Hello,
Avast alert picked up a rootkit (which happened to be the Sony XCP DRM rootkit, described here http://www.bleepingcomputer.com/forums/topic34904.html), so i moved the files in question to the virus Chest but computer is unable to boot since (blue screen “boot device inaccessible”), safe mode, recovery console, Last Know good Config, won’t do = same issue. >:(

Now since i can’t boot i can’t access Avast and recover the files in chest, so i tried with a boot-cd and “manually” extracted the 4 files from the chest and put them back in their original location before the Avast alerts (by figuring out the appropriate files in chest with the help of the .xml index). Yet with the files back to where they were before, i am still unable to boot and get the same Boot Device inaccessible blue screen at Windows loading.

I had re-installed Spybot S&D just prior to that happening, that offered me to do a backup of the registry, which i did, and have those 2 files regLocal.reg and regUser.reg in the Spybot backup folder. Spybot also had me confirm the registry changes for Avast to remove the files to move to the chest.
I had not backed up the WINNT/system32/config (registry content) folder and the files all have modification dates from after my non-booting issue. As for the /repair folder, the dates go way too far back in time.

My concern now is not to remove the rootkit at this point, but rather restore it to the state of having Windows boot properly and have the computer working like before, which it did like a charm for a few years since i had kept it under control of Kaspersky+Adaware+Spybot.

I am not sure how to use the 2 Spybot registry backup files, especially since i can’t run from the OS on the computer, only from external boot-cd (a combo of Hiren + MiniPE XT + UBCD set of tools).
I didn’t expect to be locked out of that computer with a non-booting issue just after having removed the rootkit picked up by Avast without investigating further about the possible consequences of moving it to the chest, which started the whole problem.

Any help would be really appreciated. Thanx.

Windows 2000 (thus no Restore Points) on FAT32, Spybot S&D, boot-cd with whole set of tools, including DOS commands, Registry editors etc.
:

Hi…

If you own a legal copy of Windows 2000, the only thing I know to suggest is a repair installation of Windows. If you don’t have one but have a restore CD(s) or partition on your hard drive from your computer’s manufacturer, the setup program may give you a similar or identical option. Please see the manufacturer’s documentation for more information. If this is not possible, call the manufacturer or you can post back here with any questions. In either case, be prepared for a possible loss of data.

May God Bless you!