Guru3d FAQ Software and Operating Systems section. If you have a problem or question have a look here first, you never know. If you are new here at Guru3d.com please do start by reading The be-all of announcements Please feel free to comment and contribute. Part 1 Operating System Page file/Swap file/Virtual Memory Memory related topics XP Services: Links for services guides Multi-booting/dual-booting File system SP2 slipstream guide/ nLite Guide / Unattended CD's / Customization Microsoft Windows 64-bit: Devices, drivers and software Miscellaneous questions and problems Troubleshooting help [post=1449374]Part 2[/post] Error Reporting and Dr. Watson Windows shutdown problems Hard Disk, File system, Data corruption Disk space Moving a Windows installation to different hardware Moving Windows to a new hard disk Installing Windows without using a CD/DVD Install issues Manually Installing device drivers under XP Uninstall issues Program and process control Run Commands and Hotkeys [post=1449607]Part 3[/post] Security, Privacy, Virus and Spyware Help [post=1451629]Part 4[/post] Programs Miscellaneous stuff Tweaks [post=1451631]Part 5[/post] Information on various Tweaks Operating System: Page file/Swap file/Virtual Memory: Windows Swap/Page File Defined Virtual Memory Optimization Guide Rev. 4.1! How to determine the appropriate page file size for 64-bit versions of Windows Server 2003 or Windows XP RAM, Virtual Memory, PageFile and all that stuff How to overcome the 4,095 MB paging file size limit in Windows Understanding Virtual Memory How to configure paging files for optimization and recovery in Windows XP The Memory-Optimization Hoax (reg required), (web.archive version is dead) Inside Memory Management, Part 1 (reg required), (web.archive version is dead) Inside Windows 2000 (Module 8-3, Physical Memory Management) Virtual Memory in Windows XP Paging File Considerations for Windows NT (and family) Index of Virtual Memory Terms (old stuff) Guru3d thread: Virtual memory Guru3d thread: PF Usage graph forums.anandtech: Performance-oriented Windows tweaking Memory related topics: Virtual Address Space Memory Limits for Windows Releases Managing Virtual Memory in Win32 Large Memory Support A description of the 4 GB RAM Tuning feature and the Physical Address Extension switch /3GB, /PAE, AWE what??? (basic) Summary of the recent spate of /3GB articles Comment on Virtual/Physical/Processor address space Guru3d thread: Memory leaks XP Services: Links for services guides: MS: Default settings for services Service overview and network port requirements for the Windows Server system Windows XP Services Default Settings Guide theeldergeek: services guide blackviper: services guide Services overview To enable or disable a service for a hardware profile Create or Delete A Service in Windows XP How to delay loading of specific services SC (Service Controller) Multibooting The definitive dual-booting guide: Windows 7, Linux, Vista and XP step-by-step Dual-Boot Centre Understanding the Multiboot Process Understanding MultiBooting Boot.ini How to edit the Boot.ini file in Windows XP How to Use and Edit Boot.ini in Windows XP How Do I remove An Invalid Boot Path From The Boot Ini File BCD Boot Configuration Data Editor Frequently Asked Questions BCD Boot Options Reference How to use the Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startup issues in Windows Vista Third party BCD editor EasyBCD EasyBCD Documentation EasyBCD forum sticky *nix Booting and Boot Managers Booting Linux from Windows' Boot Manager Ubuntu Linux / Windows Dual Boot Instructional Video Ubuntu / Vista dual boot and keeping previous Ubuntu SDB:Uninstalling the Boot Manager GRUB from the MBR SDB:Uninstalling the Boot Manager LILO from the MBR Related information Boot Process: Windows Vista vs. Windows XP Windows Vista no longer starts after you install an earlier version of the Windows operating system in a dual-boot configuration You cannot start Windows XP after you install Windows Vista in a dual-boot configuration together with Windows XP The partition that hosts Windows Vista may disappear if you use Windows XP to create a partition on a computer that has both Windows XP and Windows Vista installed, more info Disappearing Partitions No restore points are available when you use Windows Vista or Windows Server 2008 in a dual-boot configuration together with an earlier Windows operating system Definitions for system volume and boot volume How did I get a Boot and System partition? File system: Guru3d Poll: WindowsXP Users What file system do you use? Guru3d: FAT32 or NTFS for gaming NTFS vs FAT NTFS or FAT32? The Default Cluster Size for the NTFS and FAT File Systems NTFS Preinstallation and Windows XP CONVERTING FAT32 to NTFS Slipstream guide/ nLite Guide / Unattended CD's / Customization : Google: slipstream+service+pack XP SP2 slipstream Slipstreaming Windows XP with Service Pack 3 Vista SP1 Slipstream nLite Guide msfn.org: nLite Complete Beginners Guide to nLite Unattended CD's Hotfixes For Windows XP Professional SP2 Microsoft Windows XP Hotfix Installation and Deployment Guide AutoPatcher Unattended CD Guide Service Pack Windows XP Service Pack 2/3 Problem Solver Windows xp service pack 2 faqs & best practices Windows XP Service Pack 2 Problem Solver Microsoft Windows 64-bit: Devices, drivers and software: ukgamer.com: Microsoft Windows 64-bit compatibility list Windows 64bit Compatibility Guide: Native 64-Bit Software Planetamd64.com, Planetamd64 application forum Extended64.com, Extended64: Driver Database Start64.com Guru3d :Windows 64-Bit needs found here Miscellaneous frequently asked questions and problems: There is no user names in Task manager: Enable Terminal services Task Manager Menu Bar and Tabs Are Not Visible: Double click the frame. Reported system memory is less then installed: The system memory that is reported in the System Information dialog box in Windows Vista is less than you expect if 4 GB of RAM is installed Dude, Where's My 4 Gigabytes of RAM? My system idle process is showing very high CPU usage: The OS will also issue a HLT command. That is what the CPU cooling programs like Waterfall, Rain and cpuidle (made for the Windows 9x series) was for, as 9x did not issue any HLT commands like XP/2000. Windows XP hangs on logo at start up: Disabling Event Log service may cause the delay in start up. Windows stops loading for about 15 seconds WinXP starts up for 10 secs windows xp slow shutdown (event log) Task Manager, msconfig, regedit issues: Task Manager, MSCONFIG, REGEDIT launch issues Error Message: "Task Manager has been disabled by your administrator" Internet Explorer issues: You cannot open a new Internet Explorer window or nothing occurs after you click a link Repair Internet Explorer 6 IEFix - General purpose fix for Internet Explorer Windows Media Player troubleshooting and error codes: Troubleshooting Windows Media Player 11 Error Codes for Windows Media Player 11, 10,9 KB886273: Error code information for Windows Media Player 9 Series KB234019: Windows Media Player Invalid File Format Error Message Access denied, System Volume Information folder: How to gain access to the System Volume Information folder: Show hidden files and folders: Enable viewing of hidden files and folders: You Cannot Change the Read-Only of Folders: You Cannot View or Change the Read-Only or System Attribute of Folders Windows Update issues: Windows Update error codes You cannot install some updates or programs MS kb: The necessary services are disabled or unavailable Cryptographic Service Error How to read the Windowsupdate.log file Command-line switches for Windows software update packages Windows Update Gripes Windows Update Fails Windows Update Keeps Prompting Search on page for "Windows Update" The Windows Update Web site and the Microsoft Update Web site do not scan for updates when you repair a failed installation of Windows XP Service Pack 2 or of Windows XP Service Pack 1 Repaired installations of XP can't be updated; 80 Windows Updates fail to install, more You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update Force install Windows Update Agent: Use the /wuforce switch Links for the latest Version of the Windows Update Agent Undeletable files: You cannot delete a file or a folder on an NTFS file system volume First you should make sure no program is "using" the file and have it locked/in use. Close all running programs including any processes stuck from programs which has failed to closed correctly, use the Task Manager. If the problem is frequent one possibility, other then programs messing up is the Hard Disk. So run a full disk check and get any errors fix. If it's very frequent and you are getting overall file corruption, the Hard Disk may be dying. Simple cable issues may be the problem check the cable connections and the cable itself. Technique One: Use a tool Unlocker Locked Files Wizard killbox Technique Two: Use Safe Mode Boot in safe mode (F8 before Win loads) and delete the file normally or using cmd. Technique Three: Use the CMD This can be done from both safe or normal mode. Depending on what is "locking" the file safe mode may assist, but should not be used unless needed to save the time on reboots. 1. Find the directory in which file is and copy the path and file name. Directory: C:\Documents and Settings\%UserName%\Desktop\ File:stupidfile.exe Or copy the full path to the file, including the Drive letter and file name extension. Full path: C:\Documents and Settings\%UserName%\Desktop\stupidfile.exe 2. Close all open programs. 3. "Start" > "Run" type cmd press ok This will open the Command Prompt window leave it open. 4. "Start" > "Run" type taskmgr press ok, or right click the Task bar and select Task Manager. 5. In Task Manager go to the Processes tab and find Explorer.exe then use "End Process" on Explorer.exe to kill the shell. Leave the Task Manager open. 6. Go back to the Command Prompt window and paste or type del <full path to file>. Or cd <directory path> enter DEL <filename> Using full path: del C:\Documents and Settings\%UserName%\Desktop\stupidfile.exe Using directory and file name: cd C:\Documents and Settings\%UserName%\Desktop del stupidfile.exe 7. Go back to Task Manager, click File, New Task and enter explorer to restart the shell. Troubleshooting: Troubleshooting check list Startup problems Resources for troubleshooting startup problems in Windows XP Troubleshooting the Startup Process How to perform a clean boot in Windows XP How to perform advanced clean-boot troubleshooting in Windows XP How to troubleshoot by using the System Configuration utility in Windows XP How to recover from a corrupted registry that prevents Windows XP from starting Troubleshooting Disks and File Systems Tools for Troubleshooting System Restore How to restore the operating system to a previous state in Windows XP How to start the System Restore tool at a command prompt in Windows XP Running System Restore from the Recovery Console (well, sort of) Troubleshooting steps for issues when you try to use the System Restore tool in Windows XP Recovery Console and Command line Description of the Windows XP Recovery Console Recovering Windows XP using the Recovery Console An A-Z Index of the Windows NT/XP command line How to enable an administrator to log on automatically in Recovery Console Loosen the Recovery Console restriction to other partitions Operating system crash (BSOD): BSOD: Stop Messages Troubleshooting Windows STOP messages STOP Errors Bug Check Codes Interpreting Bug Check Codes Memory dump Preparation Before You Contact Microsoft After Receiving a STOP Message on a Blue Screen How to read the small memory dump files that Windows creates for debugging How to Use Dumpchk.exe to Check a Memory Dump File Overview of memory dump file options for Windows 2000, for Windows XP, and for Windows Server 2003 Debugging memory dumps, tutorials, tools and references: Debugging Tools for Windows - Overview Windbg Tutorials Crash Dump Analysis Debugger Reference Common WinDbg Commands More debugging: Dumpanalysis.org Debugging Toolbox Debuginfo.com It Goes To Eleven NTDebugging Blog Nynaeve.net Windbg.info Driver and Hotfix Verifier Qfecheck.exe Verifies the Installation of Windows 2000 and Windows XP Hotfixes How to uninstall a hotfix or Service Pack via the Recovery Console ? Driver Verifier How to Use Driver Verifier to Troubleshoot Windows Drivers Device Manager How to troubleshoot unknown devices that are listed in Device Manager in Windows XP Explanation of error codes generated by Device Manager in Microsoft Windows XP Professional Command Line Device Management There is a tool called devcon which can be used for command line device management. You can not use DevCon with Windows 95, Windows 98, or Windows Millennium Edition. (Note: According to MS DevCon is unsupported and not redistributable. It's intended for use as a debugging and development tool) DevCon Device Management: DevCon [post=1518750]DevCon quick guide[/post] Event Viewer How To View and Manage Event Logs in Event Viewer in Windows XP Events and Errors Message Center Windows XP Event Viewer Event ID Troubleshooting links Aumha.org Doug Knox Kellys-korner PCguide winhlp.com Troubleshooting Error messages in Windows XP Troubleshooting Windows XP Smartcomputing: Tech Support Center Windows XP Professional Resource Kit: Understanding Troubleshooting Windows XP Software-Related Errors TechNet On-Demand Webcast: Advanced Windows Troubleshooting with Sysinternals Process Monitor Repair Install Clean Install www.windowsreinstall.com How to obtain Windows XP Setup boot disks bootdisk.com UBCD4Win
Error Reporting and Dr. Watson How To Configure and Use Error Reporting in Windows XP Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool Dr. Watson overview Interpreting the DrWtsn32.log How to Install Symbols for Dr. Watson Error Debugging labmice.techtarget: Dr. Watson How to disable Dr. Watson for Windows To disable Dr. Watson it's suggested (in the MS link above) that you delete the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug. Remember to export to key first. To enable Dr. Watson again, at a command prompt type drwtsn32 -i then double-click the .reg file you exported. Note that other debuggers (such as WinDbg) will use the same key if installed as the automatic debugger. To simply disable the auto start of debugger(s), change the "Auto" data value from 1 to 0 Windows shutdown problems Resources to help troubleshoot shutdown problems in Windows XP theeldergeek: Troubleshooting Windows XP Shutdown Issues aumha: WINDOWS XP SHUTDOWN & RESTART TROUBLESHOOTING Troubleshooting Hard Disk, File system and Data corruption Data Corruption Windows XP Professional Resource Kit: Troubleshooting Disks and File Systems Windows 2000 File Systems (FAT, FAT32, NTFS) Hard Disk Drive Problems: Fix Hard Drive Problems Disk space How to locate and correct disk space problems on NTFS volumes in Windows XP Description of the Low Disk Space Notification in Windows XP How the System Restore Tool Handles Hard-Disk Space Usage Moving a Windows installation to different hardware motherboard.windowsreinstall.com How to replace the motherboard on a computer that is running Windows Server 2003, Windows XP, or Windows 2000 Replace Motherboard on a Windows XP System Changing a Motherboard or Moving a Hard Drive with XP Installed Moving an Entire Installation How to move a Windows installation to different hardware Move your drive with Windows 2000 (or XP) to a new system How to use the Sysprep tool to automate successful deployment of Windows XP How to Use Sysprep: An Introduction Moving files and settings to a new computer running Windows XP Moving Windows to a new hard disk Most hard disk manufactures have free tools for transferring the OS to a new drive, go to the manufactures web page and look for a download. For example for Seagate and Maxtor hard disks you have MaxBlast and DiscWizard, both are free versions of Acronis imaging software. If the software provided by the manufacture is doing a drive-to-drive copy (i.e. it simply copies the files and is not using imaging) i would suggest looking at some of the free imaging software as well, because drive-to-drive copying is not always the most reliable approach. They do work but for the result to be reliable it should preferably be done "off-line", i.e. not booted into the OS. Free Imaging Software Installing Windows without using a CD/DVD With or without Windows using floppy: Obtaining Windows XP Setup Boot Disks HOW TO: Install Windows 2000 (or XP perhaps) from DOS without a bootable CDROM With Windows and no CD/floppy, using a second system to copy from: Make a image of the CD using the second system and transfer it, then use a virtual drive to install. With Windows and no CD/floppy, using a second system to copy from: Use the second system to copy and transfer the install files needed, then install from hard disk -- http://www.easydesksoftware.com/I386.htm Without Windows or CD/floppy, using a second system to copy from and DOS; Harddrive Windows XP installation - no floppy/CD drive Installing to USB device: Windows In Your Pocket The link for the HP tool is dead so here is another link HP USB Disk Storage Format Tool How To Boot From A USB Flash Drive Install issues: General: 1. Extract the install files using Winrar or Universal Extractor , right click the installer and extract. Now look in the extracted files for the installer (setup.exe, install.exe, name varies). 2. Clear temporary files. 3. Move your temporary folders to another partition if one exist, otherwise just try a new location. 1. Right-click My Computer, and then click Properties. 2. Click the Advanced tab. 3. Click Environment variables. 4. Change the TMP and TEMP folder location to another partition. DirectX installation: 1. Follow the steps in General. 2. Try the DirectX Redistributable instead of the Web Installer DirectX End-User Redistributable http://www.majorgeeks.com/DirectX_Redistributable_d2924.html DirectX End-User Runtime Web Installer http://www.microsoft.com/downloads/...38-DB71-4C1B-BC6A-9B6652CD92A3&displaylang=en DirectX install errors: A Cabinet file necessary for the installation cannot be trusted You cannot install some updates or programs You may receive the "DirectX did not copy a required file" error message when you install DirectX 9.0 on a Windows XP Professional-based computer Description of DirectX Setup Error Codes Guru3d: DirectX 9c Installation Failed DirectX SDK: DirectX SDK What's New in the DirectX SDK Installing DirectX with DirectSetup Installshield: 1. Follow the steps in General. Common installation errors Google search: Installshield+install+troubleshooting add your program to the search Google search: demoshield+has+encountered+a+problem Windows Installer: 1. Follow the steps in General. Windows Installer Windows Installer Cleanup Utility Microsoft KB search on Windows Installer Error Windows Installer: Error Codes Windows Installer Team Blog: Troubleshooting Windows Installer FAQ How to resolve Common "Windows Installer" Problems How to Enable Windows Installer Logging in Windows XP Intel chipset INF Update Utility: 1. Follow the steps in General. 2. Look in the key HKEY_LOCAL_MACHINE\SOFTWARE\Intel\InfInst for the installed version. Install success status, and to see if a reboot is needed at all, "reboot" on "yes/no". Start > Run > type regedit find the key. 3. Third party drivers are currently installed and/or no update is needed/possible. Which is why there is a Overwrite switch IF needed. DO NOT USE unless you know what you are doing. 4. You can also use the -B switch on the extracted setup file SETUP.EXE -b (with path) to test if a install is successful, but no boot prompt is given (Silent success), like what you should be able to see in the Registry. Look in readme.txt for help (readme (from 7.2.2.1006)) Flash player: Troubleshoot Adobe Flash Player installation for Windows Exe installer Uninstaller Shockwave Player CD/DVD: 1. Follow the steps in General. 2. Copy the CD/DVD to the Hard disk and install. 3. Disable or uninstall any emulators and/or virtual drives (blows i know). 4. If your getting CRC errors often then your RAM may be bad, run test www.memtest.org, Download (Pre-built & ISOs) Drivers: 1. Follow the steps in General. 2. Do a manual install using the extracted file. Manually Installing device drivers under XP: 1. Open the Device manager. Start > Control panel, click System go to the Hardware tab and click Device manager. Or Start > Run > type devmgmt.msc 2. Look for the device you want to update the driver for, double click it. 3. Go to the driver tab and click on update driver. 4. This will pop up the "Hardware update install Wizard". Select No, not this time click next. Select Install from a list or specific location (Advanced)click next. Select Don't search. I will choose the driver to install 5. Select Have Disk, click the Browse button. Navigate to where you have extracted the files/driver and find the .inf file to your device. XP will help by filtering the files by extension (inf). Optional step: If your in the dark about what file to use you can tell XP to search the extracted files. Repeat steps 1 to 3: 4. This will pop up the "Hardware update install Wizard". Select No, not this time click next. Select Install from a list or specific location (Advanced) click next. Select Search for the best driver in these locations. Uncheck search removable media and check on Include this location in search. Click the Browse button and go to the directory where you extracted the files/driver, click next and let it scan, install if driver is found. Again XP will filter the files by extension (.inf) but this time folders are excluded i.e. You can't press ok on a folder which has no driver. HOW TO: Manage Devices in Windows XP Uninstall issues: DirectX There are DirectX uninstallers, but you should be warned that they seem to in some cases cause issues and there are mixed reports on their sucess. DirectX Happy Uninstall DirectX Eradicator 2.0 Symantec/Norton Removing Norton AntiVirus 2003 or earlier by using the Rnav2003.exe removal utility when Add/Remove programs fails Removing your Norton program using SymNRT Norton Removal Tool (SymNRT) Guru3d: complete way to remove nav2004-5 from xp Macromedia Flash How to uninstall the Macromedia Flash Player plug-in and ActiveX control Installers and Uninstallers Uninstall, Clean Up and file deletion tools Description of the Windows Installer CleanUp Utility Revo Uninstaller ZSoft Uninstaller Freeware-guide: Uninstallers Brute Force Uninstaller (BFU) and other Merijn tools Killbox (file deletion) Sysinternals Process-Explorer Sysinternals Autoruns Sysinternals: has various tools for tracking Program and process control Uninstall Programs Manually Windows Program Automatic Startup Locations A Collection of Autostart Locations How to manage Windows Startup? Default Processes in Windows 2000 A description of Svchost.exe in Windows XP How to determine what services are running under a SVCHOST.EXE process Glossary of Windows 2000 Services Default Processes in Windows 2000 CurrentControlSet\Services Subkey Entries Windows NT Subsystems and Associated Files How to troubleshoot by using the System Configuration utility in Windows XP Description of Windows XP System Information (Msinfo32.exe) Tool ProcessLibrary.com Search on process name Run Commands and Hotkeys: List of the keyboard shortcuts that are available in Windows XP Windowsnetworking: Windows XP Keyboard Shortcuts How can I navigate in Windows and NT and XP using just keystrokes on the keyboard? Guru3d: Windows Hot Keys Useful Run Commands
Here's another site for 'STOP errors' : http://aumha.org/win5/kbestop.htm And just to add to the tools for "deleting files" I used HijackThis, open it's misc tools section, and there's an option to delete a file on reboot. Ohh and here's just a backup of blackviper's site : http://web.archive.org/web/20041128094512/http://www.blackviper.com/ A tool to furthur customize your XP cd, integrate hot-fixes, remove certain components, along with service pack integration. nLite and adding to the Miscellaneous issues: My system idle process is showing very high CPU usage It's normal. It gives a measure of how much idle your CPU is. Higher percent shown is good ! Ohh , btw .. great work Animatrix :thumbup: :thumbup: Should get a sticky
Security, Virus and Spyware Help: 1. Keep your Operating System fully updated Operating System vulnerabilities are bad and needs to be patched. Because of the level and integration at which the flaw exists they can be used to compromise systems easier and deeper. If updating with the latest service pack is giving you trouble please try making a Slipstream and do a fresh install using that new CD. 2. Keep your applications updated Application vulnerabilities In theory all or most applications can be misused and exploited. If the application does something it can do it wrong and that can lead to bad things if misused. Don't be fooled into thinking seemingly powerless applications are safe and pose no threat. Obviously the more popular and widely used the application is the larger the attack surface and motivation to attack will be. Looking at flaws in browsers and integrated applications like Flash, Java and Java script when used on popular sites, the numbers of people it can reach in a short span of time is quite large. Exploits using flaws in applications can be used to attacks systems involving such things as malformed files, pdf, image, sound, video etc. Secunia Software Inspector These vulnerabilities start out as 0day exploits Depending on the actual vulnerability some security programs may catch the exploit. But this will all depend on both the program and vulnerability. An example might be the windows metafile vulnerability, this was blocked by some programs generically and others needed a update. As this type of exploit always starts out as a 0day exploit most definition based protection will fail to stop the exploit at first. 0day exploits are combated using 0day protection, there is more then one type of protection which qualifies as 0day protection. 3. Secure your connection People behind NAT routers are well protected from unsolicited traffic (guests knocking at your door you did not invite). NAT routers may have build-in firewalls and do filtering. NAT (Network Address Translation) however offers no protection for outgoing traffic, unlike most software firewalls. If you run a router remember to change the default administrator password and pick a strong pass. Disable all features of the router you don't use. If you are relying on UPnP i urge you to do the configurations manually instead, having software change router setting behind your back is not cool, if the software turns out to be untrustworthy you may have a problem (NAT Router Security Solutions). The people connecting directly to a modem should really have a firewall in place like Windows own firewall. Net-aware malware like worms do not need any user interaction to spread. Dialup'ers should take special care of spy-ware known as dialers. 4. Run Anti-malware, do system scan every week or two Just how badly you need Anti-malware protection like Anti-virus and Anti-spyware software do somewhat depend on your habits and computer know-how. Just remember malware can come from unexpected places. If you install software left, right and center with no regard, you surf blindly and unsafe places, well then you probably need Anti-malware protection. Or you can do what most people does who have to reinstall windows, again. Wait until you get infected and then install them for cleaning, oh and pray they can clean it so you wont have to reinstall, again. Remember protection is not used retroactively and cleaning after the fact is not how you best protect yourself, that's just damaged control. If you have a bad habit of installing software that ends up damaging the system or if you just like to install more software then is healthy, you should look into virtual machines and virtualization in general. It will isolate and contain any issues caused by software to the guest OS, and can't harm the main system, known as the host OS. You can do a lot of testing and fun stuff without having to worry about the system (Note: Malware should be handled with care, there are procedures to testing malware in a VM). Your browser and it's settings are also important, my recommendation is go with Firefox and use NoScript or Opera. If you use IE make sure your IE security settings are not set low and install Spywareblaster for some extra passive protection. Update to IE7 if you haven't. If you are a high risk surfer i would suggest looking into sandboxing, like Sandboxie and other forms of strong protection (Virtualization, HIPS, disaster recovery and system restore/rollback). Understanding Spyware, Browser Hijackers, and Dialers Malware FAQ The scanning programs databases must be updated regularly. It is very important to keep the Anti-virus program "database" ("signature file", "definition file") updated. The database is needed for AV programs to recognize viruses reliably. Having a updated database is needed for the programs to recognize new viruses reliably. Without a database the Anti-virus program will have to rely on Heuristics and other techniques. Even with the best Anti-virus programs that's not where you want to "lay all your eggs". Heuristics are not meant for, or to be used as a replacement for databases. When a new virus strikes, in the early stage before the database can get updated Heuristics is used. If money is preventing you from running an updated Anti-virus program or you just feel you can't be bothered to renew your update service, i strongly advice you to pick a free Anti-virus program as the updates are what really counts. There are perfectly good free Anti-virus programs out there and compared to some old Anti-virus program with a old database, it's a "no brainer". Free Anti-Virus Programs AntiVir Personal Edition Classic http://www.free-av.com avast! home http://www.avast.com BitDefender Free Edition http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-Edition.html Grisoft AVG AntiVirus Free Edition http://free.grisoft.com/ All scans should preferably be done on a regular basis, say weekly. You don't have to scan the same 250GB every week but do scan your system drive or just the Windows, Documents and Settings and Program Files folders. If any of this is missing please do it now. Online scanners Multi-engine single file scan: virusscan.jotti.org virustotal.com virscan.org scanner.virus.org Single engine fully system scan: Bitdefender Kaspersky (no cleaning) Panda (activescan triggers detection by some AV's) Trendmicro, new version Ewido Webroot Malware Analysis: Cwsandbox Threat-expert Anubis Norman Security tests Browser Security test Secunia Software Inspector McAfee Siteadvisor E-mails for submitting samples to AV companies Firewall and Antivirus Free Windows Firewalls (Big list) Spywarewarrior: Antivirus list Free Antivirus, online and normal Other Firewalls Sticky Posts and Other Useful Links Anti-Malware/Spyware, Rootkits a-squared Free Ad-aware Comodo BOClean Malwarebytes Google Pack: Spyware Doctor Starter Edition and Norton Security Scan Spybot Search & Destroy Spyware Blaster (residual protection) SpywareBlaster Troubleshooting and Tips & Tricks Windows AntiSpyware SUPERAntiSpyware Trustworthy Anti-Spyware Products Rogue/Suspect Anti-Spyware Products List of Dedicated Anti Trojan Products Sandbox, HIPS, Virtualization, & System Hardening apps SECURITY OVERFLOW Wiki HIPS Antirootkit.com Rootkit Detection and Removal Rootkits and how to combat them Tools, Command line and stand-alone scanners CCleaner, general system cleaner ATF Cleaner, temp file removal tool Killbox, file deletion tool Microsoft Windows Malicious Software Removal Tool, More Information Stinger Stand-alone AV ArcaMicroScan Dr. Web: Cure-it Kaspersky: AVPTool, Info AVZ (Russian site but they have a English version) A-squared command line scanner Mcafee command line scanner (win_betaengdat.zip) Sophos command line scanner, definitions Trend Micro command line scanner (Sysclean), definitions Ikarus command line scanner ClamWin Portable Automated virus / spyware removal script Boot CDs Avira AntiVir Rescue System http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html Bitdefender: LinuxDefender Live! CD http://www.bitdefender.com/site/LinuxDefender-Mirrors.html Dr.Web LiveCD http://www.freedrweb.com/livecd Kaspersky Rescue Disk http://ftp.kaspersky.com/devbuilds/RescueDisk/ http://fileforum.betanews.com/detail/Kaspersky_Rescue_Disk/1213647614/1 Ultimate Boot CD for Windows http://www.ubcd4win.com/index.htm Word of warning on cleaning with boot CDs http://www.wilderssecurity.com/showpost.php?p=736011&postcount=12 Specialized removal tools: These tools should really only be used after specific instructions telling you to do so. Make sure you know what you are doing and used them responsibly, at your own risk. More often then not analyzing a hijackthis log will be need before you can really tell which tool you should use. However if your system is already completely hosed by malware to the point were you are about to format and reinstall just run them all, follow the instructions. VundoFix VirtumundoBeGone (if VundoFix do not work) VundoFix/VirtumundoBeGone Guide: How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo SmitFraudFix SmitFraudFix Guide: How to remove the Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid ComboFix Running ComboFix A guide and tutorial on using ComboFix SDFix Using SDFix CWShredder, for CoolWebSearch AboutBuster HijackThis, log tutorials and guides, online analysis Hijackthis is a tool for dealing with unwanted run commands. It can make logs for people to help assist in the removal (note HijackThis was bought by Trend Micro and is now at version 2. Most still use the old version unless v2 is needed for when running Vista). HijackThis V1 HijackThis V2 HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware Spywareinfo.com Aumha.org HijackThis log file analysis LSP-Fix Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access. Sysinternals Tools: Sysinternals Sysinternals Forum Process Explorer, a real task manager Process Monitor, shows real-time file system, Registry and process/thread activity. TCPView, detailed listings of all TCP and UDP endpoints RootkitRevealer, no cleaning capacities Sysinternals Suite Uninstallers, integrity checkers/snapshot compare, system logging (live) pcBaseline: Snapshot SysAnalyzer: Snapshot Tiny Watcher: Snapshot/Integrity checker Sentinel: Integrity checker freeware-guide: Uninstallers ZSoft Uninstaller: Uninstaller Osiris: Host Integrity Monitoring Reviews and Tests AV-comparatives Virus Bulletin av-test.org westcoastlabs.org check-mark.com virusinfo.info anti-malware.ru (babelfish) matousec.com Pcflank.com Firewallleaktester.com ShieldsUP Personal HIPS Tests Malware Removal Guides Guru3D: Malware cleaning guides GENERAL Virus and Trojan removal Instructions How to remove a Trojan, Virus, Worms, or other Malware Dealing with Unwanted Spyware and Parasites Spyware and Malware Removal Guides and Reading Room Viruses/Spyware/Malware, preliminary removal instructions TechNet On-Demand Webcast: Advanced Malware Cleaning Databases and search engines to help identify objects http://www.systemlookup.com http://www.bleepingcomputer.com/filedb/ http://gladiator-antivirus.com/forum/index.php?showtopic=24610 System Setup and Hardening Protecting Your Privacy & Security Security Configuration Guides (NSA) Home computer security Home network security Securing Your Web Browser Internet Explorer 6 Security and Privacy Internet Explorer: Setting Up Security Zones HARDENING WINDOWS HOST Part 4: ACCOUNTS AND RIGHTS MANAGEMENTS Windows Worms Doors Cleaner Secure-It Harden-It LUA/Non admin: Aaron Margosis' "Non-Admin" WebLog, Non-admin for home users http://nonadmin.editme.com Reducing browser privileges suDown Wilderssecurity: SuRun: Easily running Windows XP as a limited user Ruin a malware author's whole day with a Software Restriction Policy! Using Software Restriction Policies to Protect Against Unauthorized Software Articles, Papers Windowsecurity.com: Whitepapers Sans.org: Reading room Pcvirus.org: Antivirus Links & Papers (Computer Virus/Antivirus Resources) Malware Defense History and its Secrets The Antivirus Defense-in-Depth Guide Can Viruses Be Detected? Internet Firewalls: Frequently Asked Questions Vulnerabilities and advisory Microsoft Security Bulletin Search Microsoft: Virus Alerts Microsoft: Security Bulletins and Advisories Secunia.com SANS Internet Storm Center FrSIRT: Security Threats Watch 24x7 Malware status pages Dr.Web http://live.drweb.com/ Eset http://www.virusradar.com Frisk http://www.f-prot.com/virusinfo/index.html F-secure http://worldmap.f-secure.com Fortinet http://www.fortiguardcenter.com/map/worldmap.html GDATA http://www.antiviruslab.com/index.php?lang=gb Kaspersky http://www.kaspersky.com/viruswatch3 Mcafee http://www.mcafee.com/us/threat_center/ Microsoft http://www.microsoft.com/security/portal/ Symantec http://www.symantec.com/business/security_response/threatexplorer/threats.jsp Symantec http://www.symantec.com/norton/security_response/index.jsp Trendmicro http://www.trendmicro.com/vinfo/ Trendmicro http://wtc.trendmicro.com/wtc/summary.asp Links Bleepingcomputer.com Spywarewarrior.com Spywareinfoforum.com Wilderssecurity.com bluetack.co.uk: Malware News, Research & Removal Security news portal Insecure.org Securityfocus.com Governmentsecurity.org Windowsecurity.com Peter Gutmann, Encryption and Security-related Resources http://www.f-secure.com/weblog/ http://www.viruslist.com/weblog http://www.cert.org/nav/index_main.html http://www.cert.org/contents/contents.html http://www.cert.org/nav/index_green.html http://www.cert.org/encyc_article/tocencyc.html http://www.cert.org/tech_tips/ http://cme.mitre.org/index.html http://honeynet.markoer.org/ Test your AV installation: The Anti-Virus test file Privacy: wikipedia: Privacy, Anonymity, Internet privacy, Proxies Free Anonymous Surfing eff.org: Tor (Look for the Tor link on the left side) Onion routing Vidalia Privoxy Torpark OperaTor wikipedia: Cryptography and encryption, Steganography, Security through obscurity Truecrypt Snake Oil Warning Signs: Encryption Software to Avoid Data sanitization and secure deletion Technically what happens varies depending on both the operating system and file system used, so do the recovery method. Deleted Files, FAT and NTFS Recovery of deleted files The Windows XP MS-DOS Startup Disk: An Example in Basic Forensics and Data Recovery Gromit's Technical Guide to Partitions/Formatting/Data Recovery Computer forensics Peter Gutmann: Secure Deletion of Data from Magnetic and Solid-State Memory Read the Epilogue. Can Intelligence Agencies Read Overwritten Data? A repsonse to Gutmann. To avoid recovery of data it should be overwritten. To avoid recovery of any non-secure deleted data and data which may have leaked into free space (such as decrypted data leaked into non-encrypted free space), all free space including slack space should be overwritten. There are both free and pay File Shredding and Disk Wiping software. Some hard disk manufactures may have a utility used to do what is often referred to as a low level format (it's not really a low level format, ReInitializing). This Reinitializing will fill the hard disk with ones and zeros and should do just fine for when you are getting rid of old drives. To clean partitions/drives booting to a CD like Dban is another option. Snake oil appears here as with most software. So if you really are in need of secure deletion and your not just doing it for psychological reasons then you should scrutinize the validity and trustworthiness of the software. Test has shown commercial secure deletion software that partially fail the secure deletion, and then there are programs that simply don't do anything. One way to do a test is to use data recovery software and see if you can recover the files you securely deleted. Evaluating Commercial Counter-Forensic Tools (PDF) Wilderssecurity: How to verify secure deletion The Hard Disk Shred/Wipe Page Test shows time used for wipes with different patterns Wikipedia: File wiping Overwrite patterns or sanitization matrixs can be used when doing overwrite passes. The pattern is just what data is used to overwrite with. For modern hard disks a few passes with random data should do just fine. A known and pretty fast pattern is, "a character, then its complement and then random characters". Unless you have some good reason for fearing data recovery i would not concern myself about it to much. If you have any concerns about privacy information or sensitive data purge the hard disk with random data. If you do decide to overwrite using multiple passes i would keep it down to 3 passes, say with ones and zeros and then random data. Anything more is just a waste of time if you ask me. Depending on the size of the drive it can take quite some time doing the very "secure" overwrite passes, and passes such as the 35 Gutmann wipe on a 200GB hard disk is just plain silly. Anyway it was made for a completely different hard disk type and covers a "blend of scenarios". From the epilogue of Gutmann's paper (read the full epilogue). If your talking about situations with zero margin for error, then destruction is the only viable option, there are just to many variables. Software is prone to error. You will need to confirm that all overwrite passes are a success every time, so just counting the man hours or labor it's cheaper and safer to just destroy. Contrary to popular belief data overwrite sanitization appears to no longer be approved by anybody in the US and Canada for truly sensitive information. NSA only approves degaussing or physical destruction for hard disks. NSA/CSS STORAGE DEVICE DECLASSIFICATION MANUAL http://www.nsa.gov/ia/government/MDG/NSA_CSS_Storage_Device_Declassification_Manual.pdf DSS now follows the NSA guidelines. DSS Clearing and Sanitization Matrix https://www.dss.mil/portal/ShowBina.../clear_n_san_matrix_06282007_rev_11122007.pdf NISPOM (National Industrial Security Program Operating Manual) remove the guidelines found in section "8-304. Maintenance" and now refers to DSS. Old DOD 5220.22-M, chapter 8-306. Maintenance, Clearing and Sanitization Matrix (using web.archive) 2006 NISPOM (DoD 5220.22-M) https://www.dss.mil/portal/ShowBina...s_internet/isp/fac_clear/download_nispom.html NIST (National Institute of Standards and Technology) only recommends overwrite sanitization for so called cleaning, i.e. to avoid software recovery methods. To protect against laboratory attacks or truly sensitive information only purging is recommend, meaning degaussing or physical destruction. NIST Special Publication 800-88 http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf RCMP (Royal Canadian Mounted Police) only allows data overwrite sanitization (i.e. cleaning) for hard drives containing the following security level of information: Protected “A” (Protected) Protected “B” (Protected) Confidential (Classified) Using triple pass, binary 0s are written on the first pass, binary 1s on the second pass and an ASCII text pattern composed of the DSX version number and date/time stamp for the third pass. Each overwrite pass is followed by a read verify pass. For a hard drives containing the following security level of information: Protected “C” (Protected) Secret (Protected) Top Secret (Classified) Or for a hard drive which is deemed to be non-functioning. Only degaussing or physical destruction is approved. Hard Drive Secure Information Removal and Destruction Guidelines http://www.rcmp-grc.gc.ca/tsb/pubs/it_sec/g2-003_e.pdf
Just to add one more to the tweaks section : http://www.kellys-korner-xp.com/xp_tweaks2.htm XP updates .... all in one (released every month) Autopatcher (helpful, if u want to format and then update XP, without downloading again from MS) Some other Links to check for MS updates, just to make sure your system is patched and up to date : All Recently Published Microsoft Windows Downloads All Recently Published Microsoft Office and Home Downloads Newest Downloads (all categories)
Man, this is just great. That's one hell of a job Animatrix. And if I get anything on my mind that I think it could be added here, I'll post it for sure... Another vote for a sticky...
I think this could be added to Task Manager issues. It was asked for a few times on this forum. If you get a "Task Manager has been disabled by your adminstrator" error message. 1- Open Registry Editor (Regedit.exe) and navigate to: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System In the right-pane, double-click DisableTaskMgr and set it's data to 0 2- Get this registry fix
Stuck, because I'm so nice =) Great FAQ, I'll be changing and combining my Linux guides soon probably, just so we don't end up with a lot of stickies.
Programs: Freeware http://www.giveawayoftheday.com http://www.techsupportalert.com/best_46_free_utilities.htm http://www.pricelesswarehome.org http://www.thefreecountry.com/index.shtml http://www.all4you.dk/FreewareWorld/links.php http://www.p2pforum.it/forum/showthread.php?t=164494 http://www.woundedmoon.org/win32_freeware.html http://www.aplusfreeware.com http://freewarewiki.pbwiki.com http://www.freeware-guide.com http://www.321download.com/LastFreeware/index.html http://www.softwareawards.net http://freewareupdates.info http://www.donationcoder.com http://sourceforge.net http://aumha.org/freeware/freeware.htm http://www.dedoimedo.com/computers/collection.html http://dimio.altervista.org/eng/ http://www.benchmarkhq.ru/english.html?/be_cpu.html Software sites http://www.majorgeeks.com http://www.softpedia.com http://www.download.com http://www.tucows.com http://www.versiontracker.com http://lists.thedatalist.com/index.html Guru3d: software threads: Guru3d: Freeware / Opensource Programs Guru3d: Software u just CAN'T go without Guru3d: Poll Best P2p ? Guru3d: Poll What Anti Virus do you use ? Secure Yourself Guru3d: Firefox and Mozilla: The Monsters Garage Video and Audio: Gspot establishes what audio and video codecs are required to play a media file. free-codecs Winamp or other? Which is your favorite? Make Winamp sound better Winamp Equalizer Miscellaneous Guru3d: Sticky's MS Beta links: Microsoft Beta Microsoft Connect MSDN Various Windows XP Information: Windows Product Activation (WPA) on Windows XP Data Execution Prevention (DEP) A general description of IRQ sharing in Windows XP IRQ Conflicts Scheduling, Thread Context, and IRQL Locks, Deadlocks, and Synchronization Windows XP: Kernel Improvements Create a More Robust, Powerful, and Scalable OS Kernel Enhancements Memory Management Windows XP Performance Benchmarking on Windows XP Changes to Functionality in Microsoft Windows XP Service Pack 2 Windows XP supported upgrade paths Windows XP Home Edition Comparison Guide Windows XP Home Edition vs. Professional Edition: What's the difference? SHELL32 Function Usage Using Rundll Random stuff: Windows Registry Inside the Registry Description of the Microsoft Windows registry Shell Customizing Right-Click Menu Options in Windows Add Target > Open Container to the right-click context menu of your shortcuts (Like Vista's open file location), link. Shell-extensions What other shell enhancements or other tweaks do you recommend for Windows 2000/XP/2003? Google search: Shell enhancements Tweaks: Links, if you have a good link just let me know: rojakpot.com theeldergeek.com tweakguides.com speedguide.net broadbandreports.com Tweakhound: Bad Tweaks techspot: Gaming Guides Optimize XP Benchmarking on Windows XP Performance Tuning Guidelines for Microsoft Services for Network File System 1001 Secrets for Windows NT Registry jsifaq: Windows Tips and Tricks Performance-oriented Windows tweaking Guru3d: PCI latency? a Q for Gurus Boot Time: As boot time is often asked about, i'll just post a few things. 1. Set BIOS for fastest boot Set the HD as first boot device. Use quick boot check, default/on for most BIOS some may have a separate fast/slow check for the HD as well. Disable all devices not used on the motherboard in the BIOS. 2. Set OS for fastest boot Disable devices and channels not in use: Open the Device manager, Start > Run > type devmgmt.msc Using Device manager disable any other devices not in use that you can't disable using the BIOS (not on-board etc.). With at least a decent BIOS most on-board devices like COM ports, firewire etc. can be disabled using the BIOS and when disabled they won't show up in device manager. Using Device manager find IDE ATA/ATAPI Controller (other wording may be used, anyway it's the HD Controller) expand and double click the IDE channels > go to the Advanced settings tab and set Device Type: on None for all channels NOT in use. Disabling Group Policy (gpedit.msc) (*Group Policy Editor is only available in XP Pro) Disabling Group Policy may give a faster boot. For me it seem to give a faster log off (reboot) but in any case if your not using the Group Policy i see no reason not to give it a try. Start > Run > type gpedit.msc > right click "Local Computer Policy" and click properties > under "Disabled" check both computer and user, press apply. Run ProcessIdleTasks: This will force all pending IdleTasks to complete and will invoke the boot optimization routines found in XP. ProcessIdleTasks is suggested as something to do before running benchmarks by MS, it can also be beneficial on newly installed systems to force all IdleTasks to complete. Idle Task Scheduling: The ProcessIdleTask API Go to Start > Run > type or paste Rundll32.exe advapi32.dll,ProcessIdleTasks hit enter, let it finish (look at the case led light), after perform a normal system defrag. Alternatively you can also preform just the boot optimization defrag from the console: Got to Start > Run > type cmd > type defrag C: -b hit enter, when the prompt appear again it is done. Optionally BootVis can also be used and it has a on-screen visual indication of when the task has completed. Keep the system clean The more that has to load at time of boot the longer it will take. Learn to control windows startup of software. Don't install what you don't need. Uninstall what you don't use. Programs, windows components and features, get rid of services you do not need, remember to defrag the system drive, rebuild the registry hives (NTREGOPT) Tools Bootvis is a "tracing and visualization tool" which can be used to trace the boot time and load delays (drivers etc.). It can also force the file placement optimization routine to be run by using Trace > Optimize System from the menu. *Note: There are some trace data issues with HT CPU's and XP SP1, hotfix exists but MS would rather you'd install SP2. Performance trace data from the BootVis.exe tool is corrupted or missing The file placement optimization routines invoked by Bootvis.exe is not really documented anywhere but appears to simply be the same as running the command defrag <system drive> -b from the console which im thinking is part of the ProcessIdleTasks routine. The -b switch is not documented either (i can't find it) but do "work" 1). there is a defrag performed and it's short 2.) There is no error given by the prompt. Time wise the task performed by Bootvis fit's with the defrag <system drive> -b. The ProcessIdleTasks routine performs other tasks as well as the file placement optimization. The so called "pre-determined times" referred to is system idle time, plus the fact that the operation is done "no more often than once every three days". Links: Idle Task Scheduling: The ProcessIdleTask API Fast System Startup for PCs Running Windows XP Fast Boot / Fast Resume Design neowin.net: SpeedUp Improve XPs Boot and Start Up Time Hack #3: Speed Up Boot and Shutdown Times Windows Program Automatic Startup Locations How to manage Windows Startup? Default Processes in Windows 2000 Free Defrag Programs: JkDefrag http://www.kessels.com/JkDefrag/ JkDefrag GUI http://www.emro.nl/freeware/ Power Defragmenter GUI 2.0.125 http://www.excessive-software.eu.tt/ Defraggler http://www.defraggler.com/ Ultra Defragmenter (uses kernel-mode driver) http://ultradefrag.sourceforge.net/ Auslogics Disk Defrag http://www.auslogics.com/disk-defrag/index.php IObit SmartDefrag http://www.iobit.com/iobitsmartdefrag.html Diskeeper Lite 7.0 Build 418 http://www.majorgeeks.com/Diskeeper_Lite_d1207.html O&O Defrag 2000 Freeware Edition 3.5.562 http://www.majorgeeks.com/O&O_Defrag_2000_Freeware_Edition_d4545.html PageDefrag http://www.microsoft.com/technet/sysinternals/FileAndDisk/PageDefrag.mspx Contig http://www.microsoft.com/technet/sysinternals/FileAndDisk/Contig.mspx Rebasing dlls Disclaimer: This is not for all and i will take NO responsibility for anything going wrong. So what's this all about ? Rebasing Win32 DLLs: The Whole Story Rebasing Win32 DLLs Optimizing DLL Load Time Performance Overcoming Windows Memory Allocation Limitations Map Files And DLL Rebasing Rebase those dlls With that said, here is how you rebase .dlls using rebase.exe 1. Get Rebase.exe SDK 2. Get Process Explorer to find dlls base addresses (info on dll address range later). Start Process Explorer click View > Lower Pane View > select Dlls. Then View > Select columns > go to the DLL tab and check on Base Address. Then Options > Configure highlighting > check on Relocated dlls and pick a color. 3. Use whatever method you like and works for you for editing/changing files in use, just realize that as long as the dll is in use you can't rebase it. People who don't know how to work with system files should probably just stop now or only rebase the dlls not loaded at boot and/or program dlls easily controlled. The rest will know what the issue is and how to work around it. (*Hint* The recovery console do NOT support the rebase command). Rebase usage: rebase -b HEX base address Example: rebase -b 0x70000000 xpsp2res.dll Infomation on ranges: So what dlls to rebase ?. Well either dlls which are using bad or conflicting addresses i.e. An address which is in use and so "If a DLL cannot load at its base address because the memory is already occupied, the loader places the DLL elsewhere in virtual memory, then updates all calls into the DLL to reflect the new base address." which obviously takes time slowing the load. It can also lead to virtual memory fragmentation (see hotfix last). xpsp2res.dll base address: Information on base address of XP SP2 xpsp2res.dll I have rebased my xpsp2res.dll to the address suggested above and have seen no harmful side effects from it, however im not truly sure of the effect. But in theory xpsp2res.dll base address is bad and goes against MS's own suggested base address for system dlls (0x70000000 to 0x78000000). There is even a hotfix for it.
Information on various Tweaks: This is just meant as a collection of information about various tweaks, both functional and non functional. Not all settings here are bad, but surprisingly many are. Either they are non functional, OS version specific, or misinformation has simply taken over and it's true function is unknown. I will add more stuff along the way. Registry keys: HKLM = HKEY_LOCAL_MACHINE DisablePagingExecutive Key: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management REG_DWORD: DisablePagingExecutive Data: 0 Prevents pageable "User-mode and kernel-mode drivers and kernel-mode system code" from getting paged out (from memory) to disk (page file). This one is used by many and do "work" (i.e. it's not bogus). The MS documentation for workstation OS (2000/XP) mainly points to it's usefulness for debuging purposes, the server documentation also points to improved performance. However don't expect any miracles (if anything) and certainly nothing near what's often claimed by many tweak apps and guides. Adobe referring to the use of DisablePagingExecutive LargeSystemCache Key: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management REG_DWORD LargeSystemCache Data: 0 (Default value Windows XP Professional: 0 Windows Server 2003: 1) LargeSystemCache 1 is the same setting as System > Advanced > Performance Settings > Advanced > Memory usage on System Cache. Server OS has a Server Optimization tab in Network and Dial-up Connections which is the interface for setting the "Size" key registry data value (interface is not in XP or 2000 pro, but the "Size" key is). "This entry (LargeSystemCache) and the "Size" entry (which is in the HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters subkey) store the setting of the Optimization section of the Server Optimization tab in Network and Dial-up Connections." LargeSystemCache is for file heavy I/O operation needs like the type file servers has. "It is not appropriate for application servers" (such as Web server). "Many applications, such as SQL Server and Microsoft Exchange, change the value of the LargeSystemCache entry to 0". 2003: LargeSystemCache 2000: LargeSystemCache File Cache Performance and Tuning Win32PrioritySeparation Key: HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl REG_DWORD: Win32PrioritySeparation Data: 2 Or using the XP interface Control Panel > System > Advanced tab > Performance settings button > Advanced tab > Processor Scheduling When you install XP this data value is set to 2 for backwards compatibility with NT (NTs version of foreground priority). XP's normal value for foreground priority is 26 in hexadecimal or 38 in decimal (the same value). If you go to Processor Scheduling and set it to Background services and apply, this will set the data value to 18 hexadecimal/24 decimal. Now set it back to Programs and apply, the value/data will change to 26 hexadecimal/38 decimal which as said is XP normal value for foreground priority. This setting as of windows 2000 has changed and now uses whats known as Quantum Accounting. Quantum calculation: Table of the three 2 bits values: Default: Optimize Performance for Applications: 32 + 4 + 2 = 38 Dec / 26 Hex = Short Quantum, Variable Quantum for foreground, High foreground boost. Optimize Performance for Background Services: 16 + 8 + 0 = 24 Dec / 18 Hex = Long Quantum, Fixed Quantum, No foreground boots. Variations: 32 + 8 + 2 = 42 Dec / 2A Hex = Short, Fixed , High foreground boost. 32 + 8 + 1 = 41 Dec / 29 Hex = Short, Fixed , Medium foreground boost. 32 + 8 + 0 = 40 Dec / 28 Hex = Short, Fixed , No foreground boost. 32 + 4 + 2 = 38 Dec / 26 Hex = Short, Variable , High foreground boost. 32 + 4 + 1 = 37 Dec / 25 Hex = Short, Variable , Medium foreground boost. 32 + 4 + 0 = 36 Dec / 24 Hex = Short, Variable , No foreground boost. 16 + 8 + 2 = 26 Dec / 1A Hex = Long, Fixed, High foreground boost. 16 + 8 + 1 = 25 Dec / 19 Hex = Long, Fixed, Medium foreground boost. 16 + 8 + 0 = 24 Dec / 18 Hex = Long, Fixed, No foreground boost. 16 + 4 + 2 = 22 Dec / 16 Hex = Long, Variable, High foreground boost. 16 + 4 + 1 = 21 Dec / 15 Hex = Long, Variable, Medium foreground boost. 16 + 4 + 0 = 20 Dec / 14 Hex = Long, Variable, No foreground boost. Win32PrioritySeparation Resolution of system timer The system timer tick interval affects thread scheduling. Here is his run down on the quantum, Master Your Quantum As mentioned, applications can change the resolution. For example running Windows Media Player will set it to 3.906 and when playing something set it to "0.977". Using the "/TIMERES=" switch in the boot.ini will set the resolution of the system timer. Set Windows Timer Resolution ClockRes CSS game server (Tickrate) Inside Windows NT High Resolution Timers IoPageLockLimit Do only work for Windows versions before 2000 SP1 http://www.microsoft.com/resources/...s/2000/server/reskit/en-us/regentry/29931.asp IRQ# Priority - There are no IRQ priority boosting possibility on windows through registry entry. IRQs have a priority level at which they are interrupted by the CPU. The IRQ number (which is fix for some hardware components and otherwise relates to the install process where hardware gets detected and assigned a IRQ) determines the priority level. IRQ Secondly if we look at linux where there's actually a app called IRQTUNE which can changes the IRQ priority of devices, it is using a kernel module, which is not quite the same as just adding a registry entry. SecondLevelDataCache - Will do nothing for modern CPU's (P2 and later). SecondLevelDataCache AlwaysUnloadDlls For operating systems prior to Windows 2000. EnablePrefetcher Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters REG_DWORD: EnablePrefetcher Data: 3, looks like this 0x00000003 (3) Only 1, 2 and 3 are valid values, not 5 or whatever else people may claim. 1 = app prefetching 2 = boot prefetching 3 = app and boot prefetching Memory Management Extensible Performance Counters guru3d thread Other tweaks: QoS - The actual workings of QoS, both in use, use of, technical background, OS version differences etc. is not at all well known by most, even the people using it. 1. There is no global bandwidth de/increase. 2. Only QoS aware programs can take use of the "reserved" bandwidth, 20% by default. 3. Only applies to when QoS aware programs are sending data. 4. If the program that reserved the bandwidth is not sending sufficient data to use it, the unused part of the reserved bandwidth is available for other data flows on the same host. In my opinion people should simply uninstall the protocol, that is if not needed (VoIP stuff and the like) , removing all unneeded protocols is more likely to improve the network, this includes the file and printer sharing. QoS Technical Reference Quality of Service Technical White Paper Introduction to QOS (programming) win 2000 QoS Traffic Control in Windows 2000 Description of Reservation State in RSVP Description of the Resource Reservation Protocol (RSVP) Cisco: Quality of Service (QoS) /prefetch:# commandline "tweak" The prefetch commandline flag is used for multipurpose programs (works generically but only WMP seems to use it). By specifying a /prefetch:# flag with a different number for each "mode" the multipurpose app can do, each mode gets its own separate hash file so as to get the prefetch done properly. It do NOT speed up the launch of programs beyond what prefetching does in the first place. Unless various dll's are used at launch time, for a "mode" of opration there is no point using it. As this is a part of prefetching and how it generically works, and all apps gets prefetch, you would think that software makers would be using the flag if it was needed for their apps, but they don't.
Yes i think so, plus im unsure what the character limit is now. It used to be 15000 but i am using more already (unless my word count is screwed) , i bumped my old qustion in the Feedback & News forum. Edit: Oh man 20000 nice, even if it's "only" 5000 more
Yea... I just read that. 167xx... Something like that. Let's wait for a reply from Hilbert... EDIT According to IB, the limit should be 20k now...
I am sure Hilbert increased it, when David wanted to add something to his longhorn thread, Ahh found the thread http://forums.guru3d.com/showthread.php?s=&threadid=148911
hmm .... I am not sure if this link is present ........ lol there are so many MS kb links . How to backup data : http://support.microsoft.com/kb/308422/
LOL ..... i just realized that ALL of MS hotfixes and security updates can just be integrated as SP2 is integrate like :: kb****** /integrate:<location where xp files are saved in the hard disk>
EDIT: For stuff DevCon quick guide Enable/disable a device using devcon (devcon.exe copyed to system folder i.e. windows or system32 for easy access) 1. Start > Run > type cmd press ok > type devcon help for a list of all commands. 2. To disable a device first we need to get the hardware ID either by using the Device Manager or the Console and devcon. 2.1. Using Device Manager to get hardware ID; Double click the device your interested in and go to the Details tab, using the Property dropdown menu select Hardware Ids. Depending on the device there may be multiple strings and long string with "&" connecting parts (layman term). We are only intrested in the first part of the string (ID) before any "&" character. Example of Hardware Ids: COM Port = ACPI\PNP0501 Sound card, first full string = PCI\VEN_1102&DEV_0004&SUBSYS_20021102&REV_04 Part of Sound card string we will use = PCI\VEN_1102 2.2. Using the Console to get hardware ID; Type devcon /classes a list of device classes is presented. Find the device class your interested in e.g. MEDIA for sound card. Using the MEDIA device class as example we now type devcon /listclass MEDIA, this will give a list of devices. Again we are only interested in the first part of the string before any "&" character. Example of "devcon /listclass MEDIA". Code: PCI\VEN_1102&DEV_0004&SUBSYS_20021102&REV_04\4&2E98101C&0&58F0: Creative SB Audigy 2 ZS (WDM) SW\{EEC12DB6-AD9C-4168-8658-B03DAEF417FE}\{ABD61E00-9350-47E2-A632-4438B90C6641}: Microsoft Kernel DRM Audio Descrambler 3. Continuing using the sound card as example we now have the ID and can enable or disable it by typing devcon /enable PCI\VEN_1102 or devcon /disable PCI\VEN_1102 in the console. bat. file example. Code: @echo off devcon /enable PCI\VEN_1102 Msconfig The System Configuration Utility, aka Msconfig, is a diagnostic tool. It's used for troubleshooting and diagnosing Windows configuration issues. By using check boxes it's much easier to work with the settings, and to toggle between settings (on/off toggle style) then it would otherwise be when working with the settings in the actual files (like boot.ini), using the tools (like the services snap-in), or otherwise having to be many places, e.g. regedit, services snap-in, the boot.ini file. Check boxes also reduce the risk of typing errors. Practically non of the configurations you can modify through msconfig is meant for permanent changes, as i otherwise often see it referred to. Most of the time it's the startup programs and services which some believe should be controlled through msconfig, this is not true. Services should be controlled using the "Services" snap-in found under your Administrative Tools. To do more advance things like deleting a service you need to use the command prompt (start > run > type cmd press ok) typing sc ? in the prompt displays all commands. Controlling what starts up along with windows is in reality quite difficult as Windows has about a million ways to auto start programs and other stuff. This is also how and why spyware can hide it's run command from the casual PC user. A Collection of Autostart Locations The three places most used by legitimate programs are: Code: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run :\Documents and Settings\*UserName*\Start Menu\Programs\Startup I'd suggest getting Autoruns from sysinternals. Ask the Performance Team: Who’s That Hiding in my Windows? What to uncheck and what not FAQ: Common Autoruns Issues For those who are interested i'd suggest learning a bit about how windows can start stuff, as well as getting acquainted with system tools like Regedit, Services, CMD and so on.
Troubleshooting check list: 1. Look for updates to software, drivers and the operating system. 2. Run System File Checker. Instructions: Vista / XP 3. Run a disk check. Also go to your hard disk manufacture support page and look for a diagnostic utility. Instructions: Vista / XP 4. Test your RAM for errors. 5. Troubleshoot background running processes, use process of elimination. Autoruns is a tool used as msconfig only it's much more powerful. Process Explorer is another tool, it work like task manager only again much, much more powerful.