After running Bootkit Remover, boot disk not recognized

I have XP system with two disks. While running google search, bumped mouse, accidentally clicked advertisement: could not kill the resulting process, and did not yank LAN quick enough. Ended up with a redirect process for Google that was backed up by MBR rootkit, \Windows\Temp files, and an lsass.exe process that would not allow me to clean it from SafeMode.

I managed a Google query that brought me to MajorGeeks.

I ran through the RUN & READ ME FIRST process for XP. After many hours of failed processes, I started running them in order from SafeMode. Nothing removed MBR rootkit, permanently removed threats found by maleware, or Temp files. I found post regarding MBR.exe, ran it, and sometimes it found rootkit, sometimes not, no removal.

Then I found this post on MBR. I backed up the files I care about. I ran Bootkit Remover (remover.exe) first with "dump", then "fix" flags. Fix results showed clean MBR. I shut down Windows normally. Upon reboot, I received "MBR not found" error.

I booted and ran Repair Console from XP CD. Using "MAP" command, my boot disk is not found. The "FIXMBR" command run with params set to "\device\Harddrive0" (physical boot drive) gave standard "non-standard disk and you're about to hose your drive " warning message, so I cancelled execution.

I rebooted, checked with True Image v8.0 CD, and boot disk is recognized as "empty". I assume partition tables were damaged along with the rootkit removal. Drive had only one partition.

Log files from RUN & READ processes are not available.

Questions:
- Do I have any options for an easy, complete restore of yesterday's MBR and partition?
- Will running "FIXMBR" from XP Repair Console likely give me a bootable, empty partition?

 

Largely solved.

Slaved drive to second computer. Ran TestDisk 6.11. Boot sector corrupted, backup unreadable. Ran "Rebuild" command. Boot sector now "good", backup "bad". System (unslaved), boots. Re-slaved, and ran TestDisk "[Copy original over backup]", failed, with error message could not write block.

System works fine, except that TestDisk (now run from problem machine), still shows bad backup boot sector.

Ran CD based Recovery console, FIXMBR and FIXBOOT. No change to backup, according to TestDisk. I assume that if I had run FIXMBR and FIXBOOT originally, I would have saved some time to get to same point.

Research shows that Backup Boot Sector is created at time of partition creation. No OS utilities to rebuild. I could find no tool other than TestDisk to conveniently overwrite Backup. None of the READ ME tools will repair the backup boot sector. I assume it could be done with HEXEdit line-by-line, but that is too big a PITA. I also assume that malicious code is in backup boot sector...

It works, I'm done.