ntcreatfile log error access denied/ harddrive failure/files are missing/help me

[essexboy]

Run MBRCheck.exe once again.
 
You will be presented with the following dialog:
 

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 
Enter Y and press Enter.
 
The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
 
Enter your choice:

 
Enter 2 and press Enter
 
The following dialog will be presented:
 

Enter the physical disk number to fix (0-99, -1 to cancel):

 
Enter >>0<< and press Enter
 
The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
 
Please select the MBR code to write to this drive:

 
Enter >>5<<  and press Enter
 
The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

 
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
 
And last the following dialog will be presented:
 

Done! Press ENTER to exit...

 
Press Enter. A report will be produced on the desktop. Post that report in your next reply.

Then retry TDSSKiller

[andrewk22]

here is the mbr log but  tdss killer isnt starting up

[andrewk22]

what should i do next?

[essexboy]

Rerun a scan with MBR.exe please to see if the change stuck

[andrewk22]

here is the log

[essexboy]

Give me a bit and I will try to figure out how to kill this beastie cleanly.  Do you have a USB drive ?  And when you reboot to the safe mode menu is there a "repair my Computer "  Option 

Please download the following tool

Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

[andrewk22]

yes i have a usb flash drive and the repair my computer option is availible and here is the log

[essexboy]

Okey Dokey we will use windows first to try and fix it

Reboot the computer to the safe mode menu
Select repair my computer
Select Command prompt


At the prompt type the following and press enter :

BOOTREC /FIXMBR

Reboot to normal windows and retry TDSSKiller

[andrewk22]

Is it suppose to take a while to load because it has been saying Windows is loading files for about 20 minutes now. And the system recovery options hasn't popped up yet

[essexboy]

OK mayhap the recovery partition is not installed

So lets get you one

Download the following three programmes to your desktop :

 
1.  WiNTBootIc
2.  Windows 7 64bit RC
3.  Listparts64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy Listparts to the same USB




Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

 
When you reboot you will  see this although yours will say windows 7.
Click repair my computer

 
Select your operating system

 
Select Command prompt

 
At the command prompt type the following  :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\Listparts64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (report.txt) on the flash drive. Please copy and paste it to your reply.

[andrewk22]

sorry for taking so long, had a very busy weekend. anyway, here is the log.

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 10-09-2012 at 16:29:17
Windows 7 (X64)
Running From: C:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 3834.9 MB
Available physical RAM: 3364.15 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3348.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Removable) (Total:3.73 GB) (Free:3.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (TI106047W0B) (Fixed) (Total:285.12 GB) (Free:61.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online         3824 MB      0 B         
  Disk 2    No Media           0 B      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            285 GB  1501 MB
  Partition 3    Primary             11 GB   286 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   System       NTFS   Partition   1500 MB  Healthy    Hidden 

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D   TI106047W0B  NTFS   Partition    285 GB  Healthy           

======================================================================================================

Disk: 0
Partition 3
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           3823 MB   572 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C                NTFS   Removable   3823 MB  Healthy           

======================================================================================================

****** End Of Log ******

[essexboy]

Not a problem, looking at list parts the bad partition is not active

Disk: 0
Partition 3
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

So if you could return to the recovery console as before
Select the command prompt
Type the following commands pressing enter after each line :

Bootrec /fixmbr
Bootrec /fixboot

Then reboot to normal windows and retry TDSSKiller

[andrewk22]

When I do the fixboot it says
the volume does not contain a recognized file system

[andrewk22]

here is the tdsskiller report and the cure option is not availible.

[essexboy]

Re-run TDSSKiller with the same parameters and when you see this select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Avast will alert as the files are moved.

Once done how is the system behaving