I had some rogue or poorly-written software execute the equivalent of CTRL+A -> SHIFT+DEL on my C: drive right after a reboot required by a driver install. Every file that hadn't been running and hadn't been system-protected was deleted. The registry seems to be mostly OK because all keys dealing with autoruns & installed software are in place.
Despite having experienced a few other omfg-my-hard-drive-is-empty moments, I still don't use Windows Backup. Though, luckily, the reboot was caused by a driver install (that's the main suspect, by the way), so I have a restore point and a full shadow copy image of the disk a few hours older than the incident.
I've tried to simply copy the data from the shadow copy to the live drive. That went mostly smoothly (save for locked system files). This way I've restored all non-software data. The problem is that I'm still missing most systems settings as well as at least MS Office (in fact, more than half of Start Menu content isn't showing up despite being physically present in \Program Data\Microsoft\Windows\Start Menu\).
I'm thinking of extracting the shadow copy onto an external drive, then copying everything but the obvious system files (whatever's needed for restore) onto C: using a VSS-based copy utility, and then running System Restore to make sure that Windows recognizes the overwritten settings.
Will this work? Or is there a software that can "reimage" a drive using the shadow copy data?
In terms of available tools, I have Windows 8 Consumer Preview installed on this machine. I thought of using it to do "external" restore but then my research turned up the "nice" fact that "Restore previous versions" had been removed from the new OS.
I also have a stock UBCD4Win labeled as v3.5 (WinXP SP3-based), a custom distro of Windows 7 SP1 loaded onto a bootable flash drive, and the full suite of SysInternals utilities (which I've already used to look for suspicious processes in the currently active & autoruns).
