I'm deeply sorry for my first post! It was intended to appear within Introductions... [I still don't know what I did for it to end up here...]
And now to the point:
I have a Compaq Evo D510 CMT computer, and I am running Windows XP Professional SP2. The computer originally had a 40GB WD harddisk. Three years ago I added a second HD: an 80 GB Seagate Barracuda. At that moment, I also reorganised the partitions and data as follows: The "old" WD was left with only one partition © on it (38plus GB), hosting only the system and program files; the "new" HD was parted into two equal partitions (D and E), hosting all my documents.
One day last week I went to work, leaving the computer on. It was not for the first time that I did that, and on some other occasions I had even left it with some applications (e.g. uTorrent) running. This time NOTHING was running, and the only reason for my not turning it off was my being late, and thus not having enough time to correctly unmount the four USB devices that I had connected to my system (three external HDs and a DVD Writer).
When I came back home in the evening, a BLACK screen was waiting for me, saying something like that: "Attempt to boot from CD-Rom... Attempt to boot from Floppy A... from USB device..." and concluding 'Missing operating system'!
Since then I have tried everything I knew, read or heard about to make my C: drive and its partition boot again, and it was all in vain...
In order to spare those who might reply to this post an effort, I have to briefly list what indices about the crash I could gather, and what I already did about it with no result (after a horrible week of sleepless nights, maybe you'll excuse my lack of precision and coherence in what follows):
- I managed to access the partition in question (which is the system one) via the virtual (running on RAM) Linux partition supplied by Parted Magic (Ultimate Boot CD), and read the Windows log. It ended at 1 p.m. on that fatidic day (2010. 05.14) with 3 error reports about IdeChnDr being stopped. (Please, don't tell me to uninstall the Intel Accelerator, because, I repeat, I CANNOT access my system, and this includes Safe Mode and Last Known Good Configuration, System Restore or other of the like "solutions"... To say nothing about the fact that my old computer has run with Intel Accelerator for years, and I haven't done any change / upgrade recently.)
- Avira's Rescue System scan (provided by the same UBCD) found an infection with the worm Palevo affecting mainly the current user's temp files and some windows/system 32 files, occurring (again!) from 1.00 p.m. to 1.06 p.m. on that same day. I repeat, I left my computer with 0 applications running, I was away at that moment of the day and, of course, did not connect remotely to my computer, nobody lives with me and nobody has the keys to my house and/or the password of my computer, and nobody can remotely connect to my computer without my permission and assistance... yet, the computer was, naturally, connected to the internet... and my awful ISP offers PPPoE - with unsecured password! - as the ONLY possibility of having an internet connection!... And I still don't have a router! [A few weeks ago I discovered a "kind of" keylogger on my computer, one that was so stupid as to tell the server destination of its logs in plain text... you may probably guess that the server belonged to my ISP...] Otherwise, needless to say that my Avira Anti-virus is always up to date, (I also double-check with Clamwin, since, according to the Clamwin website, they can co-exist), I often scan my computer with Spybot S&D, I occasionally use some other online scanners (Trend Micro etc) and specialised for certain threats applets, I use Sandboxie for uncertain at first downloads, I regularly clean my registry (Glary Utilities, CCleaner), I do not use Messenger, Skype or any other form of live chat, and I never open suspicious mails, even from acquaintances... The night before the "catastrophe" I scanned with both Avira and Spybot, and both scans came out clean...)
I noted down the files signalled by Avira's Rescue System, and I deleted them via Linux, then re-scanned till the partition came out clean...
Unfortunately, till now I couldn't find a way to access the registry, in order to check whether the Palevo worm has left any modifications there, as predicted by its description on anti-malware sites... All the various applications within Ultimate Boot CD and Hiren's Boot CD promising a registry editor have returned an error when trying to use this function.
- Repair XP using the original Windows XP Professional SP2 CD that came with the computer... not working! Setup detects the Windows installation to repair, loads everything, and... when it reaches the second stage (reboot and starting install) ends up in BSOD!
- Recovery Console using the XP CD... not working! Tried Copy NTLDR and NTDETECT, chkdsk /r, fixboot, fixmbr etc... nothing! Edited boot.ini... nothing!
- Since chkdsk lingers around 50%, and then quickly covers the rest, I tested for hardware problems... My ancient WD harddisk passed all hardware tests with ease!...
- Fixed MBR and bootsector repeatedly with various programs and commandline utilities on the two previously mentioned CDs... nothing! Interestingly enough, when such a comparison is offered, the backup and the new MBR are identical!
[I am aware of the fact that some worms affecting the MBR may "substitute" standard MBR information with their own, so that the computer is still booting only "by means of" the malware, and so, when the latter is removed, the computer is left unbootable... but my computer did not boot at all after the "mysterious" infection that hit it out of the blue and in my absence...]
I have to mention another oddity: ALL utilities (Windows Recovery Console included) SEE the unbootable disk 0 (=partition 1) and/or they can explore it (all my programs and system files seem intact); none lists it as "lost", "hidden" or "invisible" or as an "unmountable" disk vol; all can read its real and correct characteristics (size 38plus GB, filesystem NTFS 07, used and free space, geometry, no. of sectors, primary, active, bootable, healthy [!], mounted vol), and yet I cannot boot my system from it!!!!! In other words, everything is OK, except its working!
Of course, after deleting the infected files, I used Ghost to copy the volume in question (once as disk, and another time as partition) to one of the external USB HDs. (Yes, I am aware of it: they, too, have been infected. I deleted via Parted Magic Linux the autorun.inf in the USB HD used for storing the copies.) Nevertheless, I'm afraid that both these possibilities offered by the respective program have also unfortunately "ensured" the copying (and therefore, the perpetuation) of the yet unidentified flaw that prevents my system from booting, since the resulting images are announced to include booting information and, respectively, partition table information. Thus, I'm not so eager to rely on them for a possible recovery, in case that something happens with the original information.
- I almost forgot: I also did the frequently recommended in such cases resetting of the BIOS back to the default values, in spite of the fact that my customised settings have worked perfectly for a long time.
- I also fixed the Harddisk Controller.
(Maybe I forget some other things that I did during this nightmare week, but they have all been based upon the most non-destructive options provided by the utilities included in the two mentioned CDs or by the Recovery Console.)
I underline this aspect: I did NOT take any risks of destroying the data on the unbootable disk / partition! And this despite the fact that my documents were all on other two partitions (D and E - all three being created with Partition Magic), situated on a second harddisk, which I physically disconnected from the system immediately after the disaster... [And yes, I know, that one is infected - and, probably, affected! - too!...] But I still hope to avoid fdisk and save the system partition... I have spent a lot of time building and customising this system, and I don't even want to think about losing the 300plus programs (and their settings), the overloaded with addons browser, the appearance settings, all my screensavers, wallpapers etc etc etc...
So, what else can I do?
Hope you'll find what I missed...
[If someone shows interest and replies to this post, asking for more precise data about my computer or system configuration, I'll be more than happy to provide the required information... For the time being, I considered that the general exposition of circumstances and facts connected to the booting problem would suffice, the more so as I was not able to find a similar case / situation described on the net.
Please excuse me for this super-long post!
Thank you in advance!
EDIT: I moved your other post to Introductions ~ Hamluis.
Edited by hamluis, 24 May 2010 - 09:13 AM.