Friday, April 22, 2011

Windows Cannot Start Because The Following File Is Missing System32/ntoskrnl.exe?

To Restore The File. Please Follow The Following Steps.
Method 1
  1. Insert The Windows Xp Disc. Change the booting priority, First boot device as CD-ROM.
  2. Save the bios setting and restart the computer.Press any key from keyboard when u see a message press any key to boot from Cd.
  3. In Setup menu Press R key to enter Recovery console.
  4. Select the operating system, please provide administrator password if given.
5. Type the following command as follows
expand cd-rom:\I386\ntoskrnl.ex_ win partition:\system32\ntoskrnl.exe


Method 2

Follow the same steps from 1 to 4 from method 1

  • Firstly run Check disk on the window partition command chkdsk /p
  • Then Type following command
bootcfg /rebuild then Press ENTER.

When the Windows installation is located, The following instruction is displayed

Add installation to boot list? Yes Or No
[Type Y for Yes]
Enter Load Identifier:

[Name of the operating system Windows Xp Professional Or Windows Xp Home Edition]
Enter OS Load Option:
[Leave This Field Blank Press ENTER]

Then Restart The System. Boot into a normal windows

Sunday, October 31, 2010

How To Repair Corrupt Windows\System32\Config\System Or \Software File In Win XP?

When we start Pc, U may recieve following error message
Windows\System32\config\system or Windows\System32\config\software
Soln:
  1. Insert the Windows Xp Booting disk into Dvd Drive. {Change the first boot sequence to cd Rom}
  2. At Welcome Screen, Press R Key to enter Recovery Console Mode
  3. Select Windows that u want to repair, Press 1 & Strike Enter,You r prompted to enter Administrator password ,Enter the password if u had given password or else simply strike enter
  4. At the Command prompt, Type the following Lines.

md tmp

  • Copy c:\windows\system32\config\system c:\windows\tmp\system.bak
  • Copy c:\windows\system32\config\software c:\windows\tmp\software.bak
  • Copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
  • Copy c:\windows\system32\config\default c:\windows\tmp\default.bak
  • Del c:\windows\system32\config\system
  • Del c:\windows\system32\config\software
  • Del c:\windows\system32\config\default
  • Del c:\windows\system32\config\sam
  • Copy c:\windows\repair\system c:\windows\system32\config\system
  • Copy c:\windows\repair\system c:\windows\system32\config\software
  • Copy c:\windows\repair\sam c:\windows\system32\config\sam
  • Copy c:\windows\repair\default c:\windows\system32\config\default

5. Type Exit,System Restarts Press F8 select Safe mode option

6. Open Windows Explorer, Click On Tools Option ->Folder Options->View tab- > Show Hidden files and folder & Untick The Hide Protected Operating system files {Recommended}

7. Click Yes to confirm to the dialog box

8.Open System Volume Information,Look for " _restore{87BD3667-3246-476B-923F-F86E30B3E7F8}"

9.Select the file that was not created at that Current time,Look for RPx {Restore point}

10.Open C:\System Volume information\_restore{D86480E3-73EF-47BC-AOEB-A81BE6EE3ED8}RP1\Snapshot

11.From snapshot folder copy following files to c:\windows\tmp folder

  • _Registry_User_.Default
  • _Registry_Machine_Security
  • _Registry_Machine_Software
  • _Registry_Machine_Sam
  • _Registry_Machine_System

12.Rename files in C:\windows\tmp folder

  • Rename _Registry_User_.Default to Default
  • Rename _Registry_Machine_Software to Software
  • Rename _Registry_Machine_Security to Security
  • Rename _Registry_Machine_Sam to Sam
  • Rename _Registry_Machine_System to System

13. Delete Existing registry file,Copy the restore registry file to C:\Windows\System32\config

Open Command Prompt Type following lines

  • Del c:\windows\sytem32\config\software
  • Del c:\windows\system32\config\default
  • Del c:\windows\system32\config\sam
  • Del c:\windows\system32\config\system
  • Copy c:\windows\tmp\software c:\windows\system32\config\software
  • Copy c:\windows\tmp\sam c:\windows\system32\config\sam
  • Copy c:\windows\tmp\Default c:\windows\system32\config\default
  • Copy c:\windows\tmp\system c:\windows\system32\config\system

14 Type Exit , Restart System.

Sunday, August 15, 2010

Orkut Site Is banned you fool?

Firstly It is a malware..
Steps To Be Followed
1)Open Task Manager Press { Ctrl+Alt+Del} Select Processor Tab

2)Check For Svchost.exe Processor.The processor will be tagged under 4 Usernames
System,Local Services,Network Services & Username for Ex Administrator

3)Delete Svchost.exe processor that is listed under username

4)Then Start ->Run Type C:\heap41a press Enter.{ It is a hidden folder} Delete all files under this folder {Shift + Del}

5)Start -> Run Type "regedit" press {Ctrl +f} type heap41a, You find under "c:\heap41a\svchost.exe" and "c:\heap(Some numbers)\std.txt"

6)Close registry and restart the system .Now u can browse Orkut site

Cheers....

Sunday, April 11, 2010

Print Spooler Is Missing In Service In Windows Xp?

Missing of the spooler in service indicates spooler directory has been deleted from registry,This happens from virus attack
Problem that occurs
No Printer icon will be present in the printer and fax option,Cannot add or install new printer
To Check Spooler in the registry
Open registry
Start-> Run Type "regedit" {without double quotes}
Goto
Hkey_Local_Machine\System\CurrentControlSet\services
Check for spooler dir, if missing , follow the below procedure

Solution
We need to create a reg file
1) Open Notepad
2) Copy & Paste Contains into a notepad from {Copy the contains below }
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER]
"DependOnService"RPCSS"
"Description"="Loads files to memory for later printing"
"DisplayName"="Print Spooler"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,E8,47,0c,00,01,00,00,00,\
60,EA,00,00,01,00,00,00,60,EA,00,00,01,00,00,00,60,EA,00,00,00,00,00,00,00,00,00,00
"Group"="SpoolerGroup"
"ImagePath"=hex:43,00,3A,00,5C,00,57,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,53,00,79,00,\
73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,70,00,6F,00,6F,00,6C,00,73,00,76,00,2E,00,65,00,\
78,00,65,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000110
[Hkey_Local_Machine\System\CurrentcontrolSet\Services\Spooler\Enum]
[Hkey_Local_Machine\System\CurrentcontrolSet\Services\Spooler\Parameter]
[Hkey_Local_Machine\System\Currentcontrolset\Services\Spooler\Performance]
"Close"="PerfClose"
"Collect"="PerfCollect"
"Collect Timeout"=dword:000007D0
"Library"="winspool.drv"
"Object List"="1450"
"Open"="PerfOpen"
"Open Timeout"=dword:00000fa0
"WbemAdapFileSignature"=hex:77,7E,B2,9D,01,35,D8,1A,D9,82,8A,2B,05,44,34,94
"WbemAdapFileSize"=dword:00023c00
"WbemAdapFileTime"=hex:00,52,47,58,BF,79,C4,01
"WbemAdapStatus"=dword:00000000
[Hkey_Local_Machine\System\CurrentcontrolSet\Services\Spooler\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9C,00,00,00,14,00,00,00,30,00,00,00,02,00,1C,00,01,00,00,00,\
02,80,14,00,FF,01,0F,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,48,00,03,00,00,00,00,00,14,00,8D,\
01,02,,00,01,01,00,00,00,00,05,0B,00,00,00,00,00,18,00,FF,01,0F,00,01,02,00,00,00,00,00,05,20,00,00,\
00,20,02,00,00,00,00,14,00,FD,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
And save the notepad as spooler.reg on the desktop
3)Then Double Click On spooler.reg
Are you sure you want to insert the information into registry click yes.
Then restart your system.Open services.msc, print spooler will be present in the services.
Double click on print spooler and start the service, Then Click on recovery option in print spooler properties.
Change first failure from Take no action to restart the service,Same fo the second failure.
Below reset the fail count 0 to 1 day Apply
Works for Windows Xp.
If your windows is installed in the other driver for ex: D or E drive
Open regedit
goto
[Hkey_Local_Machine\System\Currentcontrolset\Services\spooler]
At the right side Delete ImagePath
right click ->new->Expanded string Value
Rename it has ImagePath,DoubleClick on ImagePath Enter the Value data has
%SystemRoot%\System32\spoolsv.exe
click ok.
Then open services double click print spooler start services This only works with Xp.

Wednesday, March 31, 2010

How To Disable Control Panel Option?

Start->Run Type "Regedit"
Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

At Right Hand Side,Right Click->New->DwordValue Rename it has NoControlPanel

1 - Disable 0 - Enable

Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

At Right Hand Side,Right Click->New->DwordValue Rename it has NoControlPanel

1 - Disable 0 - Enable

Restart System Now Check Control Panel option has been disabled

This also Disable display properties option.This method applies only in Windows 2000,Xp,Vista.

Thursday, March 25, 2010

What is Cvasds0.dll ? How to remove it?

Cvasds0.dll is malware(trojan.agent.Atv/backdoor) which is associated with herss.exe,
Cvasds0.dll get registered as dynamic link library,and attached with
windows process such as explorer.exe and others.

system also gets infected with autorun.inf

Cvasds0.dll is generally found in Temp folder

Start->run-> %temp%

"C:\Documents and settings\[User Name]\Local Setting\temp\Cvasds0.dll"

"C:\autorun.inf"

autorun.inf also gets infected to remaining drivers.

Soln

System should be installed with a good antivirus such as Quick heal,
Mcafee,Nod32

Firstly

Goto Task Manager, Processes click on herss.exe End process,
Goto start-> run type "msconfig" {without quotes}
Goto startup option->remove herss

Then Antivirus automatically repaires or delete cvasds0.dll file.

along with that autorun.inf also gets cleaned.

Cheers.

Wednesday, March 10, 2010

What Is Windows Geniune Advantage?

(WGA)Windows Geniune Advantage is anti piracy software which enforce the online validation of licensing windows during access of net in form "Windows Update".

How to remove Wga Notification?

Solution

  • Restart the system press F8 select safe mode.
  • After logging on to windows in safe mode. Launch Task Manager (Ctrl +Alt +Del).
  • Select Processor ,Inside processor Check for WgaTray.Exe,Click on wgatray.exe and End process.
  • Launch Registry (Start-> Run->Regedit)
  • Hkey_Local_Machine\Software\Microsoft\Windows NT\Current Version\Winlogon\Notify
    Delete Notify folder
  • Delete wgalogon.dll & wgatray.exe from c:\windows\system32 & from
    c:\windows\system32\dllcache.
  • Restart system.

Disable the Automatic update.