He's running VISTA and I've also been unable to unhide/find the containing folder (bf9545f) under the path C:\ProgramData\bf9545f\ so the file can be deleted if necessary.
OK, got the file transported to my machine and submitted to Eset
Scanned disks, folders and files: O:\WIbf95.exe
O:\WIbf95.exe - a variant of Win32/Kryptik.AHF trojan
OK, I also found vd952342.bd created at the same time as the WIbf95.exe. This leads me to believe this could be another variant of VirusSweeper found by searching vd952342.bd on this site. Hope that helps someone. Still waiting any input...
Edited by ximbroglio, 02 September 2009 - 05:14 PM.