Alan_B

Many thanks for you answer I can indeed discover the file NTLDR in the root of my Macrium Recovery Boot Flash Drive which is based on WinPE, and now understand how this is sector independent because it is located by path and file name. I do have a problem with my OCZ-Linux Boot Flash Drive. it has neither NTLDR or BOOTMGR. This is a complete list of all the files that Defraggler can see on the Flash Drive. --------------------------------------------------------------------------- OCZ-LINUX (I:), FAT32, Capacity: 7.5 GB, Used: 59.0 MB (1%), Free: 7.5 GB (99%) --------------------------------------------------------------------------- Total size: 59.0 MB, Fragmented Files (0), Total Fragments (15) --------------------------------------------------------------------------- Filename Fragments Size Path --------------------------------------------------------------------------- boot.msg 1 221 I:\boot\syslinux\ boot.cat 1 2048 I:\boot\syslinux\ ldlinux.sys 1 37376 I:\ [Folder Entry] 1 0 I:\boot Uni-USB-Installer-Copying.txt 1 49088 I:\ Uni-USB-Installer-Readme.txt 1 14339 I:\ license.txt 1 18092 I:\ f3 1 1059 I:\boot\syslinux\ f2 1 870 I:\boot\syslinux\ core.gz 1 59244610 I:\boot\ [Folder Entry] 1 0 I:\boot\syslinux vmlinuz 1 2491968 I:\boot\ f4 1 929 I:\boot\syslinux\ isolinux.bin 1 14336 I:\boot\syslinux\ syslinux.cfg 1 366 I:\boot\syslinux\ Thank you for the link to tburke... I especially like I have decided to let it remain a mystery to me also - I am still exhausted after my last attempt at understanding Wikipedia articles. I will however act on the information that the sector location of the files is not relevant, only the path and file name. N.B. The file "boot.msg" is a text file that contains the message and gives a link to http://www.tinycorelinux.net/

When you say "icon" are you referring to what the mouse pointer looks like when it changes from a vertical upwards pointer to a double end up-n-down pointer, or is it some feature that you see on screen regardless of where you move the cursor ?

I have several bootable flash drives. Some use Linux Some use WinPE I know that the MBR is used for booting and eventually results in the launch of whatever mini operating system is present. I do not see any common start point (such as Auto.inf) in the partition on these drives, and I am wondering if the MBR which is filled with hexadecimal numbers uses an absolute sector address that designates the start point, or if it uses a file name and path for the start point, or if defraggler magically recognises which files must never be moved. I want to know if the drive will still boot correctly after files have been moved.

Adjacent to the Exclude TAB is the Advanced TAB which includes the option "Save All settings to INI file" Tick that option. Select any "convenient file" that is on the same or adjacent path as PGPWDE01 Then click OK and close Defraggler. My experience with CCleaner, and very probably your experience with Defraggler, is that you will find in the same folder as Defraggler.exe a new Defraggler.ini. This Defraggler.ini.can be opened with Notepad and you can locate the path and "convenient file", and change this to designate PGPWDE01 ( preserving whatever special syntax is present on that line ), then save the Defraggler.ini. Launch Defraggler and you should now see that PGPWDE01 is excluded, and it should remain excluded if you now cancel "Save All settings to INI file" to restore normal configuration via registry.

I am wondering if the "start point" of the operating system is defined by sector identity or by path and file name. I have been reading documentation on the MBR and boot startup and so far I have only a head ache. Alan

I am not a Portable Purist so I have no objection to, and even welcome, any OPTIONAL and NON-DEFAULT capability for a Portable Utility to be launched via such things as a context menu or a File Association; BUT If a newly unzipped Portable Recuva has automatically added itself to a context menu I would suggest reporting this as a bug in http://forum.pirifor...hp?showforum=17

How and WHY did SHORTCUTS happen ? I can only get that result with normal or temporary folders if I select then drag and BEFORE AND DURING DROP I choose to hold down the ALT key. Did you choose to perform this extra complication or is this something special that Windows imposes with "the DVD image burning temporary directory" Were they really short-cuts, or were they reparse points as was the case in the problem that you cited ? Perhaps Windows broke its own rules and when it created these reparse points "on the fly" it FAILED to impose appropriate ACL Protection as stipulated by http://support.micro...om/?kbid=205524

Perhaps these images were not only captured by the browser, but also were subsequently flashed / deleted and left resting in Free Space when leaving the web-site or when closing the browser, in which case they were deleted without any over-write and were instantly retrieved by Recuva.

I cannot advise on the Code 28 issue. I can advise that some weeks ago my BIOS suddenly stopped Booting my SSD even though it was detected and bootable. During Power-up stabbing at the F8 function key gave me the Boot Selection Screen, which allowed me to choose any removable media / Flash Drive or any fixed device and boot from my choice, and that allowed me to Boot the SSD ( till the next time.) During Power-up stabbing at the DEL key gave me control of the BIOS settings and I clicked on the BOOT menu and like you, my SSD was NOT an option in the Boot Priority sub-menu, no matter what or how hard I clicked. BUT there was also another sub-menu with a name like "Hard Drives", and the SSD was not shown there but clicking on things (now forgotten) in that area I was able to resurrect the SSD into that group, after which another reboot and DEL took me back to Boot Priority and the SSD was still absent - but now I was able to resurrect the SSD and give it top priority. I believe the problem arose because I followed "good practice" and erased my SSD before restoring a partition image backup, and although this previously caused no problems, this time when booting into my Boot Flash Drive Image Restore tool, the BIOS saw that the SSD was no more and chose to declare it Removable and unfit for Boot Priority.

Last night I chose to conceal my ignorance by waiting for experts to clarify the situation for you (and for me). So far I am still not sure of the exact situation, but my views are :- 1. It is quite possible that you do NOT have JAVA installed in which case I believe you are not subject to this latest "zero day" vulnerability that Oracle knew about since early last year. 2. Javascript and JAVA are very different and should not be confused. 3. Javascript is something that comes out of a website you are currently connected to, and does its special job regardless of whether you have a JAVA installation. When you disconnect from that site the Javascript should die. 4. Javascript can be a security hazard but can be thwarted by NOSCRIPT and probably other things. http://noscript.net/features 5. Javascript is NOT the subject of this topic. The problem is a JAVA installation. 6. You probably get a JAVA installation along with Adobe Flash and other security hazards and bloated freeware if you buy a computer with Windows Pre-installed, but the supplier has a "clean conscience" because he also preloaded a trial version of a Security suite to protect you - and when you cannot uninstall and have to pay a licence fee I guess the supplier gets a commission. Every one wins - except the customer. Otherwise you should be in the clear unless you have chosen/permitted a JAVA installation. 7. In the past JAVA security updates always left the superseded vulnerable version installed, and attacks that the latest version could resist were able to bypass the latest and gain access through the earlier vulnerable versions that had NOT been removed. http://www.computerh...p?topic=61227.0 In the past the CCleaner forum has strongly recommended the use of JAVARA to remove obsolete JAVA installations and thus :- Enhance security from malware ; and Gain a few hundred MBytes extra free space. http://singularlabs....oftware/javara/ 8. I am NOT HAPPY with misinformation I encountered via Hazel's link Oh dear - I fear that has put me alongside Corona on Hazelnut's "Watch List", her avatar will now be glaring down at both of us The link takes me to ... How to disable Java in Firefox ... I have Palemoon which is based on Firefox so I click on the link which takes me to http://nakedsecurity...le-java-chrome/ This is disinformation from a company that would not exist if malware did not exist. This has two main headings :- "Windows removal instructions" and "Firefox disable instructions" Under the heading "Windows removal instructions" they tell how to remove via the Control Panel -> Programs. I find it disappointing that a security company that exists due to malware would risk our protection by allowing older vulnerable versions to remain installed. I suppose they have their reasons. Then they tell me to visit http://java.com. In fear and trepidation I click on the link I see a massive invitation to DOWNLOAD JAVA TODAY, but underneath is the faint tiny link "Do I have Java?" I click and get to http://java.com/en/d...d/installed.jsp This looks similar to, but also different from, what Sophos said. Under the heading "Verify Java version" it does NOT say "No working Java was detected ..." and the big red button is not inscribed "Download Java Now" Instead the text reads "Check to ensure that you have the recommended version of Java ..." and the button is inscribed "Verify Java version". I click the big red button, confident that I will suffer no permanent harm because I am about to restore a partition image that will remove any Java that comes my way. Click done - Now I see what Sophos promised "No working Java was detected ..." This was followed by a Pop-Up from JAVA asking "Tell us what you think" They really do not want to know what I think of Java Under the heading "Firefox disable instructions" it tells me to look at my Plugins. I am happy to say that this PC has never had any JAVA or Silverlight Plugin. My Conclusion :- For present and future safety it is best to use JavaRa to exterminate every trace of JAVA and it will give the benefit of more free space. N.B. I am "Old School" and it works for me

If they have only disabled the Update then perhaps the previous version of Java is still active and makes you just as vulnerable.

I assume that you are referring to the note. "- Added FileKeys5 and 6" Should I assume that FileKeys 1 to 3 also remove cookies regardless of Saves ? Pedantic quibble :- What happened to FileKey4 SAFETY SUGGESTION :- Desist from using the same header when there is extra cleaning due to an Added DELETE or an Added DETECT. Assuming that this problem is due to the header [LocalService Cookies*] then this rule is NOT in effect by default, and I guess that 2nd Base has checked the box in the past and for that reason CCleaner has remembered the user preference and automatically enabled "disaster". The previous preference should have been avoided and 2nd Base would have needed to again check the box if the "extra strength" rule been given a modified header such as [LocalService Cookies 2*] N.B. I see no need for a different header if a modification reduces the strength of cleaning. N.B. - I counted 17 of these "dangerous" rules in your Modified List - and ran out of fingers

You probably also permit Microsoft updates which strike without notice, and some browsers are on rabid release cycles. Have you tried removing Winapp to confirm it is implicated ? What search engine on what browser ?

Yes, I tried it, but then moved onto TreeSize which I much prefer.

TreeSize Free will show what is occupying space on your system, even if it is hidden from Windows Explorer. It might be worth a shot. I personally use the Portable version https://www.jam-soft...80&language=EN

You can download v13 from http://www.filehippo.com/download_recuva/12815/ So far as possible try to install it on a partition (or a Flash Drive) that does not hold deleted files you wish to recover. I leave it for others to give more guidance.

I do not see how cleaning the registry will remove any files. Where did you get CCleaner from, and are you a first time user ? Please explain exactly :- What is your version of Windows ; What is your version of CCleaner ; What you did, including every box that you checked and every button you clicked.

You are correct, that is how the free version works. The Pro version has the ability to observe and record details of an installation so that it can not only mop up residues that removal left behind, but in addition it knows any totally unrelated registry keys and folders that are only known to the original installer. I suspect that Pro Revo will understand that when product Y from Company X is removed, then Registry Key / Folder "X\Y" is good to go but "X" must be preserved whilst product Z from Company Y remains installed.

I was not looking for anything in that SYSTEM volume. I actually KNEW the contents because TREESIZE FREE shows me in a folder tree structure everything that is taking space on my system, hence I already knew the contents of the least accessible folder on my system. My requirement was to discover a utility that will search my whole system for any file-name that might be of interest regardless of any access restrictions. When I use TREESIZE I see *.log files and so I test any Search Utility with *.LOG, and Defraggler reports the full paths and names of 42 such files, and this includes the files that Treesize found in System Volume hence I am confident that Defraggler is NOT subject to access restrictions like normal search utilities. TREESIZE also shows me that SYSTEM VOLUME holds both Syscache.hve.LOG1 and Syscache.hve.LOG2 Defraggler finds the first which is 256 KB, but NOT the second which is zero bytes. You win some and you lose some - but I guess a zero byte sized file is normally not dangerous and of no value so no loss.

CCleaner targets redundant junk. Toolbars are NOT redundant junk - some are a benefit - but not for you. CCleaner does not aim to purge malware. So far as I am concerned Apple iTunes is malicious malware that I will not tolerate because it crippled my single core processor with its spurious Bonjour Service. One man's meat is another man's poison, and I guess that MIGHT be true of Searchnu tool bar.

I am totally unsatisfied by Windows Search. On my Laptop running XP I found that Windows Search would lock up if I was searching a region that included Acronis Image backup *.TIB files. I have no control over the location of Windows system created files such as my examples in C:\System Volume Information\ Sometimes I might see an error report concerning a file with no certain path to that file, and I might wish to locate that file in order to investigate.

Even better is to FIRST use RevoUninstaller to launch program removal. That OBSERVES the things which the programs own uninstaller attacks, and after that process is completed it then visits the files / folders / Registry keys that were dealt with, and then RevoUninstaller will revisit those observed regions looking for related residuals that merit mopping up. After that you can still use CCleaner Registry cleaning to see if there are an spurious keys that were totally ignored by the programs own uninstaller and thus not observed by RevoUninstaller.

THE ULTIMATE file search utility is DEFRAGGLER from PIRIFORM There is NO need to Defrag - or even to Analyze. Instead click on the TAB marched Search Tick the box against "Filename Contains:" and enter the file-name of interest Tick the box "Include non-fragmented files" Then click the button "Search" and then an Analyze will happen after which every sought file will be shown. When I search C:\ for *.LOG I obtain all the results within 2 Seconds. This includes an analyse of Windows 7 Ultimate contents :- 73,474 Files in 16,193 Folders occupying 15.2 GB (16,400,225,451 bytes) The results include C:\System Volume Information\Tracking.log When I search D:\ for *.LOG I obtain all the results within 1 Second. This includes an analyse of 3,926 Files, 3,190 Folders occupying 634 MB (665,017,148 bytes) The results include D:\System Volume Information\Chkdsk\Chkdsk20110808110721.log and D:\System Volume Information\Chkdsk\Chkdsk20110414213419.log If I right click then I can select "Open Containing Folder" and Windows Explorer is launched and gives me full access to both files. The only downside I can see after one day is that zero byte sized files are not reported - I guess because they have no need for defragging. Enjoy.

I like UltraSearch, especially the fact that I can search for and only present the files that hold a particular text string A problem with Everything is that it depends on the MFT and so cannot work on FAT32 formats, and another problem is that the MFT includes historic information so Everything reports the existence of files that have been deleted, and I only realise the error when I right click and try to either view Properties or to "Open Containing Folder". Both the above fail to detect files that Windows conceals within "System Volume Information", and I have learnt to live with that. I also learnt how to blast away restrictions by the use of iCacls - but I am hesitant to recommend that for an average user I am however troubled by the thought that Windows is concealing the contents of other folders that I am not aware of. Yesterday I wanted a file search technique that I could safely give an average user to find a file even if it was buried in System Volume Information. I had a bright idea and tested it and found it worked. Drum Roll - Grand Announcement coming