[MS Defender Detects CCleaner Portable v5.91 Zip File as Trojan:Script/Oneeva.A!m]

18 hours ago, redwolfe_98 said:

...."ccleaner" is owned by "avast." it is not very likely that any of their files are going to be infected with malware. they are very good at detecting malware.

Hi redwolfe_98:

Recall the September 2017 Bleeping Computer articles CCleaner Compromised to Distribute Malware for Almost a Month and CCleaner Malware Incident - What You Need to Know and How to Remove about the Floxif trojan that was bundled inside CCleaner v5.33.6162 installers posted on the official Avast/Piriform website.  That Floxif trojan evaded detection by antivirus programs for several weeks because the CCleaner binary that included the malware was signed by Avast with a valid digital certificate and whitelisted as "safe".  At the time I was using the 32-bit version of the installed version of CCleaner Free and found evidence of this malware on my system (see my 18-Sep-2017 post Traces of Floxif Malware From Infected CCleaner v5.33 Installer), which is why I was being so cautious about yesterday's Microsoft Defender detection of a possible trojan in the Portable ccsetup591.zip file.

My Microsoft Defender virus definition set updated to v1.361.339.0 today (20-Mar-2022) and I was able to download the Portable ccsetup591.zip file from https://www.ccleaner.com/ccleaner/builds without triggering a Trojan:Script/Oneeva.A!m detection, so I'm guessing the v1.361.287.0 definition set I was using yesterday was responsible for the false positive detection.  Problem solved, and kudos to hazelnut for providing the expected SHA256 hash for the ccsetup591.zip file.
-----------
64-bit Win 10 Pro v21H2 build 19044.1586 * Firefox v98.0.1 * Microsoft Defender v4.18.2202.4-1.1.19000.8 * Malwarebytes Premium v4.5.6.180-1.0.1634 * CCleaner Portable v5.90.9443
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[MS Defender Detects CCleaner Portable v5.91 Zip File as Trojan:Script/Oneeva.A!m]

21 minutes ago, hazelnut said:

...Weird as Virus Total doesn't show MS as detecting it.

https://www.virustotal.com/gui/file/ed4855acc0239c7e1c5dd4554a6e360173f23458832420000445a20fa3fc6450

Hi hazelnut / redwolfe_98:

Thanks for the feedback.  I wasn't very keen on restoring the ccsetup591.zip file from quarantine before I had some indication that it was likely a false positive.

I restored the file and uploaded it to VirusTotal, and the SHA256 hash (ed4855acc0239c7e1c5dd4554a6e360173f23458832420000445a20fa3fc6450) is an identical match to the report at https://www.virustotal.com/gui/file/ed4855acc0239c7e1c5dd4554a6e360173f23458832420000445a20fa3fc6450. I'll submit the file to Microsoft at https://www.microsoft.com/en-us/wdsi/filesubmission for analysis and see if they can explain.

I haven't tried downloading this .zip file before today so perhaps it's my current  virus definition set v1.361.287.0 (installed 19-Mar-2022) that's causing the problem.
-----------
64-bit Win 10 Pro v21H2 build 19044.1586 * Firefox v98.0.1 * Microsoft Defender v4.18.2202.4-1.1.19000.8 * Malwarebytes Premium v4.5.6.180-1.0.1634 * CCleaner Portable v5.90.9443
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[MS Defender Detects CCleaner Portable v5.91 Zip File as Trojan:Script/Oneeva.A!m]

I've tried to download the current CCleaner Portable v5.91.9537 ccsetup591.zip file a few times times today from the official builds page at https://www.ccleaner.com/ccleaner/builds but my Microsoft Defender antivirus detects it as Trojan:Script/Oneeva.A!ml and quarantines the file.  From NirSoft's WinDefLogView utility:

I'm currently using MS Defender v4.18.2202.4 (engine v1.1.19000.8) and my current virus definition set is v1.361.287.0 (installed 19-Mar-2022).  Is anyone else who uses MS Defender as their main antivirus seeing this behaviour?

-----------
64-bit Win 10 Pro v21H2 build 19044.1586 * Firefox v98.0.1 * Microsoft Defender v4.18.2202.4-1.1.19000.8 * Malwarebytes Premium v4.5.6.180-1.0.1634 * CCleaner Portable v5.90.9443
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[CCleaner Portable v5.90 - Custom Clean Reports "0 Bytes Cleaned"]

I ran a Custom Clean with the current CCleaner Free Portable v5.90 today and noticed an odd glitch. CCleaner found ~ 240 MB of files ready to be cleaned when I clicked Analyze, but when I clicked Run Cleaner it reported "Cleaning Complete - 0 Bytes Removed".  Note that all open programs (e.g., File Explorer, Firefox etc.) were closed before I started the Custom Clean.

I checked my hidden C:\Users\<myusername>\AppData\Local\Temp folder and confirmed that all files older than 24 hours had actually been purged (note that my setting at Options | Advanced | Only Delete Files in Windows Temp Folders Older Than 24 Hrs is ENABLED) so the "0 Bytes Removed" message was obviously incorrect.

I closed CCleaner and re-launched a few minutes later, and this time a Custom Clean ran as expected, even though it only found a few files to clean.

I normally only run CCleaner once a week on Sundays and just updated to v5.90 on 25-Feb-2022 so I believe this is only the second time I've run a Custom Clean with v5.90, so I'm not certain if today's error was a one-time glitch or a reproducible bug.
-----------
64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.2 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.5.175-1.0.1621 * CCleaner Free Portable v5.90.9443
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Question RE: New Windows SubSystems Temp Files Cleaning in Cleaner v5.90]

Hi iansn:

APMichael has posted additional information about this C:\Windows\System32\SRU folder in my thread Suggestion RE: New "Windows SubSystems Temp Files" Option in CCleaner v5.90 over in the CCleaner Suggestions board.  Files in this folder are apparently used for the Win 10/11 feature that tracks data usage for the past 30 days on your internet connection.

If you have a Win 10 OS go to Settings | Network & Internet | Network Status | Data Usage to see which apps and software programs consume the most bandwidth on your internet connection.  If you scroll to the bottom of that app list there is a "Reset Usage Stats" button.

At this point I'm still not clear if it's necessary (or even safe) to delete the SRUDB.dat file in that folder in order to reset the data usage stats, or why Piriform / Avast didn't just call this option something like "Reset Internet Data Usage Stats" instead of "Windows SubSystems Temp Files".
-----------
64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.1 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.4.168-1.0.1599 * CCleaner Portable v5.90.9443
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Suggestion RE: New "Windows SubSystems Temp Files" Option in CCleaner v5.90]

3 hours ago, APMichael said:

...The directory "C:\Windows\System32\sru" contains the database for recording the network data usage...

Hi APMichael:

Thank you for letting me know that files in the C:\Window\System32\SRU folder are used to track data usage on your internet connection.

Knowing this, here are additional questions for Avast / Piriform:

• Instead of enabling this new "Windows SubSystems Temp Files" option, can users achieve the same thing by going to Settings | Network & Internet | Network Status | Data Usage and then scrolling down to the end of the list and clicking the Reset Usage Stats button (see image below)?
• Is it necessary (and safe) for the "Windows SubSystems Temp Files" option to delete all files in the C:\Window\System32\SRU folder, including the SRUDB.dat?
• Assuming that the new "Windows SubSystems Temp Files" cleaning option only deletes the files in this one particular C:\Window\System32\SRU folder (which appears to be the case on my Win Pro 10 machine as shown in my image in my original post), could Piriform / Avast rename this option something like "Reset Internet Data Usage Stats" so users understand its purpose, or does Piriform / Avast plan to expand the scope of this "Windows SubSystems Temp Files" cleaning in the future so that it deletes the content of other C:\Windows subfolders?

-----------
64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.1 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.4.168-1.0.1599 * CCleaner Portable v5.90.9443
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Question RE: New Windows SubSystems Temp Files Cleaning in Cleaner v5.90]

It doesn't appear that anyone from Piriform / Avast is going to reply to my question, so I posted a suggestion today at  Suggestion RE: New "Windows SubSystems Temp Files" Option in CCleaner v5.90  that developers move this new Windows SubSystems Temp Files cleaning option to the "Advanced" section of Custom Clean (i.e., to the same section as Windows Event Logs cleaning) and remove the word "Temp" from the descriptor "Windows SubSystems Temp Files".
-----------
64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.1 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.4.168-1.0.1599 * CCleaner Portable v5.89.9401
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Suggestion RE: New "Windows SubSystems Temp Files" Option in CCleaner v5.90]

I would like to suggest that developers move the new Windows SubSystems Temp Files cleaning option introduced in CCleaner v5_90 from the "System" section to the "Advanced" section (i.e., to the same section as Windows Event Logs cleaning) and remove the word "Temp" from the descriptor "Windows SubSystems Temp Files".

Please see my 20-Feb-2022 thread Question RE: New Windows SubSystems Temp Files Cleaning in Cleaner v5.90 about how this new option wants to clean files in my C:\Window\System32\SRU folder, as well as comments about the relationship of the SRUJet to the Diagnostic Policy Service (DPS).  As of today no one from Piriform / Avast has replied in my thread and explained exactly what folders will be cleaned when this Windows SubSystems Temp Files option is enabled, or why the contents of these folders might need to be purged.

 

From what little information I've been able to find about the SRUJet, the SRU.log and SRUDB.dat files will be be re-created by Windows if they are deleted from C:\Window\System32\SRU folder.  I'm not sure it's appropriate to categorize all the files in this folder as "temporary" files, since "temporary" implies these files are no longer required by the system and that cleaning them can be done on a regular basis to free up disk space.

As an analogy, I know that certain problems with Windows Update can be fixed by clearing or renaming the C:\Windows\SoftwareDistribution folder and allowing Windows to re-create the necessary folders and files.  However, I wouldn't suggest that anyone do this on a regular basis just to free up disk space, and I wouldn't recommend that they purge this folder before stopping their Windows Update Service (wuauserv) and Background Intelligent Transfer Service (bits) as instructed in Windows Central article How to Clear the 'SoftwareDistribution' Folder on Windows 10 and Make Updates Happen Again.
-----------
64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.1 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.4.168-1.0.1599 * CCleaner Portable v5.89.9401
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Question RE: New Windows SubSystems Temp Files Cleaning in Cleaner v5.90]

I have a question regarding the "new temp file cleaning for various Windows system components" listed in the CCleaner v5.90.9443 release notes at https://www.ccleaner.com/ccleaner/version-history.

Is this the Windows SubSystems Temp Files option listed in v5.90 under Custom Clean | System, and if so exactly what Windows subsystem temp files are cleaned if you enable this option? Specifically, I'd like to know:

• The location of these subsystem temp folders cleaned by CCleaner,
• The reason why Microsoft stores temporary files in these locations in the first place, and
• Whether the Win 10 and/or Win 11 built-in Disk Cleanup utility (Start | Windows Administrative Tools | Disk Cleanup) also purges temporary files in these subsystem folders.

I ran a test Custom Clean scan with CCleaner Portable v5.90 using Windows SubSystems Temp Files as the only option enabled under the System section, and it detected several files in C:\Windows\System32\sru, including SRU.log and SRUDB.dat. What little information I've found about the SRUJet suggests that these files should not be deleted while the Diagnostic Policy Service is running (note: this service has a Startup Type of "Automatic" on my Win 10 machine).  See the AskWoody thread SRU and SRUDB and TenForums threads  Anyone Else Have This SRUDB.dat Error All The Time? and Multiple Error Messages in Event Viewer for more information.

-----------
64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.1 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.4.168-1.0.1599 * CCleaner Portable v5.89.9401
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Speccy showing uninstalled Norton antivirus as "Enabled"]

Hi Nixxxed:

If you still require assistance some of the suggestions in SpeccyUser's 04-Jan-2022 Speccy Detecting Malwarebytes and Norton Even Though They Are Uninstalled might be helpful.  For example, did you run the Norton Remove and Reinstall (NRnR) Tool in advanced "Remove Only" mode as instructed in the Norton support article Download and Run the Norton Remove and Reinstall Tool for Windows?

Was your Norton Security Suite one of the free Norton products provided by Comcast/Xfinity that was described in the 01-Nov-2020 Norton blog End-of-Service Announcement for NortonLifeLock Subscription Offered by Comcast?
-----------
64-bit Win 10 Pro v21H2 build 19044.1466 * Firefox v96.0.3 * Microsoft Defender v4.18.2111.5-1.1.18800.4 * Malwarebytes Premium v4.5.2.157-1.0.1562
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Speccy detecting malwarebytes and norton even though they are uninstalled]

On 04/01/2022 at 10:47, SpeccyUser said:

... My issue is that speccy is detecting norton security (as disabled) and malwarebytes (as enabled) in the report even though I have already used the respective software removal tools for each of the antiviruses ...

On 04/01/2022 at 12:33, nukecad said:

....I'd try using Revo Uninstaller which can find and remove such leftovers.As you have already removed Norton and Malwarebytes you will probably need the 'Forced Uninstall' option in Revo ...'Forced Uninstall' is a Pro option so it needs to be the Revo Pro version - but if you don't want to purchase Revo there is a 30 day trial of Pro which should be plenty of time to do this job ...

Hi SpeccyUser:

If the "Forced Uninstall" option of the trial version of Revo Uninstaller Pro can't remove the last traces of Norton then be sure you run the Norton Remove and Reinstall (NRnR) Tool in advanced "Remove Only" mode as instructed in the Norton support article Download and Run the Norton Remove and Reinstall Tool for Windows.  "Remove Only" mode does a deeper wipe of orphaned files and registry entries, although it (deliberately) leaves behind a few traces that can be removed manually.

I used Norton for several years on a Vista SP2 computer and found that a "Remove Only" wipe with the NRnR tool did not do a great job of removing remnants of previous Control Panel | Programs and Features uninstalls, especially for my older Norton products. I contacted Norton customer support via Live Chat at https://www.norton.com/chat and gave them my Windows OS and Norton product names (past and current) and they were able to provide a list of possible registry entries and files/folders left behind by the NRnR tool that I could manually delete.  If you post in the Norton forum at https://community.norton.com/en/forums/norton-360-windows one of the Norton Gurus monitoring that forum might be able to help as well.

I'll assume the Malwarebytes removal tool you used was the removal tool built in to the Malwarebytes Support Tool (Advanced | Clean) .
-----------
64-bit Win 10 Pro v21H2 build 19044.1466 * Firefox v96.0.3 * Microsoft Defender v4.18.2111.5-1.1.18800.4 * Malwarebytes Premium v4.5.2.157-1.0.1562
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[No SSD NVM info]

On 23/11/2021 at 09:35, lmacri said:

Further to my July 2021 post, I just realized that CrystalDiskInfo is not displaying the Current / Worst / Threshold columns (i.e., shown as percentages from 100 to 0 %) for the S.M.A.R.T. attributes of my NVMe SDD ....

... HWiNFO only shows a short list of S.M.A.R.T. attributes with a Yes/No status for my NVMe SSD (see image below) so that makes me suspect that data for many of the S.M.A.R.T. attributes for NVMe SSDs in some hardware diagnostic utilities could be inaccurate ...

User following this thread might be interested in reading Ben Meyer's 07-Feb-2022 article Our World is Not Very S.M.A.R.T. About SSDs in this week's AskWoody free (and paid) newsletter, which focuses on a utility called Clear Disk Info.  My 30-Dec-2021 post # 2409451 in response to one of Ben's older newsletter articles on this topic compares my Clear Disk Info diagnostic report to those from other utilities like HWiNFO (see my HWiNFO image <above>), CrystalDiskInfo and Speccy but many of the images I attached in that Dec 2021 thread can't be viewed unless you log in to the AskWoody forum, so here's a re-post of my Clear Disk Info image.  One nice feature of the Clear Disk Info user interface is that it has a Description column that describes each S.M.A.R.T. attribute shown in the report.

On 23/11/2021 at 16:42, Andavari said:

Then I'd recommend if available download the official SSD toolbox from the SSD manufacturer, oddities that some tools list shouldn't be an issue with the added bonus of being able to get firmware updates. Big major manufacturers such as Toshiba (now Kioxia) would likely have an SSD toolbox....

Hi Andavari:

Further to my 23-Nov-2021 post <above>  KOXIA EMEA (Europe, Middle East and Africa) customer service eventually responded but told me that they could not provide assistance to customers outside their region and asked me to contact the KOXIA USA/Americas customer service at https://www.kioxia.com/en-us/contact.html. Unfortunately, the customer support from the KOXIA USA/Americas division ignored my support request, and I can't find any SSD utilities on their USA/Americas support site at https://business.kioxia.com/en-us/ssd/support.html, let alone a utility that's compatible with my BG4 series model KBG40ZNS256G client SSD.
-----------
64-bit Win 10 Pro v21H2 build 19044.1466 * Firefox v96.0.3 * Microsoft Defender v4.18.2111.5-1.1.18800.4 * Malwarebytes Premium v4.5.2.157-1.0.1562 * HWiNFO Portable v7.16-4650 * Clear Disk Info v2.3.2.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[No SSD NVM info]

3 hours ago, Andavari said:

Then I'd recommend if available download the official SSD toolbox from the SSD manufacturer, oddities that some tools list shouldn't be an issue with the added bonus of being able to get firmware updates.  Big major manufacturers such as Toshiba (now Kioxia) would likely have an SSD toolbox....

Hi Andavari:

KIOXIA offers a SSD management utility at https://personal.kioxia.com/en-emea/software/ssd-utility.html for their EXCERIA line of personal SSD products, but my Inspiron 5584 shipped with a Toshiba/KIOXIA KBG40ZNS256G NVME SSD, which is part of their BG4 line of client SSDs.

As far as I know, firmware updates for Toshiba/KIOXIA clients SSDs like the BG4s are not available for download from the KIOXIA site (instead, they are sent directly to computer manufacturers like Dell, and after certification they are posted on the Dell support page <here> for my Inspiron 5584). I also don't know of any SSD management utility for their BG4 line of client SSDs that is available to the general public.  I submitted a support request today to KIOXIA at https://www.kioxia.com/en-emea/contact.html just to confirm and will post back if that information is wrong.
-----------
64-bit Win 10 Pro v21H1 build 19043.1348 * Firefox v94.0.2 * Microsoft Defender v.4.18.2110.6-1.1.18700.4 * Malwarebytes Premium v4.4.11.149-1.0.1513 *  Speccy Portable v1.32.740 * CrystalDiskInfo Portable v8.12.13 * HWiNFO Portable v7.14
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[No SSD NVM info]

On 30/07/2021 at 11:57, lmacri said:

Hi Andavari:

What would you suggest as a Speccy alternative?

I've shown <above> that CrystalDiskInfo is able to read the S.M.A.R.T. attributes of my NVMe SSD and I normally use Farbar Recovery Scan Tool (FSRT) and/or Belarc Advisor Free for diagnosing problems on my own computer...

Further to my July 2021 post, I just realized that CrystalDiskInfo is not displaying the Current / Worst / Threshold columns (i.e., shown as percentages from 100 to 0 %) for the S.M.A.R.T. attributes of my NVMe SDD.  I didn't realize that information was missing until I read a recent a CrystalDiskInfo review in Deanna McElveen's weekly "Best Utilities" column in the AskWoody Plus newsletter.  This newsletter is behind a paywall but Deanna McElveen has posted screenshots on her OlderGeeks.com website <here> that shows what the main interface should look like - at least for SATA HDDs. I've posted further details in the 15-Nov-2021 AskWoody.com discussion Freeware Spotlight – CrystalDiskInfo (where I also post as user lmacri), and as I noted in post # 2401622, my best guess right now is that CrystalDiskInfo can't display the Current / Worst / Threshold columns for my S.M.A.R.T. attributes because I have an Intel Chipset PCIe/SATA RST Premium Controller (which is not on CrystalDIskInfo's list <here> of supported controllers).

I also found a 13-Nov-2021 post <here> by HWiNFO developer Martin Malik that states:

Quote

“NVMe drives don’t report attributes like ATA drives do via SMART, moreover many SMART attributes are not standardized. Some tools create “fake” SMART values from NVMe status so that it looks as if NVMe would report the same sort of SMART attributes.“

HWiNFO only shows a short list of S.M.A.R.T. attributes with a Yes/No status for my NVMe SSD (see image below) so that makes me suspect that data for many of the S.M.A.R.T. attributes for NVMe SSDs in some hardware diagnostic utilities could be inaccurate.

-----------
64-bit Win 10 Pro v21H1 build 19043.1348 * Firefox v94.0.2 * Microsoft Defender v.4.18.2110.6-1.1.18700.4 * Malwarebytes Premium v4.4.11.149-1.0.1513 *  Speccy Portable v1.32.740 * CrystalDiskInfo Portable v8.12.13 * HWiNFO Portable v7.14
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Custom Clean Problems]

42 minutes ago, lmacri said:

...Go to Control Panel | Network and Internet | Internet Options | AutoComplete | Settings | Use AutoComplete For and see if Suggesting URLs is enabled....

 

Hi Hi KenK3664:

Sorry, I just noticed a typo in this path and it's too late to edit.  I should have said "Go to Control Panel | Network and Internet | Internet Options | Content |  AutoComplete | Settings | Use AutoComplete For and see if Suggesting URLs is enabled ..." as shown in my last image <above>.
-----------
64-bit Win 10 Pro v21H1 build 19043.1348 * Firefox v94.0.1 * MS Edge v95.0.1020.53 * Microsoft Defender v.4.18.2110.6-1.1.18700.4 * Malwarebytes Premium v4.4.10.144-1.0.1499 * CCleaner Free Portable v5.87.9306 * TreeSize Free Portable v4.5.2.600
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Custom Clean Problems]

Hi KenK3664:

I've never used IE11 on my Win 10 machine (including initial setup when IE11 is first launched) and I don't have Chrome installed but I do see the category Internet Explorer - Temporary Internet Files return every time I run a Custom Clean with CCleaner.  That's because a number of different programs, including File Explorer, will "borrow" files from the Internet Explorer API to add functionality (just a guess, but I wouldn't be surprised to learn that searches from the Win 10 Start menu that use Bing to suggest matches on the web even use Suggested Sites). Unlike you, however, I don't see any files being cleaned from a hidden C:\Users\<myusername>\AppData\Local\Microsoft\INetCache\Low\ subfolder.

Just some context about my own system.  I use Firefox as my default browser, and Settings | Search | Search Suggestions | Provide Search Suggestions | Show Search Suggestions in Address Bar Results is enabled (I'm not sure about Chrome, MS Edge v95 has a similar setting at Privacy, Search, and Services | Services | Address Bar and Search).  When I run a custom clean with CCleaner I clean every item associated with my IE and MS Edge browsers (recall  I don't have Chrome installed), but I stopped using CCleaner to clean my browsing history after a bug in CCleaner v5.69 damaged Firefox v79 browser extensions (see my 03-Aug-2020 post <here>) and I now have Firefox configured to clear my browsing history on exit.

When I browse with File Explorer with View | Hidden Items enabled I cannot see a hidden ‎folder called C:\Users\<myusername>\AppData\Local\Microsoft\Windows\INetCache\... . However, if I run the TreeSize Free Portable utility as an Administrator (i.e., right-click TreeSizeFree.exe and choose "Run as Administrator or launch TreeSize Free and click "Run as Administrator" in the toolbar) while View | Hidden Items is still enabled I can see C:\Users\<myusername>\AppData\Local\Microsoft\INetCache\Low\, although the only content in that subfolder is an empty container.dat file.  If you can only see your C:\Users\<yourusername>\AppData\Local\Microsoft\INetCache\Low\SuggestedSites.dat file with TreeSize Free that suggests this hidden file is a protected file owned by System and probably shouldn't be deleted using TreeSize unless you're certain this won't cause unexpected errors or glitches with any software that stores data in the SuggestedSites.dat file.

Here are a few things you can check that might be using the Suggested Sites:

Go to Control Panel | Network and Internet | Internet Options | Advanced and see if Enabled Suggested Sites is enabled.

Go to Control Panel | Network and Internet | Internet Options | AutoComplete | Settings | Use AutoComplete For and see if Suggesting URLs is enabled.  I'm not sure, but clicking Delete AutoComplete History might at least decreases the size of your SuggestedSites.dat file to 0 KB, even if it doesn't permanently remove the file.

-----------
64-bit Win 10 Pro v21H1 build 19043.1348 * Firefox v94.0.1 * MS Edge v95.0.1020.53 * Microsoft Defender v.4.18.2110.6-1.1.18700.4 * Malwarebytes Premium v4.4.10.144-1.0.1499 * CCleaner Free Portable v5.87.9306 * TreeSize Free Portable v4.5.2.600
Delll Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

[Driver Updater says, that my drivers are from 1970 y]

Hi Slawas87:

I use the portable build of CCleaner Free which (thankfully) does not include the Driver Updater feature so I can't tell you if there's been any noticeable improvement in detection of available driver updates, but I noticed that the change log for the latest v5.86.9258 (rel. 20-Oct-2021) at https://www.ccleaner.com/ccleaner/version-history now states in part:

Quote

Far out, man!

•     We’ve fixed some drivers thinking they were born in the 1970s!

Lawrence Abrams' 28-Sep-2020 BleepingComputer article Windows 10 is Offering a Confusing Mess of Intel Driver Updates notes that Intel driver updates delivered by Windows Update are sometimes deliberately backdated, stating that "In a 2017 blog post, Microsoft explains that using older dates is intentional as it enables Windows to pick the latest driver when multiple drivers are found for the same hardware device."  The 08-Feb-2017 Microsoft developer's blog Why are All Windows Drivers Dated June 21, 2006? also notes that "dates on all Windows drivers are set to June 21, 2006. The version number increases over time, but the timestamp stays put".

I suspect Avast/Cleaner is now displaying the original release date of the driver version that is provided by the original hardware manufacturer (e.g., Intel) and ignoring the "fake" driver timestamp used by Microsoft, but it would be helpful if someone from Avast/CCleaner could explain exactly how they now determine the release date for each driver version number.  It would also be helpful to know if CCleaner v5.86 now recommends a driver update for each particular hardware device ID based solely on the driver version number [i.e., only if the driver version number is higher (larger) that the currently installed driver, regardless of the driver release date].
-----------
64-bit Win 10 Pro v21H1 build 19043.1288 * Firefox v93.0.0 * Microsoft Defender v4.18.2109.6 * Malwarebytes Premium v4.4.9.142-1.0.1486 * CCleaner Free Portable v5.86.9258
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 6200

[Can't Download CCleaner v5.85 Portable / Slim Builds]

6 hours ago, hazelnut said:

All seems okay now...

Hi hazelnut:

Thanks for the heads ups.  The CCleaner builds page at https://www.ccleaner.com/ccleaner/builds is now working for me as well.

[Can't Download CCleaner v5.85 Portable / Slim Builds]

Every time I visit the builds download page for CCleaner v5.85.9170 (rel. 14-Sep-2021) at https://www.ccleaner.com/ccleaner/builds I see the following error:

The "standard" build for CCleaner Free v5.85 can be downloaded from https://www.ccleaner.com/ccleaner/download so I assume there's no critical bug in v5.85 that prompted Piriform/Avast to pull the Slim and Portable builds from their download servers.  Does anyone have an approximate ETA when the CCleaner builds page will be working again?

Piriform/Avast still hasn't restored the Slim and Portable builds of Speccy, Defraggler and Recuva to their respective builds pages even though employees promised back in October 2019 that these download links would be "reestablished shortly" (see Dave CCleaner's post <here>) so it's a bit concerning to see the builds page for CCleaner not working.

EDIT:

Just FYI, the download link for the v5.85 Portable build on MajorGeeks at https://m.majorgeeks.com/files/details/ccleaner_portable.html seems to be downloading the correct ccsetup585.zip file.
---------------------
64-bit Win 10 Pro v21H1 build 19043.1165 * Firefox v92.0 * Microsoft Defender v4.18.2108.7 * Malwarebytes Premium v4.4.6.132-1.0.1453 * CCleaner Free Portable v5.84.9126
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

[No SSD NVM info]

2 hours ago, Andavari said:

NVMe will have a newer revision coming out possible in the next few months so Speccy will be even further outdated. But there's other tools freely available online.

Hi Andavari:

What would you suggest as a Speccy alternative?

I've shown <above> that CrystalDiskInfo is able to read the S.M.A.R.T. attributes of my NVMe SSD and I normally use Farbar Recovery Scan Tool (FSRT) and/or Belarc Advisor Free for diagnosing problems on my own computer.

However, if I'm helping someone else troubleshoot a problem in a user forum and only need a basic diagnostic to show me their hardware components and installed software then Speccy is often a good choice because it's easy for a non-technical person to collect and publish a Speccy snapshot (File | Publish Snapshot) on the Piriform server at http: // speccy.piriform.com/results/xxxxxxxxxxxxxxx . Some forums don't allow users to attach .txt or .log files to their posts, while others only allow Forum Mods with escalated privileges to view attached files.  I can't ask users to publicly post a Belarc Advisor log because of the protected information (e.g., software product keys) it collects.
----------------
64-bit Win 10 Pro v20H2 build 19042.1110 * Firefox v90.0.2 * Microsoft Defender v4.18.2106.6 * Malwarebytes Premium v4.4.3.125-1.0.1387 * Speccy Portable v1.32.740
Dell Inspiron 15 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

[No SSD NVM info]

On 09/07/2021 at 17:59, gema said:

Same result for any NVMe

Speccy hasn't been updated since v1.32.740 was released on 20-May-2018, and the builds page at https://www.ccleaner.com/speccy/builds only has a download link for the Standard installer.

On 20-Jul-2019 Avast / Piriform employee @Dave CCleaner posted in Speccy - No Updates Since May 2018 that "To confirm, updates to the client software for Defraggler, Speccy and Recuva are certainly planned. No committed dates at this point in time, but we're aiming for later this year."

On 22-Oct-2019 Dave CCleaner posted in Download Link for the Portable Version is Downloading the Setup Version that "We've got a couple of broken links as a result of moving recently to a new download server.  These will all be reestablished shortly."  That comment was posted in the Defraggler board (another utility that is missing the Slim and Portable builds at https://www.ccleaner.com/defraggler/builds) but at the time I was told that download links to the Slim and Portable builds for both Speccy and Defraggler would be re-posted on their respective builds pages "soon".

I would appreciate if someone from Avast / Piriform would provide a status update and let us know if Avast has any plans to support Speccy going forward and release another update that works correctly with modern hardware components.
----------------
64-bit Win 10 Pro v20H2 build 19042.1110 * Firefox v90.0.2 * Microsoft Defender v4.18.2106.6 * Malwarebytes Premium v4.4.3.125-1.0.1387 * Speccy Portable v1.32.740
Dell Inspiron 15 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

[Wrong Version Numbers?]

On 19/07/2021 at 09:58, johnccleaner said:

This can occur if the manufacturer of the driver changed how versions were numbered.

What you'd want to check would be the release dates of the drivers in question, which you can find in the 'Learn More' section for each driver; I believe that's what the Driver Updater actually uses to determine if a driver is newer or not.

Hi johnccleaner:

Does Avast / Piriform use any criteria other than hardware ID and driver date to determine whether a "newer" driver should be offered, and where does Avast / Piriform source their drivers?  For example, does Driver Updater only offer drivers sourced directly from the manufacturer (e.g., Intel, Realtek, NVIDIA, etc.) and are the dates of these drivers an exact match to the same driver (i.e., with the same hardware ID and version) offered on the manufacturer's support site?

Given the number of users reporting that CCleaner's Driver Updater is installing drivers with a lower version number I don't understand how this problem could only occur "if the manufacturer of the driver changed how versions were numbered".

Lawrence Abrams' 28-Sep-2020 article Windows 10 is Offering a Confusing Mess of Intel Driver Updates on BleepingComputer explains why Microsoft intentionally uses an older date (e.g., "18-Jul-1968", "21-Jun-2006") to help Windows Update offer the latest driver when multiple drivers are found for the same hardware device (note: some of these backdated drivers were installed at the factory on my two-year-old Dell laptop - see image below for my current precision touchpad driver dated 21-Jun-2006).  The 08-Feb-2017 Microsoft developer's blog Why are All Windows Drivers Dated June 21, 2006? notes that "dates on all Windows drivers are set to June 21, 2006. The version number increases over time, but the timestamp stays put", and that blog article goes on to explain:

Quote

"... When the system looks for a driver to use for a particular piece of hardware, it ranks them according to various criteria. If a driver provides a perfect match to the hardware ID, then it becomes a top candidate. And if more than one driver provides a perfect match, then the one with the most recent timestamp is chosen. If there is still a tie, then the one with the highest file version number is chosen.

Suppose that the timestamp on the driver matched the build release date. And suppose you had a custom driver provided by the manufacturer. When you installed a new build, the driver provided by Windows will have a newer timestamp than the one provided by the manufacturer. Result: When you install a new build, all your manufacturer-provided drivers get replaced by the Windows drivers. Oops.

Intentionally backdating the drivers avoids this problem...".

Is Avast / Piriform  taking into account that many drivers delivered by Windows Update are backdated?  When a user downloads driver updates from the support page of their computer model (e.g., from the support site of Dell, HP, etc.) that are certified for their specific computer model and BIOS is it possible that the date for those certified drivers could also be backdated or somehow mismatch the date of the original manufacturer's driver even if the hardware ID and version match?

-----------
64-bit Win 10 Pro v20H2 build 19042.1110 * Firefox v90.0.2 * Microsoft Defender v4.18.2106.6 * Malwarebytes Premium v4.4.3.125-1.0.1387 * CCleaner Free Portable v5.83.9050
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

[HDMI monitor not getting signal after attempting driver updates]

Hi Shonda:

Just checking in to see if you were able to get your HDMI monitor working again.  Did you ever find a solution?
----------
64-bit Win 10 Pro v20H2 build 19042.1052 * Firefox v89.0.2 * Microsoft Defender v4.18.2106.6 * Malwarebytes Premium v4.4.2.123-1.0.1358 * CCleaner Free Portable v5.81.8895
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

[HDMI monitor not getting signal after attempting driver updates]

Hi Shonda:

One other hint I forgot to mention, although it won't apply to you if you run System Restore after booting into Safe Mode.

If you use a third-party (non-Microsoft) antivirus or anti-malware program that runs in real-time (i.e., that loads automatically when you boot up normally) and it has a self-protection feature, make sure you disable this self-protection in your antivirus settings before running a System Restore.  For example, I used Norton Security for several years and their support article Fix System Restore Problems with Norton Installed recommends that users disable the Norton Product Tamper Protection module before performing a System Restore so that it doesn't interfere with the restore process.

If you run System Restore after booting up in Safe Mode this shouldn't be a concern since you will only load the minimal system files and drivers necessary to run Windows and any third-party antivirus should not be loaded.

If you use a third-party antivirus and aren't sure if it has a self-protection module post back and let us know the product name and version number.
----------
64-bit Win 10 Pro v20H2 build 19042.1052 * Firefox v89.0.2 * Microsoft Defender v4.18.2105.5 * Malwarebytes Premium v4.4.2.123-1.0.1358 * CCleaner Free Portable v5.81.8895
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

[HDMI monitor not getting signal after attempting driver updates]

Hi Shonda:

What is your operating system and the make/model of your computer both and external monitor?  If you have a discrete graphics card (e.g., NVIDIA GeForce, AMD Radeon, etc.) do you know the make/model, and do you recall if Driver Update installed a graphics driver update?  Is this monitor attached to a desktop or laptop computer?

Are you able to boot into Safe Mode or Safe Mode with Networking (see the BleepingComputer articles How to Start Windows in Safe Mode and How to Start Windows 10 in Safe Mode with Networking).  If you can start your computer in Safe Mode using the minimal diver set you might be able to use your monitor again and follow the instructions in the support article I’m Having a Problem with Driver Updater. What are my Options? to revert your driver updates.

If you can boot up in Safe Mode but reverting your driver updates doesn't help you might be able to restore your system to a previous date using Windows' System Restore (i.e., using a restore point saved prior to running Driver Updater) as instructed in the section titled "How to Restore Your System to an Earlier Restore Point" of the How-To Geek article How to Use System Restore in Windows 7, 8, and 10. System Restore can be found on my Win 10 Pro v20H2 computer at Settings | System | About | Related Settings (look on the far right of the About page for this heading) | System Protection (see image below). The Lifewire article How to Access Advanced Startup Options in Windows 10 or 8 notes that you can also access System Restore from the same Advanced Startup Options menu you use to start your computer in Safe Mode.

 

If none of this helps and someone else doesn't jump into this thread and offer further suggestions see employee Stephen CCleaner's Driver Updater - What We're Working on Next for instructions on how to open a support ticket with the CCleaner support team. See employee MeganCCleaner's instructions in Driver Updater Disaster for instructions on how collect diagnostic logs that you can submit with your support ticket request (assuming that your monitor works when you boot into Safe Mode).
----------
64-bit Win 10 Pro v20H2 build 19042.1052 * Firefox v89.0.2 * Microsoft Defender v4.18.2105.5 * Malwarebytes Premium v4.4.2.123-1.0.1358 * CCleaner Free Portable v5.81.8895
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620