Alan_B

One horse engineer at work photo coming up http://foter.com/photo/the-farrier/

Market Research has determined thatAn auto-pilot system to take the drunk driver home is no good if it cannot land the vehicle in the garage and then tuck the driver into bed.

I think you might be 97% wrong After Analyzing my 55.8 GB capacity SSD it represent this as a 4 inch by 6 inch matrix with a grid of 8 lines per inch. 8 * 8 * 4 * 6 = 1536 squares = 55.8 GB = 36 MB per square. Used space is only 12.2 GB and occupies 368 squares. Excluding a single square in the middle of free space holding a 1768 KB file C:\$Bitmap, all 368 occupied square are in a contiguous region of only 379 squares with only 11 white squares within that region i.e. there is only 2.9 % white space within that region. After more than 6 months use without ever defragging the SSD, only the final 2.9% of 12.2 GB is outside of the very first 12.2 GB If I now fully install Windows I would expect contiguous use of the first 12.2 GB of Windows L.B.A. and this would instruct the SSD firmware that the cells holding the first 12.2 GB of the old Windows were now garbage to be collected at its convenience, so only the next 2.9% of 12.2 GB would be left holding onto the previous Windows Installation garbage. So far as OCZ are concerned, their SSD's benefit from a "Secure ATA Erase" which takes only a few seconds, and this is better than a TRIM - it purges everything so that all memory cells are ready for writing a fresh installation of Windows. Your Mileage May Vary It will do your SSD no harm at all to simply analyze your SSD and observe how close it is to contiguous use of L.B.A.

CCleaner runs faster for me if I disable my security system - after disconnecting from the Internet. Could you have similar issues with different security products ?

That gave me a 404 error http://www.portablef...?f=2&t=4719 The portablefreeware.com site search engine could not find Uniextract but my browser "StartPage" search engine found many items on that website, including the 9 page monster with a post dated Sat Jul 13, 2013 8:40 pm http://www.portablef...pic.php?p=61969

Does that mean you tried to restore the OLD files to the disk ?

I loved the idea of removing Flash, but then I saw the replacement used Javascript. Rock and a Hard Place springs to mind I hope Javascript is kind to me.

You were lucky. My son enjoyed his first bag of Candy Floss, and threw up on the ride home

I think I agree, assuming that no non-Firefox browser will run and allow Java to act.

You may have to pay for official support to get an answer from the developers upon the feasibility of changing the compilation flag and then debugging the result. It might be quicker and easier for you to find / make a friend with a 64 bit version of Windows that does not run out of memory, or perhaps approach someone in the computer classes at a local school/college.

A Java vulnerability will allow a hacker to do far more than access any banking information (which so far as you know is absent from your machine). Hackers could achieve total access to your computer as a result of Java, and thus steal information that would allow them to :- use your login information and passwords for your ISP, your email accounts, and membership of the Piriform forum (amongst other things), and possible to steal your identity. Most sites will still work well for you after removing Java, and even if you find that removal was bad for a site you need, the Piriform Forum will still be just as good as ever and you can get all the help you need to restore Java. My desktop has never had Java and I have never needed it. Consequently I have never had to uninstall it. I will leave it for those with experience to hand-hold you as you :- Temporarily disable Java (if that is an option) to test its absence on the sites you use ; and Uninstall Java ; Alan

Could they have been using a Windows Server to run the site

With all due apologies in advance, but I cracked up when I logged in and saw the most recent post in the lounge was "Most Dangerous Ride in ... By Hazelnut" I just cannot resist a good Lady Driver joke, and bad Lady Driver jokes are even better

Perhaps Linux and / or Virtual Box is introducing some restrictions upon the Access by Windows XP to your hardware. Comment ( I am not confident of this but it seems plausible ) If you have 64 bit hardware and 64 bit Linux, the probability is that you have to allocate 6 GB of 64 bit RAM as seen by Linux for 32 bit XP to have the benefit of 3 GB of RAM. When you tried 2 GB and then 3 GB of RAM, was this as allocated under 64 bit Linux, or as seen by 32 bit XP ? Suggestion :- Install 32 bit XP as a dual boot and run Recuva under native XP, not a virtual imitation.

Not just relevant but it could be a killer. It is never a good idea to clean the registry with any utility whilst contending with an issue that you think is NOT affected by the registry. If you really must clean the registry you are free to do so - BUT you should not at the same time also be cleaning junk files and then blaming junk file removal for problems.

You are measuring the free space HOW - BY WHAT TOOLS ? Are you accurately assessing the ending LBA of one file and the starting LBA of the next file ? or simply assuming that the absence of a white square in between two files denotes absence of Free Space ? Depending upon the size of a partition and the number of cells to represent that partition, one white square could easily represent 1 GByte of free space, and perhaps a 500 MByte of free space would not qualify for a white cell.

Yes, the file under attack was MpCMDrun.LOG, but it would have been created by MpCMDrun.EXE which would probably have been used to fight the trojan or cleanup / monitor / observe in or after the removal of the trojan.

I found that difficult to believe so I downloaded to try - and was not surprised I have just tried DF V2.15.741 (64 bit) and I see no improvement. On my Samsung 931 HDD it can see only the 7 partitions which have been allocated drive letters. and is unaware of the Windows 7 System partition which :- I used before I had an SSD, and can still use if I give it a drive letter and disable/remove my SSD and fixup the BIOS booting. It also does not see the 100 MB System Reserved partition on my SSD not that I would dream of defragging it. Please explain, what is meant by an unmounted drive. Regards Alan

You are attacking what appears to be an extremely useful file related to fighting an infection. Is it possible that MPcmdrun.EXE is still active and has locked its log file ? http://my.safaribook...sks/id286751121 Just stop CCleaner. Whatever has been deleted will not reappear because you stop CCleaner. I strongly suggest that you cancel the tick against Windows Log files under the heading "System" You can still clean the temporary Internet files under heading "Internet Explorer"

So far as I am aware the location of the XPI etc. is not relevant. If I create a file ABCD.EFG then Windows will see this as having the extension EFG and then Windows wants to know how to execute it and registry cleaner reports it as an unused extension. PDF was an "unused extension" because I used a Portable PDF reader and my habit was to launch the reader and the reader then opened any PDF file that I drag-dropped onto it. More recently I altered the readers settings to register so that double clicking any PDF file would open the reader and accept the file. ( By doing this I degraded portability for the sake of convenience.) I suspect that the Registry Cleaner is correctly stating that Windows does not know how to open your XPI file if you double click it. Firefox is on a mad rabid release cycle which is breaking addons, and it is possible that you see this is a new problem due to changes in Firefox and not changes in CCleaner.

The main purpose of CCleaner is to remove Junk files that are not needed. The Duplicate File Finder capability has only recently been added to CCleaner, and it is reasonable to be concerned that a file should not be deleted just because it has the same name as something else. Please explain why you would believe that. MD5 has an output value of 128 bits that can distinguish between any two files that are up to 16 bytes in size SHA-512 has an output value of 512 bits that can distinguish between any two files that are up to 64 bytes in size https://en.wikipedia.org/wiki/SHA-2 I do not understand how you expect perfect distinction via "proper hashing algorithm" between files that are likely be hundreds of times larger than 64 bytes. CCR32 has a 32 bit output value which can distinguish between any two files that are up to 4 bytes in size SHA-512 is overwhelmed by a 64 kB file just as much as CCR32 is just overwhelmed by a 4 kB file. The only difference I can see is in the amount of the probability of error. When I want to "know for sure" whether two files are the same then I use "HashMyFiles" from Nirsoft, and I am happy to live with the 1 in millions of possibilities that the same bit restricted hash output could be produced by files with different content, otherwise I have utilities that will do a byte by byte comparison - It is a capability I almost never use - life is too short.

I totally disagree with your conclusions as applied to this particular application. I totally disagree with recommending MD5 for protection against malicious 'cleverness', because some years ago it was being cracked, see for example. http://crypto.stacke...md5-hash-value. http://www.coresecur...om/blogs/?p=478 If you really want to avoid malicious 'cleverness' you need SHA-256 or better, and it would be infinitely preferable to validate a download BEFORE it ever gets moved into your system for use before CCleaner ever gets around to accessing it. It can only be sensible to look for matching file names and sizes, and then as suggested in this topic title, to finish off by computing checksums to ensure the contents also match. If the file names and sizes etc match, a CRC32 error rate of one in 4,294,967,296 means that after deleting 4,294,967,296 "duplicate" files, then on average one file may have been deleted even though the content was different. That is a risk I am happy to take - I do not even have 4 billion files with different names

If you scan and click on the "Drive Map" TAB and post a screen-shot we might advise regardless of whether your colour scheme is default. If you click on the drive map pink square it will identify the file(s) which are in it. If one at a time you select each one of the colors under the "Drive Map" TAB, then all the squares in the centre map will be dimmed, apart from the squares designated by that color, and when your pink square is the one that remains un-dimmed you should know what sort of content is held there.

Please note that somehow a stray chunk of unwanted text appeared when I posted Header.BAT in the first post. This has now been corrected to be the same as my original code.

Please allow me to explain my point of view. Throughout this topic my position has been, and remains, that ANY anti-malware product, (including but not restricted to Kaspersky,) may suffer with a False Positive and wrongly finger an innocent item as "malware", and if this same "protective" product is then invited to delete or "disinfect" the so called "malware" then some truly beneficial feature will have been destroyed. The consequence of that destruction could range from the loss of some cleaning capability or the removal of some needed protection, specifically it could remove :- the contents of CCleaner / Options / Include, thus reducing the cleansing capabilities; the contents of CCleaner / Options / Exclude, thus endangering the protection required for continued correct operation of some installed software; OR removal of Piriform defined capabilities that are built into CCleaner.EXE regardless of any WinApp2.ini or User GUI customisation. I am quite certain that any reputable "protective product" has the ability to put out of action some feature of CCleaner, and in so doing will blunt its surgical precision in "Junk removal". In view of Nergal's post I would suggest that amongst thousands of other possibilities, perhaps the "protective product" has damaged the capability of "Complex overwrite (7 pass)" deletion or one all of the other options. Rather than take pot-shots at many possibilities, I advocate a fresh install of CCleaner whilst the "protective product" is free from False Positives, and I never consider any product installation to be clean and free from the effects of previous False Positive actions, unless the previous damaged installation is totally un-installed. N.B. I cannot remember the name of the AntiVirus product, but there was one in the last few years which had a bad signature update, and many people lost total functionality until they re-installed and re-registered applications or system files.