I've been wreckless with combofix, and now am unable to boot the XP OS.
My girlfriend had some issues with her Toshiba laptop freezing up. To make a long story short, I've somehow managed to corrupt her XP operating system and the Hard Drive now appears unpartitioned. Currently, if I boot the computer I immediately receive the following message:
"NTLDR is missing
Press any key to restart"
I now realize that I should have turned here first, as I am sure I have made things worse, and the data is now perhaps unrecoverable. I am in over my head and need to know what to do with the computer now. The computer will boot with the Windows XP CD (I had to change the boot order in the bios).
When the computer was handed to me, it would freeze each time after an error would appear regarding the built in fingerprint reader. The error displayed a message, as best I can remember it, "W32: err wstd 1702." This error would pop up after random seemingly intervals, but usually within a few minutes of booting up into Windows. My girlfriend had already run malwarebytes, and the log I found showed that two "trojan.dropper" file infections were found and deleted. I ran an additional scan in safemode, and it found another infection in one of the restore points. Otherwise, the system appeared clean, but continued to freeze up. I tried disabling the fingerprint hardware, but this did not prevent the above error from occurring. Nothing in event viewer appeared out of the ordinary.
I next tried disabling all startup programs using msconfig. The computer would now run for up to a half hour before displaying the above error and freezing. I next tried disabling services in MSconfig by selecting diagnostic startup (It left RPC and other essential services enabled). Upon rebooting, the computer seemed stable for about an hour before the error began popping up again. I renabled each of the services and restored the startup programs.
Did I run a proper virus scanner? Did I rule out hardware malfunction? Nope. I grew impatient and tried to use combofix (with which I have had success in the past). I downloaded it from bleepingcomputer.com. (Yes, I know this was probably not the smartest move, as I wasn't sure that I was dealing with a rootkit).
I do believe the copy of combofix I downloaded was legit, and have since noticed all of the warnings posted all over the forums about its recent bug issue. If only I'd been more patient, maybe I would have noticed the warnings. Anyways, on running combofix, the program informed me that the system was infected with a root kit, and something about repairing the boot.ini. The program asked to download and install the windows recovery console, which it did. When the program asked me to restart, I did. However, the computer then became unbootable. It displayed an error (as best I can remember it) saying that it could not find the operating system. Without the ability to get into safemode, I went for the windows xp CD, which failed to load. I then went into the system bios/cmos by holding f2 while starting the system, reversed the boot order so that the system would look to the CD drive before the hard drive, and was thus able to get the windows CD to load. I asked the system to do a repair install, but the Windows XP CD was unable to find an OS to repair. In fact, it asked me to create a new drive partition. I backed out of the program, and instead went for the recovery console. On examining the disk at command prompt, it appears that all space on the hard drive is free and unpartitioned.
I tried typing in "fixboot", and the recovery console did its thing. That made things worse, of course. Now, instead of a "missing operating system" error, now I get exactly this error: "NTLDR is missing Press any key to restart"
It was at this point that I decided to stop and come here, as I feel I have messed this system up enough. I wish I could be more precise about what I did to this system, but I can't get at any of the logs or errors.
I would like to preserver the data on the computer, or at least some of it, if it is possible to do so. As impatience got me into this mess, I am ready to wait for help -I know that there was something about combofix having a serious bug (don't know the details though), although this may not be combofix's fault... I have no way to know at this point.
The specs are as follows (as best I can tell without tearing open the lap top):
Toshiba Satellite P105 (as per the computer's label)
Intel Core Duo T2400 1.83GHz processor
17-inch glossy widescreen (1440 x 900)
nVidia 7300 Go graphics card
120GB 5400RPM SATA Hard Drive
802.11 a/b/g Wireless via Intel 3945abg card
DVD dual layer burner
I am not sure which version of OS it was running, but I am sure that it was running Windows XP SP2. (Yeah, I probably should have made note of the version before blowing the OS away, but it's a little late now).
As for the original Windows XP CD that came with the laptop, I've been assured that it is around "somewhere", but I am certain that the OS loaded onto the laptop was the original. Nothing pirated.
Any guidance at all would be greatly appreciated.