2 issues I'm having with win 8...

[doombug]

1. Idle maintenance. It keeps reactivating on its own after I keep disabling it from the Schedule Tasks menu. It makes my CPU spike to 90 deg celsius because of those processes it runs automatically when it starts. I keep wondering if this OS setting is intentional to wear off hardware faster...

2. My 128GB SSD Partition dedicated to win 8 OS is getting full (explorer shows 18.9GB free of 119GB). I deleted windows update leftover files manually, but it just keeps getting full. I can't account for a major portion of the SSD.
A basic breakdown of major folders using "WinDirStat" (which says that my SSD is only 48GB in size) looks like this:

"Windows" - 18GB
"Program Files (x86)" - 11.4GB
"Users" - 8.5GB
"Program Files" - 5.8GB
"Program Data" - 4GB
"<Files>" (?!) - 300mb

That's a total of 30GB... out of 119GB (effective).
What?!

Then I used "Space Sniffer". It found a folder called "System Volume Information" = 52.3GB... It is hidden. I can't access it. I can't delete it.

What is it? Because my guess is that it might be some bad juju...

🙂

Suggestions?

 

[Burpo]

This folder is used to keep Restore Points. Go to Control Panel, System, System Protection, and disable it for secondary drive, and reduce size to about 10% of your primary drive. This will reduce the number of files or restore points you can have.

 

[chimaxi83]

CPU spiking to 90C? Check your cooling solution. That's right near thermal shutdown temperature.

 

[doombug]

This folder is used to keep Restore Points. Go to Control Panel, System, System Protection, and disable it for secondary drive, and reduce size to about 10% of your primary drive. This will reduce the number of files or restore points you can have.

Well... that worked. Thanks! 50gb worth of system restore point data? I'm not an expert, but how can that keep things simple? 🙂

And for the temperature part, I forgot to mention that I'm on a 3 year old sandy bridge laptop. TDPs on mobile chips are higher, but you are right. That's
too much. However, the CPU doesn't get nearly as hot when doing other demanding tasks. So I don't know why it needs so much processing power for general windows 8 maintenance... I don't like it.

 

[inachu]

1. Idle maintenance. It keeps reactivating on its own after I keep disabling it from the Schedule Tasks menu. It makes my CPU spike to 90 deg celsius because of those processes it runs automatically when it starts. I keep wondering if this OS setting is intentional to wear off hardware faster...

2. My 128GB SSD Partition dedicated to win 8 OS is getting full (explorer shows 18.9GB free of 119GB). I deleted windows update leftover files manually, but it just keeps getting full. I can't account for a major portion of the SSD.
A basic breakdown of major folders using "WinDirStat" (which says that my SSD is only 48GB in size) looks like this:

"Windows" - 18GB
"Program Files (x86)" - 11.4GB
"Users" - 8.5GB
"Program Files" - 5.8GB
"Program Data" - 4GB
"<Files>" (?!) - 300mb

That's a total of 30GB... out of 119GB (effective).
What?!

Then I used "Space Sniffer". It found a folder called "System Volume Information" = 52.3GB... It is hidden. I can't access it. I can't delete it.

What is it? Because my guess is that it might be some bad juju...

🙂

Suggestions?

Delete junk also from
C:\Users\FOLDERNAME\AppData\Local\Temp

The registry also can save binary data executables which are considered hidden programs. May want to use a registry cleaner if or when you give up.

My old favorite clean up program was System Mechanic but I have not bought the latest version for windows 8 so not sure how good it is for Windows 8 but it should give similar results.

The only thing that sucks in System Mechanic is the defrag tool. Do not use it.

If you trying have nothing in your c: \ user profile folder and you did all the deletions you could do then you could create new profile then delete the old one.

 

[inachu]

I hate that laptops have the most shortest rubber pads holding up the latop to let air underneath.

You could visit a hardware store or Micro Center and buy new rubber feet so even more air can go underneath for more cooling or you can buy a tiny fan to blow underneath.

 

[doombug]

I hate that laptops have the most shortest rubber pads holding up the latop to let air underneath.

You could visit a hardware store or Micro Center and buy new rubber feet so even more air can go underneath for more cooling or you can buy a tiny fan to blow underneath.

My Temp folder is only 214mb... no worries there.

Hardware design and cooling is being taken care of, in general. I use a 3 fan Cooler Master underneath the laptop and clean the vents every 6 months. I've pasted the CPU/GPU with Arctic Cooling MX5 and also did a bit of undervolting.
The issue still remains that I don't know how to permanently disable system maintenance. It keeps reseting to "Ready" status in the windows task scheduler.

 

[VirtualLarry]

The registry also can save binary data executables which are considered hidden programs. May want to use a registry cleaner if or when you give up.

More mis-information about the registry.

Executable files are found in the filesystem, and NOT the registry.

Please cite references to the contrary, or you are ever closer to being put on my ignore list,

 

[inachu]

More mis-information about the registry.

Executable files are found in the filesystem, and NOT the registry.

Please cite references to the contrary, or you are ever closer to being put on my ignore list,

More uneducated mis-information from you and you already are on my ignore list.

Bye bye oh and study system registry some more.

Oh and since I can not reply to Larry anymore here is the proof that has been out for quite some times and I have witnesed it myself. Nobody is immune to binary infection.
( http://www.theregister.co.uk/2014/08/04/registryinfecting_rebootresisting_malware_has_no_files/ )

To Doombug, I am not saying you have a binary infection of your pc but just pointed out the possibility and it is that very point that Larry who does not educate himself of such possibilities.
So I am sure he will retort in some miniscule fashion even though I prove to him but he will remain blind as he always does and always will be.

So in short to get back on subject then yes you need a cleaner such as C cleaner or system mechanic.
Then after all your cleaning then a good defrag. I can go deeper into defrag but I am sure Larry would scoff at that as well.

 

[VirtualLarry]

More uneducated mis-information from you and you already are on my ignore list.

Bye bye oh and study system registry some more.

I've obviously studied it far more than you. Have you ever done any programming? Or just pushing snake-oil "registry cleaner" solutions for unrelated problems.

I've been unable to find any references to actually storing and running executable binary code from the registry. My understanding is that the OS only executes code from the filesystem.

Edit: This is getting into "Highly Technical" territory, but it seems quite involved to load an executable byte stream into RAM and get the OS to execute it.
http://stackoverflow.com/questions/...naged-executable-from-memory-rather-than-disc
It appears that the OS does enforce, at least conceptually, that executable binary code must reside on disk. At least, that's the way that the APIs are all designed.

Surely, if it were designed-in functionality to be able to run executable binaries from the registry, you would be able to point me to some MSDN documentation or a tutorial on it.

C'mon, prove you have a superior knowledge of the registry, I'm waiting. 🙂

 

[Narse]

Delete junk also from
C:\Users\FOLDERNAME\AppData\Local\Temp

The registry also can save binary data executables which are considered hidden programs. May want to use a registry cleaner if or when you give up.

My old favorite clean up program was System Mechanic but I have not bought the latest version for windows 8 so not sure how good it is for Windows 8 but it should give similar results.

The only thing that sucks in System Mechanic is the defrag tool. Do not use it.

If you trying have nothing in your c: \ user profile folder and you did all the deletions you could do then you could create new profile then delete the old one.

This is incorrect. You can store binary values that point to source code or executables in the registry but not binary programs themselves. There have been a few security experts do some interesting redirection using the registry but the code itself does not reside there.

 

[Narse]

I've obviously studied it far more than you. Have you ever done any programming? Or just pushing snake-oil "registry cleaner" solutions for unrelated problems.

I've been unable to find any references to actually storing and running executable binary code from the registry. My understanding is that the OS only executes code from the filesystem.

Edit: This is getting into "Highly Technical" territory, but it seems quite involved to load an executable byte stream into RAM and get the OS to execute it.
http://stackoverflow.com/questions/...naged-executable-from-memory-rather-than-disc
It appears that the OS does enforce, at least conceptually, that executable binary code must reside on disk. At least, that's the way that the APIs are all designed.

Surely, if it were designed-in functionality to be able to run executable binaries from the registry, you would be able to point me to some MSDN documentation or a tutorial on it.

C'mon, prove you have a superior knowledge of the registry, I'm waiting. 🙂

This is also what I understand. The RAM exploit was the one I was referring to in my reply. I have no knowledge of this ever being in the "wild".

As far as registry cleaners, please stay away from them, unless you understand what changes it is making you are going to do more harm than good.

 

[Narse]

1. Idle maintenance. It keeps reactivating on its own after I keep disabling it from the Schedule Tasks menu. It makes my CPU spike to 90 deg celsius because of those processes it runs automatically when it starts. I keep wondering if this OS setting is intentional to wear off hardware faster...

2. My 128GB SSD Partition dedicated to win 8 OS is getting full (explorer shows 18.9GB free of 119GB). I deleted windows update leftover files manually, but it just keeps getting full. I can't account for a major portion of the SSD.
A basic breakdown of major folders using "WinDirStat" (which says that my SSD is only 48GB in size) looks like this:

"Windows" - 18GB
"Program Files (x86)" - 11.4GB
"Users" - 8.5GB
"Program Files" - 5.8GB
"Program Data" - 4GB
"<Files>" (?!) - 300mb

That's a total of 30GB... out of 119GB (effective).
What?!

Then I used "Space Sniffer". It found a folder called "System Volume Information" = 52.3GB... It is hidden. I can't access it. I can't delete it.

What is it? Because my guess is that it might be some bad juju...

🙂

Suggestions?

System Volume Information is generally where Windows stores System Restore Points. You can turn this off to free up some space but remember doing so will leave you without the System Restore Feature.

Have you ran the Disk Cleanup? You can select to clean up System Files and remove some of the Windows Update files among many others. It also has options to clean up System Restore points and Shadow Copy as well.

 

[inachu]

This is also what I understand. The RAM exploit was the one I was referring to in my reply. I have no knowledge of this ever being in the "wild".

As far as registry cleaners, please stay away from them, unless you understand what changes it is making you are going to do more harm than good.

It is in the wild and part of a few APT attempts variously executed around major companies around the world.

I bore witness to a couple these computers and the only way we knew about they were infected was not from any software local on the pc but from mandiant and fireeye servers that detected the communication attempts made.

So you guys can say what you want. I just know what I know from first hand experience.

 

[VirtualLarry]

Oh and since I can not reply to Larry anymore here is the proof that has been out for quite some times and I have witnesed it myself. Nobody is immune to binary infection.
( http://www.theregister.co.uk/2014/08/04/registryinfecting_rebootresisting_malware_has_no_files/ )

All I asked for was a reference. And that Register story glosses over a few things, but it links to this:
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377

First dropper attaches itself as stream to dropper. e.g. C:\malware.exe -> C:\malware.exe:0 where 0 is a NTFS data stream copy of malware.exe. Next it spawns process from ADS and calls DeleteFile.

That's using the filesystem. Like I said, you cannot directly execute binary executables out of the registry. It still has to use a "dropper" to put it into a filesystem stream during the infection process.

Edit: Also, the malware doesn't execute a binary executable out of the registry, it executes embedded script code for WSH.

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write("\74script language=jscript.encode>"+(new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\windows\\currentversion\\run\\")+"\74/script>")

So I don't think my statement is wrong. There's still no way to directly execute a binary executable out of the registry. The exploit uses an embedded script code instead as a "hook", which then pulls out a BASE64-encoded binary and executes it (in RAM?).

It appears that it basically uses autostart hooks with WSH (scripting host) to execute the malware once fully infected.

One good reason to always disable Windows Scripting Host on all new installs.

But thank you, I learned something today.

And I still don't think any run-of-the-mill "registry cleaner" (unless it specifically targets registry malware) would remove this. Certainly not System Mechanic.

 

[Narse]

Thanks for that, that is some good info. If it's using WSH that makes sense.