Results 1 to 10 of 10

Thread: Free Windows XP Utilities!

  1. #1
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    Lightbulb Free Windows XP Utilities!

    These are, for the most part, small programs I put together by making use of authentic Microsoft executables available either in a Windows XP Professional installation or from the (optional) Support Tools located on the XP Pro CD.

    These utilities are for information purposes, they do not delete or modify any system files or settings so they are safe to use. The info gathered by these tools could help against a malware infection or troubleshoot various Windows problems.

    ADD Info - Application Deployment Diagnosis.

    AnalyzerXP 3.7 (updated 07/17/2007) - Uses a special scan method to spot the suspicious looking files located at the most common, system and/or user critical locations on a system running Windows XP. This version filters out the known, typical files and folders so the log is much leaner than the previous versions.
    New in 3.7: The previous "on date" executable file scan has been replaced by "since date" file search. Now the user can choose to list either All files or only Executables-types created since the specific date entered! Click the thumbnail image below to see a screenshot.


    A must-try utility even for those who think their system is clean!
    Knowledgeable users could google the entries found in the log. The novice users who are not certain should seek a malware expert's help before taking any action. This utility does not modify or delete any files!

    DirectX Diagnosis - Detailed info on the current DirectX installation and related problems (if any).

    Driver Info - Detailed info on installed drivers on the current system.


    ~TL
    Attached Files Attached Files
    Last edited by TurcoLoco; 07-18-2007 at 07:02 PM. Reason: AnalyzerXP 3.7

  2. #2
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    Lightbulb Other Utilities...

    ADSI Edit -Low level Active Directory Control panel (for advanced users or administrators).

    DependencyWalker - can be used to troubleshoot application errors, to name a few of those:
    - The dynamic link library BAR.DLL could not be found in the specified path.
    - The procedure entry point FOO could not be located in the dynamic link library BAR.DLL.
    - The application or DLL BAR.DLL is not a valid Windows image.
    - The application failed to initialize properly.
    - Initialization of the dynamic link library BAR.DLL failed. The process is terminating abnormally.
    - The image file BAR.EXE is valid, but is for a machine type other than the current machine.
    - Program too big to fit in memory.
    Please see the included help file for more info on how to use this tool (for advanced users or administrators).

    IE-Cleanup tool is something I put together (using IFerase.exe, credit goes to: John Vorchak) to delete only the current user's Temporary Internet Files, Cookies and History. Make sure you close all browser windows before running this tiny yet effective tool.

    IE-IndexLog tool is another standalone utility that collects all data (using IEcachelist.exe, credit goes to: exodus-dev.com) in currect user's Internet Explorer Index.dat file and dumps the data to a text file on Desktop named IE Index Log.txt.

    CleanupXP (fka QcleanXP Lite) is another batch file I created to empty out the following folders:
    ~ Current User profile = Temp, Temporary Internet Files, Cookies, History and Recent
    ~ Default User profile = Temporary Internet Files, Cookies, History and Recent
    ~ LocalSystem profile = Temp, Temporary Internet Files, Cookies, History and Recent
    ~ System = Temp, Prefetch and Recycle Bin


    ~TL
    Attached Files Attached Files
    Last edited by TurcoLoco; 07-25-2007 at 02:08 PM. Reason: Updating ADSI-Edit so it works universally on every system

  3. #3
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    Lightbulb Free Windows XP Utilities - Part II

    MS Info - Collects a bunch of info on various areas.

    Network Info - Collects Info about the Network configuration of the subject system, user is given an option for Brief or Detailed scan.

    System Info (updated) - The new version is a combination system info and basic network diagnostics so it provides a lot more info in one log.

    Task Info - Collects both brief and also detailed information on running process.


    ~TL
    Attached Files Attached Files

  4. #4
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    CleanupXP+

    This is a modified version of the standard CleanupXP script that is more thorough than the standard CleanupXP. Also, it offers the user a way to interact so that a specific file or folder (plus subfolders) can be permanently deleted.

    After the initial cleanup, the program will prompt the user with the following options:
    1 - Remove a File
    2 - Remove a Folder
    3 - Skip and Exit
    4 - Open MSConfig (to change boot options)
    1) Remove a File: Only the file name and the file extension is needed. Do not type the file path! If file extension is only partially known or not known at all, then wild card(s) can be used as described below.

    All files with the matching name will be permanently removed from the System Drive (default C Drive).
    Valid file name is the file name plus its extension such as malware.exe or junkfile.txt. The file name is not case sensitive but make sure the write the full file name. The program will stop if there are any process running with the same name then proceed to scan the entire system and silently remove all matching files with that name. If the file name has a space in it then type it that way as well (example: Surfsidekick 3.dll or Free Trojan Remover.exe)
    Wildcard Examples:
    *ware.bat = Removes all .bat files on the entire system where the file names end with ware = malware.bat, spyware.bat 122112_esdeware.bat
    Spy*.exe = Removes all .exe files that start with spy = Spyware.exe, Spy.exe, Spy Doctor.exe but if you have SpywareBlaster installed, the program executable is called SpywareBlaster.exe so you could also remove valid, legit files if you are not careful!
    Ssk?.* = Removes all files named ssk plus any single character after it with any file extension = ssk.exe, ssk_.dll, ssk3.zip
    * stands for any number of any characters: A through Z and 0 to 9 and all punctuation signs!
    ? stands for any single character: A through Z and 0 to 9 and all punctuation signs!

    Here is a very generic, very smart and safe wildcard file anyone infected should search for: *.*.vir (any virus file with any file name and standard file extension will be deleted. Some of the common Trojans/spyware generally use the super hidden file extension of .vir which is not visible to the end user under normal circumstances.

    2) Remove a Folder: Only the folder name is needed, not case sensitive but spaces not allowed.
    This process will permanently remove a folder and its contents. The folder name is not case sensitive but unfotunately folders with spaces will not work, so regardless of its length any single word folder can be removed.

    For example you want to remove the 'malware' folder and its contents from the C:\Windows\System32 sub directory:
    c:\windows\system32\malware
    Just type the word 'malware' without the quotation marks and the program will check pre-defined locations to see if such a folder exists, if it finds it, it will remove it and its contents.

    3) Skip and Exit: Restart the Explorer shell, deletes the program files and exits the program.

    4) Open MSConfig: It will be better to use this tool in Safe Mode, even better would be to use it in Safe Mode with Command Prompt. New in this version (2.1 & up), user can press option 4 to exit the program, without deleting the program files (so they can be called again on next boot), let the program automatically open MSConfig utility and modify the system boot options as seen in the screenshot below.

    Followed by:

    This way, upon rebooting, after logging back, Explorer will not be intiated along with some of the user settings and startup programs creating a more effective environment for CleanupXP! When the Command window appears, simply type cleanup and press [ENTER] key.


    This version can also automatically look for and open an existing AnalyzerXP log file if it finds one on user's desktop! So when you press option 1 to 'Remove a File' the program will pause and look for the AnalyzerXP log and if it finds one it will open it, making it easy for user to pull up a previously run AnalyzerXP log file and look up any specific file names!


    I strongly urge you to run AnalyzerXP 3.8 (available on this post) prior to running CleanupXP+ 2.x.
    Once a file is spotted on the log write down its/their name(s) on a paper, then close the AnalyzerXP log to go back to CleanupXP and continue on with the file removal process. In this version, the user will see if the file entered was found or not and was deleted or not.

    Once done, press option 4 again to change the MSConfig settings back to the 'Normal Startup' (or whatever you prefer using).


    One of the cool changes is that, the program automatically changes the Explorer File View settings to show/reveal all 'hidden' attributes, during the program operation. Once you press 3 (Skip and Exit), the program reverts the previously saved user's File View settings and then deletes program's own temp files and exits.

    ~TL

    PS. I will continue to work on both utilities and update them as I find ways to improve them. For now, I am also keeping the previous versions of both programs in case anyone prefers using them instead.

    Disclaimer: I have tested and confirmed the functionality of this script so make sure you know what you are doing as I will not accept any responsibility for any damages that might occur with the use of this utility! If you have any questions feel free to send me a PM.
    Attached Files Attached Files
    Last edited by TurcoLoco; 05-16-2008 at 12:04 AM. Reason: Released CleanupXP+ 2.3 on 5.15.08

  5. #5
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    16 Bit MS-DOS Subsystem Error

    If you are getting the "16 Bit MS-DOS Subsystem" Error Message When You Install or Run a Program see Microsoft's KB Article for WindowsXP or Window2000

    Also, I have created the following quick fixes to resolve the issue in another way if the above articles didn't help or if you want to try a more practical and common solution first.

    ~ Download and run the attached files (Fix16bit.exe and Command.exe) from anywhere on the local machine.
    ~ Once done reboot the system.
    Attached Files Attached Files

  6. #6
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056
    SLR (Shutdown - Logoff - Restart) is a small self-extracting zip file that creates 3 shortcuts on desktop under 'All Users' profile. These shortcuts were meant to make the corresponding action much easier to execute, especially in the 'Quick Launch' bar where it would take a single-click. SRLL also include Lock WS (Workstation) so when placed in Quick Launch bar, it's quicker than WinKey + L.

    Logoff and Restart are instantenous while Shutdown command goes through a 3 second countdown to make sure all process are (naturally or forcefully) shutdown prior to the shutting down to minimize the chances of a system hang-up.

    You can modify the countdown time for any of the actions by modifying the value from 00 to 99 (seconds) as seen in the screenshot.

    To modify: right-click on any of the shortcuts, then click on Properties.



    Note:
    - User needs to have elevated permissions to use the "Shutdown" and "Restart" shortcuts. Standard user accounts with limited rights can only use "Log Off" and "Lock Workstation" shortcuts.
    - For Vista and 7 users, when creating the shortcuts yourself, make sure to use forward slash (/) before the parameters instead of dash (-) which can only be used with Windows XP (XP also accepts forward slash).
    Attached Files Attached Files

  7. #7
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    Lightbulb "TFcleaner" FKA "Temp File Cleaner"

    This is a simple yet very effective cleanup tool for Windows XP systems.
    This tool will delete everything in the following junk/temp file locations:

    1. Temp folder for the current user's profile.
    2. Temporary Internet Files folder for the current user's profile.
    3. IE History folder for the current user's profile.
    4. IE Cookies folder for the current user's profile.
    5. Recent folder for the current user's profile.
    6. Recent MS Office files folder for the current user's profile.
    7. Windows Temp folder.

    8. Windows Prefetch folder.
    9. Recycle Bin.
    The tool temporarily stops and then restarts explorer.exe so when the Recycle Bin is emptied out, the icon reflects the changes properly.
    Also, if MS Office is not installed then the tool will not try to empty out the not-applicable MS Office Recent folder.

    PS. CleanupXP.exe on post#2 is a bit more thorough since it includes the standard XP created profiles in the process.

    Enjoy!

    ~TL
    Attached Files Attached Files
    Last edited by TurcoLoco; 02-27-2008 at 06:28 PM. Reason: minor updates

  8. #8
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    MSPaint

    MSPaint7.zip is a copy of the actual Paint program from Windows 7 and should work on Vista (unconfirmed but safe to test) but it won't work in XP.

    MSPaintXP.zip is a copy of the actual Paint program from Windows XP Pro and it does work just fine in Windows 7 for those who wish to use the older version instead of the new version in Windows 7. You can download it anywhere on to you system and run it or copy it to the \Windows\System32 folder and you will be able to run it as: Start > Run > (type) mspaintxp > OK.

    Feel free to rename them to whatever you wish after downloading and extracting them but if you are going to copy them to their original location (C:\Windows\System32), make sure to name them something other than mspaint.exe.
    Attached Files Attached Files

  9. #9
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    CleanFAV - This is a Specialized Cleaner for Fake Anti-Virus Scanners

    For the last several months, Fake Virus/Spyware scanner type infections seems to be getting more and more commonplace, so I decided to tweak the last CleanupXP+ script to handle these ransom/extortion-ware type infectors.

    From a recent research I have done, there are mainly 2 types of ransom wares I encountered:

    1) Type A: Single aggressive executable that when active, intercepts all system calls to open any of the executable file types it monitors (.exe, .com, .bat, etc.) and immediately shuts it down and runs itself and pretends the file/program that was being launched was infected. This infection does create and modify some of the registry keys but the infection is typically limited to the standalone executable itself. Executable is active from the moment system loads. In normal mode, the only way to take control is to forcefully terminate the executable but since the user cannot even run any programs Windows based or 3rd party, it becomes a catch-22. To clean, boot the system in Safe Mode and delete the executable -typically- located in the "%userprofile%\Local Settings\Application Data" directory. On Windows XP and up, you can copy/paste the bold line in the Start > Run box.

    2) Type B: Once active, the ransom-ware simply changes file associations to most file types, then the executable itself is no longer running in the background. You actually will not notice this executable unless you try to open one of the file types it associates itself with. Even for an experienced user or IT pro, taking control and accessing registry or running an executable to fix this would be quite challenging to say the least. For a novice home user, I can only imagine the frustration.
    This fella only makes changes to Windows registry. it has no startup entry points since it waits for an associated file type to be launched.


    Both types also have residue in the Temp locations which need to be emptied out. When they are active, cleaning up the system is pretty much impossible.

    Anyhow, I wrote a batch script that seemed to have had success with both types with no derogatory effects. I tested it both under a standard user profile and the Admin profile on a virtual machine, it worked. I have to fine tune it a bit more and also make it Win 7 compatible. Of course, it is impossible to predict how it would do with every system but I believe it would be worth a shot.
    For type A, script looks for the common location for .exe files where normally there should be none. It lists the executable it finds. User is prompted to enter the full file name (khq.exe), the included process killer "kills" the executable and then deletes it along with all common temp file locations and internet cache. User at this point has full control of the system. Further scans and cleaning might be useful.
    For type B, cleans up all common temp file locations which should take care of the malicious executable but it also prompts for registry patching to correct file associations. Afterwards, user have full system control but further scans to clean and correct leftovers might be necessary.

    I am doing final touches on the draft version of the script which will be ready soon.

    ~TL

    PS. Even though I have personally test it a few times, I am offering it with no promises or guarantees. You are welcome to use it at your own risk.

  10. #10
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056

    Lightbulb Free Tool to Fix Missing or Corrupt URLMON.DLL File on Windows XP System

    If you believe the urlmon.dll file was accidentally deleted or somehow became corrupt, you can use this automated script to replace it.
    The tool is only for Windows XP systems with service pack 2 or 3!

    To run it:
    The zip file attached (URLMON-Fix.zip) has a self-extracting file in it with .exe extension. Extract the zip file anywhere on your system then double-click the URLMON-Fix.exe to run the tool. Click RUN/YES if you get any pop-up warning messages.

    What it does: checks to see if there is a copy of the urlmon.dll file in the dllcache folder. If it exists it deletes it. Checks to see if you have the urlmon.dll file in the System32 folder, if it doesn't already exist, it copies the included one. If it did already exist, it will unregister it then rename it to OLD_urlmon.dll then it will copy the included one and then register the file again.

    The tool can be used while running the system in normal mode but the user must have Admin rights.

    ~TL
    Attached Files Attached Files

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •