/Remove to see whether the C:\\ files appear there. Always better to uninstall rather than delete if you can.)
Concerning your HJT log, is your Homepage a blank window with only the various IE toolbars, etc.?

 

From what I see I think that the C:\\ files may be a "scam" to make the user worry enough to purchase the product (Noadware)...along the lines of what Markp62 was saying.

Welshjim, I don't think those files even exist!

I suggest doing a Find for the .pif, .scr and .exe files. If Find cannot see them, neither can Windows.

Matt

 

WELSHJIM: My home page is a blank page. The subject directory?? C:\\ can not be found. There are no programs in add/delete that are not supposed to be there.

MATTMAN: I have tried a search for the .pif etc, as well as trying to find link.exe and zodiac.exe that are showing up in the scan by the software. Win Explorer can not find the files nor any **** related files. I have tried a cold boot to dos, not through windows and did a c:\dir /w/p and the subject C:\\ did not appear. Tried a CD C:\\ and CD \\ with the same result. If Win and DOS can not identify the files or directory then I am sure it is a hoax to sell software.

I made the mistake of purchasing on 26 July the software before your warnings and have asked for a rebate. So far I get a run around ie. reinstall, delete temps, do a diagnostic with their software (looks like a small hijack this log) etc. I will let you know if I get a rebate but am going to uninstall the software.

 

If they are resistant / refuse, please advise them the matter will be turned over to the Better Business Bureau. If you used a credit card, contact the card issuer concerning this problem. If they determine the sale was misrepresented, they will work with you in acquiring a credit / return.

 

oldbear--If you still have the C:\\files, you can put them in the Recycle Bin and hopefully eventually delete.

 

WELSHJIM: The problem is "Only the program Noadware shows them ". They can not be found by any other software so they can not be moved or deleted. I do not think they really exist on my machine but are part of the Noadware software and are a fictious group of files.
Thank you for your help. BTW I am your neighbor up the road in Colorado.

 

oldbear--Now I finally understand. Noadware "finds" them but never tells you where.
CO is a lovely state, but too cold in the winter for me!!