When you run HijackThis, you should extract it to it's own folder rather than from within an archive.
I'm assuming you have Windows XP - everyone does, don't they?
The popups are probably caused by SystemDoctor2006.
First, make sure you can see everything on your hard drive (you can change back these settings afterwards if you feel uncomfortable with them):
Open My Computer and click Folder Options on the Tools menu.
Click the View tab.
Enable the following options:
Display the contents of system folders with a checkmark
Show hidden files and folders using the option button.
Disable these options by removing the checkmarks:
Hide extensions of known file types
Hide protecetd operating system files
Click OK to exit.
Turn off System Restore:
Right-click My Computer and select Properties.
Click the System Rrestore tab, checkmark the option Turn off System Restore on all drives and click OK.
The best place to do the following is Safe Mode so you may want to save this to a text file on your desktop and boot to there.
Run HJT again, and close all IE and explorer windows.
Run the scan, checkmark these items and select Fix Checked.
Clean your cache:
Open Internet Options from either Control Panel or IE's Tools menu. Click the Delete Files... button in the middle section, checkmark Delete all offline content and click OK
While you're here, you can prevent a lot of disk fragmentation by reducing the ridiculously high space allocation by clicking the Settings button and changing the value in the box to something more realistic (20 to 50 MB).
This should be done for all user accounts on the machine.
Clean your temporary directories:
Delete everything in the temporary folders. Windows XP has a temp folder for each user located at:
Code:
C:\Documents and Settings\<username>\Local Settings\Temp\
Also check these places:
Code:
C:\Windows\Temp\
C:\TEMP\
Nothing should be running from these folders and legitimate programs would never install themselves there (although Adobe sometimes leave their uninstall utilities in there, the sneaky buggers).
Clean your Prefetch:
Explore your way to here:
Code:
C:\WINDOWS\Prefetch
Delete everything inside this folder (but not the folder itself).
OK, now the recovery.
I think you misinterpret the meaning of Complete Format Recovery.
It sounds like you believe this will format your system and return it to what it was a couple of days ago.
That's not what it does. There is no way to do this unless you only received the machine two days ago and run a rescue disc supplied with the system by the OEM manufacturer.
A complete format recovery is an attempt to recover files that were on the hard drive before it was completely formatted.
This is the best option for you.
I haven't used RecoverMyFiles myself, although other people here have and have had success with it. It's a program that's held in high regard for its ability and price .
I have used Ontrack EasyRecovery Professional (ERP) with quite a bit of success.
With ERP you select a partition to recover from and then a different partition or drive to recover to. It has to be a different partition or drive.
You can specify which file types to recover if you only want to restore documents or mp3s or avi files etc.
ERP detects the filetypes of what it finds by reading the file itself as there's no name information and consequently, although it recovered a helluva lot of files for me, it was down to me to open each one and rename manually.
One last thing.
Whichever recovery program you use, its success depends not only on whether the file has been partially overwritten but to a greater extent how fragmented the partition was before formatting, A fragmented file is spread out around the partition and the information detailing the locations of these parts is held in a place that is written over when you format.
If your partition was badly fragmented you may find that a large proportion of the files recovered are corrupt, unreadable, incomplete or even merged with another file.
Good luck, I hope it goes well.
Bookmarks