Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

New Problem Scan


dmbaker

Recommended Posts

Yes, that sounds like heating problem.

 

Yes, Vista disks are quite hard to find since almost every computer came with the Vista OS already installed and the Recovery System was installed in another partition. I've search all over and can only find Recovery disks so I guess the option of reverting to Vista is out of the question. The only thing I can help you with now is to clean the Lenovo.

 

Hi all... unfortunatly this is true considering Vista. If the system isn't imaged by an oustside software... and you didn't create your own repair disc... the outcome is most likely re-format. (I could send you my repair disc but it wouldn't work for you as I created it 2 years ago on my Vista).

 

 

the Recovery System was installed in another partition
This was not true on my Vista... though this is not helpful.

 

Sinverely,

-Mel

Live long and prosper!

 

P.S. Betcha can find Win 7 real cheap right now! If you are going to format... might as well make sure your OS is supported for awhile?

Link to comment
Share on other sites

More to consider?

 

Hi Guys,

 

I had mentioned earlier that I do have an unused win7 Home Professional upgrade disc that I had bought from MS. The problem is, I'm running Ulitmate on this machine so I don't know if that would work out. The only thing I can think of is to see if HP can help me out with a Vista download.

 

My son's Dell laptop has Vista on is but all I have are the recovery discs for it. I might have the OS disc but wouldn't that be different than this one?? This little computer is a little older but I really like it for some reason. I'd like to keep it up and running. To tell you the truth I wouldn't mind wiping the drive if I find a way. I'm just a little uneasy about leaving all the other stuff on it. I don't have that much on it myself plus I do have all the files backed up and I'd be curious to see how much room my HD really has if I did this?

 

So Dave, are you thinking thats definitely what the problem is here? I was looking at some of my logs and wonder who the user: js is referring to? My Lenovo deleted one reference of that user on a deep scan and thats not mine. Also, it doesn't matter how many times I try, even now I have it back up and running but the malware scan on this one and the lenovo keep coming back with 2 bayblonToolbar registy keys that say repaired but if I scan again they are still there. I tried to go in and delete the key manually but was denied. I hate that toolbar! It seems to find its way back to my browsers every time I turn around...lol

 

I really appreciate all your help. SuperDave, I can start a new post if you'd like for my Lenovo so others can maybe benefit if you'd rather or I can just reply here.

 

I'll send you the latest reports you asked for on the HP now. Mel, I'm assuming my other questions are for another thread so just let me know what you think and I'll go from there.

 

Thanks so much!

Link to comment
Share on other sites

Hi Dave,

 

 

[*]Click on SCAN button.

[*]A report (RKreport.txt) should open. Post its content in your next reply.

 

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : admin [Admin rights]

Mode : Scan -- Date : 12/31/2012 16:44:34

 

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] UACProxy.exe -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe -> KILLED [TermProc]

[sUSP PATH] hpwmsd.exe -- C:\PROGRAMDATA\HP MOUSE SUITE CONFIG\hpwmsd.exe -> KILLED [TermProc]

[sUSP PATH] hpwjd.exe -- C:\PROGRAMDATA\HP MOUSE SUITE CONFIG\hpwjd.exe -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND

[TASK][ROGUE ST] 4702 : wscript.exe C:\Users\admin\AppData\Local\Temp\launchie.vbs //B -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: FUJITSU MHY2080BH ATA Device +++++

--- User ---

[MBR] 0e69aaefccd208ca085198edcc67ceca

[bSP] 60bc00d1867ed5303ebcc4d728c863c5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: Ricoh SD Disk Device +++++

--- User ---

[MBR] 7f3f25dddc08583a72bcc30b6cd34381

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3768 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

 

+++++ PhysicalDrive2: Kingston DT 101 G2 USB Device +++++

--- User ---

[MBR] 0b3828fe5377e67a50a292722fdccb9c

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15260 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[1]_S_12312012_02d1644.txt >>

RKreport[1]_S_12312012_02d1644.txt

 

 

will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

No Hidden Kernel Modules found

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

No hidden files/folders found

Link to comment
Share on other sites

Hi Dave,

 

 

[*]Click on SCAN button.

[*]A report (RKreport.txt) should open. Post its content in your next reply.

 

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : admin [Admin rights]

Mode : Scan -- Date : 12/31/2012 16:44:34

 

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] UACProxy.exe -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe -> KILLED [TermProc]

[sUSP PATH] hpwmsd.exe -- C:\PROGRAMDATA\HP MOUSE SUITE CONFIG\hpwmsd.exe -> KILLED [TermProc]

[sUSP PATH] hpwjd.exe -- C:\PROGRAMDATA\HP MOUSE SUITE CONFIG\hpwjd.exe -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND

[TASK][ROGUE ST] 4702 : wscript.exe C:\Users\admin\AppData\Local\Temp\launchie.vbs //B -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: FUJITSU MHY2080BH ATA Device +++++

--- User ---

[MBR] 0e69aaefccd208ca085198edcc67ceca

[bSP] 60bc00d1867ed5303ebcc4d728c863c5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: Ricoh SD Disk Device +++++

--- User ---

[MBR] 7f3f25dddc08583a72bcc30b6cd34381

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3768 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

 

+++++ PhysicalDrive2: Kingston DT 101 G2 USB Device +++++

--- User ---

[MBR] 0b3828fe5377e67a50a292722fdccb9c

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15260 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[1]_S_12312012_02d1644.txt >>

RKreport[1]_S_12312012_02d1644.txt

 

 

will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

No Hidden Kernel Modules found

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

No hidden files/folders found

Link to comment
Share on other sites

Hi all... unfortunatly this is true considering Vista. If the system isn't imaged by an oustside software... and you didn't create your own repair disc... the outcome is most likely re-format. (I could send you my repair disc but it wouldn't work for you as I created it 2 years ago on my Vista).

 

 

This was not true on my Vista... though this is not helpful.

 

Sinverely,

-Mel

Live long and prosper!

 

P.S. Betcha can find Win 7 real cheap right now! If you are going to format... might as well make sure your OS is supported for awhile?[/

 

Yes, I'm wanting to try out Windows 8 since its on sale right now and so far this machine has passed the valid key scans from MS so maybe I could just see about doing an upgrade to Windows 8 on this one. Also, I looked at the disc and didn't see any other partitions on the main hard drive so I think the seller must have wiped the old partition clean. However, I do have the key so I might be able to get MS to do it if an upgrade won't work. Still, I'd like to start fresh, it just seems like this thing is filled with a lot of junk.

 

I prefer saving my stuff to an external drive unless its something I'm currently working with but I don't know how this one got so cluttered. I did see how much room the "Windows.old" was using and it was significant but I forgot how I found it and now I can't view it at all. I have that saved to an external drive as well.

 

Thanks,

Dana

Link to comment
Share on other sites

Yes, I'm wanting to try out Windows 8 since its on sale right now and so far this machine has passed the valid key scans from MS so maybe I could just see about doing an upgrade to Windows 8 on this one.

The last time I checked the upgrade to Win8 was under $30.

This little computer is a little older but I really like it for some reason. I'd like to keep it up and running. To tell you the truth I wouldn't mind wiping the drive if I find a way.

I gave you a link how to do this in a previous post.

I was looking at some of my logs and wonder who the user: js is referring to?

That would be the previous owner.

Also, it doesn't matter how many times I try, even now I have it back up and running but the malware scan on this one and the lenovo keep coming back with 2 bayblonToolbar registy keys that say repaired but if I scan again they are still there. I tried to go in and delete the key manually but was denied. I hate that toolbar!

adwCleaner should get rid of that.

I can start a new post if you'd like for my Lenovo so others can maybe benefit if you'd rather or I can just reply here.

You should start a new thread. It would too confusing to do it in this thread.

Link to comment
Share on other sites

Last Question.

 

Hi Dave,

 

That would be the previous owner.

 

So, if js was the previous owner how did that user show up on my lenovo? I want to make sure this person doesn't have a back way in that I haven't found or cannot control. If I can get that bablyontoolbar off of it and be sure the previous user can't get in, I'll be happy with that and leave the machine as is.

 

Thanks for your help on this one. I'll start a new thread with my Lenovo results.

 

dana

Link to comment
Share on other sites

So, if js was the previous owner how did that user show up on my lenovo? I want to make sure this person doesn't have a back way in that I haven't found or cannot control. If I can get that bablyontoolbar off of it and be sure the previous user can't get in, I'll be happy with that and leave the machine as is.

Probably he/she's the one who installed the new OS. adwCleaner should get rid of that toolbar.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...