Posted 05 February 2009 - 09:28 AM
So my friend, who is also a client, brought her Dell laptop to me. It was really badly infected with spyware and viruses. Probably the worst I've seen yet. There were 14 trojans on it. By the time she brought it to me, the machine wouldn't even boot up normally. Was asking for a password, which she'd never set. After pulling the hard drive and running scans with Vipre (Sunbelt Software, it's legit, works really well) and removing all the infected files, and putting the HDD back in the laptop, the errors increased. Suddenly "WININET.dll" was missing (ack!) and I got a TON of "svchost.exe" errors. In short, I got as far as seeing the desktop background before the "WININET.dll" error would keep repeating (with a loud system-error beep to go along with it) and couldn't go any further than that. The same thing happened trying to get into safe mode.
Pulled the drive again and couldn't access the documents and settings folder without taking control and rewriting permissions of the entire directory. Finally finished that. Got into My Docs and it's a MESS. Looks like somebody dumped the entire contents of the My Music folder into My Docs. There was no My Music folder anywhere. Everything is a complete mess, I can't find any of the normal folders that are there. I think the right word would be, Scrambled.
Too much of a mess to sort through, so I MOVED the entire My Docs directory from her profile to an external drive, since we decided the best thing to do is wipe/reinstall Windows. So I MOVE all the docs, right? I double-check the My Docs on the corrupted drive and it is EMPTY after I move everything. I do the same with the Favorites, Desktop (access denied there too) etc. I also run treesize on the drive and there are no Program folders that exceed 1GB, so I don't look there for data.
I did NOT make an image of this drive, since it was SO infected, and Windows was corrupted, and there were all these access denied errors. (Should have made an image!!!)
So, I put the drive back in the laptop, out of curiosity I run a Windows Repair on it with the Dell disk. After the repair finished, I wasn't getting the errors anymore, but the machine wouldn't boot. It got as far as the Windows logo with loading bar, then the light-blue "Setup is restarting" would come up, whereupon the entire boot process would start over from the beginning.
At this point I decide to proceed with the wipe/rebuild process. There were four partitions on this drive. Three were small, FAT32 Dell-installed partitions. I delete the C:/ partition and run a long format on it to NTFS. Continue from there and install Windows. Everything goes smoothly and I get to the new desktop.
I start to install drivers, and meanwhile begin to transfer the data back over.............. PROBLEM.
There is no My Pictures folder anywhere....
I ran a search on the backed-up data and there are only about 700 .jpg files on the drive, and none are in My Pics.
I call and ask, do you have a backup? (answer - No. Of course not.)
Did you put your My Pics somewhere weird when you were organizing the other day? (No)
Were you using some sort of photo-editing software that auto-sorted your pics into the program files directory? (No)
(Oh trust me, I've been round-n-round with this person about needing to do backups)
So! Where did they go?????????????????????
So my question is, is there ANY way to get back data from the previous installation of Windows on this drive? I don't care if it's a RAW recovery and I have to hand-sort through every file. Is there a way?