Program Run Command
Accessibility Controls access.cpl
Accessibility Wizard accwiz
Add Hardware Wizard hdwwiz.cpl
Add/Remove Programs appwiz.cpl
Administrative Tools control admintools
Adobe Acrobat ( if installed ) acrobat
Adobe Distiller ( if installed ) acrodist
Adobe ImageReady ( if installed ) imageready
Adobe Photoshop ( if installed ) photoshop
Automatic Updates wuaucpl.cpl
Basic Media Player mplay32
Bluetooth Transfer Wizard fsquirt
Calculator calc
Ccleaner ( if installed ) ccleaner
C: Drive c:
Certificate Manager cdrtmgr.msc
Character Map charmap
Check Disk Utility chkdsk
Clipboard Viewer clipbrd
Command Prompt cmd
Command Prompt command
Component Services dcomcnfg
Computer Management compmgmt.msc
Compare Files comp
Control Panel control
Create a shared folder Wizard shrpubw
Date and Time Properties timedate.cpl
DDE Shares ddeshare
Device Manager devmgmt.msc
Direct X Control Panel ( if installed ) directx.cpl
Direct X Troubleshooter dxdiag
Disk Cleanup Utility cleanmgr
Disk Defragment dfrg.msc
Disk Partition Manager diskmgmt.msc
Display Properties control desktop
Display Properties desk.cpl
Display Properties (w/Appearance Tab Preselected ) control color
Dr. Watson System Troubleshooting Utility drwtsn32
Driver Verifier Utility verifier
Ethereal ( if installed ) ethereal
Event Viewer eventvwr.msc
Files and Settings Transfer Tool migwiz
File Signature Verification Tool sigverif
Findfast findfast.cpl
Firefox firefox
Folders Properties control folders
Fonts fonts
Fonts Folder fonts
Free Cell Card Game freecell
Game Controllers joy.cpl
Group Policy Editor ( xp pro ) gpedit.msc
Hearts Card Game mshearts
Help and Support helpctr
Hyperterminal hypertrm
Hotline Client hotlineclient
Iexpress Wizard iexpress
Indexing Service ciadv.msc
Internet Connection Wizard icwonn1
Internet Properties inetcpl.cpl
Internet Setup Wizard inetwiz
IP Configuration (Display Connection Configuration) ipconfig /all
IP Configuration (Display DNS Cache Contents) ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents) ipconfig /flushdns
IP Configuration (Release All Connections) ipconfig /release
IP Configuration (Renew All Connections) ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS) ipconfig /registerdns
IP Configuration (Display DHCP Class ID) ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID) ipconfig /setclassid
Java Control Panel ( if installed ) jpicpl32.cpl
Java Control Panel ( if installed ) javaws
Keyboard Properties control keyboard
Local Security Settings secpol.msc
Local Users and Groups lusrmgr.msc
Logs You Out of Windows logoff
Malicious Software Removal Tool mrt
Microsoft Access ( if installed ) access.cpl
Microsoft Chat winchat
Microsoft Excel ( if installed ) excel
Microsoft Diskpart diskpart
Microsoft Frontpage ( if installed ) frontpg
Microsoft Movie Maker moviemk
Microsoft Management Console mmc
Microsoft Narrator narrator
Microsoft Paint mspaint
Microsoft Powerpoint powerpnt
Microsoft Word ( if installed ) winword
Microsoft Syncronization Tool mobsync
Minesweeper Game winmine
Mouse Properties control mouse
Mouse Properties main.cpl
MS-Dos Editor edit
MS-Dos FTP ftp
Nero ( if installed ) nero
Netmeeting conf
Network Connections control netconnections
Network Connections ncpa.cpl
Network Setup Wizard netsetup.cpl
Notepad notepad
Nview Desktop Manager ( if installed ) nvtuicpl.cpl
Object Packager packager
ODBC Data Source Administrator odbccp32
ODBC Data Source Administrator odbccp32.cpl
On Screen Keyboard osk
Opens AC3 Filter ( if installed ) ac3filter.cpl
Outlook Express msimn
Paint pbrush
Password Properties password.cpl
Performance Monitor perfmon.msc
Performance Monitor perfmon
Phone and Modem Options telephon.cpl
Phone Dialer dialer
Pinball Game pinball
Power Configuration powercfg.cpl
Printers and Faxes control printers
Printers Folder printers
Private Characters Editor eudcedit
Quicktime ( if installed ) quicktime.cpl
Quicktime Player ( if installed ) quicktimeplayer
Real Player ( if installed ) realplay
Regional Settings intl.cpl
Registry Editor regedit
Registry Editor regedit32
Remote Access Phonebook rasphone
Remote Desktop mstsc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Resultant Set of Policy ( xp pro ) rsop.msc
Scanners and Cameras sticpl.cpl
Scheduled Tasks control schedtasks
Security Center wscui.cpl
Services services.msc
Shared Folders fsmgmt.msc
Sharing Session rtcshare
Shuts Down Windows shutdown
Sounds Recorder sndrec32
Sounds and Audio mmsys.cpl
Spider Solitare Card Game spider
SQL Client Configuration clicongf
System Configuration Editor sysedit
System Configuration Utility msconfig
System File Checker Utility ( Scan Immediately ) sfc /scannow
System File Checker Utility ( Scan Once At Next Boot ) sfc /scanonce
System File Checker Utility ( Scan On Every Boot ) sfc /scanboot
System File Checker Utility ( Return to Default Settings) sfc /revert
System File Checker Utility ( Purge File Cache ) sfc /purgecache
System File Checker Utility ( Set Cache Size to Size x ) sfc /cachesize=x
System Information msinfo32
System Properties sysdm.cpl
Task Manager taskmgr
TCP Tester tcptest
Telnet Client telnet
Tweak UI ( if installed ) tweakui
User Account Management nusrmgr.cpl
Utility Manager utilman
Volume Serial Number for C: label
Volume Control sndvol32
Windows Address Book wab
Windows Address Book Import Utility wabmig
Windows Backup Utility ( if installed ) ntbackup
Windows Explorer explorer
Windows Firewall firewall.cpl
Windows Installer Details msiexec
Windows Magnifier magnify
Windows Management Infrastructure wmimgmt.msc
Windows Media Player wmplayer
Windows Messenger msnsgs
Windows Picture Import Wizard (Need camera connected) wiaacmgr
Windows System Security Tool syskey
Windows Script host settings wscript
Widnows Update Launches wupdmgr
Windows Version ( shows your windows version ) winver
Windows XP Tour Wizard tourstart
Wordpad write
Zoom Utility igfxzoom
Wednesday, September 15, 2010
Useful commands for windows 2003 server administration
shutdown /m \\ /s /c "Server requires reboot due to app install" - The following two commands work with the
Windows Server 2003 version of shutdown.exe. This shuts a server down after the 30 seconds (default wait timer):
shutdown /m \\ /r /t 20 /c "Server is going down for repairs" - This command restarts a server after 20 seconds
shutdown \\ "Server is going down for repairs" - On Windows 2000, the shutdown options are a little different. This command shuts down a server (in 30 seconds by default):
shutdown \\ /r /t:15 "Server requires reboot due to app install" - And this restarts (/r option) a server in 15 seconds
All three of the following commands display the system uptime
psinfo \\ | findstr Uptime
srvinfo \\ | findstr /c:"Up Time"
systeminfo /s | findstr /c:"Up Time"
runas /user:administrator@rallencorp.com /netonly "mmc.exe" - Sometimes it is convenient to create a MMC console that runs under administrator privileges. In this case, simply use mmc.exe as the command to run from runas:
netsh int ip show config - view network configuration information is netsh
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection":
netsh int ip show dns - view the current DNS configuration for all connections on the local machine
nltest /server: /DsGetSite - You want to find the Active Directory site a computer is part of, which is based on the IP address of the computer
linkspeed /s \\ - The Windows Server 2003 Resource Kit includes a new tool called linkspeed
linkspeed /s
linkspeed /dc - Alternatively, you can specify the /dc switch to have it test the machine's current domain controller
netsh interface ipv6 install - The following command installs the IPv6 stack. It must be run directly on the target server
psexec \\server01 netsh interface ipv6 install - If you need to run the command remotely, you can use the psexec
secedit /refreshpolicy machine_policy - You can force new auditing settings to be applied by running the secedit command on Windows 2000
gpupdate /target:computer - the gpupdate command on Windows Server 2003
cusrmgr -m \\ -u admininstrator -r - To rename local accounts, use the cusrmgr.exe utility from the Windows 2000
For example:
cusrmgr -m \\srv01 -u admininstrator -r admn
iisreset - The following command restarts all IIS services on the computer
iisreset 172.16.12.5 /stop - To stop IIS services on a remote computer with IP address 172.16.12.5
iisreset 172.16.12.5 /status - To verify that IIS services have been stopped on the remote computer
iisreset /disable - To prevent iisreset from being used to stop IIS services,
iisreset /stop - stop all IIS services
net stop w3svc - To stop the WWW service only on your IIS computer
net start w3svc - To start it again
net stop /y iisadmin - To stop the IISAdmin service and all dependent IIS services
iisweb /stop "Default Web Site" - To stop the Default Web Site only while leaving other web sites running
iisweb /start "Default Web Site" - To start it again
iisweb /create D:\HR "Human Resources" /i 216.44.65.8 - The following command creates a new web site named Human Resources on server with IP 216.44.65.8 and root directory D:\HR
iisweb /create D:\Corp "My Company" - The following command creates a new site named My Company with root directory D:\Corp and IP address "All Unassigned,"
iisvdir /create "Human Resources" employees D:\resumes - The following command creates a virtual directory within the Human Resources web site and maps alias employees to physical directory D:\resumes:
iisvdir /query "Human Resources" - list virtual directories within the Human Resources site:
iisvdir /delete "Human Resources\employees" - To delete the previously created virtual directory
iisback /backup /b 28july04 - The following command backs up the metabase using the iisback.vbs script and names the two backup files 28july04.MD0
iisback /list - To view a list of the current metabase backups
iisapp - The following command displays the process ID (PID) of all worker processes running on the computer,
iisapp /p 2765 - The following command displays the application pool to which the worker process having PID 2765 is assigned
iisftp /create C:\ftpstuff "My FTP Site" /i 172.16.12.50 /dontstart - The following command creates a new FTP site named My FTP Site with root directory C:\ftpstuff and IP address 172.16.12.50
iisftp /start "My FTP Site" - To start the new site,
iisftp /query - To display a list of all FTP sites on your server
net stop msftpsvc - You can also stop and start all FTP sites on your server using the following commands
net start msftpsvc
net stop dns - You can use the net.exe command to stop or start the DNS Server service on the local machine
net start dns
dnscmd /enumzones - view the zones on a local DNS Server
dnscmd /clearcache - The following command clears the server cache
dnscmd /statistics - Use the following command to display utilization statistics
unlock . * -view - unlock that lets you find locked out users and unlock them in one shot
unlock dc01 username - The following command unlocks the user rallen on dc01
dsmod user -disabled no - To enable a user
dsmod user -disabled yes - To disable a user
dsmod group "" -addmbr ""- The -addmbr option adds a member to a group
dsmod group "" -rmmbr "" - The -rmmbr option removes a member from a group
dsmod user -pwd * - This command changes the password for the user specified by .
dsget group "" -members - The following command displays the direct members of a group
dsget group "" -members -expand - Add the -expand option to enumerate all nested group members
dsadd computer "" -desc ""- Use the following command to create a computer account in Active Directory
netsh int ip set address name="" source=dhcp - The following command configures DHCP for a connection
netsh int ip set address name="Local Area Connection" source=dhcp - configuring the connection named "Local Area Connection" to use DHCP
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection
Run any of the following commands to start a service
psservice start
sc start
wmic service call StartService
net start
Run any of the following commands to stop a service
psservice stop
sc stop
wmic service call StopService
net stop
sc queryex - The following command displays the process ID (PID) that corresponds to a service
sc \\ qc - The following command displays the services that the specified service depends on
sc \\ enumdepend - The following command displays the services that depend on the specified service
psservice \\ depend - You can also use the following command
taskkill -pid - The following command kills a process by PID
taskkill /s -im - And this command kills a process by name on a remote server
pskill \\ - The pskill.exe utility works in a very similar manner
tasklist - viewing the running processes via the command line
pslist \\ - The Sysinternals pslist.exe utility is available for Windows Server 2003 or Windows 2000 and can be run against a remote host
top - There is also the top.exe command, which is available in the Windows 2000 Resource Kit. It provides a continually updated view of the top running process (by CPU)
tlist | findstr cmd.exe - On Windows 2000, you can use the tlist.exe (or pslist.exe) command in combination with findstr.exe to find processes
runas /user: "" - The runas.exe command allows you to run a command with alternate credentials
runas /user:AMER\rallen.adm "mmc.exe" -
diskpart - On Windows Server 2003, you can use the diskpart utility to view the disk, drive, and volume configuration. First, get into interactive mode
list disk - to view the list of disks
list vol - to see the list of volume and assigned drive letters,
nltest /server: /sc_query: - The following command tests the secure channel for a computer
nltest /server: /sc_reset: - The following command resets the secure channel for a compute
Published Friday, February 13, 2009 2:11 PM by darenhan
Windows Server 2003 version of shutdown.exe. This shuts a server down after the 30 seconds (default wait timer):
shutdown /m \\ /r /t 20 /c "Server is going down for repairs" - This command restarts a server after 20 seconds
shutdown \\ "Server is going down for repairs" - On Windows 2000, the shutdown options are a little different. This command shuts down a server (in 30 seconds by default):
shutdown \\ /r /t:15 "Server requires reboot due to app install" - And this restarts (/r option) a server in 15 seconds
All three of the following commands display the system uptime
psinfo \\ | findstr Uptime
srvinfo \\ | findstr /c:"Up Time"
systeminfo /s | findstr /c:"Up Time"
runas /user:administrator@rallencorp.com /netonly "mmc.exe" - Sometimes it is convenient to create a MMC console that runs under administrator privileges. In this case, simply use mmc.exe as the command to run from runas:
netsh int ip show config - view network configuration information is netsh
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection":
netsh int ip show dns - view the current DNS configuration for all connections on the local machine
nltest /server: /DsGetSite - You want to find the Active Directory site a computer is part of, which is based on the IP address of the computer
linkspeed /s \\ - The Windows Server 2003 Resource Kit includes a new tool called linkspeed
linkspeed /s
linkspeed /dc - Alternatively, you can specify the /dc switch to have it test the machine's current domain controller
netsh interface ipv6 install - The following command installs the IPv6 stack. It must be run directly on the target server
psexec \\server01 netsh interface ipv6 install - If you need to run the command remotely, you can use the psexec
secedit /refreshpolicy machine_policy - You can force new auditing settings to be applied by running the secedit command on Windows 2000
gpupdate /target:computer - the gpupdate command on Windows Server 2003
cusrmgr -m \\ -u admininstrator -r - To rename local accounts, use the cusrmgr.exe utility from the Windows 2000
For example:
cusrmgr -m \\srv01 -u admininstrator -r admn
iisreset - The following command restarts all IIS services on the computer
iisreset 172.16.12.5 /stop - To stop IIS services on a remote computer with IP address 172.16.12.5
iisreset 172.16.12.5 /status - To verify that IIS services have been stopped on the remote computer
iisreset /disable - To prevent iisreset from being used to stop IIS services,
iisreset /stop - stop all IIS services
net stop w3svc - To stop the WWW service only on your IIS computer
net start w3svc - To start it again
net stop /y iisadmin - To stop the IISAdmin service and all dependent IIS services
iisweb /stop "Default Web Site" - To stop the Default Web Site only while leaving other web sites running
iisweb /start "Default Web Site" - To start it again
iisweb /create D:\HR "Human Resources" /i 216.44.65.8 - The following command creates a new web site named Human Resources on server with IP 216.44.65.8 and root directory D:\HR
iisweb /create D:\Corp "My Company" - The following command creates a new site named My Company with root directory D:\Corp and IP address "All Unassigned,"
iisvdir /create "Human Resources" employees D:\resumes - The following command creates a virtual directory within the Human Resources web site and maps alias employees to physical directory D:\resumes:
iisvdir /query "Human Resources" - list virtual directories within the Human Resources site:
iisvdir /delete "Human Resources\employees" - To delete the previously created virtual directory
iisback /backup /b 28july04 - The following command backs up the metabase using the iisback.vbs script and names the two backup files 28july04.MD0
iisback /list - To view a list of the current metabase backups
iisapp - The following command displays the process ID (PID) of all worker processes running on the computer,
iisapp /p 2765 - The following command displays the application pool to which the worker process having PID 2765 is assigned
iisftp /create C:\ftpstuff "My FTP Site" /i 172.16.12.50 /dontstart - The following command creates a new FTP site named My FTP Site with root directory C:\ftpstuff and IP address 172.16.12.50
iisftp /start "My FTP Site" - To start the new site,
iisftp /query - To display a list of all FTP sites on your server
net stop msftpsvc - You can also stop and start all FTP sites on your server using the following commands
net start msftpsvc
net stop dns - You can use the net.exe command to stop or start the DNS Server service on the local machine
net start dns
dnscmd /enumzones - view the zones on a local DNS Server
dnscmd /clearcache - The following command clears the server cache
dnscmd /statistics - Use the following command to display utilization statistics
unlock . * -view - unlock that lets you find locked out users and unlock them in one shot
unlock dc01 username - The following command unlocks the user rallen on dc01
dsmod user -disabled no - To enable a user
dsmod user -disabled yes - To disable a user
dsmod group "" -addmbr ""- The -addmbr option adds a member to a group
dsmod group "" -rmmbr "" - The -rmmbr option removes a member from a group
dsmod user -pwd * - This command changes the password for the user specified by .
dsget group "" -members - The following command displays the direct members of a group
dsget group "" -members -expand - Add the -expand option to enumerate all nested group members
dsadd computer "" -desc ""- Use the following command to create a computer account in Active Directory
netsh int ip set address name="" source=dhcp - The following command configures DHCP for a connection
netsh int ip set address name="Local Area Connection" source=dhcp - configuring the connection named "Local Area Connection" to use DHCP
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection
Run any of the following commands to start a service
psservice start
sc start
wmic service call StartService
net start
Run any of the following commands to stop a service
psservice stop
sc stop
wmic service call StopService
net stop
sc queryex - The following command displays the process ID (PID) that corresponds to a service
sc \\ qc - The following command displays the services that the specified service depends on
sc \\ enumdepend - The following command displays the services that depend on the specified service
psservice \\ depend - You can also use the following command
taskkill -pid - The following command kills a process by PID
taskkill /s -im - And this command kills a process by name on a remote server
pskill \\ - The pskill.exe utility works in a very similar manner
tasklist - viewing the running processes via the command line
pslist \\ - The Sysinternals pslist.exe utility is available for Windows Server 2003 or Windows 2000 and can be run against a remote host
top - There is also the top.exe command, which is available in the Windows 2000 Resource Kit. It provides a continually updated view of the top running process (by CPU)
tlist | findstr cmd.exe - On Windows 2000, you can use the tlist.exe (or pslist.exe) command in combination with findstr.exe to find processes
runas /user: "" - The runas.exe command allows you to run a command with alternate credentials
runas /user:AMER\rallen.adm "mmc.exe" -
diskpart - On Windows Server 2003, you can use the diskpart utility to view the disk, drive, and volume configuration. First, get into interactive mode
list disk - to view the list of disks
list vol - to see the list of volume and assigned drive letters,
nltest /server: /sc_query: - The following command tests the secure channel for a computer
nltest /server: /sc_reset: - The following command resets the secure channel for a compute
Published Friday, February 13, 2009 2:11 PM by darenhan
NTLDR is Missing
insert the Windows CD and start the computer.
When the Welcome to Setup screen appears, press R.
Type a number corresponding to the Windows installation you wish to repair (usually 1) and press Enter.
When prompted, type the administrator password and press Enter.
From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, C: is the hard drive and D: is the CD-ROM drive. You will need to change the drive letters if appropriate:
COPY D:\I386\NTLDR C:\
COPY D:\I386\NTDETECT.COM C:\
Remove the Windows XP CD from the drive and restart the computer.
When the Welcome to Setup screen appears, press R.
Type a number corresponding to the Windows installation you wish to repair (usually 1) and press Enter.
When prompted, type the administrator password and press Enter.
From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, C: is the hard drive and D: is the CD-ROM drive. You will need to change the drive letters if appropriate:
COPY D:\I386\NTLDR C:\
COPY D:\I386\NTDETECT.COM C:\
Remove the Windows XP CD from the drive and restart the computer.
ADMT 3.2 Released!!
Those that are on the various message boards or are thinking about an upcoming migration then this post is for you.
ADMT 3.2 has been released
Active Directory Migration Tool version 3.2
The key thing from that page is this:
Supported Operating Systems: Windows Server 2008 R2
So you can now run ADMT on a 2008 R2 box. Now time to migrate :)
Posted by mkline at 6:31 PM 0 comments Links to this post
ADMT 3.2 has been released
Active Directory Migration Tool version 3.2
The key thing from that page is this:
Supported Operating Systems: Windows Server 2008 R2
So you can now run ADMT on a 2008 R2 box. Now time to migrate :)
Posted by mkline at 6:31 PM 0 comments Links to this post
How to remove newfolder.exe or regsvr.exe or autorun.inf virus?
. Cut The Supply Line
Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
Open the file in notepad and delete everything and save the file.
Now change the file status back to read only mode so that the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option click OK.
Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
2. Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.
If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change the option to disable.
Once you do this you have registry access back.
3. Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
4. Seek And Destroy the enemy soldiers, no one should be left behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the specify date option
Type from date as 1/31/2008 and also type To date as 1/31/2008
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe
Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
Open the file in notepad and delete everything and save the file.
Now change the file status back to read only mode so that the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option click OK.
Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
2. Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.
If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change the option to disable.
Once you do this you have registry access back.
3. Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
4. Seek And Destroy the enemy soldiers, no one should be left behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the specify date option
Type from date as 1/31/2008 and also type To date as 1/31/2008
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe
Subscribe to:
Posts (Atom)