Lost Disk Space

  • Thread starter Thread starter Sam
  • Start date Start date
S

Sam

Hi, I'm using XP Home with SP2. When I Look at the properties of the C:
drive, it says I have used approx 55GB with 19GB left. The Defrag
utility says the same. However, when I look at all the space used in
all the directories on C: I appear only to have used about 25GB, which
is actually more like what I think I'm using. Can anyone please point
me to what might be using up the huge amount of extra space - it's a
hell of a lot to go missing and I'd like to retrieve it :-(
 
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Hi, I'm using XP Home with SP2. When I Look at the properties of the
C: drive, it says I have used approx 55GB with 19GB left. The Defrag
utility says the same. However, when I look at all the space used in
all the directories on C: I appear only to have used about 25GB, which
is actually more like what I think I'm using. Can anyone please point
me to what might be using up the huge amount of extra space - it's a
hell of a lot to go missing and I'd like to retrieve it :-(
Click to expand...

Start here and let me know what you see:

SequoiaView:
http://www.win.tue.nl/sequoiaview/

Are you on broadband? Without active security scanning? Without a firewall
in place perhaps? Do you have viewing hidden files enabled?

Start > run > type "control folders" (without the quotes) > hit enter > View
tab > SHOW hidden files and Protected files.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Galen said ...
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:


Start here and let me know what you see:

SequoiaView:
http://www.win.tue.nl/sequoiaview/

Are you on broadband? Without active security scanning? Without a firewall
in place perhaps? Do you have viewing hidden files enabled?

Start > run > type "control folders" (without the quotes) > hit enter > View
tab > SHOW hidden files and Protected files.

Galen
Click to expand...
Thanks Galen. BB - yes. Firewall is ZA free V6. CA eTrust AV. Hidden
files were shown. Protected file were not shown. This has made a
difference of about 2GB so I can now see about 28GB, but the disk still
has 55 GB used. Treesize tells me C: uses 28 GB. Sequoia is a bit
different and difficult for me to interpret but at the top RHS, there
are two files, C:\hiberfil.sys and C:\pagefile.sys which are not in
themselves large (about 600MB each) but the data at the bottom of
sequoia, when I hover over those files, tell me the Dir (that will be C:
\) is 51GB. I cannot see a subdir which is anything approaching this,
though and trying to add up all the sub dirs on the sequoia page gives
me the old 28GB approx.
 
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Galen said ...
Thanks Galen. BB - yes. Firewall is ZA free V6. CA eTrust AV.
Hidden files were shown. Protected file were not shown. This has
made a difference of about 2GB so I can now see about 28GB, but the
disk still has 55 GB used. Treesize tells me C: uses 28 GB.
Sequoia is a bit different and difficult for me to interpret but at
the top RHS, there are two files, C:\hiberfil.sys and C:\pagefile.sys
which are not in themselves large (about 600MB each) but the data at
the bottom of sequoia, when I hover over those files, tell me the Dir
(that will be C: \) is 51GB. I cannot see a subdir which is anything
approaching this, though and trying to add up all the sub dirs on the
sequoia page gives me the old 28GB approx.
Click to expand...

It's not looking good... What I'm curious about now would be something
called a rootkit. The concept is not new but only recently have they become
known in the Windows environment. (And they always said Windows was less
secure?) Rootkits have been around the *NIX realm for a long time now but
the idea/knowledge that they could be effective in Windows (more so on a
permissions based OS than that seen in 9x) is only recently becoming
something the public (and even some experts) are aware of.

Take a peek here. I'm wonding if you have some sort of fancy worm or the
like. I guess you probably wouldn't notice (that's the point after all) any
additional traffic...

http://research.microsoft.com/rootkit/

Simple curiousity... Broadband... Is it slower than normal at times? I don't
mean marginally, I mean have you noted any serious slowdowns?

IF <-- that's a big IF
You are "infected" (it's not really an infection but a true hack, a complete
usurption of power and the means to hide it) then it's not going to be a
good day for you...

This is a rather long drawn out process if indeed you are compromised.
Flattening your box means just that as all data would become suspect.
Hiberfil and pagefile are normal. One is for when you operate and the other
is your page file. Those sizes seem rational. Have you noticed ANY odd
behavior?

Let's guess that they weren't complete... Start > Run > "cmd" without the
quotes > enter > netstat > enter > netstat -n > enter > netstat -a > enter
and compare the results... Anything beyond what you can find by rooting
about in a trace route utility or doing lookups of the IP addresses?

I guess I'm mostly just facinated (sorry about that) because if this is the
case then you will have the first actual case I've seen for Windows.
*chuckles* Too bad you probably live on the other side of the globe, I'd
like to actually examine something like that.

Anyhow, with your handy RootkitRevealer, take a peek. Disconnect from the
internet (ASAP) and turn off your modem physically. Disable your AV and
other software that's scanningn actively and scan with the RootkitRevealer.
From there you can use the command lines (shown on the site) to really get
into the nitty gritty. While I doubt that, if this is the case, there's a
whole lot you can do you can certainly be in a position to learn a great
deal and while I don't envy you (nor your potential upcoming loss of data) I
do wish that I could be there to witness it. Call it morbid facination if
you will...

Anyhow, for the short term... Go to www.kaspersky.com and get the trial
version of KAV. Install it (disable your current AV) and update it. Scan
with that as well. For now stick with just the trial version - I'm pretty
sure it works just fine for 30 days. TrojanHunter (www.trojanhunter.com) is
also good for a 30 day trial. Beyond that update them and scan in safe
mode... Then take a peek and see if the antispyware apps bring anything
interesting to light... A bunch and some simple instructions listed here:

Malware Cleaning :
http://kgiii.info/windows/all/general/malwarefix.html

Assuming those bring nothing up post back and let us know if you came up
clean and we'll see where to go from there but that's where I'd start.
Actually start at the bottom of this list and work your way up to the
RootkitRevealer as the results of that can seem misleading (and horible as
it's called a few things suspect on a brand new installation here) and more
than likely will just make you angry than fixing anything or leading you to
fixing anything I should say.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Galen said ...
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:


It's not looking good... What I'm curious about now would be something
called a rootkit. The concept is not new but only recently have they become
known in the Windows environment. (And they always said Windows was less
secure?) Rootkits have been around the *NIX realm for a long time now but
the idea/knowledge that they could be effective in Windows (more so on a
Click to expand...

Nothing strange noticed at all. Will try the above thanks but I'm not
very technical and also there's having the time. Will get back here
when I find something, or not.
 
You might check the paging file to see if it is taking up more space than
needed. Also system restore and the recycle bin's disk space usage can be
adjusted to free some space on the HD.

If you burn DVD's and save the ISO as a backup or forgot to delete them
after a copy was restored, just 6 DVD ISO files at 4.3+ gb could gobble up
free space quick.. Not to mention numerous CD ISO files as well as MP3 and
JPEG and the list goes on. You may just need to clean out the computer.

j;-)
 
Sam said ...
Nothing strange noticed at all. Will try the above thanks but I'm not
very technical and also there's having the time. Will get back here
when I find something, or not.
Click to expand...
Galen,

Well now, I've had an interesting evening, although not quite as you may
have expected.

I downloaded KAV and installed it - unfortunately, try as I might to get
it to work, it kept causing my PC to freeze, fall over, etc.! I was
beginning to get a bit paranoid! I uninstalled KAV. I ran an online
virus scan from Trend Micro and that showed up nothing at all. After a
number of re-boots following my KAV problems, the disk size was still
showing the same anomalies. Thinking back, I've probably had this
problem for at least a week or so.

Thinking that I might have to call my PC support number (it's < 1 year
old and I am on a support contract) I decided I'd better re-install
Norton Internet Security, which came with the PC as standard but which I
uninstalled two months ago because of speed problems etc. This re-
installation took a very long time due to multiple passes with
LiveUpdate being necessary and Norton's usual snail's pace installing
the updates. After many re-boots etc., after NIS was completely in
place and I'd suppressed Zonealarm and CA eTrust I decided to look at
the dik size again. Well, the problem has disappeared - C: properties
report 29GB used, 42 free - as I expect since NIS has used some disk
space on installation. Equally, Sequoia now reports the new disk usage
as does Defrag.!! In Sequoia, the pagefile and hibernate file are in a
Dir of size 27.4GB - as I'd expect more or less.

So - wtf has been going on? I'm happy now but perplexed as to what was
the problem. Many thanks for your advice, though.
 
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Sam said ...
Galen,

Well now, I've had an interesting evening, although not quite as you
may have expected.

I downloaded KAV and installed it - unfortunately, try as I might to
get it to work, it kept causing my PC to freeze, fall over, etc.! I
was beginning to get a bit paranoid! I uninstalled KAV. I ran an
online virus scan from Trend Micro and that showed up nothing at all.
After a number of re-boots following my KAV problems, the disk size
was still showing the same anomalies. Thinking back, I've probably
had this problem for at least a week or so.

Thinking that I might have to call my PC support number (it's < 1 year
old and I am on a support contract) I decided I'd better re-install
Norton Internet Security, which came with the PC as standard but
which I uninstalled two months ago because of speed problems etc.
This re- installation took a very long time due to multiple passes
with LiveUpdate being necessary and Norton's usual snail's pace
installing the updates. After many re-boots etc., after NIS was
completely in place and I'd suppressed Zonealarm and CA eTrust I
decided to look at the dik size again. Well, the problem has
disappeared - C: properties report 29GB used, 42 free - as I expect
since NIS has used some disk space on installation. Equally, Sequoia
now reports the new disk usage as does Defrag.!! In Sequoia, the
pagefile and hibernate file are in a Dir of size 27.4GB - as I'd
expect more or less.

So - wtf has been going on? I'm happy now but perplexed as to what
was the problem. Many thanks for your advice, though.
Click to expand...

I think the only correct (and honest) response is "buggered if I know."
Perhaps something was being held quarantined? Perhaps the install of NIS
killed what ever it was that was going bonkers? I really don't know. :) At
least it's working and it seems to be okay. I'd keep an eye on it and hope
for the best. Somethings just aren't meant to be known, perhaps someone else
will have seen this in the past and will shed some light on it?

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Galen said ...
I think the only correct (and honest) response is "buggered if I know."
Perhaps something was being held quarantined? Perhaps the install of NIS
killed what ever it was that was going bonkers? I really don't know. :) At
least it's working and it seems to be okay. I'd keep an eye on it and hope
for the best. Somethings just aren't meant to be known, perhaps someone else
will have seen this in the past and will shed some light on it?

Galen
Click to expand...
I don't like unsolved mysteries but this one looks like it will remain
so - but I'll certainly keep a look out for a recurrence.
 
Sam said ...
Galen said ...
I don't like unsolved mysteries but this one looks like it will remain
so - but I'll certainly keep a look out for a recurrence.
Click to expand...
Sorry to reply to my own post - the latest check shows that there is
still a discrepancy, though. properties of C: say used = 28.9GB.
Selecting all directories and files in C:\, the properties say used =
25.7GB. I am not going to investigate this but will start to get
worried if anything strange happens or if the discrepancy grows.
 
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Sam said ...
Sorry to reply to my own post - the latest check shows that there is
still a discrepancy, though. properties of C: say used = 28.9GB.
Selecting all directories and files in C:\, the properties say used =
25.7GB. I am not going to investigate this but will start to get
worried if anything strange happens or if the discrepancy grows.
Click to expand...

Did you ever let the rootkit tool run? It's a really odd situation you have
there and it's worth at least checking that though - to be frank - that too
could be fooled into ignoring stuff. *chuckles*

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Galen said ...
Did you ever let the rootkit tool run? It's a really odd situation you have
there and it's worth at least checking that though - to be frank - that too
could be fooled into ignoring stuff. *chuckles*
Click to expand...
no I didn't but attempt will do so at some stage.
 
Sam said ...
Galen said ...
no I didn't but attempt will do so at some stage.
Click to expand...
Just ran Rootkitrevealer twice. The results are below. Most of the
entries refer to keirnet/K9 which is a Bayesian spam filter I've been
using for about 2 years on this and my previous PC. Does this reveal
anything?



C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles
\h91wf1ji.default\parent.lock 26/07/2005 17:04 0 bytes
Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF8223.tmp
26/07/2005 12:34 16.00 KB Visible in Windows API, MFT,
but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files
\Content.IE5\KHA70T6R\wbk32.tmp 26/07/2005 17:04 4.90 KB
Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files
\Content.IE5\KHA70T6R\wbk34.tmp 26/07/2005 17:04 2.70 KB
Visible in Windows API, but not in MFT or directory index.
C:\Program Files\KeirNet\K9\Emails\Recent\72627B94.kml 24/07/2005 19:00
1.62 KB Visible in Windows API, but not in MFT or directory
index.
C:\Program Files\KeirNet\K9\Emails\Recent\D30689C5.kml 24/07/2005 19:00
3.62 KB Visible in Windows API, but not in MFT or directory
index.
C:\Program Files\KeirNet\K9\Emails\Spam\0E4B7DD0.kml 03/11/2004 20:17
2.85 KB Visible in Windows API, but not in MFT or directory
index.
C:\Program Files\KeirNet\K9\Emails\Spam\72627B94.kml 24/07/2005 19:00
1.62 KB Hidden from Windows API.
C:\Program Files\KeirNet\K9\Emails\Spam\B6D4932A.kml 03/11/2004 20:17
1.84 KB Visible in Windows API, but not in MFT or directory
index.
C:\Program Files\KeirNet\K9\Emails\Spam\D30689C5.kml 24/07/2005 19:00
3.62 KB Hidden from Windows API.
D: 01/01/1601 01:00 0 bytes Error mounting volume



An earlier run which I ran from the command line and sent to a csv file
(fred) and in which I showed the NTFS metadata files looks like this ...


Data mismatch between Windows API and raw hive data.,26/07/2005 18:14,80
bytes,"HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed"
Hidden from Windows API.,05/08/2004 09:27,2.50 KB,"C:\$AttrDef"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$BadClus"
Hidden from Windows API.,05/08/2004 09:27,13.68 GB,"C:\$BadClus:$Bad"
Hidden from Windows API.,05/08/2004 09:27,2.17 MB,"C:\$Bitmap"
Hidden from Windows API.,05/08/2004 09:27,8.00 KB,"C:\$Boot"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend\$ObjId"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend\$Quota"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend\$Reparse"
Hidden from Windows API.,30/10/2004 17:55,0 bytes,"C:\$Extend\$UsnJrnl"
Hidden from Windows API.,30/10/2004 17:55,32 bytes,"C:\$Extend\$UsnJrnl:
$Max"
Hidden from Windows API.,05/08/2004 09:27,64.00 MB,"C:\$LogFile"
Hidden from Windows API.,05/08/2004 09:27,170.70 MB,"C:\$MFT"
Hidden from Windows API.,05/08/2004 09:27,4.00 KB,"C:\$MFTMirr"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Secure"
Hidden from Windows API.,05/08/2004 09:27,128.00 KB,"C:\$UpCase"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Volume"
Hidden from Windows API.,26/07/2005 18:17,763 bytes,"C:\Documents and
Settings\Owner\Application Data\Microsoft\Office\Recent\fred.LNK"
Visible in Windows API, but not in MFT or directory index.,24/07/2005
18:20,2.30 KB,"C:\Program Files\KeirNet\K9\Emails\Recent\67B3DF18.kml"
Visible in Windows API, but not in MFT or directory index.,24/07/2005
18:20,36 bytes,"C:\Program Files\KeirNet\K9\Emails\Recent
\67B3DF18.kml:KAVICHS"
Hidden from Windows API.,26/07/2005 18:28,2.30 KB,"C:\Program Files
\KeirNet\K9\Emails\Spam\67B3DF18.kml"
Hidden from Windows API.,26/07/2005 18:28,36 bytes,"C:\Program Files
\KeirNet\K9\Emails\Spam\67B3DF18.kml:KAVICHS"
Visible in Windows API, but not in MFT or directory index.,03/11/2004
19:17,1.46 KB,"C:\Program Files\KeirNet\K9\Emails\Spam\914CE960.kml"
Hidden from Windows API.,03/06/2005 16:41,2.44 KB,"C:\System Volume
Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP332
\A0037360.lnk"
Hidden from Windows API.,25/07/2005 15:13,672 bytes,"C:\System Volume
Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP332
\A0037361.LNK"
Visible in Windows API, but not in MFT or directory index.,26/07/2005
18:11,0 bytes,"C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD"
Visible in Windows API, but not in MFT or directory index.,26/07/2005
18:11,0 bytes,"C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL"
Error mounting volume,01/01/1601 01:00,0 bytes,"D:"
 
Sam said ...
Just ran Rootkitrevealer twice. The results are below. Most of the
entries refer to keirnet/K9 which is a Bayesian spam filter I've been
using for about 2 years on this and my previous PC. Does this reveal
anything?
Click to expand...
But I have noticed now that each and every time I reboot the PC, it
takes quite a long time for windows to become completely ready, during
which there is a lot of disk activity and then the properties of the C:
drive show it to have increased by about 0.5GB over what it was before
the reboot!!! It's now up to 33GB. As before, using select all on the
contents of C: and then doing a properties on the selection shows the
disk size steady at around 26GB as before.
 
In
Data mismatch between Windows API and raw hive data.,26/07/2005
18:14,80 bytes,"HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed"
Hidden from Windows API.,05/08/2004 09:27,2.50 KB,"C:\$AttrDef"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$BadClus"
Hidden from Windows API.,05/08/2004 09:27,13.68 GB,"C:\$BadClus:$Bad"
Hidden from Windows API.,05/08/2004 09:27,2.17 MB,"C:\$Bitmap"
Hidden from Windows API.,05/08/2004 09:27,8.00 KB,"C:\$Boot"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend\$ObjId"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Extend\$Quota"
Hidden from Windows API.,05/08/2004 09:27,0
bytes,"C:\$Extend\$Reparse" Hidden from Windows API.,30/10/2004
17:55,0 bytes,"C:\$Extend\$UsnJrnl" Hidden from Windows
API.,30/10/2004 17:55,32 bytes,"C:\$Extend\$UsnJrnl: $Max"
Hidden from Windows API.,05/08/2004 09:27,64.00 MB,"C:\$LogFile"
Hidden from Windows API.,05/08/2004 09:27,170.70 MB,"C:\$MFT"
Hidden from Windows API.,05/08/2004 09:27,4.00 KB,"C:\$MFTMirr"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Secure"
Hidden from Windows API.,05/08/2004 09:27,128.00 KB,"C:\$UpCase"
Hidden from Windows API.,05/08/2004 09:27,0 bytes,"C:\$Volume"
Hidden from Windows API.,26/07/2005 18:17,763 bytes,"C:\Documents and
Click to expand...

The folders beginning with $ are "hidden shares" usually. Those may not be
being calculated.

Why do you have hidden shares? Why is a bad cluster (at 13 GB) hidden? Can
you see those folders? Can you delete them (if you should delete them?) Did
you put them there? What is in them? Are they showing up in Sequoia View?

I'm going to see if I can get a few more opinions on this one. ;) More heads
mean, hopefully, more advice or at least more chances of this being
witnessed. At least now I'm hoping that these are the files taking up the
missing space.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Galen said ...
In

The folders beginning with $ are "hidden shares" usually. Those may not be
being calculated.

Why do you have hidden shares? Why is a bad cluster (at 13 GB) hidden? Can
you see those folders? Can you delete them (if you should delete them?) Did
you put them there? What is in them? Are they showing up in Sequoia View?

I'm going to see if I can get a few more opinions on this one. ;) More heads
mean, hopefully, more advice or at least more chances of this being
witnessed. At least now I'm hoping that these are the files taking up the
missing space.

Galen
Click to expand...
I can't answer these questions I'm afraid as I don't know. Most of
these are related to NTFS as far as the advice on the web site was
concerned.

Have you seen my point about the disk space diminishing by about 1/2 a
GB every time I reboot, by the way?
 
In Sam <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Galen said ...
I can't answer these questions I'm afraid as I don't know. Most of
these are related to NTFS as far as the advice on the web site was
concerned.

Have you seen my point about the disk space diminishing by about 1/2 a
GB every time I reboot, by the way?
Click to expand...

Yes, I saw it. Yes it's being looked into. <g> Have you tried any additional
malware scanning? Here's the link again:

Malware Cleaning :
http://kgiii.info/windows/all/general/malwarefix.html

Additional:

I'd also recommend KAV again though this time I'd try it in safe mode
without networking. Install, update, reboot, enter safe mode without
networking, and scan... You may need to kill NIS once more before doing so.

Safe Mode :
http://kgiii.info/windows/all/general/safemode.html

It's not going to be quick nor easy to get to the bottom of this. A couple
of other people have replied off-site in an email list about this post and
we'll see if they can offer any additional insight but for now I'd work on
giving it a good solid scan in safe mode.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Galen said ...
Malware Cleaning :
http://kgiii.info/windows/all/general/malwarefix.html

Additional:

I'd also recommend KAV again though this time I'd try it in safe mode
without networking. Install, update, reboot, enter safe mode without
networking, and scan... You may need to kill NIS once more before doing so.

Safe Mode :
http://kgiii.info/windows/all/general/safemode.html

It's not going to be quick nor easy to get to the bottom of this. A couple
of other people have replied off-site in an email list about this post and
we'll see if they can offer any additional insight but for now I'd work on
giving it a good solid scan in safe mode.
Click to expand...
Done a lot of this including KAV in safe mode - nothing untoward found.

However: I today spoke to my computer supplier tech. helpdesk (I'm in
warranty)and discovered that another of their customers has had the same
or similar problem in the past week. I turned off system restore and
the problem goes away - disk size back to normal and doesn't change when
I re-boot. Turn system restore back on and the old problem returns
(creeping disk usage at about 0.5-1.0GB per re-boot. My tech support
is going to investigate further (since more than one person has had the
problem) and wil get back to me. Could of course be malware of some
sort but then why doesn't it operate when system restore is turned off.
Perhaps more likely a bug introduced due to a recent windows update?
Anyway, I will report back when I know more. Meanwhile, I have not got
the safety net of system restore but I doi feel happier about the
situation. In the end, I may need to reinitialise my system and
reinstall everything but I'm prepared for that if necessary and have
backed up all my important data.
 
Don't mean to butt in, but, you do know that system restore can re-expose a
computer system to a previous virus or malware infestation, right. You might
try reinstalling system restore for a fresh start and see if your problem
returns or goes away, or not...
I don't know if a virus that replicates itself could be doing so within
restore points, or if that is even possible? Or is it?

j;-)
 
Back
Top