Search This Blog

Thursday, November 15, 2018

Disabling Prefetch and Getting rid of RegSvr32 running problem To Make PCs Run Great Again


 14 November 2018

Simple Cleaning Process  to make PCs Running Great Again (Part2) - Disabling Prefetch and Getting rid of RegSvr32 running problem.

This part 2 goes further to clean up the PCs,  better than what can be done by  commercial cleaning programs such as CCleaner or other virus program. 

Section I  :   Disabling Prefetch and Superfetch Files

What are they?

They are simply Windows tools that are supposed to make PCs running faster.  It is often used during XP days but is still being used today in Windows 10.  

Programs that are frequently used but did not get started during Windows startup will be started up in the background automatically,  provided the Prefetch files to start the programs are stored in  [C:\windows\Prefetch]. 

SuperFetch is another feature of the Windows OS that determines which program can have its necessary files and data all loaded into the RAM memory to make programs run even faster.  

As programs can get started automatically,  it is often used by hackers or viruses as “back doors” to gain access to the PCs without user’s permission.

The Conventional Wisdom?

If one has Windows OS and program files installed in SSD drives,  the prefetch and superfetch functions are less useful;  one should disable these features by taking the following steps

Description
Action
Remarks
1.  Disabling Prefetch
1.  Start up [Regedit] as Admin and navigate to [PrefetchParameters]  at the address shown on the top of the next picture and change the [EnablePrefetcher]’s value from [3] to [0]

2.  Disabling the SuperFetch
1.  Start up [Services] as Admin and navigate to [Superfetch Properties] as shown;
2.  Stop the operation of SuperFetch if it is running;
3.  In the dropdown box of [Startup type] ,  select [Disable]
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9AAn221TPvm91YWzbmX6BfLga5W4rD7TKE9YGyP5kkfNPRLCnGo0ccaBu5vPIA0rydqWGs-nbh94I9k-DVK6PWVvxnc-X-9_NtXujQ2ezfSk2tABkIIWETTmOvz6-vM4yHeG1-uNybjLz/s1600/2018-11-15_09h15_07.jpg

If one is still using the ordinary mechanical hard disk drive, it is recommended to keep the  Prefetch and SuperFetch functions but do the cleaning up every month by deleting all the files in [C:\Widnows\Prefetch]  that are ending with [.pf].  These deleted files will be re-installed by those programs as they are in operation.


Section II:  Getting Rid of Running RegSVR

Those monitoring  their PCs using [Task Manager] might find that sometimes RegSvr or RegSvr32  kept running non-stop,  consuming lots of CPU time as shown in the attached. 


There was no  warning or notification.  Some said that it was caused by viruses;  others said that some OS files were missing.   Most solved the problem by installing virus programs while others simply  just deleted the RegSvr files from the PC,  which is not advisable.

This section II  will present one of the easy ways to identify  and get rid of the RegSvr  problem by using just Windows’  own programs.   The same method can also be used to identify and get rid of some viruses that kept buggering and consuming unnecessary CPU time.

What Happened ?

The PC is most likely infected by viruses;  if it is some OS file such as DLL files missing,  PCs will usually give some warnings.   These viruses often disguise themselves and try to gain access through the “back door” by registering the process and using the [Prefetch] function to start their operation.   In this case,  some files were found  missing and Windows could not register the program and kept trying.  

How To Resolve?

Task Manager can identify RegSvr is taking up much time but it can’t tell which program or virus is the  “culprit”.   Luckily,   Microsoft has a tool called “Process Monitor” or [ProcMon] where one can monitor the working of the various Window Processes.   This article will concentrate on how to use this tool to “catch the culprit”.


Where can I Download? 

From here  or here.

Step by Step Example of using [ProcMon]

Description
Action
Remarks
(Click Picture to Enlarge)
1.  Starting up [ProcMon]

One would be greeted by the following screen which shows all the defaulted processes.  The screen will move so fast and there is no way to monitor the processes without setting up the [Filter]

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM8_joHV8ugUtvmFV1cqu8yf3uil_AXGdCebuRlIMIO0TrXBpacOIwEWn5n0LACFTsWqI5fCFtOdZOxoC7m0m3w3TtUN_uJsO_oJ_1LSPPCi_lnQEVTv8UbCP21ACcd442cDwooQ2lsBkM/s1600/2018-11-14_15h26_12.jpg

2.  Setting up [Filter]
In the [Menu],  click [Filter] and then select [Filter] in the drop down list. 
The following screen will appear,  showing no less than 20 processes being monitored.  As we want only to monitor RegSvr,  a filter is required. 

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhngTlygMgOExrXr-1Sk8d-twUqFZB9-9kKPzkiEoxA7MeO0KWYdUBvNbYluqquNI-SvCjst4ZyaYR7KojOEZX0pagloUR9EjFkNNQfRv4ZPx_zlg-sXqtstiOaEL0E8wTib3YoQMJyXr-W/s1600/2018-11-14_15h31_47.jpg

3,  What to Put in the [Filter]
1.  In the [Display entries matching…],  hit the first dropdown list and select [Process Name]

2.  In the 3rd dropdown list,  key in [RegSvr32.exe] to monitor only the RegSvr32 process.

3.  Uncheck all other defaulted processes

4. Click [Apply],  the [OK]
Observe the running event recording at the bottom of the screen,  the meter should run to indicate ProcMon is working properly.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDp3yXnUNjcMZQfj1MQyR4hpA2VTffqHnhonmSyHtRkr5ZdgMrTQ4Au81VFN8L-aLX_Kc8gQUiqzy4tx_EbcA3PBsyMm-XiNHDTITLk_C0PtNjYA0jrpVlxHt0X2-2wSzg3B5kF2WfeR6n/s1600/2018-11-14_15h40_21.jpg


If ProcMon detected that [RegSvr32.exe] has been used,  it will start to report the details
4.  How to know which is the virus?
1.  check the [result] and the [Details] columns of ProcMon.

2.  Identify which program started the RegSvr first and where is this program located






In this particular case,  RegSvr was requested by a Prefetch file called “RegSvr32.exe-03D3FB87.pf”.  This one is highly suspicious to be a virus.  It is trying to use the back door to register the process.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9k6saweNHMlJJ3n0ljsGnuql_RhngURs8MAT3XyVzAO4fadyIA1LYh04-wJh4YGbl7gZyafx_OX1u8_CVNBIAaqGCOWf9WyZFK43G1JAVFaeWWh3yRcrX43JsR_dAsf9AgJ170tyOq8jW/s1600/2018-11-14_13h58_25.jpg


2.  Goto the file address by right click the process and select [Jump To].   Try putting a  [.bak] at the back of filename.  However,  if it is a Registry address,  export the Registry by clicking [File] in the menu and select
[Export].  Save it in place with a file name so that one could restore it by [import] should anything were to happen.

If the Windows refused to allow modification of filename or deletion of  the registry key,  goto Q&A section for answer.
Note:  One could use  “WinPretchView” to study these prefetch files

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguJWhh_j-6P20tCgedQ5QxKJg5_VzXiHk9awaPxMnvb9KWztnYcCAq4PT6Gp0jmRNZSSPypsi3mcPDubyifx788JUd4CVP-eKjas9Tuy8Pcxn05-esjgjsJiPs9CJoypd9OLcrbmPtpN98/s1600/2018-11-14_12h50_08.jpg

5.  Restart the computer
Check if the problem has been resolved;  if not,  repeat step 3 and step 4
Look out for processes that have suspicious long names with all the unknown machine language especially those files found in the folder called “\[username]\AppData\Local\”;






Q&A

Description
Action
Remarks
1.  PC refused to let me rename the file or delete the Registry Keys
Two Ways
1. Tradition way
Safe boot Windows;  hopefully,  the file or Registry keys will not be used and can be deleted

2.  Complicated way
Take control of the file or the registry key.  Here is how to take control of the files

It is locked by Windows or the virus when it is using or making attempts to use the file.
2.  The problem still around
1.  Try other methods;
Viruses come in many forms;  not necessary all are using the same method to protect themselves.

After mastering the use of Task Manager and ProcMon,  one should have more confident to find other ways to tackle  the other viruses.

-------------------------------------------------------------------------------------------------------------------
 Other similar articles

tinyurl : https://tinyurl.com/y9nu2d77

Sunday, November 11, 2018

Simple Cleaning Process to make PCs Running Great Again (Part 1)


11 November 2018

 Jump to 
Part 2: Disabling Prefetch and Get rid of RegSvr32 running problem (click)

Simple Cleaning Process  to make PCs Running Great Again (Part 1)

Introduction

This topic must have been blogged a thousand times but many users just ignored them as we often come across PCs or  laptops (PCs)  running programs at snail speed.   For example,   one user complained that his PCs took more than 5 minutes to fire up the Google Chrome.  We found that his PC has to start 60 programs during each startup before reaching the Google Chrome pages.  This article serves to simplify the process of cleaning up the PCs and make the PCs running great again.   

What’s Needed? 

Nothing   Absolutely nothing except  a “DARING HEART”,  preparing to delete the unwanted programs;  after all,  most essential programs are self protected to prevent users from deleting them.  Very often,  a restarting will restore all those deleted programs.  So be daring,  not to worry that this simple cleaning process will destroy the PCs.   

Step by Step

I)  The Simple  Clean Up
Description
Action
Remark
1.  Back up the PCs
1.  Press [Win +R] and type [control].  In the search box of  [Control Panel],  type [system protection].  Select [Create a restore point],  the press [Create] to create a [System Restore Point].   

2.  Check if the [System Restore Point] has been saved by pressing [System Restore] button 

3.  If one really think that this is necessary as an insurance,  download this  [Registry Backup and Restore].   It is a  program which will restore the registry data to its previous glory.
Apply to Win 7 & Win10.    This will help user to restore the Windows should something were to go wrong
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnip7rXIdrqwrB_38GfkwR9G08MZQ6pRyRQb74W24yLG8cZ-No-ONrw6HgPBkU_D3mJXaD5eP0TCysryEPaBCZd6EhJaDHqhTXhTVJUqTptYCDypZ4q-enZzdfVSe7wgJyIst-mnGiJveZ/s1600/Capture2.PNG

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDVbsPrhI1K_LHiaxyHqy0GFmxuDIWDG_YxKvc1E4U-Vu0Rwxm4OdFgiDFjoazQFj_B3_IN8fj3ilYTkEgCrK06SAsd-M0-oE8Wnt4JWRj7B-wdSjHGw5nTALnsPTRbnWFGhqYmOHmf5Oo/s1600/Capture1.PNG
2.  Clean up the PCs


a)  Program Required


b)  Cleaning up
1.  Start up [CCleaner] and in the first screen,  click [Run Cleaner]
The screen will show the steps taken to clean the computer.  Can play around with the various function available to clean more “debris”
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha4X705VHfzjbrznoc7CKfrAApwL38lowmD-BPViHtw5EGQZLPup40Dgh_3UGt8pdLY5az1iXBvIlhVorjXVti8tYjwTUbJHbPOh5svL2AUVkUw_9ZRRDCLpBAAtx-nj1XgXkIwL6ffact/s1600/Capture3.PNG


3) Clean Auto-Start Program
1.  Click [Tools] and select [Startup].   Just  simply click all those [Yes] and change them to [No]  in each and every folder.
Don’t worry.  One can always  come back and restore them.  Protected programs will not allow users to delete them
 https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUVqPP3dUS0tiqEX8whOxq-FXdEJlOdR61b2AMp9pjTsESPY_q70yp4ZJUiYpAbTHNLVMryIz2S625wBY5F8YVFIorCjJVBBh-8ByIlJDx2oKlnSfLN0pEtyFTQhKzUTI79zaFpZQbet5m/s1600/Capture5.PNG
4.  Complete Cleaning
By restarting the PC
One should now find the PCs running much faster and more responsive.

II)  Others (Slow Internet Browsing) 
Description
Action
Remark
1.  Check Internet Connections
1.  Test the downloading speed as well as uploading speed using the browser
This should always be the first step,  particularly when this slowness happens during peak internet usage.

One can test the internet speed by clicking the following



For normal internet operation, the downloading speed should be at least around 30 Mbps, depending on number of internet users in the household.   Here is one guideline to determine how much one will need the internet speed to be

2.  Remove Add-ons
1.  Go to the setting page of the browser,  click the add-on tabs.  (use HELP of browser to navigate)

2.  Clear or disable as much as possible all the add-ons as many as possible without seriously affecting the browser operation
Add-ons are external programs added to enhance the operation of the internet;  some of these add-ons are CPU or power hungry and might slow down the browser operation


III)  The Advance Steps
To be taken if the above simple clean up does not help;  this method is also effective in removing virus files from the PC.
Description
Action
Remark
1.  Locate the nasty Programs or Processes 
 
Left click the [task bar] and select [Task Manager].  At the bottom of the screen,     click [show all processes from all users] for Win7 or [More details] for Win 10
To bring up the Task Manager and show all processes including the CPU idling process.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1b7qTSZ4KvCC_NEMWEN6oB-_gXluN0dFoOPZ5r_yVcn-_GxbIb4Nb-5GGDbW9NMIR8MNXIP-Lu9apFQ85VAnpQtilGxjyZ7yE8oO-RGSNQR3zVCbgAn9uRGSq2Vq5MNmajoyi8MocKcop/s1600/Capture4.PNG
2. In the [Processes] folder,  click the [CPU] tab to sort the processes in terms of usage

3.  Locate the processes that  use up more than 10% CPU time. Left click at the process  and select [Open file location].  Copy down the file name and its  location.  Now come back to [Task Manager] to click  [End Task] to deactivate the process.
If the Windows is working fine,  CPU should  spend less than 1% at idling.  Ending those tasks with high CPU usage will stop the background programs from running and speed up the PCs.  
Do not worry about Ending the processes as they will be restored when PC is restarted unless the files are deleted.     

4.  Check if PC is running faster and if most essential programs still running well.  
Double check before proceeding to delete the files in its location.
5.  After assuring that  the PC  is working fine and much faster,  go to the file location,  change the file name by adding  a [.bak] at the back of file name.
Just in case the file was found to affect the PC's working,  just restored it by deleting [.bak]
6.  Restart and make sure the process is no longer running
You are done and go to attend to the  next process.


Some Questions and Answers

Questions
Answers
Remarks
1.  Why I cannot end the process of a specific task in Task Manager?
The file could have been locked during windows startup.  Try starting Windows using [Safe Mode]  and repeat ending the task.  If one could find the defaulted file,   go to the file location and change the file by putting a [.bak] at the end of the file name

2.  Why I cannot restore the system?
Some viruses could have locked the restore function of the Windows.  Do the following things
1.  Do a system file check to see if system files have been corrupted or missing and search Web to find a solution
2.  Try starting up Windows in [Safe Mode] and retry the steps.

3.  How to do a system file check?
In the startup search box,  type [cmd] as Administrator and at the [Command Prompt] cursor,  type [sfc /scannow]
SFC will attempt to repair the files but if it fail,  follow its instruction to inspect the log and search Web to find a solution



Other similar articles

tinyurl :  https://tinyurl.com/ybwaa48g


Saturday, November 10, 2018

How to Change Wall Paper in MiTV


10 November 2018

MiTV does not have its own wall paper changer where one can change the wall paper at will just like the handphones.  This article intends to show how one can be changed the wallpaper using a 3rdparty called Dangbei.

What Needed?

1.  A Dangbei APK which can be downloaded from here from this link

Step by Step

Description

Action

Remarks

(dBclick to enlarge)

1  Preparation

Download Dangbei APK and fire it up in the MiTV App store

 


2.  Install DBZM

Navigate in Dangbei to its App Store and type [DBZM] in the search box


https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBKFE12sw8hXZvtRr2yzjdyIxEKz6eb8pgh27t_4zqzsnP48wrs2ByAvFYQ1IRfr0aZL4jb0cCZ4LjPjXhGjeanuwvbvv2O79QJ6SSrH0qaSNnS-ocnTMH0VKtGyoF7YJuJhLBtvDJntpx/s1600/2018-11-10_15h48_25.jpg

 3.  New Wall Paper

One would be greeted by a totally new Wall Paper

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIWBVbZWSt3PqdioU3rSaq06vmizA4pZJgg7Se2cTIYD5NhYn_eIMIjW_xTiNrI1E3byu2aNkbiikwN3yX1KboF6P385UQLM1bpMr11GZ5kTzzi_lV_5nP5wsHaXzOujhncGPlbxHy17kL/s1600/2018-11-10_15h50_52.jpg

4.  Change Setting

In the menu,  click [Setting]

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWD9I4ay5M7aJdT6mbD88Qjfyika_eGpNPJ7_rXISVm263N86IAhUWoHuR1GqzAJitjMOzNgDj3xd1uPDPfu8lEk1a5LrjooSXJY_B5F5Qd9E-_TcuT___jKiIYh5-YXmsYTcqGSD8Uqnl/s1600/2018-11-10_15h53_05.jpg

5.   Change WallPaper

In the setting,  click the [Wallpaper]

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil3NeHQ7x-7xaieUAuNZjtm-Z_gpKKxZbVXTqebyMYLYIVxm3-j3oeAljm7Pt3sRdzg-1muNryULPdYv25nOy_dD1CnKdreC5hUBxWet92iwN3tWdSBfnp3C7tierZGjte5Ic_nocVK48Q/s1600/2018-11-10_15h55_10.jpg

6.  Select WallPaper

In the list of pictures,  select the Wallpaper you like and press [Confirm] when prompted

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjlP1xflPoYhzjcphySBo1BXk11qvoP-s9FmkmKvl5LkHVjpnqmRYzNObUYiJ2xaZkRBFZ3Y5SsAGAzKByXO2QbhsPSdUV66r1RCvZtdhox4eUK63oKpAl23flpmufdZaGIsEeaaucEvO9/s1600/2018-11-10_15h57_30.jpg

7.  Done

 

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm3K1zB5XfkVqdkjBSVB3cIZV951CcT69ouo9prcEojcfUsBB0pSL_5vQqnhOlF_hCh81C3n9FSXpJbDwLaFmuG0J8DkUFGA37PNg1l4yr2mbj_2Y2MOkaiQ2IWublx2hLVlZ4_ImowMdW/s1600/2018-11-10_16h01_06.jpg

How to Upload WallPapers?

Step by Step

Description

Action

Remarks

1.  Preparation

1.  Making sure that the handphone or the PC is connected to the same LAN network as MiTV.

2.  Navigate or scroll to find the [File Transfer] icon

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiu2cpFN_pqC6YDA41o-ohXepgwfx_ObfMhV_O1RbytDY1Xf2dx7is0q0qB4_9re63y0WX9AWdRmw1JT1hpoTloAYrfOkMm8QAVUjmZuEwMpoQG1yzbbg8ALkpiOERG6ZwPr-es2F84HAHI/s1600/2018-11-10_16h04_01.jpg

2.  Upload Picture

If the connection is successful,  one should find the Web address of the handphone or the PC. Follow the instruction to upload the picture into MiTV

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOkYEt7wJJbMD6CwmXuogJ73gPpQxgUka-ovrHpz15uhFw33yHd2K9Wu7HBJgaMCbiThdMp5pS3GzyHbbe2OMOTEKmFm3CfKgDG5tASULVl_doJcOJdji98_CDnC_Ptl32jnwj_qjkDwOO/s1600/2018-11-10_16h11_47.jpg

The original text can be found here.

Other MiTV articles in this link 

 TinyUrl :  https://tinyurl.com/y8sgm4ev

 

 

iPhone and iPad: How to Create a Short Cut in Home Screen to Clear Cache & History

23 November 2024 What are Cache and History? Cache and browser history store information about websites you've visited.  The C ache s to...