Recovering files when Windows 7 MBR has been corrupted

boot hard-drive windows-7 mbr partition-recovery

System Stats:

  • Type: 64-Bit Desktop;
  • OS: Windows 7 Premium;
  • HD: Seagate Barracuda 750GB, S.M.A.R.T. Enabled.

History:

There is the complex situation I'm dealing with, I'll do my best to break it down: I've been up against some nasty guys in the gaming field and a few days ago, security software cleaned an infestation planted maliciously on my system, which corrupted the MBR. When I ran Boot Repair Disk in repair mode it says it overwrote the original with a Windows 2000/XP/2003 MBR. Now it won't boot from HD, along with other symptoms listed below. I don't want to do anything further to reduce possibility of further damage until confirming what to do next to resolve the issue.

Symptoms:

  1. At bootup, HD sometimes does not appear in the boot menu.
  2. When it does appear, if selecting option to boot from it, there appears a readout saying the HDD's status is Bad. After pressing F1 to continue, it says No OS found.
  3. Drive letter C: has vanished, leaving the drive unlabeled.
  4. When looking at the stats of the HD using Mini Tool Partition Wizard, it shows a full 100% of the drive being used, though it was less than 50% full. Also in the Status, it says None; as shown in the picture below:

enter image description here

Ideas:

I could probably fix it by reformatting and doing a reinstall of the OS using the Factory Recovery Discs, but I have a few documents on it I want to recover. Maybe it's possible to install a clone of the HDD from a previous save to another internal (or external) HDD and run a recovery program from there. I have a system recovery disk and there might be something I could do with that, but I'd need the steps to proceed properly.

Exactly what I need help with:

  1. I'd like to know how to backup the HDD in its current state in case it gets mangled further or I have no choice than to reformat.
  2. How to restore the drive's label without a functional OS so it's recognized again.
  3. The steps on how to recover the original MBR back so the HDD works again.
  4. How to get the original partition back to what it was without corrupting the data on it.
  5. In short, how to get my HD working again or if not possible, recover the data on it.

As this can be complex, please include step by step instructions, helps reduce chances of error for one like me who doesn't regularly deal with boot issues. If someone here can help me with this, I'd appreciate it.

EDIT: Additional info, see comments section:

The files are stored in the (NTFS) 686.5GB partition in the photo above.

As pointed out it, the MBR has been overwritten and I don't want to "recover" the previous MBR in that fashion. What I mean by recover is write back the correct MBR to the drive or repair the MBR back to the Windows 7 one using a tool of somekind? to make the HD recognizable at bootup again.

Perhaps a new set of simplified questions will clarify the goals I'm working on:

1- How to copy the data in that partition that now says 100% used?
2- How to make the drive readable at bootup again?
3- How to make Windows 7 run again (without reformatting HD from scratch)?

Unless they stuck in a virus along with the RAT's (all scanners I've used so far say negative), the data is not overwritten in the 100% full partition, the MBR is messed up so it's giving the wrong reading and saying 100% full when it's only -50%.

8/01 Update: I came here for help, does it look like you guys are focusing more on my account than the issues I'm asking about? Honestly, I don't know why it made a duplicate after I signed up with my Guest account. TY for the link, I'll do what I can. Not meaning to state the obvious, but I'm still tackling this issue and it's yet unresolved, so can we get back on topic please...

Below is a picture of the result I get when scanning the Drive with GParted from MiniTool. Even when doing a deep sector scan, it keeps giving me Unable to Read errors on each one. Can anyone here help please?

enter image description here


Here's what I'd do. Its a pretty complicated process and I've briefly touched on the tools and what they do rather than the complete process.

Get a drive big enough to hold a full image of your drive. Preferably more than twice the size.

Get a linux livecd and a large hard drive (at least 2x the size of the drive you're recovering sounds like a good bet) -I typically I use xubuntu for things like this. Boot in and install gsmartctl,

I'd start by ensuring the drive is healthy - run gsmartcontrol (or smartmontools) and see if you have a large number of pending reallocation sector count or other scary things.

I'd then see if I can image the drive - gddrescue would be what I use here, since it accounts for bad sectors, and I can mount that with kpartx.

Once imaged I'd try mounting the drive image (and only ever run any tools on the drive image) and seeing if I can get data off of it manually. If its a dirty unmount it won't mount anyway and you may need to mount it readonly with something like mount -t ntfs-3g -o ro /dev/sda3 /media/windows

I've used testdisk to undo this sort of damage before. They have a great step by step manual and its a great tool for whole disk recovery.

I'd also try booting from a windows installer disk, going into the recovery console, and fixing the bootloader there. Howtogeek has a great guide

Finally back up anything important in future, so you can just pick a known good backup and save yourself a ton of time.

Related

What is the difference between virtual memory and built-in memory (RAM)?
Make Chrome always execute with flags, for eg., directly opening an HTML file
Driver locked memory on a non-virtual machine
Unintentional mouse movements, am I paranoid?
Robocopy command to copy updated files and long path names
Can I use an onboard and pci vga simultaneously?
How do I fix broken .exe file association in Windows Vista? [duplicate]
Auto login Windows Server 2012
How do I check if a 2-track WAV file is "really" in stereo?
zsh (z shell) numpad/numlock doesn't work
Do rackmount servers need to be in a rack?
Start configured VPN from command line (OSX)