[clearlyclearly]

Greetings,

Thank you for your invaluable service. I only turn here to ask for help from you kind wisdom and experience as a last resort.

I have a Windows 7 64bit Lenovo laptop. The other night, running executables produced strange effects and the two programs I tried to launch didn't appear to run, so I rebooted only for this boot loop nightmare to start. Many days spent reading and trying out all sorts of fixes have resulted in nothing that works. The two most common causes online appear to be a rootkit and/or a windows update. I have windows update on manual after previously encountering issues, so I suspect a rootkit.

I have a Windows 7 DVD and have a system image (Windows Backup and Restore) from the day before the "crash" as well as from a couple of months ago. Restoring the image from the day before the event has not helped, neither has using System Restore going back 7 to 10 days before the event. I haven't tried restoring to two months ago.

Using another machine (Vista), a usb stick, and instructions on geekstogo, I got the FRST.txt log file, pasted below:

Thank you kindly in advance,


===========================================================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2013 01
Ran by SYSTEM on MININT-GM9CLVU on 20-10-2013 23:17:17
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Dolby Tuning and Profile Creator] - C:\Program Files\Dolby Tuning and Profile Creator\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [4743568 2012-10-02] (SoftPerfect Research)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [5941344 2012-05-15] (Lenovo Group Limited)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Sony Ericsson PC Suite] - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [528384 2007-06-12] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\morgan\...\Run: [Google Update] - C:\Users\morgan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-07-24] (Google Inc.)
HKU\morgan\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [966072 2012-10-11] (Samsung)
HKU\morgan\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [580096 2012-10-09] (Samsung Electronics)
HKU\morgan\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-11] (Samsung)
HKU\morgan\...\Run: [AdobeBridge] - [x]
HKU\morgan\...\Run: [mDesktop] - C:\Program Files (x86)\mDesktop\mDesktop.exe [794112 2013-04-17] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-07] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-13] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-23] (DT Soft Ltd)
S1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [30592 2012-05-10] (REALiX™)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-03-07] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [108296 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [19720 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [144648 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [126216 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [31496 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [123656 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [130824 2007-04-03] (MCCI Corporation)
S2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 23:16 - 2013-10-20 23:16 - 00000000 ____D C:\FRST
2013-10-16 22:41 - 2013-10-16 22:41 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-16 10:48 - 2013-10-16 22:34 - 00000000 __SHD C:\found.000
2013-10-13 04:26 - 2013-10-13 04:26 - 00000709 _____ C:\Users\morgan\Desktop\amazon seller central lockout.txt
2013-09-25 07:04 - 2013-10-07 22:46 - 00005640 _____ C:\Windows\setupact.log
2013-09-25 07:04 - 2013-09-25 07:04 - 00000000 _____ C:\Windows\setuperr.log
2013-09-24 21:22 - 2013-09-24 21:22 - 00000000 ____D C:\Program Files (x86)\Viewer_20121214

==================== One Month Modified Files and Folders =======

2013-10-20 23:16 - 2013-10-20 23:16 - 00000000 ____D C:\FRST
2013-10-20 22:14 - 2012-09-11 23:50 - 00000000 ____D C:\Users\morgan\AppData\Roaming\MyPhoneExplorer
2013-10-20 22:14 - 2012-07-19 04:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-20 22:14 - 2012-07-15 09:20 - 00000000 ____D C:\users\morgan
2013-10-20 22:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-10-20 22:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2013-10-20 22:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-20 22:11 - 2012-09-17 04:35 - 00000000 ____D C:\Users\morgan\AppData\Roaming\Dropbox
2013-10-20 22:11 - 2012-07-24 06:27 - 00000000 ____D C:\Users\morgan\AppData\Roaming\Skype
2013-10-20 22:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-16 22:41 - 2013-10-16 22:41 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-16 22:34 - 2013-10-16 10:48 - 00000000 __SHD C:\found.000
2013-10-15 17:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-10-13 04:26 - 2013-10-13 04:26 - 00000709 _____ C:\Users\morgan\Desktop\amazon seller central lockout.txt
2013-10-07 22:50 - 2009-07-13 20:45 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 22:50 - 2009-07-13 20:45 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 22:48 - 2012-07-24 17:12 - 01496087 _____ C:\Windows\WindowsUpdate.log
2013-10-07 22:48 - 2009-07-13 21:13 - 00782922 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-07 22:46 - 2013-09-25 07:04 - 00005640 _____ C:\Windows\setupact.log
2013-10-07 22:43 - 2012-12-23 10:33 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-10-07 22:42 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 13:20 - 2012-07-24 13:29 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-91059494-2544289635-1420198269-1000UA.job
2013-10-05 01:20 - 2012-07-24 13:29 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-91059494-2544289635-1420198269-1000Core.job
2013-10-05 01:15 - 2012-07-24 13:29 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-91059494-2544289635-1420198269-1000UA
2013-10-05 01:15 - 2012-07-24 13:29 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-91059494-2544289635-1420198269-1000Core
2013-09-28 13:16 - 2012-12-17 12:48 - 00000000 ____D C:\Users\morgan\AppData\Roaming\Mozilla
2013-09-26 01:05 - 2012-10-20 22:57 - 00000000 ____D C:\Users\morgan\AppData\Roaming\abelhadigital.com
2013-09-25 07:04 - 2013-09-25 07:04 - 00000000 _____ C:\Windows\setuperr.log
2013-09-24 21:22 - 2013-09-24 21:22 - 00000000 ____D C:\Program Files (x86)\Viewer_20121214
2013-09-22 22:55 - 2012-07-29 11:33 - 00000000 ____D C:\Users\morgan\AppData\Roaming\vlc

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3983.23 MB
Available physical RAM: 3356.97 MB
Total Pagefile: 3981.43 MB
Available Pagefile: 3344.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS_Win7) (Fixed) (Total:85.33 GB) (Free:42.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:380.43 GB) (Free:5.82 GB) NTFS
Drive e: (GSP1RMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive f: (WDO_MEDIA64) (Removable) (Total:0.93 GB) (Free:0.6 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5CD45D08)
Partition 1: (Active) - (Size=85 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=380 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 960 MB) (Disk ID: C73BC0DF)
Partition 1: (Active) - (Size=959 MB) - (Type=0B)


LastRegBack: 2013-10-10 15:47

==================== End Of Log ============================

[Advertisements]

Hello clearlyclearly,

Welcome to Geekstogo.

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next

Attempt to boot normally. If you find that you can please run another scan with FRST and post back the log/s it generates.

[emeraldnzl]

Hello clearlyclearly,

Welcome to Geekstogo.

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next

Attempt to boot normally. If you find that you can please run another scan with FRST and post back the log/s it generates.

[clearlyclearly]

Hi emeraldnzl,

Thank you very much for taking this problem on! I am most grateful.

I have run the FRST64 program with the fix you provided, but was unable to boot. The usual BSOD caused the computer to restart as it's been doing all along. Please find the log attached.

Thank you

Attached Files

•  Fixlog.txt   993bytes   399 downloads

[emeraldnzl]

Hmm... I wonder if there is a problem with the Hard Disk.

Are you able to use F8 to get to Advanced Boot Options?

If so use F8 at startup to get to Advanced Boot Options.

Select "Repair your computer".

On the system recovery options select command prompt. Type the following and press Enter:

chkdsk c: /f

(note spaces between chkdsk and /f and c: they should be there)

Please wait until the check is done.

Try a reboot after that and come back and tell me how it went.

[clearlyclearly]

Hi emeraldnzl,

I have previously spent several days running various options from System Repair, including chkdsk, as well as accessing the filesystem using ms-dos and via the File > Open dialog from notepad for example. Here is a screenshot from running chkdsk as asked. Sorry the quality isn't great, my screen brightness is very low when not in Windows for some reason and can't be adjusted using the dedicated laptop keys.

I rebooted and the usual blue screen occurred after a minute or so of the windows logo as the laptop tried to start up.

Thank you very much for your kind help

Attached Thumbnails

• 

[emeraldnzl]

I have previously spent several days running various options from System Repair, including chkdsk, as well as accessing the filesystem using ms-dos and via the File > Open dialog from notepad for example. Here is a screenshot from running chkdsk as asked.

Thank you for that. I see you have done quite a lot lol.

By the way have you backed up your data? The reason I ask is that if you have, then the simplest approach might be to use the Lenovo rescue system to restore your machine.

I rebooted and the usual blue screen occurred after a minute or so of the windows logo as the laptop tried to start up.

Can you tell me the error message that shows on that BSOD?

[clearlyclearly]

emeraldnzl thank you.
i have all my critical data backed up, but would dearly prefer to restore my machine, even if it is only for a few days to get some settings and stuff taken off. altho i have no way of knowing at present if what has done this to my machine has not impacted on these backups.
i'm not sure what the lenovo system restore will do?
this machine is a windows 7 ultimate sp1 64bit, but an upgrade based on a pre-existing os licence and product key (it came with windows 7 enterprise 64bit).
once i had windows 7 ultimate installed, i made a system image of the machine with some basic apps installed, thinking this would be my "reset" if things went bad. i'm not sure what the windows licencing implications would be. I also keep system images going regularly and move an older one to a safe place periodically (hence the 2 month old system image i have).
attached is the BSOD captured with quick fingers!

Attached Thumbnails

• 

[emeraldnzl]

Stop: 0X000000F4 (0X0000000000000003, 0XFFFFFA8008FEAB30, 0XFFFFFA8008FEAE10, 0XFFFFF80002F85470

Well when I research that I find a number of answers. There are two that jump out at me.

Although not quite the same as your one this link refers to memory corruption and may be of help.

This link suggests that F4 usually relates to hard drive issues which is where we were heading above with chkdsk.

For that here are some instructions to test that if you wish.

Go to Sea Tools for Dos tutorial for tutorial instructions.

Click on Seatools to download the tool.

Save the download to your desktop.

In Windows 7 right click the ISO file, select Open With, then select Windows Disc Image Burning Tool then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn Install the program and start the application. Select the top left hand option to Write image file to disc and then on the next window click on the small yellow folder icon and browse to the ISO file on your desktop. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

You will need a blank recordable CD or a re-recordable CD. You cannot use this software on a USB flash drive.

When the CD has been burned boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence Bios Boot Order Guide. Insert the disk in the drive then reboot and the disc will load into DOS. Click on Basic Tests and select the Long Test.

A full set of instructions can be found here: Seatools instructions

When the test completes it will show a Pass or Fail.

Malware is not leaping out at me as a cause of this problem. The foregoing actions might help you narrow it down.

Tell me how you get on.

[clearlyclearly]

Thank you. I am running Windows Memory Diagnostics Tool now. Will have to get a blank CD tomorrow and burn seatools at work then test tomorrow night. Thank you. It is best we eliminate the chance of HDD issues.

[emeraldnzl]

I mentioned in my last post that Malware is not leaping out at me as a cause of the problem. I still think that, but I should say it is possible that indirectly it was the cause. By that I mean that if this turns out to be a software corruption issue, it is possible that an infection not showing now, caused the corruption somewhere in the past. Unfortunately it still doesn't get away from the fact that we haven't found a way to get your computer booting up normally.

I look forward to hearing how it goes.

[clearlyclearly]

Nothing reported with the Windows Memory Diagnostics Tool.
Strangely, SeaTools has not found a drive (ran twice), yet I am able to access the drive (both partitions) using DOS and via the Startup Repair (for example, via File > Open in Notepad). See screenshot.

Attached Thumbnails

• 

[emeraldnzl]

Hmm... it was my understanding that the Seagate one would work on any hard drive. Either it can't locate it for some reason... are all the cables firmly in place? or it doesn't work on Lenovo.

I have researched and found this:

Lenovo hard drive test link.

See if you can run a test using the information at that link.

[clearlyclearly]

forgot to mention i previously ran windows defender offline via a bootable usb stick - no infections or issues found
am going to try and install the Lenovo system checker on the same usb stick, from the link you provided (http://support.lenov...&DocID=DS030861)
will let you know. thank you

[emeraldnzl]

forgot to mention i previously ran windows defender offline via a bootable usb stick - no infections or issues found

Yes, malware is not leaping out at me as a cause of this problem.

Look forward to hearing how you get on.

[clearlyclearly]

running lenovo tests right now, the hard drive is a SEAGATE ST9500420AS