If your main primary partition C:\ is NTFS and your secondary partitions D:\ and E:\ are Fat32 and Fat. They will still have some of those NTFS hidden files, because its NTFS that is the primary FS and it uses those files to read the data on the other partitions. But back to the point. Are you wiping the whole drive and doing a clean install of Windows ? If you are, I'd consider getting another DVD/ISO ideally from one of the MSFT sites in the stickies.
The logfile is a volume change logfile, it logs every single change made to any file on the drive. This is beneficial for indexing and system restore, and also potentially taking up craploads of disk space on drives where you are doing things like tv recording, video recording, and torrenting, since the drive is in a constant state of change. It can be deleted, or more precisely reset until next boot, by typing the following from an elevated command prompt: Code: fsutil usn deletejournal /d [drive]:\ where [drive] should be replaced by the drive letter. Ideally this is only done with indexing off (ideally you have windows search enabled in program features but the service disabled, so you don't lose the explorer search boxes), and if you use system restore right after doing a 'delete old restore points' cleanup. The logfile can actually grow to many GB's, depending on what you use the drive for. Essentially you could consider this 'wasted space'. It is only present on NTFS drives. The other thing the journal is used for I believe is drive 'consistency', so you should only delete it after running chkdsk on it and all checks fine. If not, run chkdsk again with /f, which may require a reboot, and when there's no drive errors do it then. It can be a worthwhile exercise.
well i've already been through all the chkdsk rigormoroll to no avail. i also used Active boot disk that Tito, linked, which surprisingly i could look at every system file under the drive view option other than, you guessed it, the 65mb $LogFile due to an error "memory not allocated" even though it allowed me to look at another system file that was 11mb in size, and all the rest that have anything to do with the MFT. my issue with this is the fact that THIS NEVER EVER WAS THE CASE before i got infected, and that's not an exaggeration, literally never. seriously, i've been using this same pc for years now, i know it like the back of my hand, well i did until all this. for nearly 5+ years i've been making, formatting, deleting, etc. partitions of FAT32 and NTFS varieties on this same pc with the same hdd and have never run into this problem, for they all would say, whether with the program i made them with or in Windows dialogue boxes/properties windows, that there was just as much space free as what i made the size to be WITH NO DATA SPACE USED AT ALL, NONE, NADA. that is until i got infected by whatever it was that infected me from a software download from another place. the original post i linked to has all the info, i'm just not going to type it again for obvious reasons. and i've already done a "clean install" from an iso from here--the problem is not a windows installation, at all, it's something internally on the hdd, or a software problem that is not telling me correct data usage on drives/partitions, which i'm thinking is a possibility but seems highly unlikely because my pc, windows, and all software runs like a dream and has since the last "clean install" which was probably the 10th in the last month and a half. thanks for all the input guys, really because ya'll have suggested things that several others have not, and i've asked many people, albeit none a so called "licensed, professional" geek, lol, unless someone here is, lol but still no dice... prob just time for a new hdd. seriously though, thanx for the input everyone, I really do appreciate it.
I think you should throw your computer in a volcano ^^ if it spreads to the outside world it will be the end of all the computers. I also heard about wifi card firmware rootkit or somethin like that lol. But I have never seen it in the wild. please tell us when you have solved this otherwise I will never be able to sleep again.
lmao! i've personally seen and tried to eliminate CD RW/DVD firmware virii to no avail on someone else's machine and we had no idea how he got it, but i'm almost certain it was "porn" related. that machine just kept re-infecting itself no matter what was done, albeit it showed all the symptoms of being infected too--hijackers, permission changes, keyloggers, etc. i've got no symptoms other than the "hidden" usage that i or anything else can tell anyway
so i just finished doing this: deleted all partitions, quick 1 pass 0 filled the hdd, repartitioned the hdd, then did an image restore of my OS that I made the other day that was up to date and set to my liking. each partition that was FAT32 said this in the program: if it was 10gb there was 10mb used right away, 20gb there was 20mb used right away, and so on in the same proportions. the only thing that i did differently this time was make sure the allocation unit size was set 4kb (previously they were higher than 512kb--must have missed this setting before). so i thought that my problem was still there. but now in Windows dialogues and properties windows the data usage is showing correctly with no bytes used whatsoever on the empty FATs. so whatever was showing in Partition Wizard as being used on the partitions must be wrong, or it's just hidden from Windows api yet giving correct readings, which i assume it's the former and not the latter seeing as before all this Windows was showing the same amounts of used space just like Partition Wizard on empty partitions. the only thing i can think of is that the allocation size on each partition caused all the confusion and "hidden" usage i was seeing, and possibly Partition Wizard has a glitch in its read outs, even though i've used it so many times and never seen such things til after the infection i battled some time ago. i'm just happy that in Windows the usage showing now seems to be completely correct, which eases my mind quite a bit. just my $.02 from current setup--never thought allocation sizing would cause such misrepresentations in Windows...
sector size ? is it the same as 'allocation unit size' ? Oo lol I would never have guessed >< I'm glad this is solved. eeeeerrr 4kb is higher than 512b no ? so what difference does it make before and after if before it was higher than 512b ??? what was your previous sector size ? something is not right with your explanation XD anyway you should still throw your computer in a volcano just in case ^^
yeah, "allocation unit size", sorry it was late/early and it's called something else on the program i was using. should be 512kb as well. and i have no idea what was the previous size before all the original wiping and so forth, but it seems to have made a difference in the readings in Windows as they now are accurate for some reason, just figure that's why. it's as solved as it's going to get anyway, at least until i find an old hdd to hook up and see if the same thing happens to it or not, which could be some time.
have u used a live cd on it? ...there can be issues look at forensicswiki dot org in the secction about linux live cd issues