Mayayana wrote:
"philo" wrote

| Also a good idea to go the the website of the HD's mfg ...get and run
| their diagnostic. If /any/ errors are found, replace the drive
| Might as well run a RAM test too

I was able to test RAM. That checked out. I ended
up installing it into a Win7 box and running Hiren's
boot disk. The WD diagnostic came out with error 7
and quit. BootIt sees all the partitions, but the data
on them seems to be limited. Chckdsk retrieved all sorts
of things on the Windows partition but couldn't access
any of the others.
At this point I'm thinking there must be a problem
with the hard disk.

Before you conclude that, remember that files have
attributes, and one of the malware tricks is to assert
"Hidden" on files, making a volume look empty.

Bleepingcomputer has a utility called unhide.exe that can
flip the attributes back. It's context sensitive, so is more
likely to flip stuff back in a home directory, than elsewhere
(where stuff may have been hidden by Microsoft). You don't
need that utility just yet.

You should be using a NTFS utility like nfi.exe from Win2K days.
As it lists all the filenumbers in the $MFT and gives
some basic characteristics. It doesn't list attributes.
It would allow you to determine roughly how many files
were actually on the disk, before it took a dump.

nfi.exe is inside this ZIP file.

https://web.archive.org/web/20150329...us/oem3sr2.zip

nfi C: nfi_c.txt

HTH,
Paul