I was wondering if there's anything suspicious about the following lines: Code: :: Created by: Shawn Brink :: http://www.sevenforums.com :: Tutorial: http://www.sevenforums.com/tutorials/91738-windows-update-reset.html net stop bits net stop wuauserv net stop appidsvc net stop cryptsvc Ipconfig /flushdns Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) cd /d %windir%\system32 Ren %systemroot%\system32\catroot2 catroot2.bak regsvr32.exe /s atl.dll regsvr32.exe /s urlmon.dll regsvr32.exe /s mshtml.dll regsvr32.exe /s shdocvw.dll regsvr32.exe /s browseui.dll regsvr32.exe /s jscript.dll regsvr32.exe /s vbscript.dll regsvr32.exe /s scrrun.dll regsvr32.exe /s msxml.dll regsvr32.exe /s msxml3.dll regsvr32.exe /s msxml6.dll regsvr32.exe /s actxprxy.dll regsvr32.exe /s softpub.dll regsvr32.exe /s wintrust.dll regsvr32.exe /s dssenh.dll regsvr32.exe /s rsaenh.dll regsvr32.exe /s gpkcsp.dll regsvr32.exe /s sccbase.dll regsvr32.exe /s slbcsp.dll regsvr32.exe /s cryptdlg.dll regsvr32.exe /s oleaut32.dll regsvr32.exe /s ole32.dll regsvr32.exe /s shell32.dll regsvr32.exe /s initpki.dll regsvr32.exe /s wuapi.dll regsvr32.exe /s wuaueng.dll regsvr32.exe /s wuaueng1.dll regsvr32.exe /s wucltui.dll regsvr32.exe /s wups.dll regsvr32.exe /s wups2.dll regsvr32.exe /s wuweb.dll regsvr32.exe /s qmgr.dll regsvr32.exe /s qmgrprxy.dll regsvr32.exe /s wucltux.dll regsvr32.exe /s muweb.dll regsvr32.exe /s wuwebv.dll regsvr32 /s wudriver.dll netsh winsock reset net start bits net start wuauserv net start appidsvc net start cryptsvc bitsadmin.exe /reset /allusers http://www.sevenforums.com/attachme...eset_reregister_windows_update_components.bat
Not suspicious as installing anything new (malware...) but it does reset quite a few things. What it does is: - stops four services - flushes dns - deletes qmgr0.dat and qmgr1.dat files (?) - sets security descriptors for bits and update service (?) - renames catroot2 folder (?) - registers dlls - resets winsock - starts four services - cancels all jobs in BITS I don't know if steps marked with (?) can cause any problem. I would definitely backup my system before running this batch. EDIT: since the link is only to BAT file I don't know what are instructions. I hope you don't have to replace DLLs that you register with this batch.
Thanks, This is the tutorial. Step two. http://www.sevenforums.com/tutorial...reset.html?s=ff2bc6d076f9495be79ae3ddd0c98349
OK, it's nothing suspicious in that bat file, but you still are messing with system resources. System image should be taken IMO.