1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

corrupt/orphaned files

Discussion in 'Windows Vista' started by oranges, Apr 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    My laptop has suddenly gone from 80% free to 0% free disk space, after I removed a virus. I have used chkdsk which tries to delete index entries and recover orphaned files: faultrep.dll and mpnotify.exe. I have run chkdsk several times in normal and safe modes but still have the same problem.
    I have run Malwarebytes Anti-Malware and Spybot Search and Destroy and they have removed the infection.
    Any help would be much appreciated. Thanks.
     

    Attached Files:

  2. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,815
    Let us have some Pc Spec - hard drive size - install ram etc.
    I think that faultrep.dll belong to an Xp system and mpnotify.exe belongs to Win 2000 I may be wrong.

    Posted Hijack this log - easier for all to see.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:28:57, on 01/04/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18444)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quidsinuk.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: IntelĀ® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: IntelĀ® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\wltrysvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6993 bytes
     
  3. aka Brett

    aka Brett Banned

    Joined:
    Nov 25, 2008
    Messages:
    16,918
    go to start menu
    Type in cmd
    mouse up to cmd in your list
    right click it and select run as admin

    paste the following line in the cmd window and press enter

    vssadmin list shadowstorage

    paste the results here
     
  4. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    Acer Aspire 5710 Intel core 2 duo CPU
    T5500 @ 1.66Ghz, 667Mhz FSB, 2MB L2 cache
    80GB HDD 1GB RAM

    used shadow copy storage space: 4.421 GB
    allocated shadow copy storage space: 4.638 GB
    maximum shadow copy storage space: 4.822 GB

    Thanks
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    Start HijackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click the "Save List" button.

    Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    --------------------------------------------------------------
     
  6. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    Acer Arcade Deluxe
    Acer Crystal Eye webcam
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Acer Tour
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1
    ALPS Touch Pad Driver
    Big Kahuna Reef 2
    Broadcom Gigabit Integrated Controller
    BT Voyager 1055
    BT Voyager Wireless Utility
    CCleaner
    Dynasty
    Eusing Free Registry Cleaner
    Galapago
    Google Toolbar for Internet Explorer
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Java(TM) 6 Update 3
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Luxor 2
    Malwarebytes' Anti-Malware
    Messenger Plus! Live
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files - Prime Suspects
    Mystery Case Files Ravenhearst
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    PowerProducer
    Realtek High Definition Audio Driver
    Sandlot Games Client Services
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    SpeedTouch USB Software
    Spelling Dictionaries Support For Adobe Reader 9
    Star Defender 3
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    Treasures of the Deep
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Yahoo! Toolbar
    Zuma Deluxe
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    I don't see Spybot - Search & Destroy in your list of installed programs, but I do see Malwarebytes Anti-Malware (y) and SUPERAntiSpyware (y) both installed.

    If you've run scans with them both and have removed everything they found, I'd like to see the scan logs.

    -----------------------------------------------------------------

    Adobe Reader 9.1 needs to be updated to 9.3.

    Java(TM) 6 Update 3 needs to be updated to 6 Update 19.

    Uninstall these programs because they're not needed:

    Acrobat.com

    Eusing Free Registry Cleaner

    LiveUpdate 3.2 (Symantec Corporation)

    LiveUpdate Notice (Symantec Corporation)

    Microsoft Antimalware

    System Requirements Lab

    Windows Live OneCare safety scanner


    -----------------------------------------------------------------
     
  8. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    I've been unable to remove these 3 which are not listed in control panel/programs/uninstall:Acrobat.com, Microsoft Antimalware, Windows Live OneCare safety scanner.
    I uninstalled Spybot - Search & Destroy because I think the Teatimer part of it was slowing start-up. I don't have the logs but the following info is still listed in Microsoft Security Essentials:
    Trojan:Win32/FakeRean Removed
    Trojan:Win32/Namsys Removed
    Trojan:Win32/Hiloti.gen!D Removed
    PWS:Win32/Daurso.A Removed
     
  9. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    Using the Windows Installer cleanup utility, I have now removed those 3 programs that I couldn't earlier.
    Still need help with the original problem. Thanks.
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    Go into these 2 temp folders:

    C:\WINDOWS\Temp

    C:\Users\(Username)\AppData\Local\Temp

    and then delete everything from inside those temp folders. It's all junk and is a good place for a "nasty" to hide. If a few files resist deletion, leave them alone and delete everything else. Empty the Recycle Bin, then restart your computer.

    ---------------------------------------------------------------

    I would suggest running the update feature of Malwarebytes Anti-Malware and SUPERAntiSpyware to get them up-to-date, then run a quick scan with each one, then select and remove everything they find, then submit their new scan logs here.

    ---------------------------------------------------------------
     
  11. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 04/02/2010 at 10:45 PM
    Application Version : 4.35.1002
    Core Rules Database Version : 4763
    Trace Rules Database Version: 2575
    Scan type : Complete Scan
    Total Scan Time : 00:55:44
    Memory items scanned : 573
    Memory threats detected : 0
    Registry items scanned : 7006
    Registry threats detected : 0
    File items scanned : 30595
    File threats detected : 3
    Adware.Tracking Cookie
    C:\Users\TAHAR1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\TAHAR1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\TAHAR1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

    ------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org
    Database version: 3947
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000
    03/04/2010 00:32:39
    mbam-log-2010-04-03 (00-32-39).txt
    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 235578
    Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    Both scan logs look good. (y)

    Did you empty out the 2 temp folders?

    ---------------------------------------------------------------
     
  13. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    Hi flavallee, yes I've emptied out the 2 temp folders
     
  14. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    And hopefully emptied the Recycle Bin afterwards.

    ----------------------------------------------------------------

    You've got several space-hungry programs installed. Unless you actually use them all, you should uninstall the ones that you don't.

    ----------------------------------------------------------------
     
  15. oranges

    oranges Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    8
    Yes I emptied the recycle bin too. Apart from the 7 programs you mentioned earlier and which I've now removed, which ones are the 'space-hungry ones'? My disk space was always about 80% free even with all these programs, until after the infection. After googling the problem, I've read this is a problem for other people after an infection, but can't find a solution.
    Also regarding the two files, faultrep.dll and mpnotify.exe, is it not possible to manually do what chkdsk has been unable to do?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914075

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice