Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus and blue screen


  • Please log in to reply

#46
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
When you go to Repair your computer on boot up after F8 you get a screen like this:

Posted Image

1. Do you have another option like Lenovo Recovery Wizard or something similar?



Next select System Restore, the second option, then click next you get a small set of restore points.

2. Are any of these restore points earlier than when you started having problems?


3. Now please check the Show more restore points box, do you have additional/any restore points prior to when you were having these problems?




4. On the restore point that is just prior to you having these issues, what is the Type (i.e. Install, Critical update)?



Please let me know the answers to these four questions.

Regards,

CompCav
  • 0

Advertisements


#47
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
1. No I dont have option to access lenovo recovery wizard...I haven't made any partition changes
from the factory settings, because doing tht would make lenovo one key recovery inaccessible(I already had a bad experience
with this).. But still lenovo one key recovery does not work


2. I see 3 system restore points in the system recovery screen. I have tried all the three of them already, but none of them got
rid of the blue screen...Also when I click "show more restore points" check box, It does not display any additonal check
points for me..I have got only 3 restore points options.see below for additional information about the restore points


3. a. 07/29/2012 11:48:20 - Automatic restore point- SYSTEM - I am pretty sure I had infection during this time
b. 07/22/2012 - Windows Update - CRITICAL UPDATE - I don't think I had infection at this time
c. 07/18/2012 - Windows Update - CRITICAL UPDATE - I am pretty sure I did not have infection at this time.
  • 0

#48
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
First download MBRFix, unzip it and save MbrFix64 on the flash drive.




We need to get a copy of the masterboot record so please add the attached fixlist.txt to your USB flash drive.
Attached File  fixlist.txt   16bytes   74 downloads


Then attach the USB flash drive that has FRST64.exe, mbrfix64, and fixlist.txt on it and boot to the command prompt in recovery mode and run FRST64

Then click fix. It will place a copy of your mbr on the flash drive. After running the fix they should attach MBRDUMP.txt to your reply.
  • 0

#49
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi, please see below for fixlog and mbrdump

FIXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-12 11:43:44 Run:3
Running from F:\

==============================================

MBRDUMP.txt is made successfully.

==== End of Fixlog ====



MBRDUMP



3м |ؾ |  Ph ~ | V UFF AU]rUu  tFf`~ t&fh fvh h |h h BV  |V vNnfasNu ~  U2V ]랁>}Uunv ud `| du f#u;fTCPAu2r,fh fh  fh fSfSfUfh fh | fah Z2 | 2 < t  +d $$Invalid partition table Error loading operating system Missing operating system c{` : 9 !      ( 04  X4 U

Attached Files


  • 0

#50
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Check the List BCD box
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]
  • 0

#51
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I did not try booting after running listparts..Let me know if you want me to do it.
Here is the result from Listparts64->Scan(With List BCD option checked)

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 12-08-2012 at 12:26:45
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 3893.86 MB
Available physical RAM: 3443.55 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3420.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Windows) (Fixed) (Total:420.66 GB) (Free:320.61 GB) NTFS
3 Drive e: () (Fixed) (Total:30 GB) (Free:29.91 GB) NTFS
4 Drive f: () (Removable) (Total:7.46 GB) (Free:7.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 15 GB
Disk 1 Online 7643 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 420 GB 101 MB
Partition 3 Primary 30 GB 420 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C System NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Windows NTFS Partition 420 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 30 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 7643 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {17b91f06-1465-11e1-adb8-88ae1d38231b}
resumeobject {17b91f05-1465-11e1-adb8-88ae1d38231b}
displayorder {17b91f06-1465-11e1-adb8-88ae1d38231b}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {17b91f06-1465-11e1-adb8-88ae1d38231b}
device partition=D:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {17b91f07-1465-11e1-adb8-88ae1d38231b}
recoveryenabled Yes
osdevice partition=D:
systemroot \windows
resumeobject {17b91f05-1465-11e1-adb8-88ae1d38231b}
nx OptIn

Windows Boot Loader
-------------------
identifier {17b91f07-1465-11e1-adb8-88ae1d38231b}
device ramdisk=[D:]\Recovery\17b91f07-1465-11e1-adb8-88ae1d38231b\Winre.wim,{17b91f08-1465-11e1-adb8-88ae1d38231b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\17b91f07-1465-11e1-adb8-88ae1d38231b\Winre.wim,{17b91f08-1465-11e1-adb8-88ae1d38231b}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {17b91f05-1465-11e1-adb8-88ae1d38231b}
device partition=D:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=D:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {17b91f08-1465-11e1-adb8-88ae1d38231b}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\17b91f07-1465-11e1-adb8-88ae1d38231b\boot.sdi


****** End Of Log ******

Attached Files


  • 0

#52
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Additional information if it is useful for you - I never changed the partitions that came from the factory settings on my lenovo U460...
I have my Windows installation on C:\ , but I am not sure why it shows up at D:\ in the recovery command prompt..
Also this laptop does not have a optical drive..So i thought the only partition that I have is C:\ with some hidden space in the same
partition having my windows recovery image.. Thats the image which the lenovo one key recovery should access I think, but one key recovery does
not even start up..
  • 0

#53
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
  • Copy the attached file fix.txt to the USB drive with LIstparts64.exe.
    Attached File  fix.txt   122bytes   70 downloads
  • Insert the fliash drive in the infected computer.
  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • ListParts will start to run.
  • Press the Fix button.
  • ListParts will process the script in Fix.txt
  • A log Result.txt will be saved to the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]
  • 0

#54
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I did he fix, and booted up to the normal mode which ended up at momentarily flashing blue screen

Also I dont see result.txt saved into the USB drive after running the fix..I see PLfixlog saved into the USB drive.(I deleted the result.txt which already existed in the USB from the previous run of ListParts64->Scan before running ListParts64->Fix)

Here are the contents from PLfixlog

Script used: "start"
Script used: "Disk=0 Partition=1 inactive"
Script used: "Disk=0 Partition=1 active"
Script used: "Disk=0 Partition=1 inactive"
Script used: "Disk=0 Partition=1 active"
Script used: "end"
  • 0

#55
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Is it still flashing at the classpnp.sys?

Did the stop code numbers and name stay the same?
  • 0

Advertisements


#56
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
On safe mode when it loads up the drivers it stops at classpnp.sys and flashes blue screen

On "disable automatic restart on system failure" mode the blue screen error codes are -

0X0000007B (0XFFFFF880009A9928, 0XFFFFFFFFC0000034, 0X0000000000000000, 0X0000000000000000)

These error codes are the same as the one I saw yesterday when I booted up in the SATA controller compatible mode from BIOS settings.
  • 0

#57
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
I am consulting with some experts, in the meantime we need to secure your data.

Please go here to make a bootable USB of Puppy Linux for you to use to recover any files you have if a factory reset is required. Follow the instructions for making a bootable USB drive but use the 528 version of puppy linux on the main page instead of the earlier one on the USB link.
  • 0

#58
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
in progress of doing that..I have puppy linux already on a USB, so i will just have to back the data up...
  • 0

#59
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Good :thumbsup:
  • 0

#60
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Your master boot record needed to be repaired and one of our experts kindly prepared it for you. :)


Step 1.

Create USB bootable xPUD

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer
Insert your USB drive

Press Start > My Computer > right click your USB drive > choose Format > Quick format

Double click the unetbootin-xpud-windows-387.exe that you just downloaded

Press Run then OK

Select the DiskImage option then click the browse button located on the right side of the textbox field.

Browse to and select the xpud-0.9.2.iso file you downloaded

Verify the correct drive letter is selected for your USB device then click OK

It will install a little bootable OS on your USB device

Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface

After it has completed do not choose to reboot the clean computer simply close the installer


Step 2.

Now please download the attached file MBRnew.txt to the USB drive.
Attached File  MBRnew.txt   512bytes   71 downloads


Next remove the USB drive from the good computer and insert it into the infected computer.


Step 3,

Boot up on the xPUD system.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Then type dd if=MBRnew.txt of=/dev/sda bs=512 count=1
  • Then press ENTER


Step 4.

  • Please shut down xPUD
  • Reboot into Windows and let me know the result.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP