[False Positive]

Sorry to bother you again with this.

 

I downloaded a fresh copy of the Patcher and ran a MBAM scan on it and it came up clear this time.

 

Sorry I jumped the gun and posted prematurely.

 

Great program and forum.

mbam-log-2012-08-25 (06-54-57).txt

[False Positive]

I started up my pc this morning and MBAM popped up with a Trojan.Dropper.AI warning.

 

I have been using this Adobe Flash Fullscreen Patcher found at http://forum.videohelp.com/threads/304807-How-to-remove-annoying-Press-Esc-to-message-in-Flash-Video for over a year with no problems.

 

Here is the log on it.

 

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.24.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Deke :: DEKE-PC [administrator]

Protection: Enabled

8/25/2012 6:11:55 AM

mbam-log-2012-08-25 (06-11-55).txt

Scan type: Custom scan (C:\Users\Deke\Documents\Flash Fullscreen Patcher.exe|)

Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P

Objects scanned: 1

Time elapsed: 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Deke\Documents\Flash Fullscreen Patcher.exe (Trojan.Dropper.AI) -> Quarantined and deleted successfully.

(end)

[DNS Cache]

Are you using a altered hosts file? or perhaps flush and ccleaner both cause the dns to begin rebuilding.

 

Just the normal Windows host file.

[DNS Cache]

I did a search and couldn't find anything.

 

I checked the "DNS Cache" and did a cleaning.

 

Used the ipconfig/ displaydns and there is still a long list there.

 

What am I not doing wrong.

 

I even used the ipconfig /flushdns command and it said the

cache had been flushed but is still there.

[CCleaner Not Deleting Cookies]

Before I got your post I had deleted the cookies through Internet Options.

 

I went back to Fox and their cookie loaded up and when I cliked on it the Adobe logo appears at the bottom.

 

It will not delete with CCleaner.

 

I have one exclude in my CCleaner and going to uncheck it and see if that makes a difference.

 

Deleting the exclude allowed me to run CCleaner and get rid of the Fox cookie, so I guess that was it.

I have used that one for a long time but had downloaded the new Flash Player recently and it must have

caused this exclude to react that way.

 

Thanks for getting me on the right path to the answer.

[CCleaner Not Deleting Cookies]

When you click on a cookie, does the Adobe logo appear at the foot of the column?

 

Before I got your post I had deleted the cookies through Internet Options.

 

I went back to Fox and their cookie loaded up and when I clicked on it the Adobe logo appears at the bottom.

 

It will not delete with CCleaner.

 

I have one exclude in my CCleaner and going to uncheck it and see if that makes a difference.

[CCleaner Not Deleting Cookies]

They are likely flash cookies.

Do you have ☑ Adobe Flash Player ticked?

 

Yes I have that checked.

[CCleaner Not Deleting Cookies]

I just now noticed when I run CCleaner and do a cleaning I am left with a bunch of cookies in the "To Delete" side.

 

I have 30 or so cookies saved for log-in purposes but these are just random cookies. Is there a spot that CCleaner is missing.

 

Running Vista Home Premium SP2. Using IE only.

[New Cookie Import/Export Function]

Tried the new import/export cookie to Keep list.

 

I exported the cookies in my Keep list then deleted them from the list. Imported them back and my auto log-in cookies I keep there didn't work. Also the C:\Users\Deke\AppData\Roaming\Microsoft\Windows\Cookies\Low folder was not repopulated with my log-in cookies.

 

Evidently this doesn't work or I am not doing something right.

 

Thank goodness I keep them in a text file exported through IE's Export/Import function.

 

Using Vista Home Premium SP2.

 

If I am to dense to figure this out and it works I apoligize.

[Broom On CCleaner Icon?]

Its had the broom for quite some time, how old is that screen shot

 

August 07.

 

Here is the link.

 

http://www.dslreports.com/forum/r25084820-When-Did-They-Add-The-Broom-

[Broom On CCleaner Icon?]

I have an old shot of my entire desktop with the CC icon on my taskbar without the broom but just noticed

today that there is a broom on the icon on my taskbar.

 

Did this happen with the newest version of CCleaner?

 

I know I am over 70 and my mind is slowly loosing some of it's retentive power but not a warp speed.

[New CCleaner]

Another spanner in the works. Previously if I ticked or unticked Show Securely Deleted Files there was no difference to the number of files displayed (i.e there were no files recognised as securely deleted). This afternoon sys restore dumped a few hundred deleted files as it does every week or so. Now if I untick Show Securely Deleted Files there are 22 files hidden, and if I tick it all are shown. None of the files are of the familiar zz format. Fifty-eight have z in the name, four have zz, and only two have zzz (or more) in the filename. So zz isn't they way of identifying a securely deleted file. Surely Piriform works in mysterious ways.

 

 

My old brain is about on overload already so I am going to dwell on it for awhile.

 

Merry Christmas to you over the pond as your are 6 hours closer to it than we are.

[Does CCleaner Make Eraser Obselete?]

Does Eraser actually just delete files and leave the file names in the MFT like CCleaner use to do or does it overwrite them like in the images at this link:

 

http://forum.piriform.com/index.php?showtopic=25905

[New CCleaner]

Did you notice the big drop off on your Free Space as I did while the wipe was taking place.

 

I guess I will run another later and see how far down it actually goes. I kind of panicked on the last one when it got down

below 85GBs.

 

It also had opened a file of about 34MB on my C drive but it was gone when I shut CC down and looked for it again.

[New CCleaner]

I was doing some more testing using WFS and decided to do a check on my C drive used and unused space.

 

It had dropped a bunch and as I kept refreshing it it kept dropping. I knew this must be due to the WFS I was doing and had

probably done it when I ran the WFS before but seeing I was only up to 50% on the process of wiping I decided to abort for now.

[New CCleaner]

I will try to answer your questions as best I can as I did quite a few things while testing the "Wipe Free Space".

 

Yes I deleted files with CC and used the DOD method along with the "Wipe Free Space" checked.

 

It looked like it renamed all of the ones available although there were a few that came from me using the internet just before I checked the Recuva results.

 

I will have to try an overwrite some of the file again and see the ones it will overwrite and see what they are about.

 

The files Recuva found were all either 592 or 600 bytes, mostly 600.

 

The dates are all the same.

 

I don't check anything under Options\Actions after running WFS it doesn't show very many files as I have not been on the internet much in the interum. But if I check "Show Securly Overwritten Files" it will show all the Z files.

 

Here is an image of one of the Z files properties.

[New CCleaner]

I had downloaded the new version of CCleaner and decided to run it with the "Wipe Freespace" checked to see if it had actually been improved.

 

After doing so I used Recuva and the names of the files found had all been changed to a bunch of Zs.

 

Does this mean CCleaner is renaming the files in the MFT now?

 

Here is an image of what Recuva found after running CCleaner with the WF ticked.

 

Also tried to do an overwrite on the files in Recuva that had excellent by them and got this.

[Java cache not cleaned]

I was having the same problem in Vista Home Premium.

 

I just the added the path to my "Include" section of CC and it takes care of them that way.

 

C:\Users\Deke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

[Deleted Files & Analyzied Files]

Do you mean that Stage 1 says Scanning 1500 files, and Stage 2 says Analysing 500, for example? I think that's what I get but the info flashes up too fast to read. I usually cancel stage 2 and it seems to make no difference at all.

 

Yes and yours are on somewhat smaller scale than mine.

 

I was wondering why such a differential between the two.

[Deleted Files & Analyzied Files]

I notice that when Stage 1 takes place during a scan Recuva finds around 18K files then in Stage 2 it only analyzies only about a third of that,

 

Why the lesser amount for the Stage 2.=?

[Over Writing Of File Names In The MFT]

In a post on here is was stated that when you use a secure deletion with CCleaner then use Recuva you should not see the file names but a bunch of zzzs or something of that nature.

 

I started after a fresh cleaning with CC and surfed awhile and then used the NSA overwrite then used Recuva and could see the actual file names of some of the sites I visted.

 

Am I doing something wrong when running CC or is just the norm?

[Size Of Amount To Be Removed]

I decided to not run CCleaner for a few days and see how much junk would pile up.

 

Let it go for a couple of days and it seems to be stuck around 160MB with my normal amount of surfing the net.

 

Is this common or is there a limit or something that would make it not see anymore removable junk?

[Wipe free space deleted space how do i get it back?]

And then information will be written to the MFT making that overwritten space available again to be overwritten, but now without any sensitive or personal data on it.

 

Granted it deletes the information in the files in the MFT but leaves the names of the files that can be looked at using Recuva.

[Index.dat Deleted Or Not]

Oliver-Good morning from Texas.

 

I am curious about one thing. Are you using the "Secure Deletion" under options- settings are just the "Normal Deletion"? Not sure if this makes any difference but just wondering since my index.dat comes up clean(or at least the 32K) after running CCleaner.

 

 

I did some more checking. I changed the deletion method to "Normal Deletion" re-ran CC and checked Winspy and had over 40 urls left under index.dat then re-ran CCleaner with the "Secure Deletion" ticked and then re-checked with Winspy and had just the two from MS that never go away. I know this is not an indepth test but it looks like there is a difference with the two forms of deletion used.

[Index.dat Deleted Or Not]

Robbie mentioned:

Hello Robbie,

 

we actually double-checked CCleaner on three different systems here (Win 98-XP) - all we can say up to now is, that the content of the Index.dat-Files still remains after rebooting...

 

a clean and sober Index.dat-File should be around 16-32 KB - and that was definately not the case here so far....

 

this is not to denunciate CCleaner - maybe we are doing something wrong here...

Oliver

 

 

Oliver-Good morning from Texas.

 

I am curious about one thing. Are you using the "Secure Deletion" under options- settings are just the "Normal Deletion"? Not sure if this makes any difference but just wondering since my index.dat comes up clean(or at least the 32K) after running CCleaner.