Recovering Internet Explorer Passwords: Theory and Practice

Recovering Internet Explorer Passwords: Theory and Practice


1. Introduction
2. Types of passwords stored in Internet Explorer
2.1. Internet Credentials
2.2. AutoComplete data
2.3. AutoComplete passwords
2.4. FTP passwords
2.5. Synchronization passwords
2.6. Identities passwords
2.7. AutoForms data
2.8. Content Advisor password
3. Brief overview of Internet Explorer password recovery programs
4. PIEPR - the first acquaintance
5. Three real-life examples
5.1. Recovering current user's FTP passwords
5.2. Recovering website passwords from unloadable operating system
5.3. Recovering uncommonly stored passwords
6. Conclusion



1. Introduction
Nobody will likely dispute the fact that Internet Explorer is today's most popular Web browser. According to the statistics, approximately 70% of online users prefer to use just this program. Arguments about its pros and cons may last forever; still, this browser is the leader of its industry, and this is a fact that requires no proof. Internet Explorer carries several built-in technologies, designed to make average user's life easier. One of them - IntelliSense - is made for taking care of the routine tasks, like the automatic completion of visited webpage addresses, automatic filling of form fields, users' passwords, etc.

Many of today's websites require registration, which means, user would have to enter user name and password. If you use more than a dozen of such websites, you will likely need a password manager. All modern browsers have a built-in password manager in their arsenal, and Internet Explorer is not an odd. Indeed, why would one have to remember yet another password if it is going to be forgotten some time soon anyway? Much easier would be to have browser do the routine work of remembering and storing passwords for you. It's convenient and comfortable.

This would be a totally perfect solution; however, if your Windows operating system crashed or reinstalled not the way it's supposed to be reinstalled, you can easily lose the entire list of your precious passwords. That's the toll for the comfort and convenience. It's good just about every website has a saving 'I forgot password' button. However, this button will not always take your headache from you.

Each software developer solves the forgotten password recovery problem their own way. Some of them officially recommend copying a couple of important files to another folder, while other send all registered users a special utility that allows managing the migration of private data, and the third ones pretend they are not seeing the problem. Nevertheless, the demand creates the offer, and password recovery programs are currently on a great demand.

In this article, let's try to classify types of private data stored in Internet Explorer, look at programs for the recovery of the data, and study real-life examples of recovering lost Internet passwords.



2. Types of passwords stored in Internet Explorer
- Internet Explorer may store the following types of passwords:
- Internet Credentials
- AutoComplete Data
- AutoComplete Passwords
- FTP Passwords
- Synchronization Passwords for cached websites
- Identities Passwords
- AutoForms Data
- Content Advisor Password
Let's take a closer look at each listed item.



2.1. Internet Credentials for websites
Internet credentials mean user's logins and passwords required for accessing certain websites, which are processed by the wininet.dll library. For example, when you try to enter the protected area of a website, you may see the following user name and password prompt (fig.1 http://www.passcape.com/images/ie01.png).

If the option 'Remember my password' is selected in that prompt, the user credentials will be saved to your local computer. The older versions of Windows 9a stored that data in user's PWL file; Windows 2000 and newer store it in the Protected Storage.


2.2. AutoComplete Data
AutoComplete data (passwords will be covered further) are also stored in the Protected Storage and appear as lists of HTML form field names and the corresponding user data. For example, if an HTML page contains an e-mail address entry dialog: once user has entered his e-mail address, the Protected Storage will have the HTML field name, the address value, and the time the record was last accessed.

The HTML page title and website address are not stored. Is that good or bad? It's difficult to determine; more likely to be good than bad. Here are the obvious pros: it saves free space and speeds up browser's performance. If you think the last note is insignificant, try to imagine how you would have to perform several extra checkups in a multi-thousand (this is not as rare as it may seem to be) auto-fill list.

Another obvious plus is that data for identical by name (and often by subject) HTML form fields will be stored in the same place, and the common data will be used for the automatic filling of such pages. We will see this by this example. If one HTML page contains an auto-fill field with the name 'email', and user entered his e-mail address in that field, IE will put in the storage, roughly, 'email=my@email.com'. From now on, if the user opens another website, which has a page with the same field name 'email', the user will be suggested to auto-fill it with the value that he entered on the first page (my@email.com). Thus, the browser somewhat discovers AI capabilities within itself.

The major drawback of this data storage method comes out of its advantage that we just described. Imagine, user has entered auto-fill data on a webpage. If someone knows the HTML form field name, that person can create his own simplest HTML page with the same field name and open it from a local disk. To uncover the data entered in this field, such person will not even have to connect to the Internet and open the original WWW address.



2.3. AutoComplete Passwords
In the case with passwords data, however, as you might have guessed, the data will not be filled in automatically. Since auto-complete passwords are stored along with the Web page name, and each password is bound to only one specific HTML page.

In the new version, Internet Explorer 7, both AutoComplete passwords and data are encrypted completely different; the new encryption method is free from the shortcoming just described (if that can be classified as a shortcoming.)

It is worth noticing that Internet Explorer allows users to manage auto-fill parameters manually, through the options menu (fig.2 http://www.passcape.com/images/ie02.png).



2.4. FTP passwords
FTP site passwords are stored pretty much the same way. It would be relevant to notice that beginning with Windows XP FTP passwords are additionally encrypted with DPAPI. This encryption method uses logon password. Naturally, this makes it much more difficult to recover such lost passwords manually, since now one would need to have the user's Master Key, SID and the account password.

Starting with Microsoft Windows 2000, the operating system began to provide a Data Protection Application-Programming Interface (DPAPI) API. This is simply a pair of function calls that provide OS-level data protection services to user and system processes. By OS-level, we mean a service that is provided by the operating system itself and does not require any additional libraries. By data protection, we mean a service that provides confidentiality of data through encryption. Since the data protection is part of the OS, every application can now secure data without needing any specific cryptographic code other than the necessary function calls to DPAPI. These calls are two simple functions with various options to modify DPAPI behavior. Overall, DPAPI is a very easy-to-use service that will benefit developers that must provide protection for sensitive application data, such as passwords and private keys.
DPAPI is a password-based data protection service: it requires a password to provide protection. The drawback, of course, is that all protection provided by DPAPI rests on the password provided. This is offset by DPAPI using proven cryptographic routines, specifically the strong Triple-DES and AES algorithms, and strong keys, which we'll cover in more detail later. Since DPAPI is focused on providing protection for users and requires a password to provide this protection, it logically uses the user's logon password for protection.
DPAPI is not responsible for storing the confidential information it protects. It is only responsible for encrypting and decrypting data for programs that call it, such as Windows Credential manager, the Private Key storage mechanism, or any third-party programs.
Please refer to Microsoft Web site for more information.



2.5. Synchronization Passwords for cached websites
Synchronization passwords free user from having to enter passwords for cached websites (sites set to be available offline.) Passwords of this type are also stored in IE's Protected Storage.



2.6. Identities passwords
So are identities passwords. The identity-based access management mechanism is not widespread in Microsoft's products, except, perhaps, Outlook Express.


2.7. AutoForms Data
A special paragraph must cover the form auto-fill method, which constitutes a hybrid way of storing data. This method stores the actual data in the Protected Storage, and the URL, which the data belong to, is stored in user's registry. The URL written in the registry is stored not as plaintext - it is stored as hash. Here is the algorithm for reading form auto-fill data in IE 4 - 6:

===8<===========Begin of original text===========
//Get autoform password by given URL
BOOL CAutoformDecrypter::LoadPasswords(LPCTSTR cszUrl, CStringArray *saPasswords)
{
assert(cszUrl && saPasswords);

saPasswords->RemoveAll();

//Check if autoform passwords are present in registry
if ( EntryPresent(cszUrl) )
{
//Read PStore autoform passwords
return PStoreReadAutoformPasswords(cszUrl,saPasswords);
}

return FALSE;
}


//Check if autoform passwords are present
BOOL CAutoformDecrypter::EntryPresent(LPCTSTR cszUrl)
{
assert(cszUrl);

DWORD dwRet, dwValue, dwSize=sizeof(dwValue);
LPCTSTR cszHash=GetHash(cszUrl);

//problems computing the hash
if ( !cszHash )
return FALSE;

//Check the registry
dwRet=SHGetValue(HKCU,_T("Software\\Microsoft\\Internet Explorer\\IntelliForms\\SPW"),cszHash,NULL,&dwValue,&dwSize);
delete((LPTSTR)cszHash);

if ( dwRet==ERROR_SUCCESS )
return TRUE;

m_dwLastError=E_NOTFOUND;
return FALSE;
}


//retrieve hash by given URL text and translate it into hex format
LPCTSTR CAutoformDecrypter::GetHash(LPCTSTR cszUrl)
{
assert(cszUrl);

BYTE buf[0x10];
LPTSTR pRet=NULL;
int i;

if ( HashData(cszUrl,buf,sizeof(buf)) )
{
//Allocate some space
pRet=new TCHAR [sizeof(buf) * sizeof(TCHAR) + sizeof(TCHAR)];
if ( pRet)
{
for ( i=0; i {
// Translate it into human readable format
pRet[i]=(TCHAR) ((buf[i] & 0x3F) + 0x20);
}
pRet[i]=_T('\0');
}
else
m_dwLastError=E_OUTOFMEMORY;
}

return pRet;
}


//DoHash wrapper
BOOL CAutoformDecrypter::HashData(LPCTSTR cszData, LPBYTE pBuf,
DWORD dwBufSize)
{
assert(cszData && pBuf);

if ( !cszData || !pBuf )
{
m_dwLastError=E_ARG;
return FALSE;
}

DoHash((LPBYTE)cszData,strlen(cszData),pBuf,dwBufSize);
return TRUE;
}


void CAutoformDecrypter::DoHash(LPBYTE pData, DWORD dwDataSize,
LPBYTE pHash, DWORD dwHashSize)
{
DWORD dw=dwHashSize, dw2;

//pre-init loop
while ( dw-->0 )
pHash[dw]=(BYTE)dw;

//actual hashing stuff
while ( dwDataSize-->0 )
{
for ( dw=dwHashSize; dw-->0; )
{
//m_pPermTable = permutation table
pHash[dw]=m_pPermTable[pHash[dw]^pData[dwDataSize]];
}
}
}
===8<============End of original text============

The next, seventh generation of the browser, is most likely going to make this user's data storage mechanism its primary data storage method, declining the good old Protected Storage. Better to say, auto-fill data and passwords, from now on, are going to be stored here.

What is so special and interesting in this mechanism that made MS decide to use it as primary? Well, first of all, it was the encryption idea, which isn't new at all but still simple and genius, to disgrace. The idea is to quit storing encryption keys and generate them whenever that would be necessary. The raw material for such keys would be HTML page's Web address.

Let's see how this idea works in action. Here is IE7's simplified algorithm for saving auto-fill data and password fields:

1 Save Web page's address. We will use this address as the encryption key (EncryptionKey).
2 Obtain Record Key. RecordKey = SHA(EncryptionKey).
3 Calculate checksum for RecordKey to ensure the integrity of the record key (the integrity of the actual data will be guaranteed by DPAPI.) RecordKeyCrc = CRC(RecordKey).
4 Encrypt data (passwords) with the encryption key EncryptedData = DPAPI_Encrypt(Data, EncryptionKey).
5 Save RecordKeyCrc + RecordKey + EncryptedData in the registry.
6 Discard EncryptionKey.

It is very, very difficult to recover password without having the original Web page address. The decryption looks pretty much trivial:

1 When the original Web page is open, we take its address (EncryptionKey) and obtain the record key RecordKey = SHA(EncryptionKey).
2 Browse through the list of all record keys trying to locate the RecordKey.
3 If the RecordKey is found, decrypt data stored along with this key using the EncryptionKey. Data = DPAPI_Decrypt(EncryptedData, EncryptionKey).
In spite of the seeming simplicity, this Web password encryption algorithm is one of today's strongest. However, it has a major drawback (or advantage, depending which way you look at it.) If you change or forget the original Web page address, it will be impossible to recover password for it.



2.8. Content Advisor password
And the last item on our list is Content Advisor password. Content Advisor was originally developed as a tool for restricting access to certain websites. However, for some reason it was unloved by many users (surely, you may disagree with this.) If you once turned Content Advisor on, entered a password and then forgot it, you will not be able to access the majority of websites on the Internet. Fortunately (or unfortunately), this can be easily fixed.

The actual Content Advisor password is not stored as plaintext. Instead, the system calculates its MD5 hash and stores it in Windows registry. On an attempt to access the restricted area, the password entered by user is also hashed, and the obtained hash is compared with the one stored in the registry. Take a look at PIEPR source code checking Content Advisor password:


===8<===========Begin of original text===========
void CContentAdvisorDlg::CheckPassword()
{
CRegistry registry;

//read the registry
registry.SetKey(HKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Ratings");

BYTE pKey[MD5_DIGESTSIZE], pCheck[MD5_DIGESTSIZE];
if ( !registry.GetBinaryData("Key",pKey,MD5_DIGESTSIZE) )
{
MessageBox(MB_ERR,"Can't read the password.");
return;
}

//Get one set by user
CString cs;
m_wndEditPassword.GetWindowText(cs);
MD5Init();
MD5Update((LPBYTE)(LPCTSTR)cs,cs.GetLength()+1);
MD5Final(pCheck);

//Check hashes
if ( memcmp(pKey,pCheck,MD5_DIGESTSIZE)==0 )
MessageBox(MB_OK,"The password is correct!");
else
MessageBox(MB_OK,"Wrong password.");
}
===8<============End of original text============

The first thing you may think about is to try to pick the password by using the brute force or dictionary attack. However, there is a more elegant way to that. You can simply remove the hash from the registry. That's it; so simple... Well, it's better to rename it instead, so that if you ever need it, you can restore it back. Some programs also let users check Content Advisor password, "drag out" password hint, toggle password on/off, etc.



3. Brief Overview of Internet Explorer Password Recovery Programs
It's worth noticing that not all password recovery programs suspect there are so many ways to recover passwords. Most likely, this is related to the fact that some passwords (e.g., synchronization passwords) are not often used in the real life, and FTP passwords are not so simple to be 'dragged out'. Here is a brief overview of the most popular commercial products for recovering passwords for the most popular browser on earth :)

Advanced Internet Explorer Password Recovery from the not unknown company, ElcomSoft - does not recognize AutoForm passwords and encrypted FTP passwords. Not to be excluded, the last version of the program may have learnt to do that. Simple, convenient user interface. The program can be upgraded online automatically.

Internet Explorer Key from PassWare - similarly, does not recognize certain types of passwords. Sometimes the program halts with a critical error when reading some uncommon types of IE's URLs. Displays first two characters of passwords being recovered. The advantages worth noticing are the Spartan user interface and operating convenience.

Internet Explorer Password from Thegrideon Software - not bad, but can recover just three types of Internet Explorer passwords (this is enough for the majority of cases.) Deals with FTP passwords properly. Version 1.1 has problems recovering AutoForm passwords. Has convenient user interface, which in some way reminds one from AIEPR. One can be totally overwhelmed with the beauty and helpfulness of the company's website.
ABF Password Recovery from ABF software - quite a good program with friendly user interface. The list of IE record types supported by the program is not long. Nevertheless, it deals with all of them properly. The program can be classified as a multi-functional one, since it can restore passwords for other programs also.

The major drawback of all programs named here is the capability to recover passwords only for user currently logged on.

As it was said above, the general body of stored Internet Explorer resources is kept in a special storage called Protected Storage. Protected Storage was developed specially for storing personal data. Therefore the functions for working with it (called PS API) are not documented. Protected Storage was first introduced with the release of the version 4 of Internet Explorer, which, by the way, unlike the third version, was written from scratch.

Protected Storage provides applications with an interface to store user data that must be kept secure or free from modification. Units of data stored are called Items. The structure and content of the stored data is opaque to the Protected Storage system. Access to Items is subject to confirmation according to a user-defined Security Style, which specifies what confirmation is required to access the data, such as whether a password is required. In addition, access to Items is subject to an Access rule set. There is an Access rule for each Access Mode: for example, read/write. Access rule sets are composed of Access Clauses. Typically at application setup time, a mechanism is provided to allow a new application to request from the user access to Items that may have been created previously by another application.
Items are uniquely identified by the combination of a Key, Type, Subtype, and Name. The Key is a constant that specifies whether the Item is global to this computer or associated only with this user. The Name is a string, generally chosen by the user. Type and Subtype are GUIDs, generally specified by the application. Additional information about Types and Subtypes is kept in the system registry and include attributes such as Display Name and UI hints. For Subtypes, the parent Type is fixed and included in the system registry as an attribute. The Type group Items is used for a common purpose: for example, Payment or Identification. The Subtype group Items share a common data format.

So, until very recent time, all programs for recovering Internet Explorer passwords used those undocumented API. That's the reason why one significant restriction was applied to the recovery work: PS API can only work with passwords for user that is currently logged on. When the system encrypts data stored in Protected Storage, besides everything else it uses user's SID, without which it is literally impossible (taking into account the current level of computers' calculating performance) to recover stored passwords.

Protected Storage uses a very well thought through data encryption method, which uses master keys and strong algorithms, such as des, sha, and shahmac. Similar data encryption methods are now used in the majority of modern browsers; e.g. in Opera or FireFox. Microsoft, meanwhile, quietly but surely develops and tests new ones. When this article is written, in the pre-Beta version of Internet Explorer 7 Protected Storage was only used for storing FTP passwords.

The analysis of this preliminary version suggests that Microsoft is preparing another 'surprise' in the form of new, interesting encryption algorithms. It is not known for sure, but most likely the new company's data protection technology InfoCard will be involved in the encryption of private data.

Thus, with a great deal of confidence one can assert that with the release of Windows Vista and the 7th version of Internet Explorer passwords will be stored and encrypted with fundamentally new algorithms, and the Protected Storage interface, to all appearances, will become open for third-party developers.

It is somewhat sad, for we think the true potential of Protected Storage was still not uncovered. And this is why we think so:
- First, Protected Storage is based on module structure, which allows plugging other storage providers to it. However, for the last 10 years while Protected Storage exists, not a single new storage provider was created. System Protected Storage is the only storage provider in the operating system, which is used by default.
- Second, Protected Storage has its own, built-in access management system, which, for some reason, is not used in Internet Explorer or in other MS products.
- Third, it is not very clear why MS have decided to decline Protected Storage in storing AutoComplete data and passwords. Decline it as a tried and true data storage, and not data encryption mechanism. It would be more logically proven to keep Protected Storage at least for storing data when implementing a new encryption algorithm. Without fail, there were weighty reasons for that. Therefore, it would be interesting to hear the opinion of MS specialists concerning this subject matter.


4. PIEPR - the First Acquaintance
Passcape Internet Explorer Password Recovery was developed specifically to bypass the PS API's restriction and make it possible to recover passwords directly, from the registry's binary files. Besides, it has a number of additional features for advanced users.

The program's wizard allows you to choose one of several operating modes:
- Automatic: Current user's passwords will be recovered by accessing the closed PS API interface. All current user's passwords currently stored in Internet Explorer will be recovered with a single click of the mouse.
- Manual: Passwords will be recovered without PS API. This method's main advantage is the capability to recover passwords from your old Windows account. For that purpose, you will need to enter path to the user's registry file. Registry files are normally not available for reading; however, the technology used in PIEPR allows doing that (provided you have the local administrative rights.)

User's registry file name is ntuser.dat; its resides in the user's profile, which is normally %SYSTEMDRIVE%:\Documents and Settings\%USERNAME%, where %SYSTEMDRIVE% stands for the system disk with the operating system, and %USERNAME% is normally account name. For instance, path to registry file may look like this: C:\Documents and Settings\John\ntuser.dat

If you have ever been a happy owner of Windows 9x/ME, after you upgrade your operating system to Windows NT, Protected Storage will providently save a copy of your old private data. As a result of that, Protected Storage may contain several user identifiers, so PIEPR will ask you to select the right one before it gets to the decryption of the data (fig.3 http://www.passcape.com/images/ie03.png).

One of the listed SIDs will contain data left by the old Windows 9x/ME. That data is additionally encrypted with user's logon password, and PIEPR currently does not support the decryption of such data.

If ntuser.dat contains encrypted passwords (e.g., FTP sites passwords), the program will need additional information in order to decrypt them (fig.4 http://www.passcape.com/images/ie04.png):
- Logon password of user whose data are to be decrypted
- Full path to the user's MasterKey
- User's SID

Normally, the program finds the last two items in user's profile and fills that data automatically. However, if ntuser.dat was copied from another operating system, you will have to take care of that on your own. The easiest way to get the job done is to copy the entire folder with user's Master Key (there may be several of them) to the folder with ntuser.dat. Master Key resides in the following folder on your local computer: %SYSTEMDRIVE%:\Documents and Settings\%USERNAME%\Application Data\Microsoft\Protect\%UserSid%, where %SYSTEMDRIVE% stands for the system disk with the operating system, %USERNAME% - account name, %UserSid% - user's SID. For example, path to the folder with a master key may look as follows: C:\Documents and Settings\John\Application Data\Microsoft\Protect\S-1-5-21-1587165142-6173081522-185545743-1003. Let's make it clear that it is recommended to copy the entire folder S-1-5-21-1587165142-6173081522-185545743-1003, for it may contain several Master Keys. Then PIEPR will select the right key automatically.

Windows marks some folders as hidden or system, so they are invisible in Windows Explorer. To make them visible, enable showing hidden and system objects in the view settings or use an alternative file manager.

Once the folder with user's Master Key was copied to the folder with ntuser.dat, PIEPR will automatically find the required data, so you will only have to enter user's password for recovering FTP passwords.

Content Advisor
Content Advisor passwords, as it was said already, is not kept as plain text; instead, it is stored as hash. In the Content Advisor password management dialog, it is enough to just delete (you can restore the deleted password at any time later) or change this hash to unlock sites locked with Content Advisor. PIEPR will also display your password hint if there is one.

Asterisks passwords
PIEPR's fourth operating mode, which allows recovering Internet Explorer passwords hidden behind asterisks. To recover such password, simply drag the magnifier to the window with a **** password. This tool allows recovering passwords for other programs that use IE Frames as well; e.g., Windows Explorer, some IE-based browsers, etc.

We have reviewed the basic Internet Explorer password recovery modes. There is also a number of additional features for viewing and editing cookies, cache, visited pages history, etc. We are not going to cover them in detail; instead, we are going to look at a few password recovery examples done with PIEPR.



5.1. Three Real-Life Examples.
Example 1: Recovering current user's FTP password
When opening an FTP site, Internet Explorer pops up the log on dialog (fig.5 http://www.passcape.com/images/ie05.png).

If you have opened this site and set the 'Save password' option in the authentication dialog, the password must be saved in Protected Storage, so recovering it is a pretty trivial job. Select the automatic operating mode in PIEPR and then click 'Next'. Locate our resource in the dialog with decrypted passwords that appears (the site name must appear in the Resource Name column.)

As we see, the decryption of current user's password should not cause any special difficulties. Oh, if the password is not found for some reason - don't forget to check IE's Auto-Complete Settings. Possibly, you have simply not set the program to save passwords.



5.2. Three Real-Life Examples.
Example 2: We will need to recover Web site passwords. The operating system is unbootable.
This is a typical, but not fatal situation. The necessity to recover Internet Explorer passwords after unsuccessful Windows reinstallation occurs just as often.

In either case, we will have user's old profile with all files within it. This set is normally enough to get the job done. In the case with the reinstallation, Windows providently saves the old profile under a different name. For example, if your account name was John, after renaming it may look like John.WORK-72C39A18.

The first and the foremost what you must do is to gain access to files in the old profile. There are two ways to doing this:
- Install a new operating system on a different hard drive; e.g., Windows XP, and hook the old hard drive to it.
- Create a Windows NT boot disk. There are many different utilities for creating boot disks and USB flash disks available online. For instance, you can use WinPE or BartPE. Or a different one. If your old profile was stored on an NTFS part of your hard drive, the boot disk will have to support NTFS.

Let's take the first route. Once we gain access to the old profile, we will need to let the system show hidden and system files. Otherwise, the files we need will be invisible. Open Control Panel, then click on Folder Options, and then select the View tab. On this tab, find the option 'Show hidden files and folders' and select it. Clear the option 'Hide protected operating system files'. When the necessary passwords are recovered, it's better to reset these options to the way they were set before.

Open the program's wizard in the manual mode and enter path to the old profile's registry file. In our case, that is C:\Documents And Settings\ John.WORK-72C39A18\ntuser.dat. Where John.WORK-72C39A18 is the old account name. Click 'Next'.

This data should normally be sufficient for recovering Internet Explorer passwords. However, if there is at least a single encrypted FTP password, the program will request additional data, without which it will not be able to recover such types of passwords:
- User's password
- User's Master Key
- User's SID.
Normally, the program finds the last two items in user's profile and fills that data automatically. However, if that didn't happen, you can do that by hand: copy ntuser.dat and the folder with the Master Key to a separate folder. It is important to copy the entire folder, for it may contain several keys, and the program will select the right one automatically. Then enter path to file ntuser.dat that you have copied to another folder.

That's it. Now we need to enter the old account password, and the recovery will be completed. If you don't care for FTP password, you can skip the user's password, Master Key, and SID entry dialog.



5.3. Three Real-Life Examples.
Example 3: Recovering uncommonly stored passwords.
When we sometimes open a website in the browser, the authentication dialog appears. However, PIEPR fails to recover it in either automatic or manual mode. The 'Save password' option in Internet Explorer is enabled. We will need to recover this password.

Indeed, some websites don't let browser to save passwords in the auto-complete passwords list. Often, such websites are written in JAVA or they use alternative password storage methods; e.g., they store passwords in cookies. A cookie is a small bit of text that accompanies requests and pages as they go between the Web server and browser. The cookie contains information the Web application can read whenever the user visits the site. Cookies provide a useful means in Web applications to store user-specific information. For example, when a user visits your site, you can use cookies to store user preferences or other information. When the user visits your Web site another time, the application can retrieve the information it stored earlier. Cookies are used for all sorts of purposes, all relating to helping the Web site remember you. In essence, cookies help Web sites store information about visitors. A cookie also acts as a kind of calling card, presenting pertinent identification that helps an application know how to proceed. But often cookies criticized for weak security and inaccurate user identification.

If the password field is filled with asterisks, the solution is clear: select the ASTERISKS PASSWORDS operating mode and then open the magic magnifier dialog. Then simply drag the magnifier to the Internet Explorer window (fig.6 http://www.passcape.com/images/ie06.png).

The password (passwords, if the Internet Explorer window has several fields with asterisks) is to appear in the PIEPR window (fig.7 http://www.passcape.com/images/ie07.png).

But it's not always that simple. The password field may be empty or that field may indeed contain *****. In this case, as you have guessed by now, the ASTERISKS PASSWORDS tool will be useless.

We can suppose, the password is stored in cookies. Let's try to locate it. Choose the IE Cookie Explorer tool (fig.8 http://www.passcape.com/images/ie08.png).

The dialog that appears will list the websites that store cookies on your computer. Click on the URL column header to order the websites list alphabetically. This will help us find the right website easier. Go through the list of websites and select the one we need. The list below will display the decrypted cookies for this website (fig.9 http://www.passcape.com/images/ie09.png).

As the figure shows, in our case the login and password are not encrypted and are stored as plain text.

Cookies are often encrypted. In this case, you are not likely to succeed recovering the password. The only thing you can try doing in order to recover the old account is to create a new account. Then you will be able to copy the old cookies in a text editor and replace them with the new ones. However, this is only good when the worst comes to the worst; it is not recommended to use it normally.

Don't forget also that just about all pages and forms with passwords have the 'Forgot password' button.




Conclusion
As this article shows, recovering Internet Explorer passwords is a pretty simple job, which does not require any special knowledge or skills. However, despite of the seeming simplicity, password encryption schemes and algorithms are very well thought through and just as well implemented. Although the Protected Storage concept is over 10 years of age, don't forget that it has proven the very best recommendations of the experts and has been implemented through three generations of this popular browser.

With the release of the next, 7th version of IE, Microsoft is preparing fundamentally new schemes for protecting our private data, where it uses improved encryption algorithms and eliminates shortages peculiar to Protected Storage.

In particular, the analysis of the preliminary beta versions of Internet Explorer 7 has revealed that autoform password encryption keys are no longer stored along with data. They are not stored, period! This is a little know-how, which is to be estimated at its true worth by both professionals and end users, who, finally, will benefits of it anyway.

But the main thing is, the release of the new concept will eliminate the major drawback peculiar to Protected Storage, which is the possibility to recover passwords without knowing the additional information. Better to say, was enough for a potential hacker to gain physical access to the contents of a hard drive, in order to steal or damage passwords and user's other private data. With the release of Internet Explorer 7, the situation will somewhat change.

Meanwhile, we will only have to wait impatiently for the advent of Windows Vista and IE 7 to take a closer look at new encryption mechanisms used in the next generation of this popular browser.



This document may be freely distributed or reproduced provided that the
reference to the original article is placed on each copy of this document.
(c) 2006 Passcape Software. All rights reserved.
http://www.passcape.com

Network Hacking (Port Scanning)

Port Scanning :- Port scanning is carried out to determine a list of open ports on the remote host that have certain services or daemons running. In port scanning, the attacker connects to various TCP and UDP ports and tries to determine which ports are in listening mode.

1) TCP Ports Scanning :- Almost all port scans are based on the client sending a packet containing a particular flag to the target port of the remote system to determine whether the port is open. Following table lists the type of flags a TCP packet header can contain.

Flag	Meaning
URG (urgent)	This flag tells the receiver that the data pointed at by the urgent pointer required urgently.
ACK (acknowledgment)	This flag is turned on whenever sender wants to acknowledge the receipt of all data send by the receiving end.
PSH (push)	The data must be passed on to the application as soon as possible.
RST (reset)	There has been a problem with the connection and one wants to reset the connection with another.
SYN (synchronize)	If system X wants to establish TCP connection with system Y, then it sends it's own sequence number to Y, requesting that a connection be established. Such apacket is known as synchronize sequence numbers or SYN packet.
FIN (finish)	If system X has finished sending all data packets and wants to end the TCP/IP connection that it has established with Y, then it sends a packet with a FIN flag to system Y.

A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client's SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.

Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning

2) UDP Ports Scanning :- In UDP port scanning, aUDP packet is sent to each port on the target host one by one.
If the remote port is closed, then the server replies with a Port Unreachable ICMP error message. If the port is open then no such error message is generated.

3) FTP Bounce Port Scanning :- The FTP bounce port scanning technique was discovered by Hobbit. He revealed a very interesting loophole in the FTP protocol that allowed users connected to the FTP service of a particular system to connect to any port of another system. This loophole allows anonymous port scanning.

Recommended   Tools
Nmap	http://www.insecure.org/nmap
Superscan	http://www.foundstone.com

Creating IM Bot

This quick tutorial will show you how to develop your own functional IM bot that works with Google Talk, Yahoo! Messenger, Windows Live and all other popular instant messaging clients. To get started, all you need to know are some very basic programming skills (any language would do) and web space to host your “bot”.
For this example, I have created a dummy bot called “insecure” that listens to your IM messages. To see this live, add insecure@bot.im to your GTalk buddy list and start chatting.

If you like to write a personal IM bot, just follow these simple steps:-
Step 1: Go to www.imified.com and register a new account with a bot.
Step 2: Now it’s time to create a bot which is actually a simple script that resides on your public web server.
It could be in PHP, Perl, Python or any other language.
Example Hello World bot:
The example below illustrates just how easy it is to create a bot.
This example is coded in PHP.

<?php
switch ($_REQUEST['step']) {
case 1:
echo "Hi, what's your name?";
break;
case 2:
echo "Hi " . $_REQUEST['value1'] . ", where do you live?";
break;
case 3:
echo "Well, welcome to this hello world bot, " . $_REQUEST['value1'] . "<br>from " . $_REQUEST['value2'] . ".<reset>";
break;
}
?>

Step 3: Once your script is ready, put it somewhere on your web server and copy the full URL to the clipboard.
Step 4: Now login to your imified account, paste the script URL

Screen Name: insecure@bot.im
Bot Script URL: http://www.insecure.in/imbot.php

Step 5: Add that im bot your friends list. That’s it.
This is a very basic bot but the possibilities are endless.
For instance, you could write a bot that will send an email to all your close friends via a simple IM message. Or you could write one that will does currency conversion.

reff : http://www.insecure.in/creating_im_bot.asp

How to turn off Autoplay

Autoplay is very useful, but can also be a security risk.
To turn it on or off:
1. Open gpedit.msc from the run box from the start menu.
2. Navigate to Computer Configuration > Administrative Templates > System >all settings
3. Find Turn off autoplay

How To Speed Up Your Windows XP

If like mine, your PC is getting slower and slower, there are a number of things you can do to speed it up. You will be surprised how much faster your computer gets after these steps, you won’t need to buy a new one. In addition to following the tips below, it’s a good idea to buy a trusted all-in-one PC optimizer. I would recommend FixCleaner, a Microsoft Certified all-in-one tool which optimizes your computer and hugely improves speed through a number of tasks, including:

• cleaning the registry
• removing errors
• deleting junk files
• downloading critical updates
• improving browser speed

Please refer to the FixCleaner website at www.fixcleaner.com to see the full list of features. By using a PC maintenance program such as FixCleaner, you can save a load of money from buying a new computer.
Here is what you can do yourself to improve your Windows XP’s performance:

Step 1 : Remove unused software

You probably don’t use half the programs you have installed over time. Removing the ones you don’t need anymore can significantly speed up your Windows XP computer. To remove software:

1. Go to the Control Panel (Start -> Control Panel) and select Add Or Remove Programs. It may take a while for the list to load if you have many programs installed.
2. Going through the whole list, select programs you rarely use and uninstall them, one by one.
3. Restart your computer to see the changes.

Step 2: Use Less Graphics

Do you really need a wallpaper and the fancy animations when opening or closing windows? Disabling animations can increase the speed at which your computer opens and closes windows. To disable window animations:

1. In Control Panel, go to System and select the Advanced tab. Click the Performance Settings tab.
2. In the Visual Effects window, disable all the animations in the box, or simply select “Adjust for best performance” as shown on the screenshot on the right. Press Apply.

In the same Performance Options window, choose the Advanced tab, and press the Change button in the Virtual Memory area. From there you can change the size of your paging file – a file on your hard drive that acts as RAM. By increasing the size of your paging file, you can significantly increase speed, but be warned! Using your hard drive as RAM can cause damage to it, so it’s a good idea to buy a better RAM instead.

Step 3: Clean your Registry

You should regularly clean your Windows XP’s Registry to remove old errors that can clog up the registry. To properly clean the Registry, you need a reliable Registry Cleaner software. There are some free ones out there, but I would not be too comfortable with using them. Instead, buy a trusted registry cleaner program so for a little bit of extra cash, you can feel safe. I would recommend FixCleaner, which in addition to cleaning your registry does a number of other things to significantly speed up your Windows XP.

Step 4: Stop unwanted Startup programs

By disabling programs that are set to automatically open when the computer starts, you can greatly speed up your startup process – the time between turning on the computer and being able to fully use it.
Here’s how to disable Startup programs:

1. Click Run in your Start menu, type msconfig into the box and press enter.
2. Select the Startup tab.
3. Go through the list, disabling programs you don’t need by un-ticking the box left of them. Only disable programs you are sure you do not need, and I recommend not touching the ones in the WINDOWS directory.

Step 5: Clean up your hard drive

Performing a disk cleanup can free some hard drive space and also speed up your computer. To use the disk cleanup tool:

1. Go to Start -> Run and type cleanmgr.exe. Press Enter.
2. It will probably take a while, especially if you have never used this tool before.

Step 6: Defragment your hard drives

Defragmenting your drives can make a big difference in your computer’s speed. Defragmenting places files physically closer on the hard drive, making it easier and faster for the hard drive to read these files and write new ones. It is a good idea to defragment your hard drive regularily, so it alway stays optimal. I posted a tutorial for an automatic defragment link here: http://www.xptricks.net/windows/xp/2008/01/cool-xp-tips-tricks-automatically-defrag-drives/
There are also a number of commercial defragment programs available, which are more powerful than the Windows tool and come with a wide variety of features. If you don’t want to spend any money on this, I would recommend Auslogics  Disk Defrag, which is a great, free tool.
Here’s how to defragment your hard drives using the built-in Windows tool:

1. In My Computer, right click on a drive you want to defragment.
2. Click Tools and select Defragment
3. Click the Analyse button first, which will analyse your hard drive and see how fragmented it is.
4. Once the report is finished and the system finds it necessary to perform a defragmentation, press defrag. This will take a very long time, but you have to be patient.

Step 7: Use a PC optimization tool to do the rest

There are a hundreds of other ways to improve your computer’s speed and performance but it is impossible to list all of them here or go through them manually. To fix them, you can either purchase a separate tool for each one, which will end up costing you a fortune, or buy an All-In-One optimization program that will do all the dirty work and fix errors behind the scenes for you. Going through all the steps mentioned above will definitely speed up your Windows XP, but running a  professional tool even after following these manual steps will increase performance even further.
This is why I recommend that you purchase a trusted, reliable solution to fix computer problems for you. I recommend using FixCleaner, because it will fix all of the problems that you can’t manually, and save time on many by fixing them automatically.
FixCleaner has a clean, easy to use interface that lets you fix your PC’s problems even if you did not understand any of the procedures above. Unlike most other tools, FixCleaner is Microsoft Certified, which means that Microsoft has approved the software and that it is safe and reliable. You can download a free tool that will check your computer and produce a report on how much it can be optimized.

reff : http://www.xptricks.net

How To Remove Toolbars In Firefox Internet Explorer And Google Chrome

Many freeware and even shareware softwares nowadays come with bundled programs that get installed automatically without much knowledge to the user. Most of the non-techie users will find themselves in trouble once these bundled programs are installed and get into the way of the work being done on the computer. One such hindrance is from the browser toolbars. Most software come bundled with toolbars which get installed on our installed browsers, the most popular being Firefox, Internet Explorer and Google Chrome.
Toolbar Cleaner is a free utility which lets you remove almost all kinds of toolbars installed in your browsers. It can remove about 15000 toolbars now including the browser helper objects (BHOs). This can also be very helpful in removing the spyware and malware that get installed in the browsers as BHOs.
The only thing I don’t like about Toolbar Cleaner is that it doesn’t have a portable version. If it had a portable version, any IT administrator could take this useful software with him on the USB and use it on any system he wanted.
Let’s look at the installation process of Toolbar Cleaner. It’s very easy to install Toolbar Cleaner as the installation process is guided by an installation wizard. The only tedious thing is the last options before finishing the setup. Here’s the screenshot:

It gives the following options:

• Protect my system with Anti-phishing Domain Advisor
• Set MyStart as homepage

I don’t recommend the anti-phishing domain advisor and would stick to the built-in security built into Internet Explorer and Firefox. The second option would disturb your homepage so I would uncheck both of the options.

The User Interface (GUI) of Toolbar Cleaner is quick simple and self explanatory. It lists all the toolbars and BHOs installed in Internet Explorer, Firefox and Google Chrome respectively. You can check the toolbars which you want to remove and then click on “Remove selected Toolbar(s)/BHO(s)”. That’s all you have to do. Toolbar Cleaner will remove the selected options safely from the browser.
Download Toolbar Cleane

reff : http://www.technize.com/

How to manually remove viruses!

Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer!
Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do.
Step: 1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string.
Here are the keys you maybe want to look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

WARNING: Be careful when in the registery because you can cause serious damage to your system in there.

Download Ubuntu Styler for Windows XP

Ubuntu Styler, let you to add extra effects in Windows explorer so that your Windows XP will look-a-like linux ubuntu. If you are ready and willing to give a try to Ubuntu Styler  in Your Windows XP then you might want to see the final preview first, So following is the Preview of Ubuntu Styler:

If you think the Ubuntu Styler  as shown in the image above is good then you can download it from following link below:

Download Ubuntu Styler for Windows XP

If you want to transform your Windows XP into linux ubuntu then you might want to read: Transform Windows XP into linux ubuntu without using Customization Pack

How To Make Portable Applications

Cameyo a free software substitute of VMWare Thinapp to make your applications portable

Portable Applications are those which do not require any prior installation for their execution and they can be carried around in your Flash drive or any removable disk drive. Moreover the Port Applications have the advantage that they do not have any dependencies on your OS and also do not left-up with residual files even after their un-installation.
An application which was commercially launched before and is being widely used by most of the firms and individuals for the creation of portable applications and packages is VMWare ThinApp.
Now save your pennies and try this new First Freeware- Cameyo an alternative to ThinApp; free platform for the virtualization of application.
The pictorial view is as follows, elaborating How to make Portable Application using Cameyo

Also see this video guide for the same:

Cameyo – Free Application Virtualization

How to Save or Download Google Maps to your PC

Using Google Maps is a great way to find directions to certain locations when you are surfing the web. However, if you want to use Google Maps without having to open your internet browser, then you will want to download Google Earth to your PC. Google Earth offers all the functionality of Google Maps, but from the comfort of your own desktop. To download Google Earth you'll need to follow these simple steps:

Step 1: Open up your web browser and go to earth.google.com.

Step 2: Locate the blue box to the right and click on it. (The box should read "Download Google Earth 5")

Step 3: Read through and accept the legal agreement by clicking on the "Agree and Download" button located below the terms of service agreement.

Step 4: If using Internet Explorer, right-click on the yellow box that appears on the top of the page and click "Download File". If using Google Chrome or Firefox, click the box that appears at the bottom of your browser.

Step 5: Click run.

When the download is complete, the icon to Google Earth will then appear on your desktop. You now have Google Maps for use at any time.

Rapidshare Download Trick

Many peoples have lots of problem in downloading from Rapidshare( and many other free file hosting sites).
this post is specially for my broadband user friends.

1. Click Start
2. Click run
3. In the run box type "cmd" (without quotes)and click OK
4. When the command prompt opens type the following and hit enter after every new line.

ipconfig /flushdns
ipconfig /release
ipconfig /renew
exit

Explanation : As all Broadband users has dynamic ip they can simply change their ip address. by the commands mentioned above.


If you are bore of typing this much Command then simply make a batch file.
Creating a Batch file.
Open a notepad. type following in it.

@echo off
ipconfig /flushdns
ipconfig /release
ipconfig /renew
@echo on

Save this file with name you like and the extension as bat.
now simply execute this file.
Enjoy the Download.

Try Proxy Software (Recommended for IE Users)

Yahoo Messenger multiple login

Simply close your messenger if it is On and then follow the following steps :

1. Go to Start --> Run . Type regedit, then enter.

2. Navigate to HKEY_CURRENT_ USER --> Software -->yahoo -->pager-->Test

3. On the right page , right-click and choose new Dword value .

4. Rename it as Plural.

5. Double click and assign a decimal value of 1.

Wow you finished it.
Simply start the messenger and login your account.
once you sign in.
again click on the Yahoo messenger (From wherever you have started it last time)
Voila !!
it gives you another chance to login though you are logged in your first account.
this way you can now log into multiple yahoo accounts.
Enjoy!!!

How To Reset Windows 7 To Factory Settings

If you don’t have a Windows 7 Installation CD and forgot to create a System Restore point you can still make your Windows as good as new with a few steps. It’s better to reset your PC to factory settings than reinstalling in most cases because you won’t loose any User Files and also resetting takes a lot less time(depending on the number of applications you installed and changed you made). There is no option built into Windows 7 to reset to factory settings but you can do it on your own. You can easily get rid of all the softwares you have installed since you installed Windows and also get rid of whatever toll these installations have taken on your PC.In a fresh Windows Installation unless you have a modified Windows 7 CD it will only contain softwares from Microsoft. So first thing you may think about doing is to get rid of all the softwares that you installed.  We also need to Clean the computer’s registry, remove all logs, invalid shortcuts, temporary files etc.

Just follow these steps to get your Windows as good as new:

Remove additional User accounts

Having many Users on your computer can lead to loss of a lot of memory on your Hard disk as the preferences of all the Users will be saved. So it is best to remove these additional accounts. To remove additional User accounts:

• Run cmd.exe to open Command Prompt. In command Prompt type this in net user administrator /active:yes and press Enter key.
• This will activate the Default Administrator account. Now just Log off from your Account and Log into the Administrator Account. After that right click Computer then click Properties.

• On the left sidebar you can see “Advanced System Settings”, click that to open a system Properties Window. Click the “Settings” option near User Profiles. After that just select all the other accounts and delete them.

Remove 3rd Party Applications

Installing 3rd party softwares always take a toll on your PC. They can leave behind many side effects such as Invalid Shortcuts, Empty Folders, Saved Preferences, Log Files and Options in Context Menu. These side effects are the reason why a lot of people prefer to Reinstall Windows once in a while. But there is no need to resort to such drastic measures all the time. You can actually remove all these problems with a few Tweaks in Windows Registry or with some softwares. Follow the following steps in order:

• Uninstalling Third Part Applications – To uninstall all of your 3rd party applications you have to take Programs and Features in Control Panel. Then just right click each of the programs that are not by Microsoft that you have installed in your PC and click Uninstall. If the Uninstaller asks whether or not to keep Preferences, choose to Delete these Preferences. This is the only actual time consuming step all the others are very fast when compared to this step.

Remove Files and Folders Left behind

• Now we are going to fix any damage done to the registry and also remove anything left behind after uninstalling of programs such as empty folders and also invalid shortcuts. For this we have for you a simple, free tool – Glary Utilities. Download it, Install it. You don’t have to upgrade it or anything. It has all the features that we need without updating. Open Glary Utilities and Under “1-Click Maintenance” Click on Scan for Issues. This should take a  couple of minutes only. This will remove all invalid shortcuts, traces, temporary files etc. Now only thing remaining to do on Glary Utilities is to remove empty folders.  So go to Modules in main window of Glary Utilities. Then click duplicate file finder. Now just select the drives in which you installed softwares. If you have drives which you maintain by yourself for storing data it is not necessary to check there. After the list of empty folders is generated by Glary then just check the ones you wish to delete or to just click Check All under the Check option and then click Delete Checked Folders. If you are sharing any folders on a network they will cause some trouble in deleting. So if you do have any shared folders then stop sharing them. To do so right click Computer then Manage. In the Computer Management windows that will now open select shared folders then Shares. You can stop sharing folders from here by right clicking on them and clicking Stop sharing.

• Now all that is left in this section is to remove logs from your PC. This is quite simple. Just run cmd.exe to open Command Prompt. Type in Del *.log /a /s /q /f. That’s it.

Remove Shell Components and Startup Programs

This step is for those who decided to skip the 2nd step i.e. Removing 3rd party applications. Usually after uninstalling any program shell components that it added will be removed. In case was some error and it was not removed then you can remove them by following these simple steps.

• Removing New Menu Items – If you have any items in this menu that were left behind after un-installation of a program due to some error or because you did not un-install the program then you can remove it using this simple tool. This tool helps disable these items from New Menu. Download it from here. Open the program and select the item you want to remove from the New Menu  and click Disable.
• Removing Right Click Menu Items – Installing many softwares will lead to piling up of such items. You can remove them using this software. Just go to the Remove Tab from the Main window, right click on the item then click Delete.Download the software from here.
• Removing Start Up Items – You can either use some software such as CCleaner,  Glary Utilities etc. or you can do it my Opening System Configuration and then removing them. To open system Management run msconfig. Then under the Startup tab in the System Configuration just un-check the items you want to remove.

Your Windows installation should be as good as new if you follow these simple steps. It is best after following these steps to create a Restore point. To create a restore point just search for “Create a restore point” in start menu. Click the Result to open a System Properties Window. Then just click Create. That’s it. Now you have a Clean Windows Installation and also have a restore point in case Windows ends up in its old unclean state again.

Speed Up Windows 7

Windows 7 is Engineered for speed. Special attention has been given by the Windows 7 team for making Windows 7 faster than the previous operating systems. Windows 7 is much faster than Windows Vista, but even then most of us don’t get satisfied with it. There are many who still have their old PC. Installing Windows 7 on them wont be as soothing as they work with with XP and Even with latest hardware’s installed some users still long for more performance. At least if we don’t make it lightning fast we can optimize Windows 7 to the maximum possible extent and enjoy the maximum performance we could squeeze out from it. So for all the extra performance lovers, let me present you wit this Ultimate Guide To Speed Up Windows 7.

I guarantee that after following this guide and implementing the recommendations on your PC, you will really get the performance gain.
The bare Minimum Requirements You need To Run Windows 7
1) 1GHz processor (32- or 64-bit)
2) 1GB of main memory
3) 16GB of available disk space
4) Support for DX9 graphics with 128MB of memory (for the Aero interface)
5) A DVD – R/W drive
Even if you don’t have the DX 9 graphics card there is no problem because our target is performance and not the ” Eyecandy ” . Of course if you need the aero experience you need a powerful graphics card for sure.
So lets start The Ultimate Guide to Speed up Windows 7

1. Disabling the Search Indexing Feature in Windows 7

   • Right Click the “Computer” Icon in the desktop and select “Manage”.
   • Click “Services and Applications” in the “Computer Management” window.
   • Click on “Services”.
   • You can see a lot of services listed there. Look for “Windows Search” in that.
   • Right Click on “Windows Search” from the list and choose “Properties”.
   • The “Windows Search Properties Window” will open up. From “Startup type” click on the drop down menu and choose “Disabled”.
   • Click “Apply” then “OK” and that’s it. The Windows 7 Search Indexing Feature is now disabled.
Most of the Windows 7 users do less searches in there system. The Search Indexing service in Windows 7 will index keeps track of the files so that they can be found quickly when asked at some other time. This feature is useful only if you perform frequent searches on your system. For occasional file searchers the Search Indexing service in Windows 7 is a total resource hog. It unknowingly eats up your system resources. What you need from windows 7 is maximum performance from it then i would certainly recommend you to disable this resource hogging Windows 7 Search Indexing Feature. To Disable the Search Indexing Feature in Windows 7 If you want to completely disable the search indexing feature in Windows 7 you can set the Search Indexing Service to Manual (See the above method about disabling unwanted services).

2. Disable the Aero Theme on Windows 7

   • Right Click on your Desktop and select ” Personalize ” click the Window Color Tab.
   • Uncheck the Box saying ” Enable Transparency ” and then click on ” Open classic appearance properties for more color options”.
   • Then a window will open up. Apply a Standard or Basic theme from it. The Standard Windows 7 theme is more preferred.
The aero user interface certainly adds some ” Eyecandy ” to Windows 7 but certainly is a resource hog especially when, what you expect from windows 7 is more performance juice. Aero user interface squeezes your graphics or video card to its maximum. So why dont we just avoid the Windows 7 aero? if we care more about speed and performance in Windows 7. So Disabling the Aero in Windows 7 certainly adds an extra speed boost to it. Disabling the aero theme alone in Windows 7 will really speed things up. You can know this by looking into the memory consumption when aero is turned on and off.

3. Disabling the Unwanted Visual Effects in Windows 7 to Speed Up more

   • For this right click on ” Computer” and select “Properties” from the right click menu.
   • Click on ” Advanced System Settings ” from the left pane to open up the ” System Properties ” window.
   • Select the “Advanced” tab from it. Then Under ” Performance ” click ” Settings “. Choose ” Custom: ” Options From it.
   • Now un tick all the options and select only the last four options (actually three only needed; you can un tick the second option from the last four). See the screen shot if you have any doubt.
   • Now just logoff your system and turn logon.
Even though we have tuned off the aero effects in Windows 7 still there are many unwanted visual effects that can be safely disabled to speed up windows 7 even more. You will now notice the speed difference now.

4. Disabling the Unwanted Services to Speed up Windows 7

There are many services in windows 7 that we dont require for our daily use. There are some exceptional cases though. Services such as “print spooler” is only needed when we use a printer. If we use a printer only occasionally we can safely turn off that service in Windows 7 and turn it on only when we need to take a print. I have previously prepared a List of services in Windows 7 that can be safely set to manual / disabled. Disabling the unneeded services in Windows 7 can really speed up the system boot time.

5. Disable the User account control (UAC) Feature in Windows 7

   • From the Control Panel open the ” User Accounts and Family Safety ” > User Account.
   • Click the User Account Control settings link.
   • Now just Drag the Slider towards “Never Notify”.
   • Click “OK” and Reboot your system.
The User account control (UAC) feature in Windows 7 is very annoying though it says it can protect your computer from harmful virus activity etc. But if you are a daily user of your computer this windows 7 feature will be a total nuisance to you. To Disable and Turnoff UAC in Windows 7 Disabling UAC is for advanced users only its not recommend doing it if not.

6. SetUp the Windows 7 Ready Boost Service for an Extra Speed Boost

   • To configure the Ready Boost Feature in Windows 7 you need to have a High Speed Flash/USB or Pendrive with you which is ready boost compatible.
   • After plugging you pendrive, open “Computer” > Right-click the on USB Drive/Pendrive > select “Ready Boost” tab > tick the “Use this device” checkbox.
   • You can configure how much space on your USB drive/ Pendrive to be used as Ram.
The ready boost feature in Windows 7 will help you to use your flash drive or pendrive or USB drive as Ram there by improving the performance and speed of windows 7 greatly. You can certainly experience it when launching bulky applications such as Adobe Photoshop etc.

7. Turn off Unused Windows 7 Features

   • Open up ” Programs and Features ” from Control Panel.
   • Click the ” Turn Windows features on or off ” from the left pane.
   • Now uncheck all the Feature that you don’t use in Windows 7 and restart the system for the changes to take effect.
There are many feature in windows 7 that we often don]t use. Disabling these unused features in Windows 7 will really help in speeding things up.

8. Disable the Windows 7 Sidebar (Actually the Gadgets)

   • Right click on the sidebar and select ” Properties “.
   • On the properties windows untick the check box showing ” Start sidebar when Windows Starts “
   • From now on windows sidebar won’t start when windows 7 start up.
Disabling the window 7 sidebar is definitely help you to to gain a few seconds during start up time. There are many useful utilities such as the RocketDock etc. which are good application launchers. To Disable the Sidebar in Windows 7,

9. Disable the Aero Peek and Aero Snap features in Windows 7

   • Open the Windows 7 ” Control Panel ” and double-click on ” Ease of Access Center ” icon.
   • Now click on the ” Make it easier to focus on tasks ” seen at the bottom in there
   • Now untick the check box saying ” Prevent windows from being automatically arranged when moved to the edge of the screen ” .
   • Right click on the Windows 7 taskbar and select ” Properties “.
   • Now untick the ” Use Aero Peek to preview the desktop ” option from there.
Aero Snap will help you to maximize, minimize and resize the windows just by dragging and dropping it into the screen corners. To disable Aero Snap Feature in Windows 7, That will now disable the Aero Snap in Windows 7. Now To Disable the Aero Peek feature in Windows 7 The Aero Peek feature in Windows 7 helps you to peek through all open windows by hiding all other windows and showing only the outlines of all windows. Aero Peek is similar to the ” Show Desktop ” Feature in XP and Vista. If you have followed step 3 then Aero Peek will be automatically disabled. If not, The aero peek feature will now be disabled in windows 7.

10. Change the Power Plan To Maximum Performance

    • Double click the ” Power Options ” in the Control panel.
    • Click the down arrow showing ” Show Additional Plans ” to see the ” High Performance ” power plan
    .
    • Now just activate the ” High Performance ” plan and that’s it.
    • You may go for the advanced settings for further tweaking if you want.
The Power settings in Windows 7 is not automatically set for maximum performance. By default the power plan in Windows 7 is set for a balanced performance with energy consumption on hardware. So you may not get the optimal performance from windows 7 if this is the case. So we need to change the power plan to High Performance Mode.

11. Disable the Thumbnail Preview Feature to speed up File browsing in Windows 7

    • Double Click on ” Computer ” >click on the “Organize” drop-down menu and select the “Folder and Search options”
    • Under ‘Files and Folders’ section, go to the “View” tab and tick the check box showing “Always show icons, never thumbnails” checkbox.
The thumbnail preview feature in Windows 7 will show the small thumbnails of the contents of a folder instead of showing it’s icon. But this feature really do take up some system resources. So by disabling the Thumbnail Preview feature in Windows 7 the file browsing in Windows 7 explorer can be speed up. For disabling thumbnails in Windows 7,

12. Most Essential Softwares To Speed Up Windows 7

    • Wise Registry Cleaner
    • CCleaner
    • TCP Optimizer
    • TeraCopy
    • Startup Delayer
In order to maintain your Windows 7 Performance and keep it up in Top Shape there are some very essential software’s that can help us to Speed Windows 7. I will list some of them here. You can download these utilities. But i remind you that you need to run these utilities at least once in a week. Only if you do it regularly your Windows 7 will be in top shape every day. You can read this post which i have prepared earlier about the Top 5 Tools To Speed Up Your PC. http://www.computingunleashed.com/2009/05/top-5-tools-to-speed-up-your-pc-to.html There you can know more about these software i mentioned now.

13. Registry Tweaks to Speed Up Windows 7

Here are some registry teaks that can be used to speed up windows 7 even more. I have complied only the safest tweaks that can be applied to your PC. Apart from speeding up windows 7 they will also add some functionality in windows like adding Copy to / Move to in right click context menu to speed up your daily tasks. http://www.computingunleashed.com/2009/01/registrytweaks-for-speeding-up-windows.html If you have the complete version of Tune Up Utilities software with you then it is the best one to keep your Windows 7 in top shape.

14. Turn OFF Windows 7 Password Protection To save a few More Seconds!!!

If you have set a password for accessing your user account in windows 7, then you need to enter it each and every time you logon to windows. Logging into windows automatically without entering any password will save you a few seconds more. If you are the only person who use your computer then i would recommend to turn this off. If that is not the case you can skip this step. How to Automatically Logon to Windows 7 without entering any username or password

15. Turn OFF Windows 7 Screen Saver and Wallpaper

    • Right click on desktop and choose “Personalize”.
    • Click the Screen Saver link ” From the Screen Saver drop down menu, Set it to “None” and click “Apply” and then “OK”.
    • Now click on “Desktop Background” link.
    • From the “Location” drop down menu select “Solid Colors” and pick one color and click “OK”.
In order to display the wallpaper and screen saver the system needs some memory. So by disabling those two we can save a few Mega Bytes of memory. To Disable The Screen Saver and Wallpaper in Windows 7,

16. Disable Unwanted Start Up Items and Speed Up Windows 7 Start Up

    • Type ” msconfig ” in the “RUN” option from start menu press [Enter] to open up the System Configuration Utility.
    • Now navigate to the “StartUp” tab.
    • Untick the Entries which are not needed
This really matters when you have installed a lot of softwares on your PC. Many software such as AcdSee will run services such as device detector etc during the system start up. These are of no use actually for most windows users. So preventing such services from starting up during the start up of windows 7 can result in quicker start Ups. This will actually save some seconds during windows 7 start up.

17. Disable Unwanted System Sounds in Windows 7

    • Type mmsys.cpl in RUN From the Windows 7 Startmenu search box and press [Enter].
    • Navigate to the “Sounds” tab.
    • Now from under “Sound Scheme:” select “No Sounds” > Click “Apply” > “OK”.
      

    • You can keep some of your favorite sounds turned on if you want, but sounds played during the Windows 7 start up, shutdown, Logon, logoff, start navigation etc should be set to none if you want some real speed boost.
In order to play the sounds you hear in windows 7, system resources are being utilized. So if you can disable these sound effects you can gain some speed and also free some system resources too. To disable the system sounds in Windows 7, Thats it following all these steps will certainly boost the speed and performance of your windows 7 operating system.