hey guys for some reason i have this folder in my desktop that keeps coming back after i completely delete it from the recycle bin even, what would be causing this? thanks

What is the folder??

Chances are good that it is a malware problem... Have you run any scans?? If you haven't, that would be a good first step... Then post a HijackThis log:

To run HJT, extract it to a permanent folder such as one
you create like C:\HJT. Close all open windows and
browsers and make sure that all programs are enabled if
you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open
your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items
are either benign or essential to the computer.

http://www.subratam.org/?page=removal

the folder is called two note, i also cant delete a file called fileib. Here is the logfile.





Logfile of HijackThis v1.99.1
Scan saved at 1:11:20 AM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111919208562
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Your log looks clean and the "two note" is too broad a term to find in a search... The file: fileib - seems to be associated with AOL... It is quite possible that the folder is too and that both are recreated each time you use AOL or AIM...

You could try running an MWavScan if you want to make sure... It will produce a log in the lower right hand corner and you will need to use Ctrl-C to copy the bottom part of it that has the bad items and then paste it here for review....

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

sorry the log is too big for me to paste, maybe im pasting the wrong thing am i suppose to hit the view log button and then copy all the note pad info to you?

It will produce a log in the lower right hand corner and you will need to use Ctrl-C to copy the bottom part of it that has the bad items and then paste it here for review....Just the bottom part that has the bad items, not the whole log... If it is still too long, break it up across several posts... Also, if it is filled with files in a Temp folder, download and run CCleaner to clean out Temp folders, then run MWavScan again before posting the bad part....

http://www.ccleaner.com/

here it is, and btw my comp is also getting a windows error when it starts up, something to do with my sys32 folder, ill check it out again and let you know .


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111919208562
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

You posted a shortened version of your HJT log which still looks clean... The MWavScan would probably be more helpful if there is any malware there...

just ran mwav and it says no viruses were found, so what do you think could be another possibility of this folder reappearance

I am sorry, but I can't help you with that unless you have more specific information about the folder...

There is another scan you can run to see if it could be a rootkit... Try this one if you would like:

http://www.f-secure.com/blacklight/

just ran it and it found nothing, so this problem hasnt come to the board before? Youve been helpful ty, is there anything else to try?

The file in the folder, what is the date and who is the owner?

If you can actually find the file and/or folder, give us as much info as possible about it and we may be able to figure it out... If you find the file, Right click and select Properties... Write down all the info there and post it here...

type : file folder
location: C:\Documents and Settings\Brent Jason\Desktop
size: 0bytes
size on disk: 0 bytes
contains: 0 files, 0folders
created wednesday june 01, 2005 5:51:18 pm
attributes: read only (would this be a possibility?)

am i out of luck bud?

I don't see any info there to help identify what this file might be... Please post the full name of the file, the full path and any info from Properties about what company posted it there... Usually Properties has more info than you posted... And yes, the Read Only could be part of the problem, but I suspect it is a file that is recreated each time you delete it, so we need to find out what program is creating it...

sure thing, how exaclty do i give you all the information i can about this folder?

Write out the path you followed to find the file... Write down every detail in the Properties (make sure you look at all tabs) and then post everything here...

This is an example of a file path:

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

If it keeps reappearing on your desktop, the filepath should be:

C:\Windows\DeskTop

Try deleting it from there. Reboot. If it reappears, it's malware most likely.

Do you have broadband?

If you do, boot the system.

Delete the file and folder.

Empty the re-cycle bin.

Unplug the ethernet cable

Re-start the system.

Does the folder re-appear?

If not, it means the folder appears when you boot up because some program is going out on the net to activate it. Check your firewall and try to track it down there.

C:\Documents and Settings\Brent Jason\Desktop\two note is the file path of the folder. I tried deleting and then disconnecting the ethernet. On start up the file didnt not re appear so maybe it is an internet app causing the file to re appear, any more suggestions?

1) Go into your firewall settings and remove all programs from internet access. That should make it ask permission for each file that wants to access the net.

2) Shut the system down

3) Plug in the ethernet cable

4) Please watch one at a time and note what is trying to access the web. Say NO to everything right now and keep track of the programs that attempt internet access.

5) Post back with a list.

I tried blocking all programs with my firewall and restarting but it didnt ask me that something was attempting to access the internet when i restarted my comp. But here are the programs under windows firewall that were "exceptions" to allow, DC++ (File sharing prog.) Aol instant messenger, half life launcher, MIrc, Steam, Upnp Framework. Not sure what to do next but thanks for your help so far

Please note what firewall you have?

If you blocked everything why are there execeptions?

Does the file appear now?

Do you have a list of blocked apps?

DC++ (File sharing prog.) This is the most likely culprit since "file sharing" programs are often infested and bring other infestations with them... However, a couple of the other things you list could also be the source... DC++ is on the list of "Clean" P2P programs, but it could still be the source... Try looking in Help for that and the other programs to see if it says anything about this file...

which help do i use to search for this file inside of dc ++ mr. budfred?

Sorry I wasn't clear about that... You would open the program itself and try the Help index for the program... So in DC++, you would open it and check for reference to the file in its Help Index....

k im kinda confuse on how to look in the help for this file budfred, where do i look? And I have norton internet security and windows as my firewall, how can i
block programs with the windows firewall cause i dunno how to do it in norton.

BTW i deleted the file and emptied the recycle bin and the folder was gone for about 2 days while connected to the internet, so i have no clue what is going on here

Most programs have a Help option that you can access by pressing F1 or from the menu at the top of the window... Once you open the Help window, you would go to Index and Search for "two note" without the quotes... If this is a legit file for the program, there will probably be some kind of explanation... You could also send an email to the people that distribute the program asking if that is one of the files it generates... Since you delete it and it returns, I am guessing that it is generated by some program you are running and the DC++ is probably the most likely to generate it...

I don't think Norton will block specific files or programs if it doesn't identify them as bad... A firewall will block access into or out of your computer, but if the file is generated by a program installed on your computer, it won't stop it at all...

Also, I wouldn't rely on the Windows firewall... I believe it still lacks the ability to block outgoing messages which means a trojan installed on your system would not be blocked at all... I suggest getting the free version of Kerio, Sygate or ZoneAlarm... After you install one of them, you would need to disable the Windows firewall... When newly installed the firewall will ask you if you want to give permission to various programs to access the internet or your computer... If you are not sure, click NO and see what happens... If nothing happens, you can tell it to remember that setting the next time it comes up and it won't ask you again... Do not tell it to remember until you see what happens when you say NO... Obviously, you will need to allow your browser and email client to access the web...

new info guys, ive been deleting this folder to lately when i start my comp, and it doesnt reappear right when i start the comp the next time around. Im guessing maybe a certain program is bring two note back and its not on start up, btw budfred i checked dc ++ and there was not two note reference

what would be the next step all mighty computer helpers

actually better yet, since we cant seem to find the problem maybe we can try another run through on the first steps to make sure i didnt do anything wrong. I just downloaded Kerio personal firewall (think thats the right one) and im wondering where i go to set it up the way you guys want me to and what setting to make. After that what would be the next step, one by one allow each program until i see two note appear? Im wondering if this is even an internet program making this file reappear

I would just set Kerio up in the simple mode and it will ask you before approving access for most programs... I still suspect that this is a file created by a legit program on your system, so I doubt it will find it, but you can try...

Another option you can do is to submit the file for analysis:

Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results here.

i deleted the folder so ill have to wait for it to reappear then ill post the results

oh i was just looking in kerio, i dont find anywhere that says "simple mode" could you please elaborate on where i go to find this option

The last time I installed Kerio, it was an option offered on install, but I am not sure if it said "simple" or some other word... The advanced mode is fine, it just takes a bit more tweaking...

I read this through all of the way, and although it's just a hunch I would say you should go back to the Windows Firewall for a second if you haven't seemed to find the source of the problem with Kerio yet. You said in your post that you had blocked all of the programs listed on the firewall, and that you had a few exceptions. Did you just go through the firewall's list of programs and block them all out? If so what you need to do is completely remove them so that windows doesnt know what to do the next time any programs acess the internet. When this happens it will ask you what you want to do with the program (block, filter, unblock). When this comes up the files it brings up in question are what you want to write down.

Also, I don't think this would help all that much but would it make sense to look for any odd processes after he deleted the file?

If the file is being generated by a program that is installed on the computer (which I think is highly likely), it won't make any difference what you do with the firewall...