1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Invisible Directory on my computer

Discussion in 'Virus & Other Malware Removal' started by IanMarcias, Jul 6, 2005.

Thread Status:
Not open for further replies.
  1. IanMarcias

    IanMarcias Thread Starter

    Jul 6, 2005
    This is the most weird, interesting and annoying problem that has been happening to my computer. I don't even know if this is considered a virus, trojan, worm, spyware,... I have no clue what to classify this problem but hopefully someone in this forum can help me.

    I purchased my computer about 3-4 years ago. I'm currently a web developer and graphic designer so my computer is my career at the moment. I own a Dell Dimension 4400 with Windows XP Home Edition just in case you needed to know what type of computer I own and the OS that's running on it. I bought it with 20GBs in the hard drive. I figure that would be enough for my business. I bought all the programs that I needed and those programs took up collectively about 8GB of my hard drive space. As a few years pass I get the little alert pop telling me that I'm low in disk space. I look at the File space and I had under 200MBs left of hard drive space. This was a complete shock to me because all of the files for the websites that I built took up an average of 50 - 150MB. A lot of the print work took up way more and I also got into video editing and 3D modeling and animation which also took up some space so I just took it that all of my work files are taking up too much space. I bought an external drive and stored all of the files in my portfolio on this external hard drive but it seemed that all it free was about 6GB worth of space.

    Now I'm storing everything on this external drive. I'm starting to notice that it takes about 5 minutes to boot up my computer when usually it took about 30 seconds. As the months went by my hard drive space dropped to under 200MB again. Now I'm really confused. I went on a forum and I began to ask a lot of question. Someone told me to download a program called JDiskReport that gives you a full diagnostic of all the files that are on your computer. They show you piecharts and things of that nature that will show which directory and files are taking up a lot of space. I noticed that a lot of the space was being taken up by my Outlook and Internet Explorer; especially the Internet Explorer. There's a temporary cache folder that stored every single image, video, flash file... basically all of the files from every single website that I have visited since I owned my computer. Supposedly there was a bug in Internet Explorer. The folder is suppose to automatically delete old files and only keep that folder to a certain size but the folder wasn't doing it's job. I downloaded a patch that fixed this problem on the Microsoft website. Now I have only 2GB of free space left. All of my programs are running smooth as it did before but I was still a little skeptical that I'm so low on hard drive space.

    A few months later, again, I'm down to under 200MBs of hard drive space. I run another scan with the program JDiskReport. It tells me that all of the files on my computer takes up 8GBs. I have no clue what's taking up the other 12GBs.

    An interesting thing that I noticed was that I have a program that actually allows me to look through directories on my computer. It's like a more advance file browser and I noticed that I had a folder here C:Uploads/. The wierd thing about this directory is that when I try to go there manually It doesn't exist. I thought it was strange that this file browser tells me that this directory exists but yet I can't go there manual. I even changed my view options to show all hidden files and folders and this folder still didn't show up. I went back to that file browser program and I was able to open the directory from there and even when I click on the UP button in that folder it goes to my C: directory and yet I can't see an Uploads folder in the C: directory. Inside of this Uploads folder was a ton of zip files. Zip files all containing the set up files for applications. I checked the same folder again about an hour later and about 2000 more zip files for programs were in this folder. I deleted everything in this folder and it free about 3GBs. This made me come to the conclusion that I may have a ton of other folders like this with a bunch of files that is taking up the 12GBs of my hard drive space and keep getting added to my computer.

    Is there a way to find these folders manually and stop this from continuing. Some how, whomever did this to my computer, manage to to it in a way where you can't find the folder manually but the folder actually exists. Not even JDiskReport scanned these folders or if I run a search for a name of one of the zip files in this folder nothing comes up in the results. I have firewalls, virus scan software but I'm not even sure if these would even help.

    Please help... someone.
  2. Sponsor

  3. callisto9


    Jul 8, 2005
    i have the same problem. here are my specs: emachines M2105 laptop with 40GB hard drive space, 512MB memory. about 1 year old.

    i also notice that i am low on hard drive space (C shows about 12GB out of 37GB available). says i am using something like 24GB. there's no way i have my laptop loaded with that much stuff!!!

    i had noticed my computer was booting up slow, so i ran microsoft antispyware. didn't really find anything. then i run adaware SE professional (deep scan) and it takes FOREVER. now, i am kinda watching the scan and i notice it's taking forever to go through this "c:\uploads" folder. i've never even heard of that folder before. i see that adaware is scanning TONS of things in it. things i have NO IDEA about. so, i set off to find this "uploads" folder and check it out.

    except i can't find it. i though it was a hidden folder, so i allow windows explorer to view hidden folder. still can't find it. i do a search on all files and folders for "uploads", including hidden and system folders and STILL can't find it.

    my adaware completes and i've got some malware, some corrupted registry keys, etc. i quarantine and then delete them. i go and check my C drive and sure enough, i only have 12GB free space.

    so, what is this uploads folder and how do i clear it? this is a HUGE problem for me! if anyone knows anything, PLEASE help!

    Attached Files:

  4. callisto9


    Jul 8, 2005
    ok, so i go to windows explorer and i type in "c:\uploads" and sure enough, i see the folder. i deleted everything in it (about 3GB) and it freed up some space. i will be checking it to make sure it doesn't come back.

    ian, can you post the link to the patch for IE you found? i use firefox, but i am sure it would be useful to have this fix.

    i am not sure if this is a solution, so any additional information on this issue would be helpful.

    i also found this link that contains some (very little) information:
    looks like this somehow comes from limewire, which would explain how i got it.

    doesn't offer any help though!

    ok, i keep finding more information. here's an article from trend micro about the worm that creates this folder:

    wow, looks like we have a solution! i am going to read up on this and then hopefully get it taken care of. good luck to all!
  5. IanMarcias

    IanMarcias Thread Starter

    Jul 6, 2005
    Well the patch really just fixed the caching problem that IE6 had. I believe if you have service pack 2 then it's fixed. I got it at http://windowsupdate.microsoft.com. I made sure get all the critical updates.

    I did the same... located the C:\Uploads folder using my browser and deleted all of the files in that folder but they keep coming back up the next time I check. I changed the name of the folder, the folder is still invisible but I notice that no more files gets loaded in the folder anymore. I'm not going to get my hopes up though because I may check tomorrow and a new set of 2000 files maybe added. I know there has to be more files like this on my hard drive. I just wish i knew how to find them. I even tried to see if I can turn on the option for it not to share but that option can't be checked. This little bug is a sneaky one.

    And just in case if I need to do this... here's my most recent HiJackThis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:44:53 AM, on 7/6/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
    C:\Documents and Settings\Trevino Jarrett\Desktop\temporary dnld folder\Bazooka Spyware Scanner\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Trevino Jarrett\Application Data\Mozilla\Profiles\default\9chcdve2.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trevino Jarrett\Application Data\Mozilla\Profiles\default\9chcdve2.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
    O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: -> TimelyWeb - C:\Documents and Settings\Trevino Jarrett\Desktop\temporary dnld folder\timelyweb\IEPopupExtension.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: TimelyWeb (HKCU)
    O9 - Extra button: Flash2X Flash Hunter (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter (HKCU)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ad...tmosphere/DARKcity.aer&title=D A R K C I T Y
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned40.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37612.0420486111
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
  6. IanMarcias

    IanMarcias Thread Starter

    Jul 6, 2005
    Now my My Computer Icon is not on my desktop anymore.... PLEASE!... someone help me with this.
  7. callisto9


    Jul 8, 2005
    were you able to rid your computer of the worm mentioned above? i had to run adaware, microsoft anti-spyware, hijack this and killbox, but i am finally rid of the worm and am not having the c:\uploads folder problem anymore.

    as for the missing my computer icon, that i don't know about. should be easy to get that icon back on your desktop though. are you still able to access my computer? good luck.
  8. csiol


    Nov 25, 2005
    Use RegRun at http://www.greatis.com/security/ to see what is being loaded when winlogon.exe starts. Go to security, antivirus, and view Winlogon Notification extras. delete any with no file information. Check all the other things regrun finds too.
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/378431