Incomplete chkdsk logfile

Question

To shorten a long story: i cloned a corrupted ntfs harddisk (broken $MFT root entry) and booted into my native windows to perform a chkdsk run.

On startup windows performed an unwanted chkdsk run. The chkdsk run passed pretty successful. Unfortunately the chkdsk log seems to be incomplete.

I read the log with event id 1001 from the event viewer and directly in the power shell with the following command:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message

Thus i am not able to make a statement which and how many clusters could (not) be restored by the chkdsk run. The log consists of 274 lines and seems to be broken in the middle of the process.

[ . . .]
Einige Cluster, die vom Attribut vom Typ 0x80 und der Instanzkennung 0x1
in der Datei 0xfbf2 belegt sind, werden bereits verwendet.
Beschädigter Attributeintrag (128, "") wird
vom Datensatzsegment 64498 gelöscht.
Der Attributeintrag vom Typ 0x80 und mit der Instanzkennung 0x1 ist
von 0x3ac8559 an für möglicherweise 0x5 Cluster quer verbunden.
Einige Cluster, die vom Attribut vom Typ 0x80 und der Instanzkennung 0x1
in der Datei 0xfbf3 belegt sind, werden bereits verwendet.
Beschädigter Attributeintrag (128, "") wird
vom Datensatzsegment 64499 gelöscht.
Der Attributeintrag vom Typ 0x80 und mit der Instanzkennung 0x1 ist
von 0x3ac855e an für möglicherweise 0x5 Cluster quer verbunden.
Einige Cluster, die vom Attribut vom Typ 0x80 und der Instanzkennung 0x1
in der Datei 0xfbf4 belegt sind, werden bereits verwen

Question: Is there an additional resource where log could be administered? Is there a reason why the log could be broken after 274 lines?

How many characters does the message have? The size of eventlog messages is [limited](https://msdn.microsoft.com/EN-US/library/windows/desktop/aa363679.aspx). — Ansgar Wiechers, May 29 '15 at 09:24
So the size is merely ~16KB - which seems to be a very plausible value for a limit!? Get-Content chkdsklog.txt | Measure-Object -word -line -character = Lines 268 / Words 2279 / Characters Property 15839 — knx, May 29 '15 at 09:35
The limit for eventlog messages is 31839 characters, so your issue seems to be caused by something else. — Ansgar Wiechers, May 29 '15 at 11:05
Yeah I am sorry! It misinterpret the wrong setting. So now i'm a bit confused. There is clearly no explainable reason why the log was trimmed. — knx, May 29 '15 at 12:02

score 0 · Answer 1 · answered May 29 '15 at 08:46

One good reason could be by a bad sectors on the hard dirk. Therefore you can try using Hiren's bootCd to try to fix this problem, it comes with a large collection of useful tools. Another reason could be a virus, since your old windows still there in that hard disk. Inside the Hiren's bootCD there is CloneDisk program which is built in with that system. Anyways, when backing up an entire drive, you will have to hold a drive of equal or larger capacity set aside for backup, and nothing else. You have to real options: A bare hard drive, or an external drive. I hope this will be useful.

Incomplete chkdsk logfile

1 Answers1