UBCD4Win Forums: What is EzPcFix ??? - UBCD4Win Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

What is EzPcFix ??? a simple explanation

#1 User is offline   pcuser Icon

  • Project Programmer
  • PipPipPipPipPipPipPip
    • Group: Moderator & Development
    • Posts: 3,838
    • Joined: 20-November 04
    • Gender:Male
    • Location:Kneebrasskee

    Posted 28 May 2005 - 04:57 PM

    If you're the one that your friends and family members turn to for PC repair and virus/spyware removal then you need to have EzPcFix in your toolkit and learn how to use it. No matter how good you are, this utility WILL save you time.

    EzPcFix allows you clean up your windows installation without having to even boot into windows.

    How does it work?

    The Win2k, XP and 2003 API has functions to load "remote" hives into the registry for editing. Here's an example of what EzPcFix does behind the scenes:

    1. Open Regedit
    2. Highlight HKEY_LOCAL_MACHINE
    3. Goto "File" then "Load Hive"
    4. When the "Open" dialog box comes up, navigate to your "Windows" folder then the "Repair" folder and then double click on "SOFTWARE".
    5. An input box will come up asking for a "Key Name". You can name it anything that you want. Give it a descriptive name like "OLD_SOFTWARE".

    Now expand HKEY_LOCAL_MACHINE and you'll see a new branch called "OLD_SOFTWARE". This is a backup of your original SOFTWARE hive that was created when you first installed windows. This is called loading a "remote" registry hive.

    You can use this same method to load other users hives which are located at "Documents and Settings\USERNAME\NtUser.dat". The only difference is that you'll want to load them into HKEY_USERS instead of HKEY_LOCAL_MACHINE.

    You can even plug in another hard drive and load hives from a completely different windows install and edit them.

    This is exactly what EzPcFix does behind the scenes. When you run EzPcFix from ubcd4win, it loads the registry from the hard drive into the ubcd4win registry.

    Here's what the ubcd4win registry looks like before running EzPcFix:

    -My Computer
             +HKEY_CLASSES_ROOT
             +HKEY_CURRENT+USER
             -HKEY_LOCAL_MACHINE
                  +HARDWARE
                  +SAM
                  +SECURITY
                  +SOFTWARE
                  +SYSTEM
             -HKEY_USERS
                  +.DEFAULT
                  +S-1-5-18
                  +HKEY_CURRENT_CONFIG


    And Here's what it looks like after EzPcFix loads the registry hives from the hard drive:

    -My Computer
             +HKEY_CLASSES_ROOT
             +HKEY_CURRENT+USER
             -HKEY_LOCAL_MACHINE
                  +DEFAULT_ON_C (loaded from c:\windows\system32\config\DEFAULT)
                  +HARDWARE
                  +SAM
                  +SECURITY
                  +SOFTWARE
                  +SOFTWARE_ON_C (c:\windows\system32\config\SOFTWARE)
                  +SYSTEM
                  +SYSTEM_ON_C (c:\windows\system32\config\SYSTEM)
             -HKEY_USERS
                  +.DEFAULT
                  +Administrator_ON_C (c:\Documents and Settings\Administrator\NtUser.dat)
                  +All Users_ON_C (same as above)
                  +Default User_ON_C (same as above)
                  +LocalService_ON_C (same as above)
                  +NetworkService_ON_C (same as above)
                  +Owner_ON_C (same as above)
                  +S-1-5-18
             +HKEY_CURRENT_CONFIG


    Why is this usefull?

    Sometimes you can't even boot windows because of a virus that runs on startup (even in safe mode) or an incorrect/missing registry setting. All you have to do is boot ubcd4win and run EzPcFix then open "regedit" to edit the registry on the hard drive. One reason might be to disable "automatic reboot" when you can't boot into windows and it reboots too fast to even see the error message.

    This setting is at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Crash Control
    1=restart
    0=don't restart

    What else does it do?

    The list is VERY long. In a nutshell, my goal is to show you what's being started from every possible location on your system.

    For a detailed list, look at the links below.

    How to clean-up your windows install using ubcd4win/EzPcFix:
    http://www.ubcd4win....?showtopic=2162

    EzPcFix Homepage:
    http://www.ezpcfix.net/index.html

    EzPcFix Documentation:
    http://www.ezpcfix.net/html/docs.html

    EzPcFix Screenshots:
    http://www.ezpcfix.net/html/shots.html

    Tom
    If you're afraid of taking any chances then the chances are great that you will never learn anything

    Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
    0

    Page 1 of 1
    • You cannot start a new topic
    • You cannot reply to this topic

    1 User(s) are reading this topic
    0 members, 1 guests, 0 anonymous users