This may get a little lengthy, as the computer in question is not mine, I can't boot it to post any error messages, and I'll try to include as much information as I have available. First off, everything I know about the hardware can be found here
. The resident antivirus program is Avast, and it also has AdAware, but not for real-time protection.
Six days ago - Thursday - I was asked to look at my sister's computer because she was getting a lot of warnings and virus pop-ups and the computer was freezing up. I found that all of the visual stuff was from a rogue program called Internet Security 2010. I was able to schedule and run a boot-time scan with Avast, which found 5 or 6 infected files. Restarted, and IS2010 was still there. Then I ran a Smart Scan with AdAware, which found another 2 or 3 malicious files. Still had IS2010. After reading a few of the forum posts here, I downloaded rkill and MalwareBytes. After killing the processes and running MBAM, the computer ran fine for a few hours.
Thursday night, the story that I got is that she opened Firefox, which has Yahoo set as the homepage. On opening the browser, Avast popped up twice for detected malware, both of which she moved to the chest. She was able to browse without problems until she shut down the computer. When she tried to start it Friday, it would not boot. Every time, the Windows boot options would come up, but neither Normal, Safe Mode, nor Last Known Good would boot the system. When I finally got to look at it again today, I was able to produce one BSOD with the error 0x7d and the message Unmountable_Boot_Volume.
I made an Avira AntiVir recovery disk and ran that. It cleaned up something like 30 infected files, but I also noticed that it could not scan either MBR (there are drives C: and D:, which is the Compaq recovery partition) as they were unreadable. Sure enough, I verified that I could still neither boot nor enter PC Recovery. I then proceeded to the Windows Recovery Console. I ran chkdsk /r, which found and corrected 1 problem. Still no boot. Tried fixboot C: and nothing, then tried bootcfg /rebuild, which I think may have made the problem worse, as it just added an identical option for XP to the OS list. Then, as a last resort, I ran fixmbr \Device\Harddisk0\Partition1 (the mapped location of drive C:) and, sure enough, that was game over. I have maintained my 100% failure rate with that little tool, as it destroyed the partition table, as it has every time I've used it.
I then downloaded the "Ultimate Boot CD" and ran TestDisk. It found 3 partitions and one empty space. Partitions 1 and 2 seem to be intact as the OS NTFS partition and the recovery FAT32 partition (I could view a list of files and directories); Partition 3 looked like a near-clone of Partition 1, but was reporting as 116TB, as opposed to 112GB. Had to delete that partition. The empty space occupies I think a couple sectors between Partitions 1 and 2. After rewriting the partition table with the NTFS partition as primary/bootable, and the FAT32 partition as a primary, it looked ok. Trying to boot the OS, I get only a blinking cursor at the upper left corner. I can now, however, enter PC Recovery. I actually tried to run that, too. While it spent 40 minutes claiming to do something, it never addressed the MBR or Partition Table. After trying to dig around with a handful of the other partition tools on the UBCD, I have determined that when TestDisk rewrote the partition table, the recovery partition was assigned as drive C: and the OS partition has no drive letter at all.
And that's where I quit for the day. I apologize for such a lengthy entry, but I felt it was all relevant to the situation. Now, if anybody can give me even a remotely good idea for how to get this thing to boot, or to at least recover some of the files from it, I would greatly appreciate it.