Reformatting 2nd Partition on HD Question

Status
Not open for further replies.
Originally Posted By: javacontour
Originally Posted By: OVERK1LL
Correct. No effect.

Caps are capacitors. They are on the motherboard. The tops of them should be FLAT. If they are swelled, or leaking fluid, they have gone bad.


Really thinking this is not hardware since, if I understand correctly, that the C:\ and D:\ drives are simply partitions on the same physical disk.

C:\ is not having issues, but D:\ is.

If my understanding is correct, then things like cables and controllers are unlikely suspects.


My machine was infected with malware a while back, so I'm wondering if malware somehow caused CHKDSK to "identify" bad clusters and mark them bad? I've scanned with over half a dozen scanners, and have started using Microsoft Security Essentials (which fixed one malware issue I had).

The D: partition has no operation system files on it ... just my personal files (ie, photos, Word documents, Excel files, PDF files, etc.). Guess it's possible some malware could have messed up the file structure on D: ... the file structure is what seems to be bad, not the hardware.
 
Originally Posted By: javacontour
Originally Posted By: OVERK1LL
Correct. No effect.

Caps are capacitors. They are on the motherboard. The tops of them should be FLAT. If they are swelled, or leaking fluid, they have gone bad.


Really thinking this is not hardware since, if I understand correctly, that the C:\ and D:\ drives are simply partitions on the same physical disk.

C:\ is not having issues, but D:\ is.

If my understanding is correct, then things like cables and controllers are unlikely suspects.


He's getting funky issues on C and well though. Just not to the same extent as what happened on D.
 
Originally Posted By: SuperBusa
Originally Posted By: javacontour
Originally Posted By: OVERK1LL
Correct. No effect.

Caps are capacitors. They are on the motherboard. The tops of them should be FLAT. If they are swelled, or leaking fluid, they have gone bad.


Really thinking this is not hardware since, if I understand correctly, that the C:\ and D:\ drives are simply partitions on the same physical disk.

C:\ is not having issues, but D:\ is.

If my understanding is correct, then things like cables and controllers are unlikely suspects.


My machine was infected with malware a while back, so I'm wondering if malware somehow caused CHKDSK to "identify" bad clusters and mark them bad? I've scanned with over half a dozen scanners, and have started using Microsoft Security Essentials (which fixed one malware issue I had).

The D: partition has no operation system files on it ... just my personal files (ie, photos, Word documents, Excel files, PDF files, etc.). Guess it's possible some malware could have messed up the file structure on D: ... the file structure is what seems to be bad, not the hardware.


I doubt it. But we'll know after you wipe and re-create it and see how long it stays clean for.
 
Originally Posted By: OVERK1LL
Originally Posted By: SuperBusa

The D: partition has no operation system files on it ... just my personal files (ie, photos, Word documents, Excel files, PDF files, etc.). Guess it's possible some malware could have messed up the file structure on D: ... the file structure is what seems to be bad, not the hardware.


I doubt it. But we'll know after you wipe and re-create it and see how long it stays clean for.


Yeah, if I had malware and capacitors failure issues at the same time then it's gonna be hard to tell what's going on unless I clean and reload the drive.

Once I blow the D: partition away and recreate/format it, then will have to see what happens after that. I think I have all the malware off my machine at this point.

OVERKILL - BTW, remember my malware infection thread where it had seemed I got everything under control except my SpySweeper was still giving messages that my machine was trying to connect to two known websites known for malware?

Well, Microsoft Security Essentials found a Trojan/virus a few days ago during it's real-time scanning, and disinfect the file(s). Since then, I have not seen the SpySweeper message in its activity log anymore.
 
Originally Posted By: OVERK1LL
Originally Posted By: javacontour
Originally Posted By: OVERK1LL
Correct. No effect.

Caps are capacitors. They are on the motherboard. The tops of them should be FLAT. If they are swelled, or leaking fluid, they have gone bad.


Really thinking this is not hardware since, if I understand correctly, that the C:\ and D:\ drives are simply partitions on the same physical disk.

C:\ is not having issues, but D:\ is.

If my understanding is correct, then things like cables and controllers are unlikely suspects.


He's getting funky issues on C and well though. Just not to the same extent as what happened on D.


I guess I'm confused, because I read the following:

Originally Posted By: SuperBusa
So I did another CHKDSK /R on the C: drive tonight, and this is the results.

=======================================================
Event Source: Winlogon
Computer: DELL4400
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

125829080 KB total disk space.
32565640 KB in 53685 files.
19140 KB in 4572 indexes.
0 KB in bad sectors.
174472 KB in use by the system.
65536 KB occupied by the log file.
93069828 KB available on disk.

4096 bytes in each allocation unit.
31457270 total allocation units on disk.
23267457 allocation units available on disk.

Internal Info:
a0 8b 01 00 9d e3 00 00 3d 20 01 00 00 00 00 00 ........= ......
ab 0d 00 00 00 00 00 00 4b 06 00 00 00 00 00 00 ........K.......
4e cc b5 02 00 00 00 00 ae cd 48 2c 00 00 00 00 N.........H,....
16 3e c0 09 00 00 00 00 a8 1f 66 ca 02 00 00 00 .>........f.....
b0 5b fb 07 05 00 00 00 02 d8 3d 12 08 00 00 00 .[........=.....
99 9e 36 00 00 00 00 00 a0 39 07 00 b5 d1 00 00 ..6......9......
00 00 00 00 00 20 a6 c3 07 00 00 00 dc 11 00 00 ..... ..........

Windows has finished checking your disk.
Please wait while your computer restarts.
=======================================================

Seems once CHKDSK has corrected these types of errors, they just come back after using the computer for a day. Drive D: came up clean, but of course I have the 58 GB in 'bad sectors' that I can probably get back when I reformat the D: partition.

So what might be causing these unused index entries and unused security descriptors?

I also ran 4 different malware scanners while in Safe Mode and they came up with no malware detections.


Sure, chkdsk found some stuff on C:\ but presents 0 for the bad sectors field. Contrast that with 58GB of bad sectors in the D:\ partition on the same drive.

Or did I miss something?
 
Originally Posted By: javacontour

Sure, chkdsk found some stuff on C:\ but presents 0 for the bad sectors field. Contrast that with 58GB of bad sectors in the D:\ partition on the same drive.

Or did I miss something?


You got it correct. A CHKDSK /R on C: only resulted in the following.

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.

And yes, there are zero bad sectors on C:.

Do you have any idea why the "unused index entries" and "unused security descriptors" errors might show up?
 
Originally Posted By: javacontour
Originally Posted By: OVERK1LL
Originally Posted By: javacontour
Originally Posted By: OVERK1LL
Correct. No effect.

Caps are capacitors. They are on the motherboard. The tops of them should be FLAT. If they are swelled, or leaking fluid, they have gone bad.


Really thinking this is not hardware since, if I understand correctly, that the C:\ and D:\ drives are simply partitions on the same physical disk.

C:\ is not having issues, but D:\ is.

If my understanding is correct, then things like cables and controllers are unlikely suspects.


He's getting funky issues on C and well though. Just not to the same extent as what happened on D.


I guess I'm confused, because I read the following:

Originally Posted By: SuperBusa
So I did another CHKDSK /R on the C: drive tonight, and this is the results.

=======================================================
Event Source: Winlogon
Computer: DELL4400
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

125829080 KB total disk space.
32565640 KB in 53685 files.
19140 KB in 4572 indexes.
0 KB in bad sectors.
174472 KB in use by the system.
65536 KB occupied by the log file.
93069828 KB available on disk.

4096 bytes in each allocation unit.
31457270 total allocation units on disk.
23267457 allocation units available on disk.

Internal Info:
a0 8b 01 00 9d e3 00 00 3d 20 01 00 00 00 00 00 ........= ......
ab 0d 00 00 00 00 00 00 4b 06 00 00 00 00 00 00 ........K.......
4e cc b5 02 00 00 00 00 ae cd 48 2c 00 00 00 00 N.........H,....
16 3e c0 09 00 00 00 00 a8 1f 66 ca 02 00 00 00 .>........f.....
b0 5b fb 07 05 00 00 00 02 d8 3d 12 08 00 00 00 .[........=.....
99 9e 36 00 00 00 00 00 a0 39 07 00 b5 d1 00 00 ..6......9......
00 00 00 00 00 20 a6 c3 07 00 00 00 dc 11 00 00 ..... ..........

Windows has finished checking your disk.
Please wait while your computer restarts.
=======================================================

Seems once CHKDSK has corrected these types of errors, they just come back after using the computer for a day. Drive D: came up clean, but of course I have the 58 GB in 'bad sectors' that I can probably get back when I reformat the D: partition.

So what might be causing these unused index entries and unused security descriptors?

I also ran 4 different malware scanners while in Safe Mode and they came up with no malware detections.


Sure, chkdsk found some stuff on C:\ but presents 0 for the bad sectors field. Contrast that with 58GB of bad sectors in the D:\ partition on the same drive.

Or did I miss something?


Yes, but to add even more confusion, only in Recovery Console did it find bad sectors on D. It had not done so when run with the /r switch from within Windows
grin2.gif
 
Originally Posted By: OVERK1LL

Yes, but to add even more confusion, only in Recovery Console did it find bad sectors on D. It had not done so when run with the /r switch from within Windows
grin2.gif



True ... so what is your theory on why it only found back sectors when running CHKDSK from Recovery Console?

Could have just be a freak coincidence ... ??
 
Originally Posted By: SuperBusa
Originally Posted By: OVERK1LL

Yes, but to add even more confusion, only in Recovery Console did it find bad sectors on D. It had not done so when run with the /r switch from within Windows
grin2.gif



True ... so what is your theory on why it only found back sectors when running CHKDSK from Recovery Console?

Could have just be a freak coincidence ... ??


Yup. Probably something we'll never know the answer to.
 
So here's some new info. I did a full scan with Webroot SpySweeper tonight and for some reason it finds a "system monitor", potential rootkit-masked registry. Looks like a potentially nasty malware.

http://research.webroot.com/search.php?serialnumber=eh8urcfz&lang=en&loc=USA&category=Sy

I usually scan with SpySweeper at least every week, most times every 2 or 3 days. None of my other scanners found this, and I did use them tonight before SpySweeper.

Here is the log:
============= Start of Log ======================
2/1/2010 11:54:06 PM: Removal process completed. Elapsed time 00:00:04
2/1/2010 11:54:03 PM: Quarantining All Traces: potentially rootkit-masked registry
2/1/2010 11:54:02 PM: Removal process initiated
2/1/2010 11:44:56 PM: Traces Found: 1
2/1/2010 11:44:56 PM: Custom Sweep has completed. Elapsed time 00:32:21
2/1/2010 11:44:56 PM: File Sweep Complete, Elapsed Time: 00:28:06
2/1/2010 11:16:49 PM: Starting File Sweep
2/1/2010 11:16:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2/1/2010 11:16:47 PM: Starting Cookie Sweep
2/1/2010 11:16:47 PM: Registry Sweep Complete, Elapsed Time:00:01:10

2/1/2010 11:16:43 PM: HKU\S-1-5-21-1801674531-1450960922-839522115-1004\Software\Microsoft\Office\Common\Assistant || CurrAsstState (ID = 0)

2/1/2010 11:16:43 PM: Found System Monitor: potentially rootkit-masked registry
2/1/2010 11:15:36 PM: Starting Registry Sweep
2/1/2010 11:15:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:49
2/1/2010 11:12:47 PM: Starting Memory Sweep

2/1/2010 11:04:21 PM: Start Custom Sweep
2/1/2010 11:04:21 PM: Sweep initiated using definitions version 1626
================ End of Log ====================

So, looks like the virus story is not over just yet.

What I need to find is a GOOD rootkit virus scanner/fixer. Does anyone know of a good one?

Don't suggest TDSSKiller ... as it locked up my machine twice and caused me TONS of grief. See this thread for those who haven't seen it and are interested.

http://www.bobistheoilguy.com/forums/ubb...403#Post1724403
 
Originally Posted By: OVERK1LL
You might be better off with a wipe and reload?

You've spent a LOT of time on this problem............


Yeah, no kiddin' !! ... that was my exact thought too. I could probably have re-zeroized my entire HD and reloaded it with less effort than I've put into this so far it seems.

After reading about these freakin' rootkit viruses, it seems the 100% safe thing to do is wipe the HD clean and reload to insure nothing is remaining.

My thought is that if anyone got personal info from malware on the machine, it was probably already done before the malware was even detected. In my case I knew when things went nuts, but hard to say if anything was on there before the day it made itself obvious.

Seems once you start cleaning up the mess, there probably would not be enough of the malware left on the machine to work properly. I'm no virus expert, but that's what seems logical to me. Seems like a good clean up with anit-malware removal tools would be pretty safe (99.5% ??) ... but it's that last 0.5% that will get you.
54.gif
 
Pretty much. That's why this stuff is so hard to permanently get rid of. It ingrains itself in the very fabric of the OS.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
WD HD Failing...
2
Replies
30
Views
5K
sleddriver
F
  • Locked
Home Network File Server
Replies
13
Views
2K
2heeldrive
H
  • Locked
SSD diagnosis
Replies
15
Views
4K
Hokiefyd
H
  • Locked
Did Windows 10 really delete my HDD partition?
2
Replies
21
Views
4K
uc50ic4more
JHZR2
  • Locked
Nearly dead sandisk cruzer - data recovery SW
Replies
4
Views
3K
eljefino
Back
Top