ZHPDiag – Prefetcher Module O45 (LFP)

The prefetcher is a component of Microsoft Windows that was introduced in Windows XP. It is a component of the memory manager that can speed up the Windows startup process and shorten the amount of time it takes to start programs.

It accomplishes this by caching (RAM) files that are required for the revert of the launched application, consolidating disk reads and reducing research drive. Since Windows Vista, The prefetcher was extended by SuperFetch and ReadyBoost. SuperFetch is trying to accelerate the time to launch the application by monitoring and adapting to usage patterns of applications on periods of time, and by caching the majority of files and data stored in advance so that they can be consulted quickly if necessary.

ReadyBoost (When activated) use external memory such as a USB flash drive to extend the cache of the system beyond the amount of RAM installed in the computer. ReadyBoost also has a component called ReadyBoot which replaces the prefetcher to the boot process if the system has 700 MB or more RAM. [Wikipedia]

Related to the LFP module (Last leader Create Prefetch). It allows you to list all files created or modified in the folder Windows Prefetcher. The research period is limited to one month.

Overview ZHPDiag

—\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5. FA9C2ED62BE5315CFEBD3CF9C82799A6] 22/10/2017 A — C:\WINDOWSPrefetchCACAOWEB. EXE-E41F5B15.pf =>.SUP. CacaoWeb
O45 – LFCP:[MD5.588A3E0ECCD7219473D319A1AF1672B9] 20/10/2017 A — C:\WINDOWSPrefetchCACAOWEB. EXE-E6EE9696.pf =>.SUP. CacaoWeb

Examples of detection

O45 – LFCP:Last File Created Prefetch 18/07/2010 – 20:09:16 —A- C:\Program FilesAutomated Content Enhancer4.1.0.5050aceieaddon.pf =>Adware.DoubleD
O45 – LFCP:Last File Created Prefetch 18/07/2010 – 20:09:16 —A- C:\Program FilesAutomated Content Enhancer4.1.0.5240aceieaddon.pf =>Adware.DoubleD
O45 – LFCP:[MD5.0E53E3C5CC1E95945452D5CDE5A17E9C] – 13/07/2013 – 17:52:50 —A- – C:\WindowsPrefetchLOLLIPOPINSTALLER_14633.EXE-925E3009.pf =>Adware.Lollipop

Action ZHPFix

O45 – LFCP:Last File Created Prefetch 18/07/2010 – 20:09:16 —A- {FileName}

1) L’outil supprime the file {FileName}