The System Info tab is used for at-a-glance problem diagnosis, Quality Assurance purposes, and as a shortcut to common tasks not limited to information gathering alone.
Many items on this tab can be CLICKED to perform various functions. If you see your mouse cursor turn to a HAND, then you can click it for some function. Go ahead, click and see what happens!
- Ticket Number / Client Name:
- OS Information:
- Installed – The date Windows was installed (this includes repair/over-the-top installs). Windows 10: This resets with every major Windows update, since the major updates are basically new installations, that’s why.
- Uptime – The current system ‘uptime’ just means how long the system has been running since the last boot.
- Boot Time – This figure is sometimes inaccurate (it is reported by the Windows Performance Monitor, so, yeah.) (Vista+)
- Win Mode – Normal, Safe Mode, Safe Mode with Networking.
- Last Run – The last time d7x was run on this PC. This value is stored in the registry, can be stamped manually by clicking this label, or can be automatically stamped by enabling the option “Store last d7x run time in the registry” in Config > Behavior/Updates > General Behavior.
- User/Networking stuff is mostly self-explanatory. Note you can click on various items here like clicking on the Gateway (GW:) will open that site in a web browser, or clicking on DNS will ping those servers, etc.
- Username – The currently logged in user, of course. Click to open the Windows 2000 classic User Accounts prompt (control userpasswords2.cpl)
- Profile – This is the currently logged in user’s profile directory. Click to open it!
- Windows Security – These values are reported by Windows Security Center (see note at the bottom of this page), which still exists in Windows 10 although it is not found in the UI. This is useful to determine where multiple A/V software packages are installed on a system. Click any of these items to open a new window with more related functionality, such as removing entries from WSC or uninstalling the A/V software.
- System Information – At a glance system info, clicking on some of these items can be very useful, such as clicking on the video card or motherboard will copy the model number to the clipboard and prompt you to open the download site for that manufacturer, and copy the model number to the clipboard (so you can paste it into the download site.) On Dell systems clicking the motherboard should open the site directly to the page for that specific service tag.
- System – Detects the system string from the BIOS as filled in by the OEM.
- MB – Gives the motherboard info retrieved from the BIOS, and hopefully the motherboard model number. In the case of a DELL system, it will give the Dell Service Tag instead of the motherboard model number. Clicking on this label will offer you the option to go directly to the downloads section of the motherboard manufacturer’s website, and will also copy the model number of the motherboard to the clipboard, so you can paste it directly into the search box. On Dell systems clicking the motherboard should open the site directly to the page for that specific service tag. Also on a Dell system, if you choose NO to go to the downloads, it will offer you the option to check the Dell warranty status for that particular service tag.
- BIOS – obvious
- CPU – Line one gives the registry string of the CPU, and line two gives the actual speed and HT/Core/CPU count. (D7 cannot differentiate between HT and Multiple core or multiple CPU systems.)
- Video – Gives video info. This can be incorrect if you have (or once had) multiple video adapters installed on the system. Clicking this item offers to take you to the video manufacturer’s downloads section of their website.
- Res – The current screen resolution / color depth.
- Battery – Displays if On A/C Power or Battery Power, or if no battery is found on the system.
In the Alerts Column: The following items are checked and will potentially appear as an alert.
Items appearing in BLUE (if it isn’t a column heading) deserve your attention, but are not ‘wrong’ in any way, they are merely worthy of your attention, for example if a PC is on a Domain then that Domain name appears in BLUE, because it is in fact, on a Domain and not in a workgroup, something you should know about when working on a system.
Items appearing in RED means there is something wrong or something definitely needs your attention.
- Registry Hijacks – Several classic registry hijacks used by older malicious software are automatically detected at every d7x startup and alerted if present.
- Minidumps – The last minidump (crash dump) generated by the system will be displayed here with the date/time. Clicking the alert will launch Nirsoft’s Bluescreenview for analyzing the dumps.
- Device Manager check, alerts if devices are in an error state (and have yellow exclamation marks on them in Device Manager), click to bring up an internal d7x device manager window where you can google the issue with one click.
- Windows Activation check
- Windows Service Pack alert
- Internet Explorer version alert (for older OSes, of course)
- RAM alert – alerts you when RAM is either running low, or just needs an upgrade. d7x decides your RAM needs an upgrade if you aren’t running at least 1GB on WinXP, or 2GB on Vista+
- Free Disk Space check (alerts when less than 15% of the OS partition is available.)
- Check Event Log – Appears in RED if there are errors in the event logs since the last system reboot. Appears in BLUE if there are only warnings since the last system reboot. Click this item to launch d7x’s internal event viewer.
Paging File size check(removed)
- User Profile path check (alerts when d7x believes you are logged into a TEMP profile, indicating corruption of another user profile on the system.)
- A/V alert – d7x alerts you when you either have no anti-virus installed, when it is outdated, or multiple anti-virus packages installed. Click to open d7x’s internal Windows Security Center options dialog.
Automatic Updatescheck. (removed)
- System Restore check – Note does not alert if System Restore is BROKEN, only if it is enabled/disabled.
- Event Log check – alerts when anomalies are found since the last reboot only (blue when warnings appear, and red when errors appear.) Click to open d7x’s internal event viewer with several nice options over the Windows event viewer.
- Dirty Volume check – alerts when a partition is flagged as ‘dirty’ and marked for chkdsk on reboot.
- PIO Mode check – If d7x suspects a device is in PIO mode that should be in DMA, clicking this item will apply a fix for the issue which requires a restart of Windows. Sometimes the alert is false, as d7x cannot differentiate between MWDMA2 and PIO mode, however applying the fix regardless has no adverse effects.
- CEIP check – alerts when the Customer Experience Improvement Program is enabled within Windows. Clicking this item will bring up the Windows dialog allowing you to en/disable this item.
- If the MSCONFIG state is not normal, d7x will display an alert.
* SPECIAL NOTE – Anti-Virus Software Detection
I get many questions regarding d7x’s Anti-Virus software detection, and how it works. Mostly people wonder:
- Why is it detecting A/V software (or even fake or rogue A/V software) that I have removed from the system?
- Why does it not detect _______ A/V software?
Maybe this will answer your question. How it works: d7x doesn’t detect Anti-Virus software installations themselves. Instead, d7x queries Windows Security Center (WSC) via a WMI call. d7x only reports back to you what WSC returns in the WMI query.
When Anti-Virus software installs, it registers itself with WSC (or it should, however some off brand A/V packages and even reputable ones that didn’t install 100% properly may not correctly register themselves with WSC…)
When Anti-Virus software is uninstalled, it removes itself from WSC (OR IT SHOULD.) Some A/V uninstallers merely do not remove themselves from WSC. In the case of ripping malware (rogue A/V’s) out of a system that have registered themselves with WSC, obviously that information wouldn’t be removed from WSC.
But how to fix these phantom entries? Simply click on the alert to bring up d7x’s internal WSC options dialog, where you can selectively remove these phantom entries.
How to see what Windows sees and verify d7x is correct – and how to pluck out a specific A/V no longer present without using d7x’s Repair functionality.
- From an elevated (admin) command prompt, type WBEMTEST and hit enter.
- In the new window, click the Connect button
- In the new window, under the Namespace entry, type root\SecurityCenter and click the Connect button
- Next click the Enum Instances button, and in the box type AntiVirusProduct
The final window that pops up will show you what Windows thinks is the Antivirus software (and what d7x queries to get it’s information). From here, you should be able to selectively delete A/V products that are no longer installed.
Windows 10/11 built-in Ransomware Protection (Controlled Folder Access) and CryptoPrevent (repost) CryptoPrevent version 21.7.23 adds a new setting for “Controlled...