TDSSKiller Killed My Computer

How come CHKDSK /F doesn't find and fix all the errors in one sweep?

That I cannot answer, except to say that it is not uncommon, and yes, that is why I said "If there are errors found/repaired, then run chkdsk /f again!". The aim of the exercise, the ideal result, is to have chkdsk report that no errors were found.

The routine that you are employing is very good. There is nothing better that I can suggest at this stage. You have run Seagate's SeaTools and the HDD passed the tests, so it is fairly safe to assume that there is nothing wrong with your hard drive. With that in mind, you might wish to try running chkdsk /r to see if that will make a difference. chkdsk /r includes chkdsk /f, but also scans the disk surface for errors, attempts to recover data and repair any problems. It is a long shot, but it is the only suggestion that I have to make over and above what you have been doing. I would like to see the log too.

*****************************************
Please post a few of the most recent Check Disk logs for me to look at.

A log of the disk check is recorded (only if the scheduled re-start is used).
To open Event Viewer and view the log:

• Go to Start > Run > and type eventvwr and press the key.
• In the left pane, click on Application.
• In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
• Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
• Double-click on that entry to view the log.
• Click on the "copy" button to copy the log to the clipboard.
• Paste the log text into your next reply.

*****************************************

Now that we have satisfied our need to conquer ... basically you have two options:

• Wipe the drive and install a fresh copy of Windows
• Have one of the malware experts check your system and do what is necessary to give you a clean bill of health.

You have sustained a serious malware infection: I am therefore going to recommend to you, that if you wish to keep using the current Windows system on your computer with any degree of confidence in its reliability and security, that you now proceed to post in the specialised malware removal forum and wait for assistance there.

Please read and follow the instructions ....
Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools
before posting a new topic in the HJT/Malware Removal specialised forum.

Please include a link to this topic in your post, so that your helper can see what has already been done.
Post back here with any questions, you may have when completing the necessary steps and let us know when you have successfully posted in the other forum.
********************

Thank you for the kind words. I am only a "backyard mechanic"/"home handyman"/"wannabe trouble-shooter" that enjoys the learning experience of a good challenge, while trying the best that I can to do a good job, and help out at the same time. Sometimes I get lucky.

Best wishes
'Alien

Now that we have satisfied our need to conquer ... basically you have two options:

• Wipe the drive and install a fresh copy of Windows
• Have one of the malware experts check your system and do what is necessary to give you a clean bill of health.

You have sustained a serious malware infection: I am therefore going to recommend to you, that if you wish to keep using the current Windows system on your computer with any degree of confidence in its reliability and security, that you now proceed to post in the specialised malware removal forum and wait for assistance there.

So you don't think I'm OK if I can get CHKDSK to clean up to the point of showing no errors, and if no other malware is found with the half dozen different scanners I have been using?

BTW - Seems Microsoft's Security Essentials has picked up more junk on my machine than any others (Malwarbyte's Anti-Malware, A-Squared, McAfee, etc).

I will look at the logs tonight as you suggested and post up what some of the CHKDSK logs say.

So here is the info you asked to see 'Alien ... log info is out of 'winlogon' as you requested. These are the logs for the 9 different times CHKDSK /F was ran upon Windows boot up.


CHKDSK #1
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The MFT mirror is different from the MFT.
Correcting errors in the Master File Table (MFT) mirror.
Windows has made corrections to the file system.


CHKDSK #2
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 2 unused index entries from index $SII of file 0x9.
Cleaning up 2 unused index entries from index $SDH of file 0x9.
Cleaning up 2 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #3
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #4
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #5
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #6
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #7
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #8
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.


CHKDSK #9
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

125829080 KB total disk space.
33286368 KB in 55137 files.
18556 KB in 4529 indexes.
0 KB in bad sectors.
174444 KB in use by the system.
65536 KB occupied by the log file.
92349712 KB available on disk.


Looks like the same thing time an time again starting with CHKDSK #2 and beyond. Any ideas 'Alien ?

Looks like the same thing time an time again starting with CHKDSK #2 and beyond. Any ideas 'Alien ?

I don't have any idea: My understanding/experience fails me!

The only suggestion I could make would be to try running chkdsk /r, to see if that clears it up.
Let's have a look at the log after doing that.

Otherwise, I would not be overly concerned about that one small inconsistency at this time.

So you don't think I'm OK if I can get CHKDSK to clean up to the point of showing no errors, and if no other malware is found with the half dozen different scanners I have been using?

There is no way that I can possibly know: The infection was a serious one.

The specialists in the HJT/MR forum area are experts in the field: They can use specialised tools and have the experience to know what to look for. They are the only ones who can give you a clean bill of health/a worthwhile opinion on whether you are "OK".

'Alien

Looks like the same thing time an time again starting with CHKDSK #2 and beyond. Any ideas 'Alien ?

I don't have any idea: My understanding/experience fails me!

The only suggestion I could make would be to try running chkdsk /r, to see if that clears it up.
Let's have a look at the log after doing that.

Otherwise, I would not be overly concerned about that one small inconsistency at this time.

The computer seems to be running very well, and I can't find any more malware or viruses with all my scanning tools. MS Security Essentials and McAfee are both running actively ... maybe that's causing issues (?).

In fact, after MS Security Essentials found the "Win32/Alureon.F" virus and disinfected it, I stopped seeing the two nuisance websites being blocked by SpySweeper disappear from the activity log. The messages in the log that use to show up where:

The Internet Communication shield has blocked access to: 68.169.70.240
The Internet Communication shield has blocked access to: D45648675.CN

... but now they do not show up at all anymore after "Win32/Alureon.F" was caught.

I will run CHKDSK /R, but I doubt it will find any bad sectors as all the HD diagnostics I ran in SeaTools found no bad physical areas on the HD. Will report what CHKDSK /R finds.

I will run CHKDSK /R, but I doubt it will find any bad sectors

I don't expect it will find any bad sectors either .... but I just don't know exactly what else it is capable of finding/doing.
chkdsk /r is a bit of a "loose cannon", from what I have read, but in your case it should be a "safe" one.
Let's see what happens.

chkdsk /r is a bit of a "loose cannon", from what I have read, but in your case it should be a "safe" one.
Let's see what happens.

Here is the 'winlogon' info of a CHKDSK /R

=============================
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 3 unused index entries from index $SII of file 0x9.
Cleaning up 3 unused index entries from index $SDH of file 0x9.
Cleaning up 3 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
=============================

Ran a plain CHKDSK (read-only mode) from the 'Command Prompt' after getting back into Windows, and it said there was still a bunch of errors. CHKDSK just doesn't seem to fix these errors permanently.

So I ran TDSSKiller.exe and it gave the following message:
"Driver atapi Irp handler infected by TDSS rootkit ... cured"

Anyway, I went into Windows and updated and ran Microsoft Security Essentials which found a 'severe' virus named 'Win32/Alureon.F' [ http://www.microsoft.com/security/portal/T...atid=2147629654 ].

MS SE recommenced it be disinfected, which I did. Info from SE said Win32/Alureon.F was associated with:

driver: atapi
file: C:\WINDOWS\system32\drivers\atapi.sys

Just wanted to point out the fact that both TDSSKiller and Microsoft Security Essentials both mentioned "atapi" ... for whatever it's worth.

both TDSSKiller and Microsoft Security Essentials both mentioned "atapi" ...

The infection of atapi.sys indicates a rootkit at work: Victims are in "plague proportions" in this very forum, so you are certainly not alone.

See this sticky ...
Rootkit intervention in AII

both TDSSKiller and Microsoft Security Essentials both mentioned "atapi" ...

The infection of atapi.sys indicates a rootkit at work: Victims are in "plague proportions" in this very forum, so you are certainly not alone.

See this sticky ...
Rootkit intervention in AII

Yes, seems these root kit viruses are all over the place and rather nasty.

I couldn't find any link to the tool 'Root Repeal' referenced in the link you provided above. Is there someplace I can download the rootkit tool and scan my machine for indications of rootkit viruses? Or are there any other good rootkit tools I can download and run just to see if I'm still infected with a rootkit virus?

Here's a scary thought. Is it worth trying to run TDSSKiller again? ... or do you think it will blow up my computer again like it did before and possibly get me in this big mess again of trying to recover a crashed computer?

Update on a few new things ...

I was reading about CHKDSK in the Recovery Console and it has the /P switch were as CHKDSK in Windows does not. The info in the use of Recovery Console said the /P switch "Does an exhaustive check of the drive and corrects any errors". Whatever that really means. This info is in http://support.microsoft.com/kb/314058 if you want to see it.

Anyway, I recalled that I made a ISO image bootable CD for Window XP that has the Recovery Console on it (the one you suggested a while back - rc.iso), so booted up from the ISO image CD and used Recovery Console's CHKDSK /P and also the CHKDKS /R to see what it could find.

CHKDSK seems to run a little differently from Recovery Console - give different messages during the process. So I ran CHKDSK /P and /R on both my partitions (C: and D:) a couple of times each until the only message I saw was "CHKDSK has finished checking the volume." with no indication of error fixing.

Booted back up off the HD into Windows XP and went and looked at the 'winlogon' files to see what CHKDSK did.

=======================================
For HDD Partition 1 (C:\)
Checking file system on \DosDevices\C:
The type of the file system is NTFS.

Cleaning up minor inconsistencies on the drive.
Cleaning up 2 unused index entries from index $SII of file 0x9.
Cleaning up 2 unused index entries from index $SDH of file 0x9.
Cleaning up 2 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

125829080 KB total disk space.
32110936 KB in 55180 files.
18580 KB in 4530 indexes.
0 KB in bad sectors.
174444 KB in use by the system.
65536 KB occupied by the log file.
93525120 KB available on disk.

4096 bytes in each allocation unit.
31457270 total allocation units on disk.
23381280 allocation units available on disk.


For HDD Partition 2 (D:\)
Checking file system on \DosDevices\D:
The type of the file system is NTFS.

The volume is dirty.
The attribute of type 0x90 and instance tag 0x27 should be after
attribute of type 0x90 and instance tag 0x24 in file 0x9.
All attribute of type 0x90 and instance tag 0x27 should be indexed
in file 0x9.
Sorting attribute records for file record segment 9.
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x5 is incorrect.
e0 64 fb ae 05 2f cb 15 4b 60 3a 1f 41 73 fa 40 .d.../..K`:.As.@
ab f1 aa e7 4c 16 a2 5d e4 31 a2 e7 26 d3 6f d8 ....L..].1..&.o.
Correcting error in index $I30 for file 5.
The index bitmap $I30 in file 0x5 is incorrect.
Correcting error in index $I30 for file 5.
The down pointer of current index entry with length 0x70 is invalid.
21 01 00 00 00 00 01 00 70 00 52 00 01 00 00 00 !.......p.R.....
05 00 00 00 00 00 05 00 5c 67 5c 79 de 1f c6 01 ........\g\y....
b2 78 52 78 38 3e c9 01 b2 78 52 78 38 3e c9 01 .xRx8>...xRx8>..
e4 81 81 18 54 9e ca 01 00 00 00 00 00 00 00 00 ....T...........
00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 ................
08 02 47 00 55 00 4e 00 49 00 4e 00 46 00 7e 00 ..G.U.N.I.N.F.~.
31 00 67 00 20 00 52 00 ff ff ff ff ff ff ff ff 1.g. .R.........
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
Sorting index $I30 in file 5.
The index root $SII is missing in file 0x9.
Correcting error in index $SII for file 9.
The multi-sector header signature for VCN 0x0 of index $SDH
in file 0x9 is incorrect.
6a 0b c8 b7 6c 45 5d 0a fc a5 a0 a6 81 08 20 4d j...lE]....... M
1c 41 c5 6c bd b9 79 63 4d 41 cb 72 54 17 fa b7 .A.l..ycMA.rT...
Correcting error in index $SDH for file 9.
The index bitmap $SDH in file 0x9 is incorrect.
Correcting error in index $SDH for file 9.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff 5c 67 5c 79 de 1f c6 01 ........\g\y....
b2 78 52 78 38 3e c9 01 b2 78 52 78 38 3e c9 01 .xRx8>...xRx8>..
Sorting index $SDH in file 9.
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x1b is incorrect.
7a 6b 3e c2 5d 87 74 4d 1d cd 61 ff 1a 21 97 69 zk>.].tM..a..!.i
89 95 68 e4 92 3f 0d b4 6d bb e6 1c 75 fa 90 a3 ..h..?..m...u...
Correcting error in index $I30 for file 27.
The index bitmap $I30 in file 0x1b is incorrect.
Correcting error in index $I30 for file 27.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff 01 02 00 00 00 00 00 00 ................
00 00 00 00 6e 47 d2 28 85 16 c6 01 ff ff ff ff ....nG.(........
Sorting index $I30 in file 27.
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x209 is incorrect.
c5 af 5b d4 c8 17 c2 6b 26 1e 7c 65 b0 22 67 cc ..[....k&.|e."g.
fa fe c0 49 c0 bf 53 4b 6e c6 fc 41 23 76 82 4d ...I..SKn..A#v.M
Correcting error in index $I30 for file 521.
The index bitmap $I30 in file 0x209 is incorrect.
Correcting error in index $I30 for file 521.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff 6e fd 11 e2 63 29 c6 01 ........n...c)..
00 73 ad ce 1a 29 c6 01 aa cf cd 5d 0b 8d ca 01 .s...).....]....
Sorting index $I30 in file 521.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file $MFT (0) into directory file 5.
Recovering orphaned file $MFTMirr (1) into directory file 5.
Recovering orphaned file $LogFile (2) into directory file 5.
Recovering orphaned file $Volume (3) into directory file 5.
Recovering orphaned file $AttrDef (4) into directory file 5.
Recovering orphaned file . (5) into directory file 5.
Recovering orphaned file $Bitmap (6) into directory file 5.
Recovering orphaned file $Boot (7) into directory file 5.
Recovering orphaned file $BadClus (8) into directory file 5.
Recovering orphaned file $Secure (9) into directory file 5.
Recovering orphaned file $UpCase (10) into directory file 5.
Recovering orphaned file $Extend (11) into directory file 5.
Recovering orphaned file MOUNTP~1 (28) into directory file 27.
Recovering orphaned file MountPointManagerRemoteDatabase (28) into directory file 27.
Recovering orphaned file tracking.log (37) into directory file 27.
Recovering orphaned file DIGITA~1 (106) into directory file 5.
Recovering orphaned file Digital Pix (106) into directory file 5.
Recovering orphaned file Gun Info (289) into directory file 5.
Recovering orphaned file FUJIE5~1 (369) into directory file 5.
Recovering orphaned file Fuji E550 Info (369) into directory file 5.
Recovering orphaned file DELL44~1 (373) into directory file 5.
Recovering orphaned file DELL4400 Info (373) into directory file 5.
Recovering orphaned file F1040-~1.PDF (522) into directory file 521.
Recovering orphaned file f1040--2004.pdf (522) into directory file 521.
Recovering orphaned file F1040S~1.PDF (561) into directory file 521.
Recovering orphaned file f1040sab--2004.pdf (561) into directory file 521.
Recovering orphaned file I1040-~1.PDF (564) into directory file 521.
Recovering orphaned file i1040--2004.pdf (564) into directory file 521.
Recovering orphaned file I1040S~1.PDF (569) into directory file 521.
Recovering orphaned file i1040sa--2004.pdf (569) into directory file 521.
Recovering orphaned file 1098LA~1 (582) into directory file 5.
Recovering orphaned file 1098 Launch 2007 (582) into directory file 5.
Recovering orphaned file DUCATI~1 (615) into directory file 5.
Recovering orphaned file Ducati 1098 (615) into directory file 5.
Recovering orphaned file LOCALS~3.PDF (990) into directory file 521.
Recovering orphaned file LocalSlsUseFlyer_04_Q1.pdf (990) into directory file 521.
Recovering orphaned file LOCALS~4.PDF (991) into directory file 521.
Recovering orphaned file LocalSlsUseFlyer_04_Q2.pdf (991) into directory file 521.
Recovering orphaned file LO97E2~1.PDF (992) into directory file 521.
Recovering orphaned file LocalSlsUseFlyer_04_Q3.pdf (992) into directory file 521.
Recovering orphaned file LO97EE~1.PDF (993) into directory file 521.
Recovering orphaned file LocalSlsUseFlyer_04_Q4.pdf (993) into directory file 521.
Recovering orphaned file LOCALS~1.PDF (1006) into directory file 521.
Recovering orphaned file LocalSlsUseFlyer_04_A.pdf (1006) into directory file 521.
Recovering orphaned file LOCALS~2.PDF (1007) into directory file 521.
Recovering orphaned file LocalSlsUseFlyer_03_A.pdf (1007) into directory file 521.
Recovering orphaned file LOCALS~1.URL (1021) into directory file 521.
Recovering orphaned file Local Sales and Use Tax Rates and Changes Flyer.url (1021) into directory file 521.
Recovering orphaned file FEDERA~1 (1064) into directory file 5.
Recovering orphaned file Federal Income Taxes (1064) into directory file 5.
Recovering orphaned file 3RDGEN~1 (1339) into directory file 5.
Recovering orphaned file 3rd Gen RX-7 Info (1339) into directory file 5.
Creating index $SII for file 9.
Inserting an index entry with Id 256 into index $SII of file 9.
Inserting an index entry with Id 256 into index $SDH of file 9.
Inserting an index entry with Id 257 into index $SII of file 9.
Inserting an index entry with Id 257 into index $SDH of file 9.
Inserting an index entry with Id 258 into index $SII of file 9.
Inserting an index entry with Id 258 into index $SDH of file 9.
Inserting an index entry with Id 259 into index $SII of file 9.
Inserting an index entry with Id 259 into index $SDH of file 9.
Inserting an index entry with Id 260 into index $SII of file 9.
Inserting an index entry with Id 260 into index $SDH of file 9.
Inserting an index entry with Id 264 into index $SII of file 9.
Inserting an index entry with Id 264 into index $SDH of file 9.
Inserting an index entry with Id 265 into index $SII of file 9.
Inserting an index entry with Id 265 into index $SDH of file 9.
Inserting an index entry with Id 266 into index $SII of file 9.
Inserting an index entry with Id 266 into index $SDH of file 9.
Inserting an index entry with Id 267 into index $SII of file 9.
Inserting an index entry with Id 267 into index $SDH of file 9.
Inserting an index entry with Id 268 into index $SII of file 9.
Inserting an index entry with Id 268 into index $SDH of file 9.
Inserting an index entry with Id 269 into index $SII of file 9.
Inserting an index entry with Id 269 into index $SDH of file 9.
Inserting an index entry with Id 271 into index $SII of file 9.
Inserting an index entry with Id 271 into index $SDH of file 9.
Repairing the security file record segment.
Replacing missing or invalid security descriptor for file 5.
The MFT mirror is different from the MFT.
Correcting errors in the Master File Table (MFT) mirror.
The upcase file content is incorrect.
Correcting errors in the uppercase file.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

69529319 KB total disk space.
1964328 KB in 1366 files.
628 KB in 109 indexes.
0 KB in bad sectors.
69715 KB in use by the system.
65536 KB occupied by the log file.
67494648 KB available on disk.

4096 bytes in each allocation unit.
17382329 total allocation units on disk.
16873662 allocation units available on disk.


Checking file system on \DosDevices\D:
The type of the file system is NTFS.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Adding 15284615 bad clusters to the Bad Clusters File. <----- NOT GOOD !
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

69529319 KB total disk space.
1964348 KB in 1367 files.
616 KB in 109 indexes.
61138460 KB in bad sectors. <-------- NOTE - Lost a bunch of space on D:\
69727 KB in use by the system.
65536 KB occupied by the log file.
6356168 KB available on disk. <--- NOTE - Only have ~ 6.3 GB of space left !! ... had 68 GB before this happened

4096 bytes in each allocation unit.
17382329 total allocation units on disk.
1589042 allocation units available on disk.
=======================================

'Alien - So this is the first time with all the use of CHKDSK I've done in the last 3 days that it went and put a bunch of disk sectors into the "Bad Cluster File". Why did this happen now, and is there any way to get these clusters back? I don't know why CHKDSK all of a sudden thought these sectors were bad. I have done CHKDSK on the D:\ drive partition many times before this instance tonight ... but this was the first time I did CHKDSK on D:\ from the Recovery Console. Was that not the right thing to do? ... wonder if that's what caused this?

Maybe it's just time to back up all my stuff and re-zeroize the whole HDD and reload everything. Seems I can't get CHKDSK to give me a constant clean status on the drive. This is wearing me out ... bleepingcomputer! ----->

Maybe it's just time to back up all my stuff

The longer that you put this job off, the greater the risk of losing the opportunity altogether! If you have not already backed up your personal files, you should do it now. Let me know when you have completed that job, and we'll see what you want to do then.

Meanwhile, I will have a look at your latest info, which seems to be a significant new development. It may well dictate the direction you have to now take.
Don't you just love surprises!

Maybe it's just time to back up all my stuff

The longer that you put this job off, the greater the risk of losing the opportunity altogether! If you have not already backed up your personal files, you should do it now. Let me know when you have completed that job, and we'll see what you want to do then.

Meanwhile, I will have a look at your latest info, which seems to be a significant new development. It may well dictate the direction you have to now take.
Don't you just love surprises!

Yes, this was definitely a surprise. I ran CHKDSK /R on both my HD partitions (C:\ and D:\) many times before this, and CHKDSK had never found 'bad clusters' until I did CHKDSK in Recovery Console with the /P and /R switches.

Yes, I agree it's time to stop trouble-shooting and attempting to fix at this point and backup everything on my HD I don't already have backed up. Will get back to you when that is done.

I always wanted to re-zeroize a HD ....

I've backed up and removed all my files from the HDs' D:\ partition. If I go into ... :

Start > Control Panel > Administrative Tools > Computer Management > Disk Manager

... I can see both partitions (C:\ and D:\), and their size is what I originally specified when I originally put this HD in. If I highlight drive D:\ in Disk Manager, and right click, I see a "Format ..." option.

I've backed up all my files on D:\ ... so wondering if I can simply do a reformat on D:\ via Disk Manager without effecting my C:\ partition in any way? Seems that's possible from what I'm seeing.

Ideas? ... Advice?