Windows Security Checklist - Part 9: Batting Clean-up

by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer
January 23, 2005

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malwares almost to zero. Now we begin our next installment of the Windows Security Checklist - Part 9: Batting Clean-up.

It is not as complicated as it may first appear, although there is a lot of information to absorb. The Security Experts, 1st Responders, Special Response Team members and Host Consultants at CastleCops can help you, if you have questions about any of these techniques or featured applications.

I hate doing housekeeping, but without it life would be even more of a mess than it is already. The same goes for computers running Windows.

Some of the most frequent problems we see here at CastleCops are people having system slowdowns, problems and crashes stemming from useless junk files and malwares gathered over the course of months or even years. Help is here, so grab your virtual mops and buckets and let's clean up!

With PC maintenance there is no one instant method or program to be used. Lots of maintenance can be done within Windows itself, but this is not usually enough. If we want to do a good job, a few applications will be needed. The applications needed and featured here are reputable freewares, available at CastleCops in the Downloads section at the top of this page.

Add/Remove Programs

We can start by removing user installed applications you do not currently use nor will use at all in the future. First, check if the program has an entry in the Add/Remove Programs page of the Control Panel. If it does, uninstall it from there, and then delete any unnecessary remnant folders or files afterwards using Windows Explorer. If the program is not listed in Add/Remove Programs and does not have its own uninstaller, then most of the time it is okay to simply delete the folder. To delete a folder with Windows Explorer, simply highlight it in the left pane, then select File > Delete. A dialog box will popup asking if you want this to go to the Recycle Bin? Click "Yes."

To access Control Panel on Windows platforms 95/98/98se/NT/NT4, click the Start button, click Settings and then Control Panel. Double-click Add/Remove Programs.

For Windows ME: Windows ME hides options on the Start Menu Programs list that you have not used recently. They are not deleted, just filed away so the menu will not spread across the screen. To see the full menu, click the double down arrows at the end of the shortened menu, or hover the mouse over the menu.

System File Checker

System File Checker (sfc.exe) is a command line utility that scans and verifies the versions of all protected system files. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%system32dllcache folder, and then replaces the incorrect file.

Click Start > Run and type in "sfc /scannow" then click OK. (Without the quotes "" and leave a space between "sfc" and the "/")

Syntax and Parameters (Always preceded by sfc and a space. Example: sfc /scannow):

/scannow -Scans all protected system files immediately.
/scanonce -Scans all protected system files once.
/scanboot -Scans all protected system files every time the computer is restarted.
/cancel -Cancels all pending scans of protected system files.
/quiet -Replaces all incorrect file versions without prompting the user.
/enable -Returns Windows File Protection to default operation, prompting the user to restore protected system files when files with incorrect versions are detected.
/purgecache -Purges the Windows File Protection file cache and scans all protected system files immediately.
/cachesize=x -Sets the size, in MB, of the Windows File Protection file cache.

You must be logged on as an administrator or as a member of the Administrators group to run System File Checker. If the %systemroot%system32dllcache folder becomes corrupt or unusable, use sfc /scannow, sfc /scanonce, or sfc /scanboot to repair the contents of the Dllcache directory. (Note that %systemroot% specifies the location of the Windows System32 folder on your particular Windows platform. Example: SYSTEMROOT=C:Windows)

If you are unsure of what to do with a particular file, note down its name and where it is, then choose "Ignore." This way you can check on it with Windows Help or with Google.

It is a good practice to run System File Checker whenever you add or remove applications from your PC to ensure system file integrity. For Windows XP users this is automatic.

Additional Reference (Reading these will help your understanding.):

Using the System File Checker on All Platforms

System File Checker for Windows XP

Using System File Checker on Windows 98/98se

Windows Update

The primary rule of all good maintenance guides is, "Always update your operating system!" We encourage you to do so. To promote best performance on your PC, we suggest that you install the full SP: Service Packs from Microsoft. These include all the updates and patches currently available. This promotes stability and security on your PC. Please refer to Windows Service Pack Road Map for more information.

Temporary Files

Though they are not really harmful files, temporary files can clog up valuable hard drive space. Many malwares often hide in the Temp folders and Temporary Internet File Folders so it is a good idea to clear them out from time to time.

Disk Cleanup, which comes with Windows can be found in the Programs > Accessories > System Tools folder of the Start menu. This is a pretty self-explanatory program. Tick the check boxes and hit "okay" and it will clean up what it can.

It won’t pick up everything. In addition to Disk Cleanup I would advise you to download:

Crap Cleaner

Also available via CastleCops Downloads Disk & Track Cleaners page.

Crap Cleaner is a freeware system optimization tool. It removes unused and temporary files from your system and your Registry easily and safely - allowing it to run faster, more efficiently and giving you more hard disk space.

Cleaning Remnants from the Registry

Over the course of an operating system lifetime, especially if a long one, the registry can become full of invalid and useless entries. You see, if the registry becomes too large, things can get "a little bogged down," such as slow bootup times. Make sure you have cleaned up all your temp files, uninstalled and deleted all unwanted files including those in the Recycle Bin. Crap Cleaner can clean this for you too.

Crap Cleaner also comes with a Registry Cleaner that works in the same, simple way as its temporary file cleaner. When you run this tool be sure to make a backup when it asks. It will then save it in My Documents or wherever you wish. If necessary later, the original registry entries can be restored. It is always a good idea to use a program that works on the Registry instead of trying to do-it-yourself directly as mistakes are not forgiven there.

Defragmenting the Hard Drive(s)

Stop groaning! Yes, I know it can take ages, but it does benefit your system, both the hardware and software. It will run more smoothly, with fewer crashes and will start more quickly. Also, if you get into the habit of doing it at regular intervals (once or twice a week) you will find it will take minutes to complete, rather than the hours needed if you only do it once a year. I always do something else when defragging, like sleeping or washing the dishes. Do not use your computer while it is defragging.

Defragmenting - Windows 98/98se/ME/XP

Open Windows Disk Defragmenter by clicking Start > Programs > Accessories > System Tools > Disk Defragmenter. This utility, commonly called Defrag, gathers all the scattered file fragments and writes them into adjacent clusters, so each file occupies a contiguous section of the disk. Close down all applications except Windows Explorer (your operating system) before defragmenting your hard drives. Open Windows Task Manager by pressing Ctrl+Alt+Delete. Highlight each application one at a time and click "End Task" or "End Process."

Defrag works by moving slabs of data to unused parts of the disk, in order to open up a large free section of space. It then assembles the fragmented parts of a file and writes them in one complete piece to the cleared space. It does the same with the next file, and so on until the entire disk is defragmented.

The Windows XP Disk Defragmenter looks a little different from the one you will find in Windows 98 and Me, but it works in a similar way. You will find it by clicking Start > All Programs > Accessories > System Tools > Disk Defragmenter. The Windows XP Defragmenter is somewhat smarter than its predecessors as it is not as easily thrown off by background programs.

Defragmenting - Windows 2000

Click Start and then Programs > Accessories > System Tools > Disk Defragmenter

Disk Defragmenter will start. In the top half of the window you will see a list of your harddisks, you may only have one. If you have several you will need to defragment each drive. Click on the drive that you wish to defragment and click Analyse.

After a few seconds you will be told if you need to defragment your disk or not. If you do wish to defragment your harddisk then click Defragment.

After some hours (the first time) defragmentation will be complete. The graphical representation of your harddisk should look more healthy with little or no red blocks. You may now quit Disk Defragmenter or defragment another disk. When all defragmentations are complete, restart your computer.

Defragmenting Windows NT or Server 2000/2003 is a little more complicated. Please refer to this article at Sysinternals for more information: PageDefrag.

Set a New Restore Point

For Windows XP and ME users, after you have completed these procedures, set a fresh restore point with System Restore. You can access System Restore under System Tools on the All Programs menu. A ‘system checkpoint’ will create a snapshot of your system at a precise moment, defined by the time and date. Click ‘Create a restore point’ and then select Next. Give your restore point a description that you will recognise should you need to use it. Should you need to use your restore point you have two options. If your system fails completely press F8 during Startup and choose to restore from the last good configuration. Alternatively, run System Restore and choose a point to restore from.

Best regards and always take care of your security.