From: Chris Robinson 

Fantastic!  I told my flatmate about this and he checked for it next time
he went to look at the PC (today).  He found DriveShield installed and
uninstalled it - the problem is now sorted.  I guess there's always a
simple explaination to
these things.

Thanks again,
Chris.

RS wrote:

> That's very odd; where I work we have to deal with a lot of students using
> computers.  Most of them are fairly computer illiterate, but there's always
> the few who get kicks out of finding a way to get admin access to delete
> registry files, install viruses and such.
>
> To fix this problem, the computer center bought a nice little program called
> Drive Shield (http://www.centuriontech.com/driveshield.htm).  An interesting
> point about drive shield is that once it's activated, you can't find it.
> The program folder that it's in is not just set to hidden; the OS just can
> not find it.  The process that runs DS will also never be displayed.  So
> users will never know that it's there, but it's always running.  This sucker
> basically takes a "snapshot" of the computer when it (the program) is
> activated.  Once activated even changes made by administrators on the
> computer will revert back to the original settings when it's rebooted.  You
> might have your friend check to make sure that the guy never downloaded and
> ran something like this on his computer.
>
> --RS
>
> Also, if they managed to do this without the program, please let me know.
> It'd be nice not to have to pay for a license for drive shield if there's a
> simple (and free) alternative.
>
> "Chris Robinson" 
wrote in message
> news:3F8FA704.17AB77C{at}NOSPAMtotalise.co.uk...
> > This is the strangest problem I've ever seen on a PC.  The PC belongs to
> > my flatmate's brother and runs Windows 2000 service pack 2.  His brother
> > called him up yesterday to say he was having a strange problem.  He said
> > that whenever he reeboots his PC it goes back to how it was before (a
> > GREAT description there :oP).
> >
> > Anyway, my friend went over to have a look at it and here's what
> > happens:
> >
> > - You boot up the PC and it boots into Windows with no problems.  Let's
> > call the state it's in after boot (all files/ folders/ settings etc)
> > state A.
> > - Whatever you now do to the system, like install/ uninstall software/
> > apply Windows service packs/ delete files, when you reboot it will
> > return to state A with any deleted files returing, any installed
> > programs not there anymore etc.
> >
> > First off, let me tell you that the system has a 30Gb Hard Drive.  5Gb
> > is for the Windows partition and the other 25Gb is a seperate partition
> > for data.  Both are fairly full (the Windows drive only had about 38Mb
> > free when my frend went around to look at it).  Here's what he did:
> >
> > - Booted the system.  Uninstalled AVG6 and installed AVG7, making sure
> > all registry entries/files for AVG6 were gone comletely.  Ran a full
> > VirusScan of the system and found some Virus's that he said were
> > "non-major" ones.  AVG removed them completely.  He
disabled system
> > restore/ hibernation features.  He then cleared over 1.5Gb of temp
> > files/ crap from the Windows drive and defragged the system (which took
> > 1/2hr or so).  He then deleted about 1Gb of data files from the other
> > partition as a test (these were backed up onto CD).
> > - So, after doing this, he reboots the system.  Guess what?  It returns
> > exactly to state A - the virus's are back, AVG6 is back with no trace of
> > AVG7, the 2.5Gb of deleted files had returned and the drive was as
> > fragmented as before.  Strange huh?  He also mentioned there was no
> > major hard disk activity upon reboot (so some app wasn't restoring an
> > image each time - and where would it store the data anyways?)...
> >
> > I mean, you start to think that it's some kind of problem with data
> > being written to the disk (i.e. it's not being!) but can this happen on
> > this scale?  Is it possible that there's some kind of program lurking
> > that makes Windows think it's performing write operations to the disk
> > but isn't?
> >
> > The strangest thing is that he's tried it all in safe mode with the same
> > effect.  Also, the defragging bit's odd because he saw it defrag and
> > there was hard disk activity when it was defragging (like there should
> > be).  I've suggested trying a tool like Eraser to completely wipe some
> > files whilst in Windows and see if they return but I think they would by
> > the sounds of things because it appears that they're not actually being
> > deleted in the first place!
> >
> > Has anyone ever seen this kind of thing before?  I know there are 3rd
> > party devices that can do this (I think NEC make one that restores an
> > image on each boot) - but this is a PC that my flatmate built from
> > scratch.
> >
> > Chris....
> >
> >
> >

--- BBBS/NT v4.01 Flag-5