marmite

Yep you're making sense But no, I wasn't referring to the number of passes, I was referring to just parts of the file being overwritten as opposed to all of it being overwritten. Once data is overwritten no software can read it what was there before, as I said earlier. However you might get a scenario where, completely by chance, a file is partially overwritten by some process or other leaving the file 'semi-intact' to the point where 'a' file can be recovered, but it won't be quite the original. So depending on what type of file it is, you might get something that's enough to get what you wanted from the remainder of the file. I've seen this randomly happen with jpegs ... where you get part of a picture. But getting a usable file is extremely unlikely. And indeed to all intents and purposes it's not worth considering ... really I was just being unnecessarily pedantic. Where a file has been overwritten properly by secure deletion software (as in the software does it's job!) then a file won't be recoverable at all, even after just a one-pass overwrite. The lack of defragging on your brother's machine may increase the chance of some recovery ... but as people have said it's really down to how much use it's had. PS ... and I take it you have another drive that you can recover files to (like an external drive, or even a USB stick if you don't need too much space) ... Recuva doesn't restore files 'in situ'!

I just noticed Eraser is now out at V6 ... you might want to try it if you're not in the "oh no Joel" camp

I frequently use Eraser to tidy up as I go along. This is done with the right-click context menu and could be from any disk location ... I can't readily do that with ccleaner.

Ah; thanks Tom. What I meant in my comment was that it's useful to be able to get hold of the hash. Whilst it seems their tool uses MD5 (which I didn't realise because the application doesn't tell you that; it just says 'compare content') it doesn't show you the hash in the output so you can't actually capture or record it. I'm sure I've seen some dupe finders that do give you the hash. But thinking further about how any dupe finder would have to be written to work efficiently, keeping a hash is by far the most efficient way of going about. I suspect that any program that does content comparison uses a hash under the hood anyway, whether or not it mentions it.

It depends what you're looking for ... sometimes name and size only is enough But I think every program I've come across uses a binary comparison anyway, which is effectively the same as comparison via a checksum. That said, it's always useful to have a checksum ... you might want to keep it for a future comparison for example. Unfortunately that's one thing the Auslogics tool doesn't give you.

Hi Musical The bottom line is that it's not the age of the files that is relevant. As you have already alluded to, it's the amount of data that's been written to the files in between time that is the crucial factor. The swap file is in a fixed location (unless of course he's recreated or moved it). But almost any other file written to that disk (like temp internet files, software patches/upgrades, software temporary files, log files etc) could have overwritten the old photos. You will see some files listed that aren't in a good enough condition to recover, as you have already discovered running Restoration. As kroozer says, best thing to do is to suck it and see. I'd set Recuva to deep scan and just see what's there. hazelnut's link and the documentation around it has all the info you need. Also, download the portable version and run it off a USB stick ... otherwise the Recuva installation will overwrite some of the space. No software will recover files that have been completely overwritten.

I like Auslogics stuff and haven't had a problem with their duplicate finder.

Did you have something specific in mind? All of the connections appear to be being dropped client side. I don't think it's ccleaner - I'm wondering why you think it's 2K3. @ renans - is the share that's being mapped to on the server? Is there a connection limit on this share?

Hi I can't think of anything that ccleaner does that affects drive mappings. Moreover, ccleaner doesn't run in the background, so if their mappings are just being randomly lost, then ccleaner cannot be responsible for actually dropping the connection. The only caveat to that would be if ccleaner was doing something when it ran that somehow affected the ability to make or keep drive mappings, but as I said before I'm not aware of anything that ccleaner doing anything like that and it wouldn't particularly make sense as a 'cleaning' activity. What mechanism are you using to make the drive mapping? And why do you need to reboot to reestablish this ... does the mechanism fail to work again once the mapping has been lost?

Hiya Nullack xcopy should certainly work okay ... just make sure you go through all of the switches to make sure you set the right ones (like to get hidden/system files etc). There are lots of options ... ordinary Explorer GUI (not sure how many times you'd need to click the 'don't overwrite' button!). Also free tools like WinMerge. But xcopy is probably quickest and most straightfoward - especially if you're comfortable in the command line. You could always use free WinDiff afterwards to make sure the trees are identical.

Season's greeting to all I'd particularly like to acknowledge the moderators who consistently put in an awful lot of work keeping this place sensible, friendly and spam-free!

You're better off keeping the Event Logs tidy through Event Viewer itself ... it's far more configurable. It's not a good idea to keep them completely cleared down because of their usefulness.

Thanks. Schneier's newsletter is worth subscribing to. As well as more general stuff there are always links to some really good articles on on all sorts of matters related to security and privacy, both in IT and the wider world.

http://blog.szynalski.com/2009/11/23/volum...system-restore/ ... courtesy of this month's edition of Bruce Schneier's Crypto-Gram Newsletter.

Ccleaner won't stop programs being added back onto that list, if that's what you mean.

Must admit I've always viewed it as an info / object removal tool for things in certain standard categories and locations; key entries and stuff like BHOs and the like. So I can see why it's less use against modern malware; I just didn't think it was meant to be that sophisticated in the first place. Incidentally Andavari there's a sysinternal tool that will remove / rename at reboot, if you want to ditch HJT.

It's a UI style thing ... it's not actually disabled ... you should be able to check it

Lovely clean, uncluttered design One observation: Because the topic titles are stacked vertically they take up a lot of real estate. There's a huge swathe across the top (340px deep on the home page) which effectively just has your header and six titles. That's okay on a big screen - but makes life harder on a netbook! You could compact that - for example reducing the depth of the dark blue area, and stringing the titles on one line; after all they don't open up to sub-menus. Obviously you don't want to detract from the overall style, but visually it might be worth experimenting with.

Wot CTskifreak said. As a general comment, not just to the OP ... backing up personal data (as opposed to system files) whether it be music, documents, pictures ... anything that is 'yours' should ALWAYS be backed up before doing something like this. Hell it should be backed up anyway! If you haven't got space then beg, borrow or buy some but DON'T leave it to chance that it will just 'be there' afterwards or that you'll be able to get it back!

Why do you say that - is it because its functionality has been superseded and improved on by other tools? Surely it still works as far as "doing what it used to do" effectively?

Ditto (paid-for Macrium) to a separate external drive. I'm also running a RAID mirror. Data on other partitions is backed up using SyncToy to multiple external encrypted drives (one of which is kept securely away from home!).

Yep. If you do it right (or the program does it right!), data is never recoverable by software.

For example, you may be able to use group policy to restrict ccleaner changes by changing registry key permissions or file permissions so that they can't make changes to settings. I haven't tried this, but it may work depending on how ccleaner operates. Or you could change the folder permissions so they can't delete the IE history. Of course ... if you are relying on running on ccleaner to clean files that wouldn't work for you either ... so that would not be a very satisfactory solution. Also, like it or not, many badly written programs need admin privileges to run properly ... so you might find that doing this would prevent other programs from functioning. But if the users are not very technical, Andavari's option is probably the better one anyway

@ Andavari. Nice find; haven't seen that before. @ luik. you would only have to do this once per new version and copy the deployables. Given the specialised functionality that you require that doesn't seen like much of an overhead! You have to redeploy the executable when you intercept a new ccleaner release anyway. Do your users have administrator rights? If not that gives you other options anyway. If they do, the can manually circumvent any restrictions you put in place if they choose to.

I've always wanted to go to Paris, Texas .... just 'cos as a European (or maybe it's just me ) it sounds 'wrong'!!