Hardware Secrets – a place for learning about pc hardware
From techsupportalert.com:
The forums are active and a good place to ask questions. Veteran and advanced PC builders will get as much as entry level builders from the site.
i have not tested this yet, but it looks interesting:
‘Should I Remove It?’ Helps You Decide Which Windows Apps To Uninstall
From: techsupportalert.com:
Even long time computer users aren’t always sure whether to uninstall PC programs but this tool helps you make a decision – it analyzes your installed programs and suggests programs you can safely remove. One of the great features of this app is having access to program details, descriptions, the Windows versions it runs on, popularity, user rating, install base statistics by countries and PC manufacturers, and a lot more.
This is a copy / excerpt of http://support.microsoft.com/kb/982116/en-us
"My Computer" or Windows Explorer and/or not recognized by Windows or other programs, so you cannot play or access a CD or DVD.
Mongomery Minds take : Malware installs filters on the drives. Remove two values
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\UpperFilters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\LowerFilters
Watch that CLSID 4D36E965-E325-11CE-BFC1-08002BE10318. There are many similar values.
This issue might have occurred after you installed, uninstalled, or updated a program or you updated Windows.
Or, this issue may occur if one of the following conditions is true:
You may see one of the following error messages:
Error message 1
The device is not working properly because Windows cannot load the drivers required for this device (Code 31).
Error message 2
A driver for this device was not required, and has been disabled (Code 32 or Code 31).
Error message 3
Your registry might be corrupted. (Code 19)
Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
| The Your CD or DVD drive can’t read or write media troubleshooter may automatically fix the problem described in this article. This troubleshooter fixes many problems. learn more |
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
This problem is caused by two Windows registry entries that have become corrupted. To fix the problem, you have to use Registry Editor to delete the corrupted Registry entries. To use this method, you must be logged on to Windows as an administrator.
, and then click All Programs.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
Now go to the “More Information” section.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
Now go to the “More Information” section.
For a Windows 2000 version of this article, see Microsoft Knowledge Base article 270008: Cannot Access CD-ROM and “Code 31” Error Message in Device Manager After You Remove Adaptec Easy CD Creator from Your Computer.
Keywords: |
kbsurveytest kbmatsfixme kbfixme kbexpertiseinter kbceip kbacwsurvey kbenv kb3rdparty kberrmsg kbhardware kbprb kbsound kbcip kbsmbportal kbhowto KB982116 |
A copy / excerpt of Description of the Windows File Protection feature (kb222193)
For an Intro see Windows File Protection – Intro
If a program uses a different method to replace protected files, WFP restores the original files. The Windows Installer adheres to WFP when installing critical system files and calls WFP with a request to install or replace the protected file instead of trying to install or replace a protected file itself.
The WFP feature provides protection for system files using two mechanisms. The first mechanism runs in the background. This protection is triggered after WFP receives a directory change notification for a file in a protected directory. After WFP receives this notification, WFP determines which file was changed. If the file is protected, WFP looks up the file signature in a catalog file to determine if the new file is the correct version. If the file is not the correct version, WFP replaces the new file with the file from the cache folder (if it is in the cache folder) or from the installation source. WFP searches for the correct file in the following locations, in this order:
If WFP finds the file in the cache folder or if the installation source is automatically located, WFP silently replaces the file and logs an event that resembles the following in the System log:
Event ID: 64001
Source: Windows File Protection
Description: File replacement was attempted on the protected system file c:\winnt\system32\ file_name . This file was restored to the original version to maintain system stability. The file version of the system file is x.x:x.x.
If WFP cannot automatically find the file in any of these locations, you receive one of the following messages, where file_name is the name of the file that was replaced and product is the Windows product you are using:
Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your product CD-ROM now.
Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. The network location from which these files should be copied, \\server\share, is not available. Contact your system administrator or insert product CD-ROM now.
Note If an administrator is not logged on, WFP cannot display either of these dialog boxes. In this situation, WFP displays the dialog box after an administrator logs on. WFP may wait for an administrator to log on in the following scenarios:
The second protection mechanism that is provided by the WFP feature is the System File Checker (Sfc.exe) tool. At the end of GUI-mode Setup, the System File Checker tool scans all the protected files to make sure that they are not modified by programs that were installed by using an unattended installation. The System File Checker tool also checks all the catalog files that are used to track correct file versions. If any of the catalog files are missing or damaged, WFP renames the affected catalog file and retrieves a cached version of that file from the cache folder. If a cached copy of the catalog file is not available in the cache folder, the WFP feature requests the appropriate media to retrieve a new copy of the catalog file.
The System File Checker tool gives an administrator the ability to scan all the protected files to verify their versions. The System File Checker tool also checks and repopulates the cache folder (by default, %SystemRoot%\System32\Dllcache). If the cache folder becomes damaged or unusable, you can use either the sfc /scanonce command or the sfc /scanboot command at a command prompt to repair the contents of the folder.
The SfcScan value in the following registry key has three possible settings:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
The settings for the SfcScan value are:
0x0 = do not scan protected files after restart. (Default value)0x1 = scan all protected files after every restart (set if sfc /scanboot is run).0x2 = scan all protected files one time after a restart (set if sfc /scanonce is run).By default, all system files are cached in the cache folder, and the default size of the cache is 400 MB. Because of disk space considerations, it may not be desirable to maintain cached versions of all system files in the cache folder. To change the size of the cache, change the setting of the SFCQuota value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
WFP stores verified file versions in the Dllcache folder on the hard disk. The number of cached files is determined by the setting of the SFCQuota value (the default size is 0xFFFFFFFF, or 400 MB). The administrator can make the setting for the SFCQuota value as large or small as needed. Note that if you set the SFCQuota value to 0xFFFFFFFF , the WFP feature caches all protected system files (approximately 2,700 files).
There are two cases in which the cache folder may not contain copies of all protected files, regardless of the SFCQuota value:
Additionally, all drivers in the Driver.cab file are protected, but they are not populated in the Dllcache folder. WFP can restore these files from the Driver.cab file directly without prompting the user for the source media. However, running the sfc /scannow command does populate the files from the Driver.cab file into the Dllcache folder.
If WFP detects a file change and the affected file is not in the cache folder, WFP examines the version of the changed file that the operating system is currently using. If the file that is currently in use is the correct version, WFP copies that version of the file to the cache folder. If the file that is currently in use is not the correct version, or if the file is not cached in the cache folder, WFP tries to locate the installation source. If WFP cannot find the installation source, WFP prompts an administrator to insert the appropriate media to replace the file or the cached file version.
The SFCDllCacheDir value ( REG_EXPAND_SZ ) in the following registry key specifies the location of the Dllcache folder.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The default value data for the SFCDllCacheDir value is %SystemRoot%\System32 . The SFCDllCacheDir value can be a local path. By default, the SFCDllCacheDir value is not listed in the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
registry key. To modify the cache location, you must add this value.
When Windows starts up, WFP synchronizes (copies) the WFP settings from the following registry key
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection
to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Therefore, if the SfcScan , SFCQuota , or SFCDllCacheDir values are present in the
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection
subkey, the values take precedence over the same values in the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
subkey.
For more information about the System File Checker tool in Windows XP and Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
For more information about the System File Checker tool in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
For more information about Windows Installer and WFP, visit the following Microsoft Web site:
Keywords: |
kbinfo KB222193 |
The results are on the command line screen, and not in the event viewer (eventvwr.exe), but more results are in c:\Windows\Logs\CBS\CBS.log.
See post on sfc.exe for a bit more.
a copy / excerpt of http://support.microsoft.com/kb/102725.
By default, entries specified with the #PRE keyword are cached at initialization up to a maximum of 100 entries. More initially cached entries can be obtained modifying the following Registry value:
The sequence used to determine NetBIOS to IP address resolution is the following: the cache is verified, a broadcast to the subnet is performed, and then additional entries from LMHOSTS are checked. If a connection is not established within 15 seconds, the TDI times-out and an error message is displayed.
All predefined keywords that are valid for Windows and Windows Advanced Server computers are not valid for LMHOSTS files on Microsoft LAN Manager or Microsoft Windows for Workgroups computers. These computers can’t be validated by routed domain controllers the same way Windows NT computers can. To be able to validate them, use the LAN Manager TCP/IP Extensions Service available on all OS/2 LAN Manager (version 2.1a or later) servers.
#INCLUDE <\\server_name01\sharename\LMHOSTS>
#INCLUDE <\\server_name02\sharename\LMHOSTS>
...
#END_ALTERNATE
Defines a redundant list of alternate locations for LMHOSTS files.
The recommended way to #INCLUDE remote files is using a UNC path,
to ensure access to the file. Of course, the UNC names must exist
in the LMHOSTS file with a proper IP address to NetBIOS name
translation.
#MH
Associates a single, unique NetBios computer name to an IP address.
You can create multiple entries for the same NetBios computer name
for each NIC in the multihomed device, up to a maximum of 25 different
IP addresses for the same name.
The first 3 keywords can be used together to specify 1 NetBIOS over TCP/IP name to IP address translation. For example:
102.54.94.97 rhinodc #PRE #DOM:rhino #PDC for rhino domain 102.54.94.99 zoobdc #PRE #DOM:rhino #BDC for rhino domain
NOTE: PDC is primary domain controller and BDC is backup domain controller.
To start with the IP Address followed by the NetBIOS name, the predefined entries can be defined in diverse order. It is recommended to insert important entries first, because the the file is accessed in sequential order.
Windows provides new block commands that permit centralized location and management of the LMHOSTS file. In addition, provisions are included to permit redundant backup copies on multiple servers. The following Windows LMHOSTS file block commands are discussed in detail below:
Block Inclusion Keywords (#BEGIN_INCLUDE, #END_INCLUDE):
130.20.26.169 Trustedserver #PRE #DOM:Testing # Test group domain
#BEGIN_INCLUDE #INCLUDE \\localsrv\public\lmhosts # Local domain #INCLUDE \\Trustedserver\public\lmhosts # Server in Testing domain #END_INCLUDE
In the above block inclusion, the specified LMHOSTS file is scanned under the following conditions:
The benefit of this command is that it allows system administrators to easily maintain a centrally-located master LMHOSTS file that can be accessed over the network by each node. This method also works across subnets because of the use of UNC (universal naming convention) names and LMHOSTS mappings for these entries.
If the domain spans multiple subnets or if the domain controller for a domain is across a router, it is necessary to have an entry in the LMHOSTS file for locating the domain controller for that server, with a #DOM prefix added (for our example, trustedserver is the domain controller for domain TESTING). See the IP line above the block inclusion. This line must appear before the #INCLUDE.
In the above case, the TESTING domain has a trust relationship with the local domain. This is important for servers included in the block that are not in the local domain.
NOTE: The LMHOSTS files located on servers that are in a trusted domain should have read privileges for the Everyone group, which includes all of the local users and the trusted domain users.
Alternate Block Inclusion (#BEGIN_ALTERNATE, #END_ALTERNATE):
#BEGIN_ALTERNATE #INCLUDE \\localsrv\public\lmhosts # Local domain #INCLUDE \\Trustedserver\public\lmhosts # Server in Testing Domain #END_ALTERNATE
In this case, the “Alternate Include” condition is satisfied if one of the #INCLUDE’s is successful. This means that only one LMHOSTS file will be scanned. The first successful #INCLUDE is the only LMHOSTS file that will be read.
This is helpful in keeping multiple copies of the same file on different servers. If one of the servers is down, it will attempt to read the LMHOSTS file from the alternate server identified in the block inclusion.
Additional information, including a full description of all these features, is available in the Windows Resource Kit.
Properties
Keywords: |
kbnetwork KB102725 |
A copy of Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe) (kb310747)
System File Checker gives an administrator the ability to scan all protected files to verify their versions. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the cache folder (%Systemroot%\System32\Dllcache) or the Windows installation source files, and then replaces the incorrect file. System File Checker also checks and repopulates the cache folder. You must be logged on as an administrator or as a member of the Administrators group to run System File Checker. If the cache folder becomes damaged or unusable, you can use the sfc /scannow, the sfc /scanonce, or the sfc /scanboot commands to repair its contents.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
For additional information about the Windows File Protection feature, click the article number below to view the article in the Microsoft Knowledge Base:
Keywords: |
kbinfo KB310747 |
The results are on the command line screen, and not in the event viewer (eventvwr.exe), but more results are in c:\Windows\Logs\CBS\CBS.log
You’re looking for lines like:
2014-08-30 17:08:12, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components 2014-08-30 17:08:12, Info CSI 0000000a [SR] Beginning Verify and Repair transaction 2014-08-30 17:08:15, Info CSI 0000000b Repair results created: POQ 0 starts: POQ 0 ends.
and looking for errors like
2014-08-30 17:08:16, Info CSI 00000008 [SR] Repairing corrupted file [ml:520{260},l:108{54}]"\??\E:\Program Files\Common Files\Microsoft Shared\DAO"\[l:20{10}]"dao360.dll" from store
For a detailed description, see Description of the Windows File Protection feature – Detailed
Windows File Protection
In versions of Windows prior to Windows 2000, installing software in addition to the operating system might overwrite shared system files such as dynamic-link libraries (.dll files) and executable files (.exe files). When system files are overwritten, system performance becomes unpredictable, programs behave erratically, and the operating system fails.
In Windows 2000 and Windows XP, Windows File Protection prevents the replacement of protected system files such as .sys, .dll, .ocx, .ttf, .fon, and .exe files. Windows File Protection runs in the background and protects all files installed by the Windows Setup program.
Windows File Protection detects attempts by other programs to replace or move a protected system file. Windows File Protection checks the file’s digital signature to determine if the new file is the correct Microsoft version. If the file is not the correct version, Windows File Protection either replaces the file from the backup stored in the Dllcache folder or from the Windows CD. If Windows File Protection cannot locate the appropriate file, it prompts you for the location. Windows File Protection also writes an event to the event log, noting the file replacement attempt.
By default, Windows File Protection is always enabled and allows Windows digitally signed files to replace existing files. Currently, signed files are distributed through:
• Windows Service Packs • Hotfix distributions • Operating system upgrades • Windows Update • Windows Device Manager/Class Installer
Windows File Protection can be used via sfc.exe
Welcome to Montgomery Minds blog. 😀