Author Archives: Administrator

Windows 7 Hacks

Some cool Windows 7 hacks at this link:

http://home.roadrunner.com/~macecil/hackingw7/

I’ve copied the page here in case the website is moved.

Enable Logging in as the Administrator

Right click on “Command Prompt” and click “Run as Administrator”, then type “regedit” and press enter.
In the Registry Editor, browse to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon

Add a new key called “SpecialAccounts”.
Inside the new “SpecialAccounts” key, add a key called “UserList”.
Within the “UserList” key, create a 32-bit DWORD value called “Administrator” and set its value to 1.
(Or if you are going to rename the Administrator account, create a 32-bit DWORD value to match and set it to 1.)

Close the Registry Editor and back in the command prompt window, run “control userpasswords2”.
Click on the Advanced tab, then under “Advanced User Management” click the Advanced button.
Next, click on Users and right click the Administrator account and select Properties.
Finally, remove the check from “Account is disabled”.
(If you wish, you can rename the Administrator account and set a password for it here.
Reboot and you should see the Administrator account on the Welcome screen.

Enable Logging in as the Administrator – Method Two

Right click on “Command Prompt” and click “Run as Administrator”.
Enter the command, “net user administrator /active:yes”
Reboot or log out to see the Administrator account on the Welcome screen.


Log in Automatically

Right click on “Command Prompt” and click “Run as Administrator”, then type “control userpasswords2” and press enter.
Remove the checkmark from “Users must enter a user name and password to use this computer” and click the Apply button.
You will be prompted for the user name and password to automatically log in. Enter them and click OK, then click OK again.
In the same administrative command prompt window as before type “regedit” and press enter.
In the Registry Editor, browse to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon

Add a string keys called DefaultUserName and DefaultPassword if they aren’t already present.
Edit the data for those two keys to match the appropriate user name and password values entered above.


Disable UAC (User Access Control)

There are severals ways to do this. I prefer a simple registry edit instead of messing around with security policies or MSConfig.

Open the Registry Editor with administrative rights and navigate to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Locate the following DWORD value, “EnableLUA” and assign it a value of 0.
Reboot for this change to take effect.

Get Rid of the Windows Security Center

First, disable and stop the Security Center service.
Remove the service entirely by typing the command,

“REG DELETE HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC /F”

Open a Command Prompt window with Administrative rights and change to the \Windows\System32 folder.
Take ownership of the files, wscapi.dll, wscsvc.dll and wscui.cpl.
For example, issue the command “takeown /f wscapi.dll” in the command prompt window.
Also, issue the command “icacls wscapi.dll /grant administrators:F” in the command prompt window.
Rename or just delete the three files.
Finally, reboot the computer for the change to take effect.


Disable Hibernation

From administrative command prompt issue command, “powercfg -h off”


Track down the Start Menus

The All Users Start Menu is now located: \ProgramData\Microsoft\Windows\Start Menu

The Users Start Menus are now located: \Users\\AppData\Roaming\Microsoft\Windows\Start Menu


Adjust Window Border Thickness

Right click on your desktop and select Personalize.
Click on “Window Color” at the bottom.
Select “Border Padding” in the Item: drop down box.
Change the border size and keep clicking OK to exit.

Remove “- Shortcut” from Shortcuts

Start Regedit with administrative rights.
With Regedit browse to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

Find and edit the “link” value from 16 00 00 00 to 00 00 00 00.
Close Regedit and reboot or logoff for the change to take effect.


Connect to Samba shares

Windows 7 defaults to using NTLMv2 authentication which does not work with versions of Samba <3.0.
Make this registry edit to enable NTLMv1 authentication, if needed.

Start Regedit with administrative rights.
With Regedit browse to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Add a DWORD value called LmCompatibilityLevel if it isn’t already present.
Set the value of LmCompatibilityLevel to be 1.
Reboot for this to take effect.

Open Windows Explorer with drive C: selected

Edit your Explorer shortcut so the target field contains,

%SystemRoot%\explorer.exe /e,c:

The /e tells explorer to use a two-pane view, while the ,c: indicates which drive to select.


Customize the OEM information and graphic

Start Regedit with administrative rights.
With Regedit browse to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

Change or create a Key called OEMInformation if it isn’t already present.
Inside this new key create the following String values setting their values as indicated:

Logo – OEMlogo.bmp, such as c:\windows\system32\OEMlogo.bmp
(The logo bmp file should be 96×96 in size.)
Manufacturer – Any name
Model – Any name
SupportHours – Any time
SupportPhone – Any phone number
SupportURL – Any URL

To see the changes, open System Properties from the Control Panel or by right clicking on My Computer and choosing Properties.

Improve Internet speed by disabling TCP Auto-Tuning

Open a “Command Prompt” with the “Run as Administrator” option.
Enter the command, “netsh interface tcp show global” to check the status of TCP Auto-Tuning.
Enter the command, “netsh interface tcp set global autotuning=disabled” to disable TCP Auto-Tuning.
Enter the command, “netsh interface tcp set global autotuning=normal” to enable TCP Auto-Tuning.

Set processor affinity for finicky old programs

Open a command prompt in the program’s folder.
Issue the command “start /affinity 01 program.exe” where 01 is the processor and program.exe is the finicky program’s executable.

Adjust the disk space use by Volume Shadow Services

Windows 7 allocates 15% of the drive’s total size or 30% of the drive’s free space, whichever is smaller, as the maximum VSS storage. Sometimes this parameter is ignored so if you’re running out of space you can check and/or adjust this limit with the vssadmin.exe utility.

Open a “Command Prompt” with the “Run as Administrator” option.
Issue the command “vssadmin /?” to see the available options.
For example, to set the VSS limit for the C: drive to 20GB and to store these VSS backups on C:, issue the command:

vssadmin Resize ShadowStorage /On=C: /For=C: /MaxSize=20GB

MaxSize must be at least 300MB or more and takes a KB, MB, GB, TB, PB or EB suffix.
Leave out the MaxSize parameter to let Windows use any available space.

Use the System Recovery Command Prompt to bypass Windows 7 security

Boot from the Windows 7 DVD and select the Repair option.
Then select the Command Prompt.
Now you have full access with both Admin and System rights, so go ahead and “recover” whatever files you need.
Hint: the SAM file is in c:\windows\system32\config.


Restore the Quick Launch Toolbar

Right click on the Taskbar and select Toolbars then select New Toolbar.
Copy the following text into the folder field, then click Select Folder:

%AppData%\Microsoft\Internet Explorer\Quick Launch

Next make sure to right click on the Taskbar and unlock it.
Remove the text by right clicking on the Taskbar and unchecking Show Text and Show Title.
Right click on the Taskbar and select View then Large Icons to enable large icons if you like.
Finally, adjust the Quick Launch toolbar location and size.


Create an install DVD that will let you install any version of Windows 7

Unlike Vista, some Windows 7 discs will only allow certain versions to be installed.
First, create an ISO image file from your DVD.
Use a tool like PowerISO or UltraISO to edit the ISO image.
Find the ei.cfg file in the \sources folder and delete it.
Save the changes and then use the modified ISO to create a new install DVD.


Remove the Libraries from Windows 7 Explorer

Launch Regedit with Administrative rights.
Find and delete the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4af4-A7EB-4E7A138D8174}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464b-ABE8-61C8648D939B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4e80-94BC-9912D7504104}

Creat the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4DC3-B131-E946B44C8DD5}”=dword:00000001

Log back in or reboot for the changes to take effect.

Change your Windows 7 Logon Background

Launch Regedit with Administrative rights.
Either create or modify the following registry entry so the DWORD value equals 1:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background

Then create a folder called %windir%\system32\oobe\info\backgrounds
Finally, create a graphic file in this folder called backgroundDefault.jpg that is no more that 256 KB in size.
Log back in or reboot to see the changes.

How To Fix Problem With Zytel P600 Not Working With Router

Basic problem is that the Zytel P600 will allow internet connectivity although not when connected with another router.

The problem is most likely due to a conflict of IP addresses. For example, many Zytel modems will use 192.168.1.1 as their default IP which conflicts with many Linksys routers.

To solve this problem you’ll need to do 3 things:

1) Change the IP address on the router to something outside of the Zytel modem range. 192.168.1.254 worked for me although you could try 192.168.0.1 or 192.168.2.1.

2) Disable DHCP on the router. The Zytel wants to be in control of the DHCP.

3) Connect the Zytel to a regular port on the router instead of the internet port. This allows the Zytel to be in control of the DHCP and the router basically acts as a passthrough hub.

How To Fix Problem With EXE Files Not Running

Recently the XP AntiMalware virus — or some variant — knocked out the ability to run certain EXE files. This was very frustrating because I was not able to run my standard set of antivirus / antimalware programs.

When I clicked on the program icon, it would ask what file I wanted to use to run the program. The “trick” that the virus used was to redefined how EXE files are run.

You have to go into the registry to fix this problem.

Run regedit and navigate to HKEY_CLASSES_ROOT\.exe. The value should be exefile. In my case, the virus changed this value to secfile. After resetting it back to exefile I was able to run EXE file.

In order to remove the rest of the XP AntiMalware virus, I did a search in the registry and removed all instances of secfile, VMA.EXE and AVE.EXE.

A final run of Malwarebytes AntiMalware removed the rest of the infestation.

More information on how to fix this problem can be found at this link:

http://windowsxp.mvps.org/exefile.htm

How To Fix Cannot Find C Drive Cannot Access Control Panel

This was a tough virus. The symptoms:

Cannot access the C drive. When you click on My Computer you don’t get any results.
Cannot access any external drive. D, USB flash drives, external hard drives, etc.
Cannot access Regedit. This produced an admin privilege error.
Cannot access All Programs. This would show a gray box where you would normally see your programs and then the PC would lock up.
Cannot access the internet.
Cannot run programs such as Malwarebytes or SuperAntispyware. System would either lock up or the programs would just not run.
It almost seems like the user privileges to read/write directly to external drives was disabled.

Oddly enough, these functions were OK.

msconfig
My Documents
Right-click on My Computer to select Manage.

1) Backup data. Since the virus was somehow blocking access to the DVD writer as well as to any external drives, I was not able to copy any data off the system. So I created an Ubuntu boot disk and rebooted the system from the CD drive. From there I could copy the user data to an external drive without any problem.

2) Ran SDFix from Safe Mode. I was able to get SDFix onto the affected PC by opening a DOS window and copying the SDFix.exe file to the Desktop by using the command line.

After running SDFix Regedit was now usable and the system could also get onto the internet.

3) Ran ComboFix. I copied the file over to the PC in the same was as above, using the DOS window. ComboFix found a LOT of viruses and was able to clean them up nicely.

After that I was able to run Malwarebytes from Safe Mode as well as Super AntiSpyware. I could only use the Administrator logon as the user account was still having problems with executing programs and creating files on the C: drive.

Instead of fighting with that original account I decided to create a brand new account and that seemed to work OK. The new account is able to function properly.

How To Fix AXWIN Frame Window Error

One possible cause of this error is a rootkit virus. I recently had a customer who had this error, along with other symptoms like a hijacked browser and a pop up window that would shut down the PC after about 5 – 10 minutes of use.

Malwarebyte’s Anti-Malware did not find any spyware, even after doing a full scan. I checked msconfig, regedit, and HijackThis — all turned up clean.

I decided to run ComboFix and it turned up a rootkit virus that had infected atapi.sys. Once Combofix disinfected the file the problems were resolved.

http://www.combofix.org/download.php

How To Remove Internet Security 2010

Here’s yet another malware program masquerading as anti-virus software. Internet Security 2010 gives the appearance of a bona fide virus clean up program. It comes with a fake screen of virus infections that are designed to scare you into buying their software. Don’t be fooled!

This software is kind of devious in that it disables the task manager and also redefines Run > CMD so that you can’t get to the DOS prompt.

Here’s what I did to clean it up.

1) Make sure you have a current backup of any important files. Pictures, documents, music, etc.

2) Boot into Safe mode. Press F8 during power up and then choose Safe Mode with Networking.

3) Download Malwarebytes Anti-Malware and Hijackthis.

http://www.malwarebytes.org/
http://free.antivirus.com/hijackthis/

4) Install and run Malwarebytes. Make sure you do an update first and then do a Quick Scan. This will remove the majority of the virus.

5) Install and Run Hijackthis. Look for references to windowsupdate86 and IS2010 and remove them.

6) Reboot your computer into Safe Mode again.

7) Run msconfig and remove any references to IS2010 or Internet Security 2010.

8) Open your Windows Explorer and manually remove the folder c:\program files\internet security 2010 or c:\program files\IS2010.

9) Run Regedit and do a search for Internet Security 2010. Remove any references.

10) Reboot to Safe Mode again.

11) Run Malwarebytes again doing a FULL scan.

At this point your system should be clean.

In the future, make sure you are running Firefox rather than IE.

http://www.mozilla.com/en-US/

How To Remove Windows Police Pro

This is another very annoying malware popup that pretends to be a virus scanner, giving fake scanning statistics and virus detection.

The other side effects you may encounter from this malware is that you cannot access regedit or access your computer properties menu.

You’ll need two programs to remove this malware:

HijackThis – http://free.antivirus.com/hijackthis/
Malwarebytes Anti Malware – http://www.malwarebytes.org/mbam.php

1) Download and install the two programs.

2) Boot into safe mode (press F8 during power up) and run Malware’s Anti Malware program. Do an update and then a full scan.

3) Once that is completed, run Hijackthis and remove any references to plugie.dll, svchast.exe, svchasts.exe.

Boot into normal mode and the malware should be removed.

You can also find supplemental removal information at this link:

http://www.bleepingcomputer.com/virus-removal/remove-windows-police-pro

How To Fix Certification Errors

This recently happened to one of my customers. She was unable to open various websites — mostly those with https since it was reporting a certification error. After tweaking and fumbling with a lot of the security settings, I noticed that for some reason the date and time were way off on her PC.

Once I corrected the date and time, all the cert errors went away!

Sometimes the solutions are too easy…

How To Associate a File With a New Application on XP Problem

Changing or adding a file association is usually a pretty simple process in XP. If you right-click on the file you want to open and then select Choose Program, you can pick which program you want to use to open the file.

Recently I ran into a problem with adding a new application for a file association. The customer recently installed Photoshop CS4 and wanted to remove the old Photoshop 7.0 from her XP system. Simply enough: Just uninstall Photoshop 7.0 from the Add / Remove Programs icon under the Control Panel.

However, when trying to associate JPGs and JPEGs to open with the new Photoshop CS4, XP did not allow it to be added to the file list. Even selecting the full c:\program files\adobe\adobe photoshop cs4\photoshop.exe did not add the application to the program list.

The answer is that the Adobe Photoshop 7.0 does not do a clean uninstall. I needed to navigate to the registry key

HKEY_CLASSES_ROOT\APPLICATIONS\PHOTOSHOP.EXE\SHELL\EDIT\COMMAND and change the path to the new Photoshop CS4.

After making that registry change XP allowed the new CS4 to be added to the Open With application list.

Ordering Office Professional 2003 Replacement CDs

If you have a legitimate installation of Microsoft Office Professional 2003 and need a replacement disk, you can try calling the support number here: http://support.microsoft.com/kb/302822

Press 0 to get an operator and they will help you.

Note: If you have an OEM version installed then you’ll need to contact your original dealer. The way you can tell if you have an OEM version installed is by going to the Help > About and checking the product ID. If there are any letters in the ID then you have an OEM version.