COMPUTER TECHNICIAN

REFERENCE MANUAL
5 March, 2010
WINDOWS TERMINAL COMMANDS
Networking
ipconfig - Windows IP Configuration
ipconfig will tell you the IP settings for the current computer such as what your current IP is and what subnet/gateway you
are on.
ipconfig /all - Views detailed information about the installed network devices.
ipconfig /release - This will release any IP information that the computer was given and make your IP address 0.0.0.0 .
ipconfig /renew - This will ask any DHCP servers (usually your modem/router) for a new IP address.

ping - Check a connection or computer

Ping is used to check the health of a connection. The ping command will tell you whether a network device is responding
and how fast it is running. The ping tool can also be used to convert a web address into an IP.
ping www.google.com - Pings a webserver to see if it can be reached or is responding.
ping 192.168.0.1 - Pings a local address, often a modem, router or another computer.

netstat - Displays current TCP/IP connections

Will display what connections are currently active on the system. Useful for spotting programs calling back to base such
as spyware.

File Management
type - Open text files
Similar to Unix’s cat command, this command will display the contents of a text file in DOS as read-only.

attrib - Make hidden files visible

Attrib can change the attributes of a file, such as whether its a system file or its hidden.
attrib -H c:\boot.ini - To unhide the boot.ini
attrib -S c:\boot.ini - To make remove its system file attribute

find - Advanced file search

The find command is a very powerful one with many options such as the ability to search for something, but exclude
certain files. The following command will find all files with .pdf in their name on C:\
dir c:\ /s /b | find ".pdf"

move - Move files

Normal usage of the move command would be:
move file.txt c:\TextFiles\
move *.pdf c:\WorkPDFs\

tree - View the tree structure

Type tree to see the folder and file structure of the folder you are currently in. You can also use this command to make
prints of the directory structure by sending the information to a text file with the following command
tree > textfile.txt

System
systeminfo - Displays information about the system
Will display information about the system such as the name, version, uptime, specifications and patches installed.

tasklist / taskkill - Shows what programs are running on the computer and can kill them
tasklist - Will display all the processes running and their memory usage.
taskkill - Will kill a process (XP Pro only by default).

sfc - Launches Windows’ system file checker utility

sfc /scannow - This command will start scanning your computer for any damaged or missing windows system files.
Useful to run after a virus, adware or spyware attack has damaged core files. Have an XP CD handy for this one.

chkdsk - Can check a disk and attempt to recover data in bad sectors.
chkdsk /f /r - This will check a disk for errors and try and fixes information from bad sectors
chkdsk /x - Forces the volume to dismount first.

For further information/usage on any of these commands, you can bring up the help for each one of them by typing:
command /?
LINUX TERMINAL COMMANDS
Login and Authentication
login - Access computer; start interactive session
logout - Disconnect terminal session
passwd - Change local login password

Information
date - Show date and time
history - List of previously executed commands
man - Show online documentation by program name
w, who - Who is on the system and what they are doing
whoami - Who is logged onto this terminal
top - Show system stats and top CPU using processes
uptime - Show one line summary of system status
finger - Find out info about a user@system

File Management
cat - Combine files
cp - Copy files
ls - List files in a directory and their attributes
mv - Change file name or directory location
rm - Remove files
ln - Create another link (name) to a file
chmod - Set file permissions
find - Find files that match specific criteria

Display Contents of Files

cat - Copy files to display device
more - Show text file on display terminal with paging control
grep - Display lines that match a pattern
diff - Compare two files and show differences
cmp - Compare two binary files and report if different
comm - Compare two files; show common or unique lines
file - Examine file(s) and guess type: text, data, program, etc.
wc - Count characters, words, and lines in a file

Directories
cd - Change to new directory
mkdir - Create new directory
rmdir - Remove empty directory (must remove files first)
mv - Change name of directory
pwd - Show current directory

Devices
df - Summarize free space on disk drive
du - Show disk space used by files or directories

Special Characters
* - Match any string of characters
? - Match any single character
$name - Substitute value of variable name
\ - Turn off special meaning of character that follows
~ - Shortcut for your home directory

File Compression/Extraction
tar cf file.tar files – create a tar named file.tar containing files
tar xf file.tar – extract the files from file.tar
tar czf file.tar.gz files – create a tar with Gzip compression
tar xzf file.tar.gz – extract a tar using Gzip
tar cjf file.tar.bz2 files – create a tar with Bzip2 compression
tar xjf file.tar.bz2 – extract a tar using Bzip2
STOP MESSAGES
Windows XP
Stop 0x0000000A or IRQL_NOT_LESS_OR_EQUAL - The Stop 0xA message indicates that a kernel-mode process or
driver attempted to access a memory location to which it did not have permission, or at a kernel interrupt request level
(IRQL) that was too high. A kernel-mode process can access only other processes that have an IRQL lower than, or equal
to, its own. This Stop message is typically due to faulty or incompatible hardware or software.

Stop 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED - The Stop 0x1E message indicates that the Windows XP
Professional kernel detected an illegal or unknown processor instruction. The problems that cause Stop 0x1E messages
share similarities with those that generate Stop 0xA errors in that they can be due to invalid memory and access
violations. This default Windows XP Professional error handler typically intercepts these problems if error-handling
routines are not present in the code itself.

Stop 0x00000024 or NTFS_FILE_SYSTEM - The Stop 0x24 message indicates that a problem occurred within Ntfs.sys,
the driver file that allows the system to read and write to NTFS file system drives. A similar Stop message, 0x23, exists for
the file allocation table (FAT16 or FAT32) file systems.

Stop 0x0000002E or DATA_BUS_ERROR - The Stop 0x2E message indicates a system memory parity error. The cause
is typically failed or defective RAM (including motherboard, Level 2 cache, or video memory), incompatible or mismatched
memory hardware, or when a device driver attempts to access an address in the 0x8xxxxxxx range that does not exist
(does not map to a physical address). A Stop 0x2E message can also indicate hard disk damage caused by viruses or
other problems.

Stop 0x0000003F or NO_MORE_SYSTEM_PTES - The Stop 0x3F message indicates one or more of the following
problems:
• The system Page Table Entries (PTEs) are depleted or fragmented due to the system performing a large number
of input/output (I/O) actions.
• A faulty device driver is not managing memory properly.
• An application, such as a backup program, is improperly allocating large amounts of kernel memory.

Stop 0x00000050 or PAGE_FAULT_IN_NONPAGED_AREA - The Stop 0x50 message indicates that requested data
was not in memory. The system generates an exception error when using a reference to an invalid system memory
address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including
remote control and antivirus software) might cause Stop 0x50 messages.

Stop 0x00000077 or KERNEL_STACK_INPAGE_ERROR - The Stop 0x77 message indicates that a page of kernel data
requested from the paging (virtual memory) file could not be found or read into memory. This Stop message can also
indicate disk hardware failure, disk data corruption, or possible virus infection.

Stop 0x00000079 or MISMATCHED_HAL - The Stop 0x79 message indicates that the hardware abstraction layer (HAL)
and the kernel type for the computer do not match. This error most often occurs when ACPI firmware settings are
changed. For example, you might install Windows XP Professional on an x86-based computer with the firmware ACPI
enable option enabled and later decide to disable it. This error can also result when mismatched single and multi-
processor configuration files are copied to the system.

Stop 0x0000007A or KERNEL_DATA_INPAGE_ERROR - The Stop 0x7A message indicates that a page of kernel data
was not found in the paging (virtual memory) file and could not be read into memory. This might be due to incompatible
disk or controller drivers, firmware, or hardware.

Stop 0x0000007B or INACCESSIBLE_BOOT_DEVICE - The Stop 0x7B message indicates that Windows XP
Professional has lost access to the system partition or boot volume during the startup process. Installing incorrect device
drivers when installing or upgrading storage adapter hardware typically causes stop 0x7B errors. Stop 0x7B errors could
also indicate possible virus infection.

Stop 0x0000007F or UNEXPECTED_KERNEL_MODE_TRAP - The Stop 0x7F message indicates that one of three
types of problems occurred in kernel-mode:
• A condition that the kernel is not allowed to have or intercept (also known as a bound trap).
• Software problems.
• Hardware failures.
Stop 0x0000009F or DRIVER_POWER_STATE_FAILURE - The Stop 0x9F message indicates that a driver is in an
inconsistent or invalid power state.

Stop 0xBE or ATTEMPTED_WRITE_TO_READONLY_MEMORY - The Stop 0xBE message indicates that a driver
attempted to write to read-only memory.

Stop 0xC2 or BAD_POOL_CALLER - The Stop 0xC2 message indicates that a kernel-mode process or driver incorrectly
attempted to perform memory operations in the following ways:
• By allocating a memory pool size of zero bytes.
• By allocating a memory pool that does not exist.
• By attempting to free a memory pool that is already free.
• By allocating or freeing a memory pool at an IRQL that was too high.
This Stop message is typically due to a faulty driver or software.

Stop 0x000000CE or DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS - This Stop message

indicates that a driver failed to cancel pending operations before exiting.

Stop 0x000000D1 or DRIVER_IRQL_NOT_LESS_OR_EQUAL - The Stop 0xD1 message indicates that the system
attempted to access pageable memory using a kernel process IRQL that was too high. Drivers that have used improper
addresses typically cause this error.

Stop 0x000000D8 or DRIVER_USED_EXCESSIVE_PTES - The Stop 0xD8 message typically occurs if your computer
runs out of page table entries (PTEs) due to a driver that requests large amounts of kernel memory.

Stop 0x000000EA or THREAD_STUCK_IN_DEVICE_DRIVER - A device driver problem is causing the system to pause
indefinitely. Typically, this problem is caused by a display driver waiting for the video hardware to enter an idle state. This
might indicate a hardware problem with the video adapter or a faulty video driver.

Stop 0x000000ED or UNMOUNTABLE_BOOT_VOLUME - The kernel mode I/O subsystem attempted to mount the boot
volume and it failed. This error might also occur during an upgrade to Windows XP Professional on systems that use
higher throughput ATA disks or controllers with incorrect cabling. In some cases, your system might appear to work
normally after you restart.

Stop 0x000000F2 or HARDWARE_INTERRUPT_STORM - The Stop 0xF2 message occurs if the kernel detects an
interrupt storm. An interrupt storm occurs when a level-interrupt-triggered device fails to release an interrupt request
(IRQ). This can result from the following causes:
• A device fails to respond to an interrupt release signal sent from a driver.
• An incorrectly written device driver fails to send an interrupt release request to a device. The driver fails to
determine that the interrupt was hardware initiated.
• An incorrectly written device driver claims an interrupt request meant for a different device. This occurs only for
multiple devices sharing an IRQ.
• The edge level control register is set incorrectly by system firmware.
• Edge level and level-interrupt-triggered devices are incorrectly assigned the same IRQ (for example, a serial port
and a Peripheral Component Interconnect (PCI) SCSI controller).

Stop 0xC000021A or STATUS_SYSTEM_PROCESS_TERMINATED - The Stop 0xC000021A message occurs when

Windows XP Professional switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server
Runtime Subsystem (CSRSS), is compromised and security can no longer be guaranteed. Because Windows XP
Professional cannot run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode
service can cause the system to stop responding. You cannot use the kernel debugger in this situation because the error
occurred in a user-mode process.
A Stop 0xC000021A message can also occur when the computer is restarted after a system administrator has modified
permissions in such a way that the SYSTEM account no longer has adequate permissions to access system files and
folders.

Stop 0xC0000221 or STATUS_IMAGE_CHECKSUM_MISMATCH - This Stop message indicates driver, system file, or
disk corruption problems (such as a damaged paging file). Faulty memory hardware can also cause this Stop message to
appear.
(Windows Vista/Windows 7)
STOP 0x000000D1 or DRIVER_IRQL_NOT_OR_EQUAL - Probably the most common BSOD ! Occurs when a driver
has illegally accessed a memory location while NT is operating at a specific IRQL. This is a driver coding error, akin to
trying to access an invalid memory location.

STOP 0x0000000A or IRQL_NOT_LESS_OR_EQUAL - A kernel-mode process or driver attempted to access a memory

location without authorization. This Stop error is typically caused by faulty or incompatible hardware or software. The
name of the offending device driver often appears in the Stop error and can provide an important clue to solving the
problem. If the error message points to a specific device or category of devices, try removing or replacing devices in that
category. If this Stop error appears during Setup, suspect an incompatible driver, system service, virus scanner, or backup
program.

STOP 0x00000050 or PAGE_FAULT_IN_NONPAGED_AREA - A hardware driver or system service requested data that
was not in memory. The cause may be defective physical memory or incompatible software,especially remote control and
antivirus programs. If the error occurs immediately after installing a device driver or application, try to use Safe Mode to
remove the driver or uninstall the program.

STOP 0x000000C2 or BAD_POOL_CALLER - A kernel-mode process or driver attempted to perform an illegal memory
allocation. The problem can often be traced to a bug in a driver or software. It is also occasionally caused by a failure in a
hardware device.

STOP OX000000ED or UNMOUNTABLE_BOOT_VOLUME - Occurs if Windows if unable to access the volume

containing the boot files. But if you get this message while updating to Vista, check that you have compatible drivers for
the disk controller and also re-check the drive cabling, and ensure that it is configured properly.

STOP 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED - The Windows kernel detected an illegal or unknown

processor instruction, often the result of invalid memory and access violations caused by faulty drivers or hardware
devices. The error message often identifies the offending driver or device. If the error occurred immediately after installing
a driver or service, try disabling or removing the new addition.

STOP 0x00000024 or NTFS_FILE_SYSTEM - A problem occurred within the NTFS file-system driver. A similar Stop error,
0x23, exists for FAT32 drives. The most likely cause is a hardware failure in a disk or disk controller. Check all physical
connections to all hard disks in the system and run CheckDisk.

STOP 0x0000002E or DATA_BUS_ERROR - Failed or defective physical memory (including memory used in video
adapters) is the most common cause of this Stop error. The error may also be the result of a corrupted hard disk or a
damaged motherboard.

STOP 0x0000003F or NO_MORE_SYSTEM_PTES - Your system ran out of page table entries (PTEs). The cause of this
relatively uncommon error may be an out-of-control backup program or a buggy device driver.

STOP 0x00000077 or KERNEL_STACK_INPAGE_ERROR - The system has attempted to read kernel data from virtual
memory (the page file) and failed to find the data at the specified memory address. This Stop Error can be caused by a
variety of problems, including defective memory, a malfunctioning hard disk, an improperly configured disk controller or
cable, corrupted data, or a virus infection.

STOP 0x0000007F or UNEXPECTED_KERNEL_MODE_TRAP - Most likely due to a Hardware failure, like defective
memory chips, mismatched memory modules, a malfunctioning CPU, or a failure in your fan or power supply are the
probable reasons for this BSOD. Can also occur if you have overclocked your CPU. The message gives more details.

STOP 0x000000D8 or DRIVER_USED_EXCESSIVE_PTES - This indicated that a poorly written driver is causing your
computer to request large amounts of kernel memory. Troubleshooting suggestions are identical to those found in the
STOP 0X3F message.

STOP 0X000000EA or THREAD_STUCK_IN_DEVICE_DRIVER - Could occur after you install a new video adapter or an
updated (and poorly written) video driver. Replacing the video adapter or using a different video driver could help.

STOP 0XC000021A or STATUS_SYSTEM_PROCESS_TERMINATED - Occurs if there is a serious security problem with

Windows. A subsystem, such as Winlogon or the CSRSS is compromised; or due to a mismatch in system files; or if
system permissions have been incorrectly modified. A common cause of this problem is some 3rd-party program. Try to
identify any new program which you have installed and uninstall it.
 STOP 0XC00000221 or STATUS_IMAGE_CHECKSUM_MISMATCH - This indicates a damaged page file; or disk or file
corruption; or a faulty hardware. The error will indicate the exact nature and the name of the damaged system file. You
may have to use the Windows recovery Environment or a System Restore or Last Known Good Configuration to resolve
this issue.

REGISTRY_ERROR - This stop error is rare and is caused due to failure to read the registry properly from the hard disk.
Best to try and restore the registry from your backup.

DIVIDE_BY_ZERO_ERROR - This stop error is caused by an application trying to divide by zero. If you receive this error
& don’t know which application caused it, you might want to try & examine memory dump.

KMODE_EXCEPTION_NOT_HANDLED - An incorrectly configured device driver usually causes this type of error.
Difficult to isolate and troubleshoot.

INVALID_PROCESS_ATTACH_ATTEMPT - This Bugcode 0×5 indicates that a kernel process was making an attempt to
attach to another process. To aid in diagnosis, the user should note all applications that were executing at the time of the
failure. There is no recovery or workaround.

HARDWARE_INTERRUPT_STORM - Such an error is usually caused by a poorly written driver or firmware. Difficult to
troubleshoot, but Device Manager or System Information tool can help you.

INACCESSIBLE_BOOT_DEVICE - This stop error occurs when Windows has trouble reading from the hard disk. This
error can be caused by a faulty device driver. You may also try running your anti virus.

PFN_LIST_CORRUPT - This Bugcode 0×4E error is usually caused by a faulty RAM. You may want to get your RAM
checked or replaced. If that doesnt work, there is no other known recovery or workaround

MACHINE_CHECK_EXCEPTION - If you have overclocked your CPU, this could result. Also check your power supply.

MULTIPLE_IRP_COMPLETE_REQUESTS - This Bugcode 0×44 indicates a fault in driver logic. This has been seen to
occur on a heavily loaded system. There is no recovery or workaround.

NMI_HARDWARE_FAILURE - Usually caused by bad SIMMS. Best to call your hardware vendor.
IMPORTANT DATA LOCATIONS:
Common Applications
Outlook Express Emails - C:\Documents and Settings\%USER%\Local Settings\Application Data\Identities\{Random
Numbers and Letters}\Microsoft\Outlook Express
Address Book - C:\Documents and Settings\%USER%\Application Data\Microsoft\Address Book\%USER%.wab
Microsoft Outlook - C:\Documents and Settings\%USER%\Local Settings\Application Data\Microsoft\Outlook
Microsoft Outlook .nk2 Auto-Complete File - C:\Documents and Settings\%USER%\Application Data\Microsoft\Outlook
Quickbooks Accounting Package Database - C:\Program Files\Intuit\QuickBooks\databasename.qbw

Windows XP Special Folders

Application Data - C:\Documents and Settings\%USER%\Application Data
CD Burning - C:\Documents and Settings\%USER%\Local Settings\Application Data\Microsoft\CD Burning
Common Administrative Tools - C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
Common Application Data - C:\Documents and Settings\All Users\Application Data
Common Desktop - C:\Documents and Settings\All Users\Desktop - 0x19
Common Documents - C:\Documents and Settings\All Users\Documents
Common Favorites - C:\Documents and Settings\All Users\Favorites
Common Music - C:\Documents and Settings\All Users\Documents\My Music
Common Pictures - C:\Documents and Settings\All Users\Documents\My Pictures
Common Start Menu - C:\Documents and Settings\All Users\Start Menu
Common Start Menu Programs - C:\Documents and Settings\All Users\Start Menu\Programs
Common Startup - C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Common Templates - C:\Documents and Settings\All Users\Templates
Common Video - C:\Documents and Settings\All Users\Documents\My Videos
Cookies - C:\Documents and Settings\%USER%\Cookies
Desktop - C:\Documents and Settings\%USER%\Desktop
Favorites - C:\Documents and Settings\%USER%\Favorites
Fonts - C:\WINDOWS\Fonts
History - C:\Documents and Settings\%USER%\Local Settings\History
Local Application Data - C:\Documents and Settings\%USER%\Local Settings\Application Data
My Documents - C:\Documents and Settings\%USER%\My Documents
My Music - C:\Documents and Settings\%USER%\My Documents\My Music
My Pictures - C:\Documents and Settings\%USER%\My Documents\My Pictures
NetHood - C:\Documents and Settings\%USER%\NetHood - 0x13
PrintHood - C:\Documents and Settings\%USER%\PrintHood
Profile Folder - C:\Documents and Settings\Administrator
Program Files - C:\Program Files
Program Files - Common - C:\Program Files\Common Files
Recent - C:\Documents and Settings\%USER%\Recent
Send To - C:\Documents and Settings\%USER%\SendTo
Start Menu - C:\Documents and Settings\%USER%\Start Menu
Start Menu Programs - C:\Documents and Settings\%USER%\Start Menu\Programs
Startup - C:\Documents and Settings\%USER%\Start Menu\Programs\Startup
System Directory - C:\WINDOWS\system32
Templates - C:\Documents and Settings\%USER%\Templates
Temporary Folder - C:\Documents and Settings\%USER%\Local Settings\Temp\ - -
Temporary Internet Files - C:\Documents and Settings\%USER%\Local Settings\Temporary Internet Files
Windows Directory - C:\WINDOWS

Windows Vista Special Folders

Admin Tools - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Application Data - C:\Users\%USER%\AppData\Roaming
CD Burning - C:\Users\%USER%\AppData\Local\Microsoft\Windows\Burn\Burn
Common Administrative Tools - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common Application Data - C:\ProgramData
Common Desktop - C:\Users\Public\Desktop
Common Documents - C:\Users\Public\Documents
Common Favorites - C:\Users\%USER%\Favorites
Common Music - C:\Users\Public\Music
Common Pictures - C:\Users\Public\Pictures
Common Start Menu - C:\ProgramData\Microsoft\Windows\Start Menu
Common Start Menu Programs - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Common Startup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Common Templates - C:\ProgramData\Microsoft\Windows\Templates
Common Video - C:\Users\Public\Videos
Cookies - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Cookies
Desktop - C:\Users\%USER%\Desktop
Favorites - C:\Users\%USER%\Favorites
Fonts - C:\Windows\Fonts
History - C:\Users\%USER%\AppData\Local\Microsoft\Windows\History
Local Application Data - C:\Users\%USER%\AppData\Local
My Documents - C:\Users\%USER%\Documents
My Music - C:\Users\%USER%\Music
My Pictures - C:\Users\%USER%\Pictures
My Video - C:\Users\%USER%\Videos
NetHood - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Profile Folder - C:\Users\%USER%
Program Files - C:\Program Files
Program Files - Common - C:\Program Files\Common Files
Recent - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Recent
Send To - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Start Menu
Start Menu Programs - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Startup - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
System Directory - C:\Windows\system32
Templates - C:\Users\%USER%\AppData\Roaming\Microsoft\Windows\Templates
Temporary Folder - C:\Users\%USER%\AppData\Local\Temp\
Temporary Internet Files - C:\Users\%USER%\AppData\Local\Microsoft\Windows\Temporary Internet Files
Windows Directory - C:\Windows

Windows Special Folders CLSID Values

Administrative Tools - ::{D20EA4E1-3957-11d2-A40B-0C5020524153}
Briefcase - ::{85BBD920-42A0-1069-A2E4-08002B30309D}
Control Panel - ::{21EC2020-3AEA-1069-A2DD-08002B30309D}
Fonts - ::{D20EA4E1-3957-11d2-A40B-0C5020524152}
History - ::{FF393560-C2A7-11CF-BFF4-444553540000}
Inbox - ::{00020D75-0000-0000-C000-000000000046}
Microsoft Network - ::{00028B00-0000-0000-C000-000000000046}
My Computer - ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
My Documents - ::{450D8FBA-AD25-11D0-98A8-0800361B1103}
My Network Places - ::{208D2C60-3AEA-1069-A2D7-08002B30309D}
Network Connections - ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
Printers and Faxes - ::{2227A280-3AEA-1069-A2DE-08002B30309D}
Recycle Bin - ::{645FF040-5081-101B-9F08-00AA002F954E}
Scanners and Cameras - ::{E211B736-43FD-11D1-9EFB-0000F8757FCD}
Scheduled Tasks - ::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Temporary Internet Files - ::{7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Web Folders - ::{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
DNS SERVERS
Server Locations
Service provider: Google
8.8.8.8
8.8.4.4

Service provider: ScrubIt

67.138.54.100
207.225.209.66

Service provider: dnsadvantage

156.154.70.1
156.154.71.1

Service provider: OpenDNS

208.67.222.222
208.67.220.220

Service provider: vnsc-pri.sys.gtei.net

4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

Linux DNS Setup

Open /etc/resolv.conf file as root:
Add your ISP nameserver as follows:
nameserver [address]
Note: A max of three nameserver addresses can be defined at a time.

Windows XP DNS Setup

Click the Start Button, then select Control Panel.
Click on Network Connections.
Click Properties button.
Select Internet Protocol (TCP/IP) and click Properties.
Click the radio button Use the following DNS server addresses and type in DNS addresses in the DNS server fields.

Windows Vista DNS Setup

Click the Start Orb, then select Control Panel.
Click on View network status and tasks.
Click on View status.
Click the Properties button.
Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Click the radio button Use the following DNS server addresses and type in DNS addresses in the DNS server fields.

Windows 7 DNS Setup

Click the Start Orb, then select Control Panel.
Click on Network and Sharing Center.
Click on Local Area Connection under Active Networks.
Click the Properties button.
Select Internet Protocol Version 4 and click Properties.
Click the radio button Use the following DNS server addresses and type in DNS addresses in the DNS server fields.
BIOS ERROR CODES
AMI (American Megatrends) BIOS
one short - DRAM refresh failure (Problem with memory)
two short - Parity circuit failure
three short - Base 64K RAM failure
four short - System Timer failure
five short - Processor failure
six short - Keyboard Controller / Gate A20 failure
seven short - Virtual Mode Exception error
eight short - Display Memory Read/Write failure (fault with video card)
nine short - ROM BIOS Checksum error (fault with BIOS chip)
ten short - CMOS Shutdown Read/Write error
eleven short - Cache memory
one long - Passed (no errors)
one long, two short - Video failure
one long, three short - Base / Extended Memory failure
one long, eight short - Display / Retrace Test failure

Award BIOS
one short - Passed (no errors)
two short - Any non-fatal error
one long, two short - Video failure

Compaq BIOS
one short - Indicates that the system is booting properly
two short - General BIOS error - remedy unknown
one short, two long - Memory Module
one long, one short - BIOS ROM checksum error
one long, two short - Video error
7 Beeps: one long, one short, one long, one short, pause, one long, two short - AGP Video
one long continuous tone - Memory Module

IBM BIOS (Standards Compliant Codes)

none - Power Supply or System Board failure (possible short)
one short - Passed (no errors)
one short (blank screen) - Video error (check cable)
one short (no boot) - Floppy Drive error
two short - Configuration Error (displayed on screen)
repeating short - Power Supply or System Board failure
continuous - Power Supply or System Board / Keyboard stuck
one long, one short - System Board failure
one long, two short - Video (Mono/CGA) failure (check cable)
one long, three short - Video (EGA) failure (check cable)
three long - Keyboard Card error

Phoenix BIOS
one, one, three - CMOS Read/Write
one, one, four - ROM BIOS Checksum failure
one, two, one - Programmable Interval Timer failure
one, two, two - DMA Initialisation failure
one, two, three - DMA Page Register Read/Write failure
one, three, one - RAM Refresh Verification error
one, three, three - First 64K RAM Chip/Data Line failure
one, three, four - First 64K RAM Odd/Even Logic
one, four, one - First 64K RAM: Address Line
one, four, two - First 64K RAM: Parity failure
one, four, three - Fail-Safe Timer Feature (EISA only)
one, four, four - Software NMI Port failure (EISA only)
two (followed by various combinations) - First 64K RAM Chip/Data Line failure (combinations indicate which bit)
three, one, one - Slave DMA Register failure
three, one, two - Master DMA Register failure
three, one, three - Master Interrupt Mask Register failure
three, one, four - Slave Interrupt Mask Register failure
three, two, four - Keyboard Controller failure
three, three, four - Display Memory failure
three, four, one - Display Retrace failure
three, four, two - Video ROM search proceeding
four, two, one - Timer Tick failure
four, two, two - Shutdown failure
four, two, three - Gate A20 failure
four, two, four - Unexpected Interrupt in Protected Mode
four, three, one - RAM test above 64K failure
four, three, two/three - Programmable Interval Timer, Channel 2 failure
four, three, four - Realtime Clock failure
four, four, one - Serial Port error
four, four, two - Parallel Port error
four, four, three - Math Co-processor failure
(tone) one, one, two - System Board Select
(tone) one, one, three - Extender CMOS RAM
RJ-45 Color Codes
T-568A Straight-Through Ethernet Cable

T-568B Straight-Through Ethernet Cable

RJ-45 Crossover Ethernet Cable

DEFAULT ROUTER PASSWORDS
Actiontec (Verizon FiOS)
Model Protocol Username Password
GE344000-01 HTTP (none) (none)
W1424WR HTTP admin password
R1520SU HTTP admin (none)
GT704-WG HTTP admin password

D-Link
Model Protocol Username Password
DSL-G664T Rev. A1 HTTP admin admin
HUBS/SWITCHES TELNET D-Link D-Link
DI-704 Rev. REV A MULTI (none) admin
DI-804 Rev. V2.03 MULTI admin (none)
DWL 900AP MULTI (none) public
DI-614+ HTTP user (none)
DWL-614+ Rev. REV A REV B HTTP admin (none)
D-704P Rev. REV B MULTI admin (none)
DI-604 Rev. REV A REV B REV C REV E MULTI admin (none)
DWL-614+ Rev. 2.03 HTTP admin (none)
D-704P MULTI admin admin
DWL-900+ HTTP admin (none)
DI-704 MULTI n/a admin
DI-604 Rev. 1.62B+ HTTP admin (none)
DI-624 Rev. ALL HTTP admin (none)
DI-624 Rev. ALL HTTP User (none)
DI-604 Rev. 2.02 HTTP admin admin
DWL 1000 HTTP admin (none)
DI-514 MULTI user (none)
DI-614+ Rev. ANY HTTP admin (none)
DWL 2100AP MULTI admin (none)
DSL-302G MULTI admin admin
DI-624+ Rev. A3 HTTP admin admin
DWL-2000AP+ Rev. 1.13 HTTP admin (none)
DI-614+ HTTP admin admin
DSL-300G+ Rev. TEO TELNET (none) private
DSL-300G+ Rev. TEO HTTP admin admin
DI-524 Rev. ALL HTTP admin (none)
FIREWALL Rev. DFL-200 HTTP admin admin
DI-524 Rev. ALL HTTP user (none)
DWL-900AP+ Rev. REV A REV B REV C HTTP admin (none)
DSL500G MULTI admin admin
DSL-504T HTTP admin admin
DSL-G604T MULTI admin admin
DI-707P ROUTER HTTP admin (none)
DI624 Rev. C3 HTTP admin password
604 MULTI n/a admin
DSL-500 MULTI admin admin
504G ADSL ROUTER HTTP admin admin
DI-524 HTTP admin (none)
ADSL HTTP admin admin
VWR (VONAGE) HTTP user user
DGL4300 HTTP Admin (none)
VTA (VONAGE) HTTP user user
Linksys
Model Protocol Username Password
WAP11 MULTI n/a (none)
ETHERFAST CABLE/DSL ROUTER MULTI Administrator admin
LINKSYS ROUTER DSL/CABLE HTTP (none) admin
BEFW11S4 Rev. 1 HTTP admin (none)
BEFSR41 Rev. 2 HTTP (none) admin
WRT54G HTTP admin admin
WAG54G HTTP admin admin
LINKSYS DSL n/a admin
WAP54G Rev. 2.0 HTTP (none) admin
WRT54G Rev. ALL REVISIONS HTTP (none) admin
WRT54GC MULTI (none) admin
AG 241 MULTI admin admin
COMCAST Rev. COMCAST-SUPPLIED HTTP comcast 1234
WAG54GS MULTI admin admin
AP 1120 MULTI n/a (none)
PAP2 / PAP2V2 (VONAGE) HTTP admin admin
RT31P2 (VONAGE) HTTP admin admin
RTP300 (VONAGE) HTTP admin admin
WRT54GP2 (VONAGE) HTTP admin admin
WRTP54G (VONAGE) HTTP admin admin

Netgear
Model Protocol Username Password
RM356 Rev. NONE TELNET (none) 1234
WGT624 Rev. 2 HTTP admin password
COMCAST Rev. COMCAST-SUPPLIED HTTP comcast 1234
FR314 HTTP admin password
MR-314 Rev. 3.26 HTTP admin 1234
RT314 HTTP admin admin
RP614 HTTP admin password
RP114 Rev. 3.26 TELNET (none) 1234
WG602 Rev. FIRMWARE VERSION 1.04.0 HTTP super 5777364
WG602 Rev. FIRMWARE VERSION 1.7.14 HTTP superman 21241036
WG602 Rev. FIRMWARE VERSION 1.5.67 HTTP super 5777364
MR814 HTTP admin password
FVS318 HTTP admin password
DM602 MULTI admin password
FR114P HTTP admin password
ME102 SNMP (none) private
WGR614 Rev. V4 MULTI admin password
RP114 Rev. 3.20-3.26 HTTP admin 1234
DG834G HTTP admin password
ROUTER/MODEM MULTI admin password
MR314 MULTI admin 1234
GSM7224 HTTP admin (none)
ADSL MODEM DG632 Rev. V3.3.0A_CX HTTP admin password
WGT634U HTTP admin password
FWG114P MULTI n/a admin
GS724T Rev. V1.0.1_1104 HTTP n/a password
FM114P MULTI n/a (none)
DG834 admin password
WNR834 BV2 admin password
WNR834BV2 HTTP admin password
WPN824 / WPN824V2 HTTP admin password
COMMONLY USED PORTS
7 Echo 902-904 VMware Server 5554 Sasser
19 Char Generator 989-990 FTP over SSL 5631-5632 pcAnywhere
20 FTP 993 IMAP4 over SSL 5800 VNC over HTTP
22 SSH/SCP 995 POP3 over SSL 6112 Battle.net/ArenaNet
23 Telnet 1025 Microsoft IIS 6257 WinMX
25 SMTP 1026-1029 Windows Messenger 6346-6347 Gnutella/Limewire
42 WINS Replication 1080 SOCKS proxy 6500 GameSpy Arcade
43 WHOIS 1080 MyDoom 6566 SANE
49 TACACS 1194 OpenVPN 6600 MPD
53 DNS 1214 Kazaa 6660–6669 IRC
67-68 BOOTP/DHCP 1433-1434 Microsoft SQL 6679/6697 IRC over SSL
69 TFTP 1503 Windows Live Messenger 6881–6999 BitTorrent
70 Gopher 1512 WINS 6891–6900 Windows Live Messenger
79 Finger 1589 Cisco VQP/VMPS 6970 QuickTime
80 HTTP 1716 America's Army 7133 Enemy Territory: QW
88 Kerberos 1723 Microsoft PPTP 7777-7788 Unreal Tournament 2004
102 MS Exchange 1725 Steam 8000–8001 Internet Radio
110 POP3 1755 Microsoft Media Server 8080 HTTP alternate
113 ident 1863 MSN/.NET 8086-8087 Kaspersky AV
115 SFTP 1985 Cisco HSRP 8118 Privoxy
119 NNTP (Usenet) 2000 Cisco SCCP 8200 GoToMyPC
123 NTP 2002 Cisco ACS 8222 VMware Server
135 Microsoft EPMAP/RPC 2049 NFS 8333 VMware Server (secure)
137-139 NetBIOS 2056 Civilization 4 8500 Adobe ColdFusion
143 IMAP4 2082-2083 cPanel 8767 TeamSpeak
161-162 SNMP 2100 Oracle XDB 8866 Bagle.B
177 XDMCP 2222 DirectAdmin 9800 WebDAV/WebCT
179 BGP 2302 Halo 9898 Dabber
194 IRC 2483-2484 Oracle DB 9988 Rbot/Spybot
201 AppleTalk 2475 Bagle.H 9999 Urchin Web Analytics
264 BGMP 2967 Symantec AV 10000 Webmin
318 TSP 3050 Interbase DB 10000 BackupExec
389 LDAP 3074 Xbox LIVE/Windows LIVE 10113-10116 NetIQ
411-412 Direct Connect 3124 HTTP Proxy 10480 SWAT 4
443 HTTP over SSL 3127 MyDoom 12035-12036 Second Life
445 Active Directory 3128 HTTP Proxy 12345 NetBus
464 Kerberos 3260 iSCSI target 13720-13721 NetBackup
465 Cisco/SMTP over SSL 3306 MySQL 14567 Battlefield 1942
497 Retrospect 3389 Microsoft RDP 16567 Battlefield 2
500 ISAKMP 3689 iTunes (DAAP) 19226 Panda AdminSecure
512 rexec 3690 Subversion 20000 Usermin
513 rlogin 3723 Battle.net 24800 Synergy
514 syslog 3724 World of Warcraft 25999 Xfire
515 LPD 3784-3785 Ventrilo VoIP 27015 Half-Life
531 AIM/IRC 4000 Diablo II 27374 Sub7
540 UUCP 4444 Blaster 27900-27901 Nintendo Wi-Fi Connection
546-547 DHCPv6 4664 Google Desktop Search 27960-27969 Quake III based games
554 RTSP 4672 eMule 28960 Call of Duty (all)
560 rmonitor 4899 Radmin 31337 Back Orifice
563 NNTP over SSL 5000 UpnP 33434 traceroute
587 SMTP 5001 Slingbox/Slingplayer
593 Microsoft DCOM 5004-5005 RTP Legend
631 Internet Printing 5050 Yahoo! Messenger Chat
636 LDAP over SSL 5121 Neverwinter Nights Encrypted
639 MSDP (PIM) 5190 AIM/ICQ Games
646 LDP (MPLS) 5222-5223 XMPP/Jabber Malicious
691 MS Exchange 5432 PostgreSQL Peer 2 Peer
873 rsync 5500/TCP VNC Server Streaming
USEFUL LINKS
HijackThis Log Analyzer - http://www.hijackthis.de
HijackThis.de is a “Hijack This!” Log Analyzer where you paste your Hijack This! logs into the website and it will tell you
what is potentially malicious and what is safe.

Test Single File for Virus – http://www.virustotal.com

Virustotal allows you to upload a single file to their website and it will be tested using a variety of anti-virus products
databases.

Test Internet Speed - http://www.speedtest.net

Speedtest allows you to test the speed of your internet connection, choose multiple mirrors to test from and compare
your results to other people in the area.

Find You Public IP Address - http://www.whatismyip.com

Displays your public IP address, nothing more. Simple but useful.

Online Virus Scanner - http://housecall.trendmicro.com

A online virus scanner to scan your computer for viruses.

Find Hardware Drivers - http://www.driverguide.com

A site with a huge collection of drivers for all sorts of hardware.

Router Passwords - http://www.routerpasswords.com

Contains a list of the default passwords for various router models.

Replace Missing or Damaged DLLs - http://www.dll-files.com

Contains many different DLL’s which are available for download. Handy when an application is missing a certain DLL that
is preventing it from running.

Check Windows Processes - http://www.processlibrary.com

A searchable list of Windows processes. Just enter the name of the process (for example, svchost.exe) and it will let you
know whether it is malicious, safe or unneeded.

Computer Manuals - http://www.eserviceinfo.com

This place has 5260+ manuals for various computer manufacturers, parts and peripherals. They have manuals for
Printers, Laptops, Networking Equipment, Uninterruptible Power Supplies, Scanners, Motherboards, Audio adapters and
more.

Computer Manufacturer Links - http://www.electroservice.net/info2.htm

If you know the name of a computer manufacturer, this list has their web address. A handy site when you are trying to
find drivers for a rare part.

Shields Up! Firewall Leak Test - https://www.grc.com/x/ne.dll

This website/server probes your computer looking for any open ports and vulnerabilities then creates a report.

Tweak Windows XP - http://www.tweakxp.com

Tweak Windows Vista - http://www.tweakvista.com
Tweak Windows 7 - http://www.tweakwin7.com
If there is a little nagging bug in Windows that you cant figure out or just want to disable something that annoys you,
chances are there is a registry tweak for it here.

List of Open Source Software - http://en.wikipedia.org/wiki/List_of_open-source_software_packages

A nicely ordered list for open source (free) software packages.
FREEWARE ALTERNATIVES
Virus Protection
AVG Free - http://free.grisoft.com
AVG Free is one of my personal favorites and remains a favorite amonst most of the techicians on the forums. It has a
very extensive virus database and will detect anything that a major antivirus brand such as Norton can detect. In fact,
there have been a few times while I was on the field that AVG found viruses that Norton/McAfee didnt detect at all.

Avira Antivir - http://www.free-av.com

Avira Antivir is an antivirus I have seen only a couple of times on clients machines in the field. I have to say, its resident
virus shield is awsome. One time when I was onsite, I plugged in my USB drive with all my computer technician tools on
it. As soon as it was in, Avira detected a virus on my USB drive and asked me what I wanted to do with it. I hadnt run
anything on the drive, I hadnt even looked at the drive in My Computer yet. Just plugged it in. It turns out it discovered
the the Eicar virus which is a test file that computer technicians can use to test the capabilities of antivirus software.
Avira is a little “heavier” on system resources than AVG, but not by much.

avast! - http://www.avast.com
Another good antivirus. I’ve seen it many times onsite and it does its job well.

Child Filtering Software

K9 Web Protection - http://www1.k9webprotection.com
A great parental filter with many features such as the ability to set the protection based on the child’s age.

Backup Utility
Cobain Backup - http://www.educ.umu.se/~cobian/cobianbackup.htm
I really like Cobain Backup and use this piece of software myself. It’s simple enough for home users to setup, yet is
powerful and feature packed for the computer technicians. Cobain Backup can run as a service and backup to FTPs.

Office Suite
Open Office - http://www.openoffice.org
Open Office looks and feels like the Microsoft Office package. It can do pretty much anything MSOffice can do without
the nasty price tag.

Firewall
Zonealarm Firewall - http://www.zonealarm.com
For the more knowledgeable clients, I recommend Zonealarm, provided they know a little bit about processes and
security. Otherwise they don’t know what the security popups mean and just allow anything. For the non-
knowledgeable clients, I just use the built in Windows firewall.

Media Player
VLC Media Player - http://www.videolan.org
VLC is lighter, faster, more compatible, and less prone to breaking than Windows Media Player.

PDF Creation
PDF Creator - http://sourceforge.net/projects/pdfcreator
PDF Creator installs itself as a printer so that it can export to PDF in almost any program that you can print in. Just select
PDF Creator as your printer and it will save that document as a PDF.

Resizing Images
Image Resizer Powertoy - http://download.microsoft.com/download/whistler/Install/2/WXP/EN-
US/ImageResizerPowertoySetup.exe
Many of my clients want to send digital photos via email to relatives or post some pictures on eBay. However, most
digital cameras take poster sized photos which can often be 1mb or more. The Image Resizer Powertoy allows you to
right click on any photograph, select “Resize Picture” and choose what size you want the picture to be.

Photo Editing
Paint.net - http://www.getpaint.net
A great application for when you need to do more with your photos than what is possible with Paint, but don't need to
spend hundreds of $$ on Adobe Photoshop.
PDF Reader
FoxIt Reader - http://www.foxitsoftware.com
FoxIt Reader is a lightweight alternative to Adobe Acrobat Reader for reading PDFs. The install file for Adobe Acrobat is
22mb, FoxIt Reader does it in 2mb and has almost all of the same features.

Web Browser
Firefox – http://www.getfirefox.com
Faster, more secure and a better alternative to Internet Explorer.

Email Client
Thunderbird - http://www.getthunderbird.com
Faster, more secure and better alternative to Outlook Express.

Archive Manager
7-Zip - http://www.7-zip.org
7-Zip can create and extract many different archive types such as Zip, Rar, Tar, Arj, .Gz, preventing you from needing
multiple archive extractors such as Winzip, Winrar, Winace etc.

Anti-Spam
Spamfighter Free - http://www.spamfighter.com
I have used this on many clients computers and it works very well. It comes pre trained to deflect most spam and has
the ability to learn even more based on your preferences.