Items filtered by date: December 2015

When you load Windows Vista you get a blue screen with the following error:

“Stop: c000021a {Fatal System Error}
 The initial session process or system process terminated unexpectedly with a status of 0×000000000 (some more hex codes)”

Also System Restore through Repair Environment which did not work either, it kept saying unexpected error or something like that.

What I tried

• Clean install of Vista
• moved contents of system32\config from broken install to clean one
• also moved old Users directory

Problem still exhibited. Must be a registry/configuration issue then, not system files.

Cause

The problem was within the SOFTWARE hive. To verify I moved all the clean install stuff (Windows , Program Files, Users, ProgramData) to a folder called “clean” and moved all the folders out of Windows.old back into C:\ , so in effect returning the machine back to its original state before the clean install. I then replaced SOFTWARE with SOFTWARE.OLD and all is well.

Solution

• Boot into the recovery enviroment
• Navigate to c:\windows\system32\config
• rename SOFTWARE to SOFTWARE.off
• navigate to c:\windows\system32\config\RegBack
• copy the latest SOFTWARE file to c:\windows\system32\config
• reboot computer

Windows should now load ok but you need to do a few thigns for completeness.

• create a new system restore point
• run system restore to a suitable point. This makes sure all of the registry and files all match up
• reboot the computer

Done

You can now use many types of fonts on your website you are not limited to 'websafe' fonts anymore.

Old Technology:

• Typeface
• sIFR
• FLIR
• Cufón
• Typekit
• Microsoft EOT (but still used)

New Technology:

• @font-face (CSS3)
• Google Web Fonts
• Font Squirrel (more an implementation method)

Although you can still use the old technologies there seems really no point as now CSS3 supports native web fonts via @font-face. With the CSS declaration you can specify your own font to be used and have this present on your web server so the browser can download it and then use it.

Browsers implementation varies on what fonts it will allow to be embedded. See this link for a list of which browsers support which embedded font.

Google Web Fonts
Because there are many different browsers out there and they do not all support CSS3 fully Google came up with an interesting solution, Google Web Fonts. This works by you creating a CSS style sheet reference to a dynamic URL, Google would then work out what browser you were using and send the appropriate CSS files to the browser. It is possible via a certain combination of CSS declarations using different types of online fonts files to support all browsers but Google's web fonts API does the hard work for you and sends a specific CSS files to your browser.

The syntax looks like this: {code class='brush: html;'}{/code}Then, in your style sheet, you can apply that font to any body element. For example: {code class='brush: css;'}h1 { font-family: 'Font Name', serif; }{/code}

Google’s new Font API will work in any browser that supports @font-face (which is pretty much all of them).

Here are some examples of the different CSS delivered to the different browsers:

{code class='brush: css;'} /* Webpage Call */ /*using ie6 - emulated in ie9 so possible not working properely */ @font-face { font-family: 'Dancing Script'; font-style: normal; font-weight: normal; src: url('http://themes.googleusercontent.com/font?kit=DK0eTGXiZjN6yA8zAEyM2WrfpCc_r9-5ZnZPBmoO4Sk'); src: local('Dancing Script'), local('DancingScript'), url('http://themes.googleusercontent.com/font?kit=DK0eTGXiZjN6yA8zAEyM2VhlQWQpSCpzb2Peu3I-Q34') format('woff'); } /* using ie7 */ @font-face { font-family: 'Dancing Script'; font-style: normal; font-weight: normal; src: url('http://themes.googleusercontent.com/static/fonts/dancingscript/v0/DK0eTGXiZjN6yA8zAEyM2WrfpCc_r9-5ZnZPBmoO4Sk.eot'); src: local('Dancing Script'), local('DancingScript'), url('http://themes.googleusercontent.com/static/fonts/dancingscript/v0/DK0eTGXiZjN6yA8zAEyM2VhlQWQpSCpzb2Peu3I-Q34.woff') format('woff'); } /* using ie9 */ @font-face { font-family: 'Dancing Script'; font-style: normal; font-weight: normal; src: url('http://themes.googleusercontent.com/static/fonts/dancingscript/v0/DK0eTGXiZjN6yA8zAEyM2WrfpCc_r9-5ZnZPBmoO4Sk.eot'); src: local('Dancing Script'), local('DancingScript'), url('http://themes.googleusercontent.com/static/fonts/dancingscript/v0/DK0eTGXiZjN6yA8zAEyM2VhlQWQpSCpzb2Peu3I-Q34.woff') format('woff'); } /* using firefox 3.5 */ @font-face { font-family: 'Dancing Script'; font-style: normal; font-weight: normal; src: local('Dancing Script'), local('DancingScript'), url('http://themes.googleusercontent.com/font?kit=DK0eTGXiZjN6yA8zAEyM2VhlQWQpSCpzb2Peu3I-Q34') format('woff'); } {/code}

See this page for more info on how Google Web Fonts Works. Easy Custom Web Typography with Google Fonts API

Font Squirrel (website)

Font Squirrel allows you to create your own font pack for embedding fonts, this service is all free.

The people at font squirrel figured out that using a certain arrangement of CSS declarations and different online font files that you could support all web browsers, so unlike Google which sends a specific CSS file dynamically these declarations in the pack support all browsers in one go. There is a slight perfomance overhead but you can embed the files locally and use you own fonts rather than just the ones of goolge web fonts directory.

There is an online font generator at Font Squirrel to make your own packs with relative ease. They come with all the required fonts, CSS and HTML you need.

Here is an example of the CSS code in a font pack:

{code class='brush: css;'} @font-face { font-family: 'CloisterBlackLight'; src: url('CloisterBlack-webfont.eot'); src: url('CloisterBlack-webfont.eot?#iefix') format('embedded-opentype'), url('CloisterBlack-webfont.woff') format('woff'), url('CloisterBlack-webfont.ttf') format('truetype'), url('CloisterBlack-webfont.svg#CloisterBlackLight') format('svg'); font-weight: normal; font-style: normal; } {/code}

Typeface.js

Advantages:

• User doesn’t have to have Flash plugin installed on their browser
• Easier to create with just a few lines of Javascript
• For page loading it just needs to load the Javascript

Disadvantages:

• Text is not selectable because it outputs it like an image. I looked at some examples, right clicked on a word and had to view as an image. Every single word had this behaviour. Big thumbs down.
• Usage for body copy will slow down loading time, so it is recommended to use only for headlines.
• Cannot be read by screen readers
• Visual looks blurry
• Not all browser compliant and still has a lot of development left to be done

sIFR

Advantages:

• Can be read by screen readers as a normal headline because it is a behaviour layer on top of the markup and styling.
• Text is selectable
• SEO friendly
• Displays text as is like any other web font. Crisp and not blurry!
• Has addons like jQuery sIFR Plugin!

Disadvantages:

• Requires Javascript to be enabled
• Flash plugin must be installed in the browser
• Need Adobe Flash Studio to create it BUT there is a pretty nifty sIFR generator that creates the file for you!
• For page loading, it has to request for Flash, Javascript and CSS files attached to it, which can potentially get bogged down if you are using sIFR in too many places.
• Cannot display on an iPhone. Yet…

Cufón (similar to Typeface.js)

Enter Cufón, the Javascript-based font replacement solution which makes heavy use of canvas and VML. This offers a great alternative to other solutions out there - no Flash or images required.

There are some issues with using Cufón on a live site, the most notable being the inability to highlight and copy/paste text, which is really the biggest issue for your site's users.

Combine that with the EULA issues, which prevent you from being able to legally embed fonts in Javascript files for most fonts on the market today.

The other issue is knowing what fonts can be used with Cufón. For sIFR, most fonts are fair game, since the font is embedded in a Flash movie, which is typically an approved usage by most font foundries for most fonts. With Cufón, the Javascript files used for the font can be easily "stolen" and either used on another website or reverse engineered.

Typekit

Typekit is a commercial venture where you use their own javascript to implement web fonts from their libarary. Typekit offers access to a library of over 4,000 commercial fonts of professional quality. Typekit is currently the only source offering these high-quality typefaces for legal use on the web.
 

Other Resources:

• CSS vs sIFR vs Cufón
• Cufon vs sIFR vs FLIR
• Online Font Converter - Convert any font to any font type
• sIRF Vault - Download and generate font ready for use with sIRF
• Expand Your Font Palette Using CSS3 - History and current usage of web fonts

-----------------------------------
first you need to get this software
-----------------------------------

usbwebserver (http://www.usbwebserver.com/download.php) - it is free
excel (i used 2003)
ASAP Utilities for excel (to remove line breaks)(http://www.asap-utilities.com/) free version is ok
Excel Add Data, Text & Characters To All Cells Software 7.0 (www.sobolsoft.com) - free version should do
EMS MySQL Export (http://www.ems-hitech.com/) full version required
A working joomla site (your website, please backup stuff you want to keep)

This tutorial is how i did it and is written assuming you have a little knowledge about mysql and phpmyadmin, if not, it is not that hard to find out what

you need. please dont post simple questions here.

-----------------------------------------------------------------
Most shared or paid servers wont let you get remote mysql access to your databases so what i did, was to recreate my website on my local PC, using

usbwebserver (phpmyadmin username = root and password is displayed in usbwebserver
-----------------------------------------------------------------

- install usbwebserver on to you pc, setting apache port to 80 (makes things easier)
- create a mysql database dump from your old e107 site (cpanel you can use database backup) or use phpmyadmin and export you e107 database.
- create a database and user in usbwebserver, i use the same details as my website.

NB make sure that you keep the collation the same (click on the table you have created then look under operations), joomla prefers utf8_general_ci. i am not

an expert on mysql, so you might experiment. it might be ok to export in latin and import in utf8_general_ci. dont know help with this would be appreciated

- import the database you dumped in to the new database on your PC

you now have a local mysql server with your e107 data in that you can access,

NB you could if you wanted download and copy website files in to the root folder and have a complete copy of you website to work with locally.


------------------------------
we now want to export 2 tables
------------------------------

- install EMS MYSQL Export, the free version will only export a small amount of you links, but will work to test.

e107_links_page (these are the actual links)
e107_links_page_cats (these are the categories)

- run EMS MYSQL Export and export these tables, run EMS seprate for each table so you have 2 csv files. make sure you also export all colums in each table,

it is easier.
- you should now have 2 csv files, look in them and make sure they have the data you expect.

e107_links_page.csv
e107_links_page_cats.csv


--------------------------------------
moving the images to the correct place
--------------------------------------


NB currently the '/images/stories' folder is hard coded. (this i think will change, but not for this TUT)


- create these folders on your joomla site:

'/images/stories/categories'
'/images/stories/links'

nb you could add a parent folder of bookmarks if you want, but if you do i suspect when bookmarks is updated to allow the changing of the root directory it

might require you to edit all enteries in the database. if you look at newley create enteries in the bookmark tables you will see. my idea is when the root

directory is available i will create a folder called bookmarks in the image directory, move the images, change the root directory in the frontend of

bookmarks and it should be ready to go with out any extra work and the links should then nice and tidy in there own folder.

- copy your links pictures to your new joomla site as appropiate. if you are not using images then you can change these instructions and use a different csv

import option.

now you link and category pictures are in place.


-------------------------------------------------------------------------------------
This section will deal with altering your cvs/data ready to use the csv import feature on Boookmarks. We will be using the 5 category version so we can

import pictures aswell.
-------------------------------------------------------------------------------------

NB bookmarks automatically creates the categories for you.
NB bookmarks requires you to use the '|' character for the csv seperator, you can not change this inside excel so you have to use the following trick.

goto your control panel (xp), select regional and language settings, select customise, change the 'list seperator' to '|' character click ok. Excel will now

export with the correct seperator. (do not ask !!)

- now install asap utilities and 'Excel Add Data, Text & Characters To All Cells', i am assuming excel is already installed.

if you look under 'import and export' in bookmarks at the bottom it gives you the csv format and import details. what we now need are csv files to be made

compatable for the import.

- open up the csv file 'e107_links_page'

- removing line breaks, during the export procedure line breaks are replaced with these squares, these send the import porcedure mental. we will use ASAP

utilities to remove these
- goto the asap utilities menu (in excel) and select text/advanced character removal (option 14)
- click on 'line breaks', then click ok, and then close. All line breaks should be replaced with a space.

Now:

rename the headings as follows

link_name --> Title
link_url --> Url
link_description --> Description
link_button --> ImageUrl
link_category --> Category

delete these columns (make sure they are gone and not empty)

link_id
link_order
link_refer
link_open
link_class
link_datestamp
link_author

- reorder the columns so they match this order

Category|Url|Title|Description|ImageUrl


we now have the correct format for links imports, we now only need to sort out the url of the links pictures.


Bookmarks as previously mentioned tags this on to the front of the stored image url 'http://www.mysite.com/images/stories/', the images in this tutorial are

in a links sub folder, so we need to add this extra bit on to the link.

our currenty picture url will be 'mypicture.jpg' and it needs to be '/links/mypicture.jpg'

- select the Url column, then got tot the add text menu
- select 'add text to the beginning of the selected cell'
- it will prompt you for the text to add.
- add this

/links/

NB if you are using the free version, keep reselecting the undone links and eventually it will get there, you might have to do a few at the end yourself.
NB any links with no images will end up with '/links/' , go through and delete them. i think in these cases if you delete them automatic thumbnailing will

occur, dont quote me on it.


last alteration - category names


you might notice all the category names are numbers.

NB you can match the categories up by using the cat id, open up e107_links_page_cat.csv along side e107_links_page.csv and you can eaily macth the categories

to the appropiate number.

you have to options for the replacement:

- option 1 -use text replace in excel and match the numbers up using the exported category csv file

NB start form the highest number and work your way down

- option 2 - import the categories as is and then rename them in bookmarks (much easier)

save the e107_links_page.csv you are working on as a diffwerent csv file on to you desktop with a sensible name, no wired characters or spaces.

the csv is now prepared for import, your pictures are uploaded.

- Goto the bookmarks import page, got the bottom
- select which category to import to, select root. (or not !!)
- select the access level you want
- browse for the file on you desktop
- go to the top of the page and click on import CSV.

your links are now imported.


what about category descriptions


the second file you exported had the category descriptions, use these to cut and copy and add them in. I do not know how to add a category image we added

other than going in to phpmyadmim and doing it manually.

NB if you open up the e107_links_page_Cat.csv you can cut and copy the decriptions in to bookmarks easily.

hope this tutorial helps.

Usually when you have upgraded office an addin does not upgrade but has not been removed.

SYMPTOMS

XGA         1024 x 768
WXGA        1280 x 800
WXGA+       1440 x 900
SXGA        1280 x 1024
SXGA+       1400 x 1050
WSXGA       1280 x 854
WSXGA+      1680 x 1050
UXGA        1600 x 1200
WUXGA       1920 x 1200

My Hi-Def Screen

Glossy screen for a Dell Latitude D800

Toshiba LTD154EZ0D

Non-Glossy

Samsung LTN154U1-L01

Non Glossy

If you are on a Windows Platform, create an import.reg file with the following code in it (where .phps is replaced with the extension of file you would like to search inside, such as .cfm .php or .xml). Multiple ones can be added by making copies of the registry key and replacing the extension.

{code class="brush: powershell"}Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.phps\PersistentHandler] @="{5e941d80-bf96-11cd-b579-08002b30bfeb}"{/code}

1. Save file
2. Import in to Registry
3. Reboot

Now windows searches inside those files for you.

Not checked on Vista.

Outlook doesn't have a View, Source option like you'll find in Outlook Express. It has View, Options which shows you the Internet header in a small text box. But it only includes the Internet header, not the full message source.

Using Outlook 2003 you can view the header and source together, if you edit a registry key. This works on mail obtained from Internet mail transports, not Exchange server mailboxes. However, if you access the mailbox using an Internet transport, you'll see the full source.

Open the registry editor and navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Options\Mail 

right click on the right pane and choose new DWORD:

Parameter: SaveAllMIMENotJustHeaders
Value: 1

Note: This works only on new mail received after you create the registry key. You won't be able to see the source on messages already downloaded.

Introduction

Passwd files are the easist and simplist ways to hack. This text will explain what they are, how to get them, how to crack them, what tools you will need, and whatyoucan do with them. Of course the minute you sign on the account you just happened to crack because of this file, you are breaking the law. This text is for information, not illegal activites. If you choose to doillegal activies with the information from this it is no one's fault but your own. Now down to the good stuff.

What is a Passwd File

A passwd file is an encrypted file that contains the users on aservers passwords. The key word here is encrypted, so don't start thinking all i have to do is find one and i hit the jackpot. Nope sorry Man, theres alot more to it than that. The passwd file should look somethinglikethis

root:x:0:1:0000-Admin(0000):/:/bin/ksh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
listen:x:37:4:NetworkAdmin:/usr/net/nls:nobody:x:60001:60001:uid
nobody:/:noaccess:x:60002:60002:uid noaccess:/:
ftp:x:101:4:
FTPUser:/export/home/ftp:
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rrc

Out of that entire section the only name you could use would be

rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc 

Here is how you read the File

rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc
Username: rcc
Encrypted Password: uXDg04UkZgWOQ
User number: 201
Group Number:4
Real Name (usually): Richard Clark
Home Directory: /export/home/rrc
Type of Shell: /bin/ksh 

Because it is the only name with an encrypted password. You will never find a passwd file that has a passwd for anything like ftp, listen, bin, etc., etc. Occasionally using the PHF exploit or unshadowing a passwd file you can get an encrypted password for root.

PHF Exploit

First let me explain what an exploit is. An Exploit is a hole in software that allows someone to get something out of it that... Well you aren't supposed to.

The PHF exploit is a hole in CGI, that most servers have fixed now (if they have CGI). Lets just say a very popular IRC place has a problem with their CGI. Also on the subject of servers with the exploit open, many forien servers have this open. Unlike the FTP Passwd you don't even have to access their FTP or login. What you do is get a WWW browser and then in the plass for the WWW address type:

http://www.target.com/cgi-bin/phf?Qalias=j00%ffcat%20/etc/passwd

In www.target.com Place who's passwd you want to get. If you get a message like ""The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it."" its not there. If you get ""You have been caught on Candid Camera!"" They caught you, but don't fear they rarly ever Report you. I have yet to find a server that does report. Of course if you get

root:JPfsdh1NAjIUw:0:0:Special admin sign in:/:/bin/csh
sysadm:ufcNtKNYj7m9I:0:0:
Regular Admin login:/admin:/sbin/sh
bin:*:2:2:Admin :/bin:
sys:*:3:3:Admin :/usr/src:
adm:*:4:4:Admin :/usr/adm:/sbin/sh
daemon:*:1:1: Daemon Login for daemons needing
nobody:*:65534:65534::/:
ftp:*:39:39:FTP guest login:/var/ftp:
dtodd:yYn1sav8tKzOI:101:100:John Todd:/home/dtodd:/sbin/sh
joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh

You have hit the jackpot [=. Save the file as a text and keep it handy, because you will need it for later in the lesson.

FTP Passwd

The Passwd file on some systems is kept on FTP, which can pretty much be accessed by anyone, unless the FTP has a non-anonymous logins rule.

If you are desprite to get a passwd file from a certain server (which may not even be open, so only do if you are desprite or you want to hack your own server) get an account that allows you access to their FTP.

What you do is get an FTP client such as WS FTP or CuteFTP. Find the servers name and connect to it. You should get a list of Directories like ""etc, hidden, incoming, pub"" goto the one called etc. inside etc should be a few files like ""group, passwd"" if any chance you see one called shadow there is a 8/10 chance you are about to deal with a shadowed passwd.

Well get the passwd file and maybe check out what else is on the server so it won't look so suspious. Anyway when you log out, run and check out your new passwd file. If you only see names like ""root, daemon, FTP, nobody, ftplogin,bin"" with * beside their names where the encrypted passwd should be, you got a passwd file that you cannot crack. But if it happens to have user names (like rcc:*: or ggills:*:"" with a * (or another symbol) you have a shadowed passwd. Of course if you have been reading and paying attention if you have something that has a few things that look like:

joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh

You have gotten one you can crack.

Shadowed Passwd's

Now if you happen to find a passwd file that looks something like this:

joetest:*:102:100::/home/joetest:/usr/bin/restsh

which has a user name, not a programs, you have a shadowed passwd.

The shadow file has the encrypted passwords on it. Depending on the Operating System, the passwd file may be in different places. To find out what Operating system your target is running from telnet (connected to that server ofcourse) type uname -a and it should say, if you cannot get to telnet there is other methods of finding out.

Here is a guide to systems passwd file locations (taken from a text on passwd files by Kryto.) A token is the * (or other symbol) beside a shadowed passwds user name

UNIX Paths (Courtesy of 2600)

UNIX Path Token

AIX 3/etc/security/passwd !
or /tcb/auth/files/ 
A/UX 3.0s /tcb/files/auth/?/ * 
BSD4.3-Reno /etc/master.passwd * 
ConvexOS 10 /etc/shadpw * 
ConvexOS 11 /etc/shadow * 
DG/UX /etc/tcb/aa/user/ * 
EP/IX /etc/shadow 
x HP-UX /.secure/etc/passwd * 
IRIX 5 /etc/shadow 
x Linux 1.1 /etc/shadow * 
OSF/1 /etc/passwd[.dir|.pag] * 
SCO Unix #.2.x /tcb/auth/files/ / * 
SunOS4.1+c2 /etc/security/passwd.adjunct ##username 
SunOS 5.0 /etc/shadow 
System V Release 4.0 /etc/shadow 
x System V Release 4.2 /etc/security/* 
database Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb * 

Anyway once you have the passwd file (with user names) and shadow file you can find a unshadowing program which combines the passwd file and the shadow passwd and combines them into what a regualr passwd file would be.

A unshadowing program can be found at http://www.hackersclub.com/km/downloads/password_cracker/ucfjohn2.zip

Now some servers have the shadow file on retrictions so no one without a special account on the server can get to it.

Crackers

Now that you have gotten a passwd file, what the hell do you do it it to get passwords from it? Thats where crackers come in.

A cracker takes the passwd file and a wordlist and compares the wordlist to the passwd files encrypted passwd. I have used many different crackers. Everyone has their favorite. My personal favorite is one called PaceCrack95 Ver. 1.1 http://tms.netrom.com/~cassidy/utils/pacec.zip

Many people swear that John the Ripper is the greatest but i have problems with it, but it can be gotten off any decent hacking page. Same for Cracker Jack. A Cracker will load a wordlist and a passwd file and compare the two. When it cracks a password it will tell you the user name and the unencrypted password. You don't need to write it down because the program auto saves it. Cracker Jack saves the file as jack.pot and i think John the Ripper does too. PaceCrack95 Ver. 1.1 saves it to the files name (ex., passwd.txt.db) with the exact name and makes it a .DB file. I like to keep a passwd file once i have cracked it and later try out a new passwd cracker on it with the same wordlist and see if it works or if it is fake. It helps.

Wordlists

Wordlists are a nessicity to cracking passwd files. They are just huge lists of words. The biggest wordlist is avaliable from here, ftp://ftp.ox.ac.uk/pub/wordlists/

If you get a passwd file from another contry get a wordlist with the same launguage as the worlist came from, as the users would probably use words they are familier with.

There are some programs which can make random numbers to what you specify but that might not be really great, since there is such a huge amount of number combinations they could use. I am not completly saying they are useless since i have cracked a password with one before, I had fashioned my own list of 4 digit numbers since people might use their phone number and well it worked.

What to do with a Cracked Passwd file

What you can do with a passwd is up to you. The nice thing to do is inform the administator of the server that, accounts on his (or her) server are insucure and possibly open to anyone hacking an account and bringing havok upon their server. Some other things you can do is fire up good ole telnet and connect to one of their ports and see what you could do with that account. The possiblities are endless. You could hack a webpage (i wouldn't do that on account of how lame it is to destruct someones piece of work.)

You could use an exploit in sendmail and get root or install a sniffer on the system and get all the passwords you could ever want from it. You could use the account to do work on OTHER servers that you sure as hell wouldn't want to do from your own. If your account is canceled you can use a hacked accounts dial up till you purchase a new one. Like I said the list goes on and on. I am sure noone wants you doing anything destuctive (its lame anyhow.) And the best thing to do is report the problem to the system admin so, if he finds out he won't freak and call your admin and tell him you have been doing naughty things or even call the cops. I hope this text was informative enough to fufill your needs.

The PC is running very slow and the CPU is maxing out running a process called svchost.exe

computers stall at Windows startup (and other occasions, such as when loading IE) for minutes at a time, Mouse-clicks stack up and run all of a sudden.

Because svchost is a generic container for lots of windows services there are lots of causes of 100% CPU usage and and as many solutions.

Work throught the list below as appropiate and apply and changes where appropiate:

Unprinted document in 'Microsoft Image Printer'

open the Image printer print queue and delete any print jobs in there, if you do not use this printer, delete it to prevent any further occurance of this error.

Microsoft Update

Disabled 'Microsoft Update' (automated local sevice) via system properties and use 'Windows Update' (web based update service). This is a permenant fix which will allow normal operation to carry out the fix below.

• Windows Update is exactly what it says in the name - the site for updating Windows.
• Microsoft Update is an optional "upgrade" to Windows Update which contains all that is in Windows Update, but also includes other updates for Microsoft programs such as Office.
• Automatic Updates is the service that runs locally and checks periodically for critical updates for Windows.

1) Update to WUAgent v3

It may say "Install is not needed since Windows Update Agent is already installed." If so, then run the exe with the command line switch /wuforce

2) Run MS KB927891

3) Reboot

4) If still experiencing high CPU, run Office Update by itself from the Office support site. Install as requested, including any ActiveX.

5) Update and Reboot as necessary.

Microsoft article, (also inculdes links to other versions of V3 installer. ie 64 bit), forum 1, forum 2

Utilities

To view the list of services that are running in Svchost run the folowing in the command prompt:

Tasklist /SVC

Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For more information about a process, type the following command, and then press ENTER:

Tasklist /FI "PID eq processID" (with the quotation marks) 

Microsoft Article

In working with many Windows XP computers over the past couple of years in my shop, I've run across a few systems with corrupted registry files. Most of the time, I will get an error similar to the following:

Windows could not start because the following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM
\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Other times I won't get an error and the system will just reboot continuously without a blue screen error message. One thing is for certain in all of these problems: I can't boot into safe mode to fix it!!!!

It is cases like this when we want to manually roll back the registry. Basically, this restores your system's registry files to a point where they might have actually been stable, or at least less destructive than they are now. This process is not the same as system restore, mainly because we're only replacing the registry files, where system restore also replaces other system files.

If you Turned Off System Restore, turn around and go back where you came from. There is no hope for you.

One of Windows XP's "features" is something called System Restore. I don't like to use it for reasons I do not plan to go into, but what is good news for you and me is that System Restore takes a daily snapshot of your Registry files.

The registry snapshots are kept in the System Volume Information directory, typically in the root of the C: drive. The files are difficult to access normally, even in the Recovery Console, because the NTFS security settings on these files do not allow any user except for SYSTEM access to the files. Microsoft's way of doing what I am explaining now, which is linked at the bottom of this page, explains to restore the original registry files from %Windir%\Repair\ first, then changing the security and blah blah blah eventually getting the right files in. What a crockashit... My way is much easier.

STEP 1 -> Boot your system with WinPE

In order to move these registry files around, we need full, unrestricted access to the NTFS filesystem. This can be done several ways, but the easiest and most efficient way is to use something called the Windows XP PreInstallation Environment, WinPE for short. If you are a Microsoft OEM you likely have a real Microsoft WinPE CD lying around, but if not you can build your own WinPE. I highly recommend building the PE yourself, as it is a most valuable tool as a technician. If you do not care to do this, skip everything else I'm going to say and go do it the Microsoft way.. blah.

STEP 2 -> Find a recent Restore Point Registry Snapshot

So at this point, you've fully booted into the WinPE environment and have a cmd.exe prompt open. First off, navigate to the C:\System Volume Information\ directory. Windows XP has a great thing called tab completion Type "cd \sys" and then press the tab key. Voila! press enter.

From here, do a "dir" and see what you have... You may see one or two weird directories that have Microsoft CLSID identifiers. Within one of these directories we're looking for "Restore Points" which will be directories identified by "RPxx" where xx is a number. Type "cd _restore{CDSFSD"+tab or whatever the name of the directory is and do another 'dir'. If you see nothing, "cd .." and then go into the other one.

Now you've made it into the directory with all the restore points. Congratulations! Since they're not in any order, type "dir /od" to sort them by date. Look closely at the timestamp of these directories. Your goal here is to restore the system to a point where it was working and not about to crash. You also do not want to go back so far that it affects your settings or programs that you've installed, programs you've activated, etc. I try to keep the restore over two days but within a week of when the system crashed. Let's say it's 6pm on Thursday, look for midday Tuesday or beforehand, but not much more than that. Once you have found one that you're satisfied with, change to that directory, and beneath it, change to the "snapshot" directory. Do a directory listing. This is what your registry was at that point. Chances are it isn't corrupted, and your system might boot with it!

STEP 3 -> Overwrite your corrupt registry with the snapshot

All we have to do now is get these registry files to overwrite your current registry files. Great. Wait, Backup, you say? Why? They're corrupted. Why backup a corrupted file?

Using the benefits of Tab Completion, type the following commands:

copy _REGISTRY_MACHINE_SAM \windows\system32\config\SAM
copy _REGISTRY_MACHINE_SECURITY \windows\system32\config\SECURITY
copy _REGISTRY_MACHINE_SOFTWARE \windows\system32\config\SOFTWARE
copy _REGISTRY_MACHINE_SYSTEM \windows\system32\config\SYSTEM
copy _REGISTRY_USER_.DEFAULT \windows\system32\config\DEFAULT

Done.

There is also a copy of the registry in C:\windows\repair, you could try these if you have turned system restore off. This method can be used in the recovery console see this article from microsoft

If it didn't fix, Try a repair installation or scanning your hard drive for viruses outside of your computer or in WinPE.