Hard Drive check

needhelp1 · December 27, 2015

Hi,

Following up on a malware check, I was advised by DaleDoc that I might have a failing hard drive according to the messages below and to post to this forum. I'm new to checking a hard drive for errors so DaleDoc advised that I run a check disk first, should I go ahead and do that?

System errors:
=============
Error: (12/26/2015 01:57:21 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume WIN7.

Error: (12/26/2015 01:57:19 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume WIN7.

Error: (12/26/2015 01:57:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume WIN7.

Error: (12/26/2015 01:51:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (12/26/2015 01:51:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:29:21 PM on ‎12/‎26/‎2015 was unexpected. <------our residence lost power unexpectedly

Error: (12/26/2015 11:53:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (12/26/2015 11:53:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (12/26/2015 11:24:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

daledoc1 · December 27, 2015

Hi:

Since you just finished malware cleanup, it might be good to get a fresh set of FRST logs.

You can move the original log set to another folder first, for reference
Then, please download a fresh copy of FRST from here (download and run the version that applies to your version of Windows (either 32-bit or 64-bit)
Please be sure there is a checkmark in the "Addition.txt" option before you run it
Please ATTACH both new logs (FRST.txt and Addition.txt) to your next reply here in this thread.

Having said that, the first priority probably needs to be backing up all your data/documents/photos/videos to a safe location(s): external media, USB flash drive, USB external hard drive, and or the cloud.

Then, yes, a Check Disk would be the logical, next step.

Here is an excellent tutorial for Win 7: How to Run Disk Check in Windows 7

If you can post back the log from that, it will be helpful (let us know if you need help with that).

Then, please wait for further help from one of the more expert forum staff or volunteers.

Thanks,

needhelp1 · December 28, 2015

Hi Daledoc,

FRST and Addition attached. I have a C and a D drive, should I run a Check Disk on both?

FRST.txt

Addition.txt

AdvancedSetup · December 28, 2015

Yes the C: volume is the one reporting the error but I'd recommending doing a full disk check on both drives to be safe.

Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" and type in the following.

CHKDSK  C:  /R

It will say something like the following.

The type of the file system is NTFS.Cannot lock current drive.Chkdsk cannot run because the volume is in use by anotherprocess.  Would you like to schedule this volume to bechecked the next time the system restarts? (Y/N)

Press the Y key and then the Enter key to allow it to run on restart.

Then do the same thing for the D: volume.

CHKDSK  D:  /R

This one will probably run without a restart but if it too cannot be locked then press the Y key for it as well and have it run on restart.

Then restart your computer and let the disk check run. Don't press any key to prevent it.

Please run a Full Disk Check on your system drive.

On Windows XP the disk check log is in the Event Logs under Application with a heading source of Winlogon
On Windows 7 the disk check log is in the Event Logs under Application with a heading source of Wininit
On Windows 8 the disk check log is in the Event Logs under Application with a heading source of Chkdsk

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

Copy and Paste the results of the disk checks from the Event Logs here on your next reply please.

Thanks

daledoc1 · December 28, 2015

Thanks for adding the detailed, step-by-step instructions, @AdvancedSetup.

needhelp1 · December 29, 2015

Hi AdvancedSetup - here's the log for drive C, I will work on D later today.

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          12/29/2015 2:43:40 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SD70
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is WIN7.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
402176 file records processed.

File verification completed.
1788 large file records processed.

0 bad file records processed.

0 EA records processed.

59 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
490264 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
402176 file SDs/SIDs processed.

Cleaning up 3090 unused index entries from index $SII of file 0x9.
Cleaning up 3090 unused index entries from index $SDH of file 0x9.
Cleaning up 3090 unused security descriptors.
Security descriptor verification completed.
44045 data files processed.

CHKDSK is verifying Usn Journal...
34840472 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
402160 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
155056028 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

781404159 KB total disk space.
160435748 KB in 346629 files.
    215124 KB in 44046 indexes.
         0 KB in bad sectors.
    529171 KB in use by the system.
     65536 KB occupied by the log file.
620224116 KB available on disk.

4096 bytes in each allocation unit.
195351039 total allocation units on disk.
155056029 allocation units available on disk.

Internal Info:
00 23 06 00 1d f6 05 00 f1 d5 0a 00 00 00 00 00 .#..............
d2 05 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-12-29T08:43:40.000000000Z" />
    <EventRecordID>103770</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>SD70</Computer>
    <Security />
</System>
<EventData>
    <Data>