How To Repair Corrupt Windows\System32\Config\System Or \Software File In Win XP?

When we start Pc, U may recieve following error message
Windows\System32\config\system or Windows\System32\config\software
Soln:

1. Insert the Windows Xp Booting disk into Dvd Drive. {Change the first boot sequence to cd Rom}
2. At Welcome Screen, Press R Key to enter Recovery Console Mode
3. Select Windows that u want to repair, Press 1 & Strike Enter,You r prompted to enter Administrator password ,Enter the password if u had given password or else simply strike enter
4. At the Command prompt, Type the following Lines.

md tmp

• Copy c:\windows\system32\config\system c:\windows\tmp\system.bak
• Copy c:\windows\system32\config\software c:\windows\tmp\software.bak
• Copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
• Copy c:\windows\system32\config\default c:\windows\tmp\default.bak
• Del c:\windows\system32\config\system
• Del c:\windows\system32\config\software
• Del c:\windows\system32\config\default
• Del c:\windows\system32\config\sam
• Copy c:\windows\repair\system c:\windows\system32\config\system
• Copy c:\windows\repair\system c:\windows\system32\config\software
• Copy c:\windows\repair\sam c:\windows\system32\config\sam
• Copy c:\windows\repair\default c:\windows\system32\config\default

5. Type Exit,System Restarts Press F8 select Safe mode option

6. Open Windows Explorer, Click On Tools Option ->Folder Options->View tab- > Show Hidden files and folder & Untick The Hide Protected Operating system files {Recommended}

7. Click Yes to confirm to the dialog box

8.Open System Volume Information,Look for " _restore{87BD3667-3246-476B-923F-F86E30B3E7F8}"

9.Select the file that was not created at that Current time,Look for RPx {Restore point}

10.Open C:\System Volume information\_restore{D86480E3-73EF-47BC-AOEB-A81BE6EE3ED8}RP1\Snapshot

11.From snapshot folder copy following files to c:\windows\tmp folder

• _Registry_User_.Default
• _Registry_Machine_Security
• _Registry_Machine_Software
• _Registry_Machine_Sam
• _Registry_Machine_System

12.Rename files in C:\windows\tmp folder

• Rename _Registry_User_.Default to Default
• Rename _Registry_Machine_Software to Software
• Rename _Registry_Machine_Security to Security
• Rename _Registry_Machine_Sam to Sam
• Rename _Registry_Machine_System to System

13. Delete Existing registry file,Copy the restore registry file to C:\Windows\System32\config

Open Command Prompt Type following lines

• Del c:\windows\sytem32\config\software
• Del c:\windows\system32\config\default
• Del c:\windows\system32\config\sam
• Del c:\windows\system32\config\system
• Copy c:\windows\tmp\software c:\windows\system32\config\software
• Copy c:\windows\tmp\sam c:\windows\system32\config\sam
• Copy c:\windows\tmp\Default c:\windows\system32\config\default
• Copy c:\windows\tmp\system c:\windows\system32\config\system

14 Type Exit , Restart System.

Orkut Site Is banned you fool?

Firstly It is a malware..
Steps To Be Followed
1)Open Task Manager Press { Ctrl+Alt+Del} Select Processor Tab

2)Check For Svchost.exe Processor.The processor will be tagged under 4 Usernames
System,Local Services,Network Services & Username for Ex Administrator

3)Delete Svchost.exe processor that is listed under username

4)Then Start ->Run Type C:\heap41a press Enter.{ It is a hidden folder} Delete all files under this folder {Shift + Del}

5)Start -> Run Type "regedit" press {Ctrl +f} type heap41a, You find under "c:\heap41a\svchost.exe" and "c:\heap(Some numbers)\std.txt"

6)Close registry and restart the system .Now u can browse Orkut site

Cheers....

Print Spooler Is Missing In Service In Windows Xp?

Missing of the spooler in service indicates spooler directory has been deleted from registry,This happens from virus attack
Problem that occurs
No Printer icon will be present in the printer and fax option,Cannot add or install new printer
To Check Spooler in the registry
Open registry
Start-> Run Type "regedit" {without double quotes}
Goto
Hkey_Local_Machine\System\CurrentControlSet\services
Check for spooler dir, if missing , follow the below procedure

Solution
We need to create a reg file
1) Open Notepad
2) Copy & Paste Contains into a notepad from {Copy the contains below }
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER]
"DependOnService"RPCSS"
"Description"="Loads files to memory for later printing"
"DisplayName"="Print Spooler"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,E8,47,0c,00,01,00,00,00,\
60,EA,00,00,01,00,00,00,60,EA,00,00,01,00,00,00,60,EA,00,00,00,00,00,00,00,00,00,00
"Group"="SpoolerGroup"
"ImagePath"=hex:43,00,3A,00,5C,00,57,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,53,00,79,00,\
73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,70,00,6F,00,6F,00,6C,00,73,00,76,00,2E,00,65,00,\
78,00,65,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000110
[Hkey_Local_Machine\System\CurrentcontrolSet\Services\Spooler\Enum]
[Hkey_Local_Machine\System\CurrentcontrolSet\Services\Spooler\Parameter]
[Hkey_Local_Machine\System\Currentcontrolset\Services\Spooler\Performance]
"Close"="PerfClose"
"Collect"="PerfCollect"
"Collect Timeout"=dword:000007D0
"Library"="winspool.drv"
"Object List"="1450"
"Open"="PerfOpen"
"Open Timeout"=dword:00000fa0
"WbemAdapFileSignature"=hex:77,7E,B2,9D,01,35,D8,1A,D9,82,8A,2B,05,44,34,94
"WbemAdapFileSize"=dword:00023c00
"WbemAdapFileTime"=hex:00,52,47,58,BF,79,C4,01
"WbemAdapStatus"=dword:00000000
[Hkey_Local_Machine\System\CurrentcontrolSet\Services\Spooler\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9C,00,00,00,14,00,00,00,30,00,00,00,02,00,1C,00,01,00,00,00,\
02,80,14,00,FF,01,0F,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,48,00,03,00,00,00,00,00,14,00,8D,\
01,02,,00,01,01,00,00,00,00,05,0B,00,00,00,00,00,18,00,FF,01,0F,00,01,02,00,00,00,00,00,05,20,00,00,\
00,20,02,00,00,00,00,14,00,FD,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
And save the notepad as spooler.reg on the desktop
3)Then Double Click On spooler.reg
Are you sure you want to insert the information into registry click yes.
Then restart your system.Open services.msc, print spooler will be present in the services.
Double click on print spooler and start the service, Then Click on recovery option in print spooler properties.
Change first failure from Take no action to restart the service,Same fo the second failure.
Below reset the fail count 0 to 1 day Apply
Works for Windows Xp.
If your windows is installed in the other driver for ex: D or E drive
Open regedit
goto
[Hkey_Local_Machine\System\Currentcontrolset\Services\spooler]
At the right side Delete ImagePath
right click ->new->Expanded string Value
Rename it has ImagePath,DoubleClick on ImagePath Enter the Value data has
%SystemRoot%\System32\spoolsv.exe
click ok.
Then open services double click print spooler start services This only works with Xp.

How To Disable Control Panel Option?

Start->Run Type "Regedit"
Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

At Right Hand Side,Right Click->New->DwordValue Rename it has NoControlPanel

1 - Disable 0 - Enable

Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

At Right Hand Side,Right Click->New->DwordValue Rename it has NoControlPanel

1 - Disable 0 - Enable

Restart System Now Check Control Panel option has been disabled

This also Disable display properties option.This method applies only in Windows 2000,Xp,Vista.

What is Cvasds0.dll ? How to remove it?

Cvasds0.dll is malware(trojan.agent.Atv/backdoor) which is associated with herss.exe,
Cvasds0.dll get registered as dynamic link library,and attached with
windows process such as explorer.exe and others.

system also gets infected with autorun.inf

Cvasds0.dll is generally found in Temp folder

Start->run-> %temp%

"C:\Documents and settings\[User Name]\Local Setting\temp\Cvasds0.dll"

"C:\autorun.inf"

autorun.inf also gets infected to remaining drivers.

Soln

System should be installed with a good antivirus such as Quick heal,
Mcafee,Nod32

Firstly

Goto Task Manager, Processes click on herss.exe End process,
Goto start-> run type "msconfig" {without quotes}
Goto startup option->remove herss

Then Antivirus automatically repaires or delete cvasds0.dll file.

along with that autorun.inf also gets cleaned.

Cheers.

What Is Windows Geniune Advantage?

(WGA)Windows Geniune Advantage is anti piracy software which enforce the online validation of licensing windows during access of net in form "Windows Update".

How to remove Wga Notification?

Solution

• Restart the system press F8 select safe mode.
• After logging on to windows in safe mode. Launch Task Manager (Ctrl +Alt +Del).
• Select Processor ,Inside processor Check for WgaTray.Exe,Click on wgatray.exe and End process.
• Launch Registry (Start-> Run->Regedit)
• Hkey_Local_Machine\Software\Microsoft\Windows NT\Current Version\Winlogon\Notify
  Delete Notify folder
• Delete wgalogon.dll & wgatray.exe from c:\windows\system32 & from
  c:\windows\system32\dllcache.
• Restart system.
  

Disable the Automatic update.

Microsoft Managament Console requires IE 5.5 Or Higher

Microsoft managament console(MMC) requires IE 5.5 or higher.This error occurs while trying to access Computer Managament {Right click My Computer->Manage}.
Solution
Firstly Insert Window Xp Bootable Disc,Then Start ->Run Type C:\windows\inf
In Inf folder Check for IE.inf Right click Ie.inf install,it will check for iexplorer.exe on windows xp disc.Click on Browse select the disc drive for example in my system disc drive is ( g:)
G:\I386\iexplorer.exe Click ok
It automatically update the require file in ie.inf.
Now Open Computer managament.User can access all content inside it.
This method also apply in windows 2000

How To Make A Non Bootable Vista To A Bootable Vista Through Command

1) Firstly Insert the non bootable disc in a Dvd Drive,Copy all contains from the disc.
2) Create a new folder in C drive name the "new folder" as "vista_non",Paste all contains inside
the Vista_non folder.
3) Then Download Oscdimg.exe. Paste the oscdimg in (C:\windows\system32)
4) Open Command prompt (Start->Run->Cmd)
5) In Command Prompt Type the command as follows

C:\Documents and Settings\winDark>oscdimg -bC:\Vista_non\boot\etfsboot.com -h -u2 -m -lVista_boot_en c:\vista_boot.iso *press enter*

6)Open C drive u find vista_boot.iso have been create,Burn Vista_boot.iso using any burning software such as nero,imgburn.

i m sure dis works

What is oscdimg?

Oscdimg is a command tool for creating (.iso).Oscdimg is part of WinPE(Windows Preinstallation Kit) ,if u have WinPE Disc then no need download oscdimg tool.

Options

-b - Specifies the source location of boot sector file.

-h - Include the all hidden file and folders

-l - Label

-u2 - Produce the image that has only udf(Universal Disk Format) file system.

-e - Ignore floppy Disc

-m - Ignore maximum length of an image.

How To Find The Product Key Of Windows Xp In Registry?

Firstly we need to download a software called "xpkeyDecrypt" its a freeware,Then

Start->Run->Regedit->Hkey_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion

at right side you will find DigitalProductid Double Click on that we can see there are lot of junk characters. Actually windows will encrypt the product key

Value added

0000 00 00 00 00 00 00 00 00
0008 00 00 00 00 00 00 00 00
0010 00 00 00 00 00 00 00 00
0018 00 00 00 00 00 00 00 00
0020 00 00 00 00 00 00 00 00
0028 00 00 00 00 00 00 00 00
0030 00 00 00 00 11 11 11 11
0038 11 11 11 11 11 11 11 11
0040 11 11 11 00 00 00 00 00
0048 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00

From the above table Product key is stored in the form of 1's ie from 52 to 66 bytes,Total 15 bytes of encrypted code.

Open xpkeydecrypttool on the above textbox enter the encrypted code without space,after entering just click on decrypt tool u can see ur product id.

This also applies to Windows Vista

you need to download a software called "xpkeyDecrypt" its freeware Which Decrypt the product key in the form of user readable format