corrupt/orphaned files

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
My laptop has suddenly gone from 80% free to 0% free disk space, after I removed a virus. I have used chkdsk which tries to delete index entries and recover orphaned files: faultrep.dll and mpnotify.exe. I have run chkdsk several times in normal and safe modes but still have the same problem.
I have run Malwarebytes Anti-Malware and Spybot Search and Destroy and they have removed the infection.
Any help would be much appreciated. Thanks.
 

Attachments

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,431
Let us have some Pc Spec - hard drive size - install ram etc.
I think that faultrep.dll belong to an Xp system and mpnotify.exe belongs to Win 2000 I may be wrong.

Posted Hijack this log - easier for all to see.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:57, on 01/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quidsinuk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\wltrysvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6993 bytes
 

aka Brett

Banned
Joined
Nov 25, 2008
Messages
16,918
go to start menu
Type in cmd
mouse up to cmd in your list
right click it and select run as admin

paste the following line in the cmd window and press enter

vssadmin list shadowstorage

paste the results here
 

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
Acer Aspire 5710 Intel core 2 duo CPU
T5500 @ 1.66Ghz, 667Mhz FSB, 2MB L2 cache
80GB HDD 1GB RAM

used shadow copy storage space: 4.421 GB
allocated shadow copy storage space: 4.638 GB
maximum shadow copy storage space: 4.822 GB

Thanks
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,173
Start HijackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click the "Save List" button.

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

--------------------------------------------------------------
 

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
ALPS Touch Pad Driver
Big Kahuna Reef 2
Broadcom Gigabit Integrated Controller
BT Voyager 1055
BT Voyager Wireless Utility
CCleaner
Dynasty
Eusing Free Registry Cleaner
Galapago
Google Toolbar for Internet Explorer
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 3
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
PowerProducer
Realtek High Definition Audio Driver
Sandlot Games Client Services
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SpeedTouch USB Software
Spelling Dictionaries Support For Adobe Reader 9
Star Defender 3
SUPERAntiSpyware Free Edition
System Requirements Lab
Treasures of the Deep
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Yahoo! Toolbar
Zuma Deluxe
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,173
I have run Malwarebytes Anti-Malware and Spybot Search and Destroy and they have removed the infection.
I don't see Spybot - Search & Destroy in your list of installed programs, but I do see Malwarebytes Anti-Malware (y) and SUPERAntiSpyware (y) both installed.

If you've run scans with them both and have removed everything they found, I'd like to see the scan logs.

-----------------------------------------------------------------

Adobe Reader 9.1 needs to be updated to 9.3.

Java(TM) 6 Update 3 needs to be updated to 6 Update 19.

Uninstall these programs because they're not needed:

Acrobat.com

Eusing Free Registry Cleaner

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Microsoft Antimalware

System Requirements Lab

Windows Live OneCare safety scanner


-----------------------------------------------------------------
 

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
I've been unable to remove these 3 which are not listed in control panel/programs/uninstall:Acrobat.com, Microsoft Antimalware, Windows Live OneCare safety scanner.
I uninstalled Spybot - Search & Destroy because I think the Teatimer part of it was slowing start-up. I don't have the logs but the following info is still listed in Microsoft Security Essentials:
Trojan:Win32/FakeRean Removed
Trojan:Win32/Namsys Removed
Trojan:Win32/Hiloti.gen!D Removed
PWS:Win32/Daurso.A Removed
 

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
Using the Windows Installer cleanup utility, I have now removed those 3 programs that I couldn't earlier.
Still need help with the original problem. Thanks.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,173
Go into these 2 temp folders:

C:\WINDOWS\Temp

C:\Users\(Username)\AppData\Local\Temp

and then delete everything from inside those temp folders. It's all junk and is a good place for a "nasty" to hide. If a few files resist deletion, leave them alone and delete everything else. Empty the Recycle Bin, then restart your computer.

---------------------------------------------------------------

I would suggest running the update feature of Malwarebytes Anti-Malware and SUPERAntiSpyware to get them up-to-date, then run a quick scan with each one, then select and remove everything they find, then submit their new scan logs here.

---------------------------------------------------------------
 

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/02/2010 at 10:45 PM
Application Version : 4.35.1002
Core Rules Database Version : 4763
Trace Rules Database Version: 2575
Scan type : Complete Scan
Total Scan Time : 00:55:44
Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 7006
Registry threats detected : 0
File items scanned : 30595
File threats detected : 3
Adware.Tracking Cookie
C:\Users\TAHAR1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TAHAR1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TAHAR1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3947
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
03/04/2010 00:32:39
mbam-log-2010-04-03 (00-32-39).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 235578
Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,173
Both scan logs look good. (y)

Did you empty out the 2 temp folders?

---------------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,173
Hi flavallee, yes I've emptied out the 2 temp folders
And hopefully emptied the Recycle Bin afterwards.

----------------------------------------------------------------

You've got several space-hungry programs installed. Unless you actually use them all, you should uninstall the ones that you don't.

----------------------------------------------------------------
 

oranges

Thread Starter
Joined
Apr 1, 2010
Messages
8
Yes I emptied the recycle bin too. Apart from the 7 programs you mentioned earlier and which I've now removed, which ones are the 'space-hungry ones'? My disk space was always about 80% free even with all these programs, until after the infection. After googling the problem, I've read this is a problem for other people after an infection, but can't find a solution.
Also regarding the two files, faultrep.dll and mpnotify.exe, is it not possible to manually do what chkdsk has been unable to do?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top