# ...............Best Tools Here...............



## 0110 (May 15, 2005)

*HOW TO DELETE STUBBORN FILES?*
_First, a brief explanation on why this happens. This is usually because an active process has an open handle to the file which prevents it from being deleted. Normally if you close down all running programs you'll find that most files will then be free to delete, but that's not always the case, and in some cases it may even be a trojan that's preventing itself from being deleted._

*BASIC REGISTRY RULE: Any changes made to the registry file are crucial to the running of Windows and if damaged or misconfigured, could cause severe problems.
Follow Microsfot's recommended instructions to "BackUP" all important data first. It's recommended to save the backup on a CD, DVD or seperate HD due to the size factor (large)*

```
h**p://search.microsoft.com/search/results.aspx?st=b&na=88&View=en-us&qu=backup
```
*This option is not installed in Windows XP Home Edition. To install you will need the XP Home CDRom. Navigate to %CDROM%\VALUEADD\MSFT\NTBACKUP\. Look for Ntbackup.msi and double-click it to execute the install wizard.*

*MoveFileEx - A Windows function that moves an existing file or directory*

*WARNING:* editing the registry can be dangerous if you don't know what you're doing, make sure to *USE YOUR HEAD*, if you removed something you didn't want to, don't worry, just use the back up in this program
The MOVEFILE_DELAY_UNTIL_REBOOT option places an entry under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations and the file is moved or deleted (if destination NULL) when the system next reboots. Unfortunately as this is not supported under Windows95/98 an application must use entries in WININIT.ini to achieve the same effect.
BOOL MoveFileEx (LPCTSTR pExistingFilePath, LPCTSTR pNewFilePath, DWORD dwFlags)
TRUE if function succeeded

*pExistingFilePath*.......Source path to an existing file
*pNewFilePath*............New location for the file
*dwFlags*....................Optoions controlling the move
Move or rename a file

Move or rename a file to a new location.
Only meaningfully implemented on NT. Windows95 returns
*ERROR_CALL_NOT_IMPLEMENTED*, use MoveFile instead.
The source and destination path should be on the same drive as the system can then just change folder entries without actually copying the file contents. If *MOVEFILE_COPY_ALLOWED* is supplied and the system needs to copy the file it will require the additional disk space for the temporary file, in this case the original file is deleted only after the copy is successful.

The flags allow more control over the move, it can be zero or a combination of the following values :
*MOVEFILE_REPLACE_EXISTING*.......The destination can be overwritten if it exists
*MOVEFILE_COPY_ALLOWED*.............Allow a copy if destination on a different drive to the source
*MOVEFILE_DELAY_UNTIL_REBOOT*...The move takes place on reboot (NT only)
*MOVEFILE_WRITE_THROUGH*...........Do not return until changes flushed to disk (NT only)
*OR*
*Using Windows InProcServer32 process*

*WARNING:* editing the registry can be dangerous if you don't know what you're doing, make sure to *USE YOUR HEAD*, if you removed something you didn't want to, don't worry, just use the back up in this program
Open notepad, copy and paste the code below. Then save the file as "avifix.inf" without the quotes
; Windows XP explorer movie fix.
;
; WARNING - Use this file at your own risk.
; 
; Executing this file will remove a registry key which makes explorer load shmedia.dll.
; Simply put, this removes the annoying "permission denied" errors when trying to 
; move/copy/delete AVI files.
;
; To use this fix, right-click on the file and select install. Done.
;
; Information about the registry key from multiple sources. 
; Inf-file compiled by Moo (2002-03-22). 
; Idea by Duxus. Thanks to the kind people of "[BBB] Sweden #01", you know who you are!
;

[version]
signature="$Windows NT$"

[DefaultInstall]
DelReg = Reduce.Reg

[Reduce.Reg]
HKLM, "SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InProcServer32"
Right-click "avifix.inf" and select install
*OR*
*Delete the file in DOS mode (99.99% success ratio)*
Download & install *DOS Here* (197kb) - _"An Explorer Shell Extension to provide easy and quick access to the DOS Prompt in the requested folder"_

```
h**p://user.tninet.se/~fgo483j/files/ch20.zip
```

Open Explorer and go to the directory where the stubborn file resides (DO NOT HIGHLIGHT THE FILE)
Right Click and select "CMD here"
Close all open applications
Open the Task Manager and click on the Processes tab, select "explorer.exe" under Image Name, click "End Process"
You will only have the command prompt and the task manager open
In the Command Prompt, DEL the offending files (DEL *.mpg, DEL mus*.avi, DEL test.wmv, etc.)
The files should now delete without a problem. Now go back to the task manager and click on the Applications tab. Click the "New Task..." button. in the dialog, type explorer.exe and click OK
*OR*
*Delete the file association first*

*WARNING:* editing the registry can be dangerous if you don't know what you're doing, make sure to *USE YOUR HEAD*, if you removed something you didn't want to, don't worry, just use the back up in this program
Start >Run >regedit {enter}
Navigate to this key HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
Delete the "Default" key
Close regedit
Follow the above test again, is a simple del doesn't work
*AND* 
*Delete the file in DOS mode*
Start >Run >cmd {enter}
Navigate to the folder the file is in, i.e. if its in c:\folder\anotherfolder\file, type "cd c:\folder\anotherfolder" {enter} The coomand prompt should change to let you know you are in the correct directory.
Type "dir /x" {enter}
The offending file will be listed like (filena~1.xxx)
Type attrib -r -s -a -h filename.extension {enter}
Take note of the name and type "del filena~1.xxx" {enter}
*OR*
*Try to take ownership of the file*
Right click the file
Select the security Tab
Select properties
Select Advanced
Select Owner
Find the User or group you wish to give ownership to and select it
Click apply
now try deleting it.
*OR*
*If the file is Media (MP3, MPG, AVI, etc...)*
Remember the filename (X) and location
Run another file (Y) with the same extension
now Delete the file (X)
This occurs sometimes when windows thinks that the file (X) ur trying to delete is still open, eventhough u closed the app and the file.
*OR*
*Try one of these small programs*
*FreeFile* - _"FreeFile will free a file by finding the process that holds the lock, and allow you to terminate it"_

```
h**p://www.skrubbeltrang.com/Tools.aspx?Tool=FreeFile
```

*ZAP* - _"deletes files that are either in use or otherwise cannot be deleted" (works with XP & 2K)_

```
h**p://helpdesk.kixtart.org/Download/Utils/zap.exe
```

*DELLATER* (3kb) - _"DelLater is the ideal program to use when you can't delete a file, no matter how hard you try"_ - This tool does the same as above in Option 1

```
h**p://www.diamondcs.com.au/downloads/dellater.zip
```

*DeepDelete* (15kb) - _"DeepDelete is a file shredder designed to totally delete files on your hard drive. It works by overwriting files many times before deleting them, making them almost impossible to recover. DeepDelete uses a standard of stredding that is more powerful than the official US DoD standards."_ - This tool is no longer updated/developed

```
h**p://www.methlabs.org/deepdelete_r3.zip
```


*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.

NOTE: Mods/Admins, if you feel this thread belongs in another area, kindly either let me know or move it accordingly and I'll continue from there. cheers.


----------



## 0110 (May 15, 2005)

*HOW TO TROUBLESHOOT YOUR PC? (Guide)*

_The challenge with a problem is not so much the solution but figuring out what the actual problem is. For instance: if your internet connection is lost you might automatically assume it's a problem your ISP, yet the problem might actually be a cable connection problem, a corrupted software file, a conflict with another software program running at the same time, a virus or any number of other problems. By doing some basic troubleshooting you can effectively identify problems and get farther down the path to an actual solution. Also, if you need to call a manufacturers help-line, the call will be much more productive if you've done some troubleshooting before hand._

*Before you do anything:*

Check your mental state and don't panic! My personal theory to computer problems is that there is a direct connection between the amount of stress a user is under and the number of times a computer will crash. Chances are that when you are in a rush to get a document out the door, you will forget to close open applications, or to save your work and you will send too many commands (like printing, spell-check, etc.) at once. If you're moving fast on the computer, it pays to take a moment, take a deep breath, close unnecessary programs and save your work. Also, if you're trying to solve a problem that your computer is having, you will need full mental capabilities. So if you're feeling frustrated and tired while trying to troubleshoot - take a break! You'll find you'll solve your problems much faster if you have a fresh mind and attitude. Don't panic either. Sometimes computer problems can appear to be much more serious than they really are. Panicking can lead you to jump to a solution of a perceived problem before you've actually identified the real problem.

*[*]Some initial steps:*
*Check the component's documentation and/or the manufacturer's website:* The appendix of most manuals will contain a troubleshooting guide that will identify the most common problems the component may have. Most software installations include placing a readme file in the programs directory that will list all known incompatibilities. Manufacturer websites can be extremely helpful as well, with support pages that will direct you to common problems and solutions that may include a software "patch" that can be downloaded directly from the site and then run on your hard drive
*Check for Viruses:* Any strange behavior on a computer could be due to a virus. Use an anti-viral program to scan your system - and follow the instructions on the use of the anti-viral program closely
*Use diagnostic utilities:* Software crashes can often be caused by corrupted files or registry conflicts. Using a program like Window's Scan Disk (found under System Tools in the Accessories folder on your program menu) can identify and fix corrupted files. Norton Utilities has a program called "System Check" that both checks the integrity of your files and looks for software conflicts and will repair problems

*If none of those steps work - it's time to use your brain!*
Ask yourself - when did the problem I'm experiencing first start? If you made any change, such as installing new software or adding hardware, to the computer and now you are having a problem, chances are the change is the cause. Also, while you're trying to identify problems and solutions remember to make only one change to your system at a time, so you can easily trace your steps.
*Determine if the problem is repeatable or if it is intermittent:* A repeatable problem is one that occurs all the time, or always in response to a specific user action
For example, if the computer crashes everytime you print a document - that's a repeatable problem
An intermittent problem will appear to happen spontaneously or randomly. An intermittent problem is usually the result of a specific set of circumstances happening occasionally. With these problems it is important to try to establish a pattern involved in the problem. Keep a problem log at the computer and try to write down all the circumstances occurring when the crash occurred, including the most minute detail.
*Use the process of elimination:* Start to remove components from your system one at a time. After you remove a component test to see if the problem still exists. This is a great way to figure out if the problem is caused by a conflict between software programs and/or hardware. Start by removing the most recently installed stuff first

*Some Final Tips:*
*If you call the helpline - be patient and prepared:* You will have to wait on hold awhile to get to get an actual person on the phone. Like death and taxes that's just a fact of life. If you can review all the troubleshooting steps you took to identify the problem, the technical assistance operator will be able to identify the solution more quickly and effectively
_Remember: if you get a technical assistance operator on the line don't hang up until you're sure the problem has been solved_

*If the equipment is new, send it back:* Most equipment is under warranty and if there is anything severely wrong with it, you should send it back. This may not help your immediate goal, but it will save you plenty of time in the long run. If the equipment is under warranty, the vendor will deal with it

*The most important thing to remember while troubleshooting is to be patient and observant. By using these steps you should easily be able to resolve even the most inexplicable problems*

original post is by my good friend TWEAKER.

*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO ELIMINATE BIG PROBLEMS WITH SMALL PROGRAMS?*
*INTERNET RELATED*
*AD-AWARE* (1.7mb) - _"Standard Edition is THE award winning, *free*, multicomponent detection and removal utility that consistently leads the industry in safety, user satisfaction, support and reliability"_

```
h**p://lavasoft.element5.com/support/download/
```

*AOL HIDER* (475kb) - _"Excellent program that simply hides AOL into the task window in the bottom right corner. Makes it look like you have a real internet connection! Compatable with all versions"_

```
h**p://www.simbak2k.net/exes/aolhider104.zip
```

*FPIPE* - _"FPipe is a source port forwarder/redirector. It can create a TCP or UDP stream with a source port of your choice. This is useful for getting past firewalls that allow traffic with source ports of say 23, to connect with internal servers"_

```
h**p://www.foundstone.com/resources/proddesc/fpipe.htm
```

*FPORT* - _"Reports all open TCP/IP and UDP ports and maps them to the owning application"_

```
h**p://www.foundstone.com/resources/termsofuse.htm?file=fport.zip
```

*MAGIC MAIL MONITOR* (71kb) - _Tiny POP3 compliant Mail Checker: the best choice for checking one or multiple account quickly, at periodic interval. Fully configurable, nice interface_

```
h**p://www.geeba.org/magic/
```

*MAILINATOR* - _"Have you ever needed an email .. NOW? Have you ever gone to a website that asks for your email for no reason (other than they are going to sell your email address to the highest bidder so you get spammed forever)?"_

```
h**p://www.mailinator.com/mailinator/Welcome.do
```

*NET LIMITER* [614KB) - _"NetLimiter is an ultimate internet traffic control tool"_ *******

```
h**p://www.netlimiter.com/
```

*NESSUS* - _"A security scanner which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way."_ For Linux ONLY

```
h**p://www.nessus.org/download.html
```

*NETSCAN PRO* (925kb) - _"NETSCAN PRO is the real advanced TCP/IP monitoring utility which allows you to monitor all network activity at your computer. NETSCAN PRO 3.3 has a graphical and text interface which makes the program unique in its kind! It's very easy to use! All you do is run the program and see all established connections and opened ports at your computer"_

```
h**p://www.7forces.com/files/ns3setup.exe
```

*NO ADS* (215kb) - _"Popup killing at its best! This nifty utility is great when surfing websites. If a popup appears, open the program that is in the task tray and double click it and its gone. It will then store it and kill it in the future too. It is the first one I've seen that supports AOL! Even works great with programs like KaZaA"_

```
h**p://www.simbak2k.net/exes/NASetup.exe
```

*Online JPEG compressor* - _"Can help you to make your pages load faster by reducing the size of your JPEG files. It will display multiple versions of a given image compressed at different levels for you to pick the smallest image at the best possible image quality you require"_

```
h**p://www.chami.com/jc/
```

*PCS NETWORK TOOLS* (1150kb) - _"The PCS Network Tools is a collection of essential network diagnostic tools. These tools include DNS resolution which provides the IP Address, Hostname, Hostname Alias, Mailhost, and Name Server Records for an entered host. In addition, the following tools are also included: IP Scanner, Traceroute, Ping, Whois, Finger, Time, Quote of the Day, and extensive Localhost information. Local information includes the hostname, alias, IP address, MAC address, username, Primary Domain Controller, NetBIOS, memory, windows version and build, and other vital information"_

```
h**p://www.learnxgroup.com/software/pcsnt.html
```

*PEER GUARDIAN* - _PeerGuardian 2 is Methlabs' premier IP blocker for Windows. With features like support for multiple lists, a list editor, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), PeerGuardian 2 is the safest and easiest way to protect your privacy on P2P. Plus, by integrating with Blocklist.org, lists are built custom just for you._ - Look for the Linux/OSX version on this site

```
h**p://prdownloads.sourceforge.net/peerguardian/pg2-050423-x64.exe?download
```

*PING PLOTTER* - _"This exceptional GUI-based traceroute tool has features I've only seen in expensive industrial-strength tools, including dynamic tracking of changes in node response time - great for tracking a network outage across time. It's also very fast!"_ - For NT/2K/XP ONLY

```
h**p://www.pingplotter.com/downloads/pngplt_1.exe
```

*PROXIRAMA* (154kb) - _"A tool for finding and testing proxy servers. it will test them for anonymity, speed, if it's a gateway proxy, h**ps support (=chainability) and geographical location. furthermore, it can be used as a local proxy server that redirects your traffic through a arbitrarily long chain of anonymous proxies. it is small, fast, and easy to use"_

```
h**p://gaamoa.securibox.net/ProxyramaSetup.exe
```

*SPYBOT - SEARCH & DESTORY* (3.5mb) - _"This *free* program can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover"_

```
h**p://www.safer-networking.org/index.php?lang=en&page=download
```

*TCPDUMP* (341kb) - _"TCPDUMP for Windows is a clone of TCPDUMP based on Packet Sniffer SDK, the popular command-line packet capture tool. It can provide very detailed information about any network conversation that runs across the wire."_

```
h**p://microolap.com/downloads/tcpdump/tcpdump.zip
```


*OS RELATED*
*FILE*
*BCWIPE* - _"Is intended to give you a confidence that your deleted files cannot be recovered by an intruder"_ For Linux/FreeBSD/OpenBSD/Solaris/Digital UNIX/Irix/Windows

```
h**p://www.jetico.com/download.htm
```

*BEST CRYPT* - _"A Data Encryption system provides the most comprehensive and easy-to-use secure data storage and access control facilities available"_ For Linux/FreeBSD/OpenBSD/Solaris/Digital UNIX/Irix/Windows

```
h**p://www.jetico.com/download.htm
```

*CIA UNERASE* - _" Is the first product using the CIS technology to recover deleted files. Using CIS, CIA Unerase recovers almost any file you deleted even before you installed CIA Unerase and files where all other solutions on the market failed. CIA Unerase is the smallest, easiest and fastest Unerasing-tool we know"_

```
h**p://217.160.136.183/en/Download/down.php?login=1&[email protected]&loginname=tina&status=aktiv&CIA_Unerase=1
```

*DARIK'S BOOT AND NUKE* (1962kb) - _"Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction." Available in floppy and CD version. This tool is very dangerous. After using the WinImage extractor to create the "nuke" boot floppy disk, you then reboot the target system with the disk in drive A. The main point of this program is to securely delete everything, so NEVER run it on a system that you intend to use again._

```
h**p://dban.sourceforge.net/
```

*ERASER* (2745kb) - _"Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is FREE software and its source code is released under GNU General Public License.
The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.
Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting methods."_ The US Defence Security Service (DSS) is one of their clients.

```
h**p://prdownloads.sourceforge.net/eraser/Eraser57Setup.zip
```

*DELLATER* (3kb) - _"DelLater is the ideal program to use when you can't delete a file, no matter how hard you try"_

```
h**p://www.diamondcs.com.au/downloads/dellater.zip
```

*HIDE IT* - _Hide running applications_

```
h**p://www.annoyances.org/downloads/ftp/hideit.zip
```

*KILL* - _"Shuts down one or more running Windows NT tasks or processes" - For 2K/XP_

```
h**p://helpdesk.kixtart.org/Download/Utils/KILL.EXE
```

*KILL95* - _Shuts down any processes running in memory_

```
h**p://helpdesk.kixtart.org/Download/Utils/kill95.zip
```

*ZAP* - _"deletes files that are either in use or otherwise cannot be deleted" - For 2K/XP_ *******

```
h**p://helpdesk.kixtart.org/Download/Utils/zap.exe
```


*CONTROL/MONITOR*
*CIS* - _"A free security scanner written and maintained by Cerberus Information Security, Ltd and is designed to help administrators locate and fix security holes in their computer systems. This tool is a must!"_ To see the checks it does, go h**p://www.cerberus-infosec.co.uk/vulndb.txt]*HERE* - For NT/2K

```
h**p://www.cerberus-infosec.co.uk/CIS-5.0.02.zip
```

*COOL BEANS SYSTEM INFO* (820kb) - _"A small but powerful program that monitors your computer's CPU, physical memory, and swap memory usage"_

```
h**p://dl.winsite.com/files/180/ar1/winxp/sysutil/sysinf02.exe
```

*DEPENDENCY WALKER* (406KB) - _"A free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules."_ Can be helpful to identify missing files/dll after installtion of programs

```
h**p://www.dependencywalker.com/depends21_x86.zip
```

*HHD SRVADMIN* - _"A very useful as a replacement to the ordinary NT service and device control panel applets, because it repeats and extends the functionality provided by them. Plus, it allows administrators to perform tasks, which usually not available to them without installing Windows NT Resource Kit."_ For NT/2K

```
h**p://www.hhdsoftware.com/Download/srvadmfull.zip
```

*NTFS Reader for DOS* - _This is an *absolutely essential recovery tool* if you use NTFS partitions. Add this 147 KB executable file to your Win9x-based boot floppy and it will let you read any NTFS partition and copy off files to any FAT partition. (Don't be thrown when the page says "Demo software." It's outright freeware.)_ - For NT/2K/XP ONLY

```
h**p://www.ntfs.com/downloads/readntfs.zip
```

*NTSubst* - _"Extended version of the NT subst command. NtSubst allows you to assign the drive letter not only to any valid path, but also any valid NT Object Manager path."_ For NT/2000

```
h**p://www.hhdsoftware.com/Download/ntsubst.exe
```

*POWER PROMPT* - _"will allow you to run programs as System"_

```
h**p://www.skrubbeltrang.com/Tools.aspx?Tool=PowerPrompt
```

*PROCESS EXPLORER* (150kb) - _"The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work"_

```
h**p://www.sysinternals.com/files/procexpnt.zip
```

*REVELATION* - _Discloses passwords that are only displayed as asterisks. I suppose, ultimately, this is a cracker's tool; but there are practical, legitimate uses for it, so I decided to post the link._ - For 9x/2K/XP. Please use it in good faith.

```
h**p://www.snadboy.com/RevelationV2.zip
```

*RUN AS USER v4.1* - _The function of this software is to allow Administrators to deploy applications that require elevated user rights to users who have restricted rights without having to issue Administrator Credentials to the user. It does this by passing a Run As User type command to the Operating System for the duration of the task at hand. It will only give the elevated rights to that specific task, so you can be safe knowing that the user will not have access to any restricted resources while the application is running. Other uses of this software include running games that require the administrator account to run._ - For XP. Please use it in good faith.

```
h**p://www.palmersoft.co.uk/software/runasusersetup.exe
```

*SHUTDOWN* - _Small commandline utility that makes it a breeze to log off, shutdown, restart, hibernate, or put in stand-by mode your Win XP computer. It's the only utility I know that shuts down Win XP and then reliably powers off the computer._ For XP ONLY.

```
h**p://aumha.org/downloads/shutdown.zip
```

*STARTUP CPL* - _"A nifty control panel applet that allows you to easily configure which programs run when your computer starts."_

```
h**p://www.mlin.net/files/StartupCPL.zip
```

*STARTUP MONITOR* - _"A small utility that runs transparently (it doesn't even use a tray icon) and notifies you when any program registers itself to run at system startup. It prevents those utterly useless tray applications from registering themselves behind your back, and it acts as a security tool against trojans like BackOrifice or Netbus."_

```
h**p://www.mlin.net/files/StartupMonitor.zip
```

*STORM WINDOW* - _A great and *FREE* utility for Windows desktop security_

```
h**p://www.cetussoft.com/stormwin.htm
```


*INFORMATION*
*ADVISOR* - _Displays all your PC info (hardware/software) on one page_

```
h**p://www.belarc.com/Programs/advisor.exe
```

*SKRUB THE WEB* - _"Search Microsoft Knowledge Base, MSDN, Google and Google Groups in a single click"_

```
h**p://www.skrubbeltrang.com/Tools.aspx?Tool=SkrubTheWeb
```


*UTILITIES*
*DOS HERE* (197kb) - _"An Explorer Shell Extension to provide easy and quick access to the DOS Prompt in the requested folder"_

```
h**p://user.tninet.se/~fgo483j/files/ch20.zip
```


*TWEAKS*
*ANSWERS THAT WORK* - _"Through our support service we often come across problems caused primarily by programs running in the background, programs which in most cases start at the same time as Windows. Sometimes these programs are useful and need to be there; quite often, however, they are not needed, and in too many cases they cause severe problems."_ This is not a program, however it would be a great small utility if packaged.

```
h**p://www.answersthatwork.com/
```

*BOOTVIS* (990kb) - _"Bootvis.exe is a performance tracing and visualization tool that Microsoft designed to help PC system designers and software developers identify performance issues for boot/resume timing while developing new PC products or supporting software."


Code:


h**p://download.soft32.com/files/19687/bootvis.msi

[*]*ERUNT* - "Finally, a tool to back up the Win XP Registry! (Microsoft didn't include one with Win XP itself.)" - For NT/2K/XP ONLY_
*NTRegOpt* is included in the above file - _This optimizes the Win NT/2K/XP Registry much as SCANREG /OPT does for Win98/ME._


```
h**p://home.t-online.de/home/lars.hederer/erunt/erunt.zip
```

*HIJACK THIS* - _"HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers."_ - *USE WITH CAUTION AND AT YOUR RISK*

```
h**p://www.tomcoyote.org/hjt/hijackthis.zip
```

*TWEAKUI* - _THE BEST OF ALL THE PowerToys! This should be standard on every (pre-XP) Windows computer whatsoever! Many new features added._

```
h**p://download.microsoft.com/download/winme/Install/1.0/WinMe/EN-US/Tweakui.exe
```



*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO BLOCK ADS AND MAINTAIN THE SUPERTRICK (hosts file - example 1)* 
Get the original *FILE*
Get a list of updated Ad sites from *ACCS-NET*

```
h**p://www.accs-net.com/hosts/get_hosts.html
```
*SomeoneWhoCares*

```
h**p://someonewhocares.org/hosts/
```
*MVPS*

```
h**p://www.mvps.org/winhelp2002/hosts.txt
```
*Blood Image*

```
h**p://www.bloodimage.com/hosts_bak
```
*EveryThingIsnt*

```
h**p://everythingisnt.com/Hosts
```
and if you want more then always 
*Google here*

```
h**p://www.google.com/search?hl=en&ie=ISO-8859-1&q=hosts+file
```
*and here*

```
h**p://www.google.com/search?hl=en&ie=ISO-8859-1&q=windows+hosts+file
```

Update file either manually or use *HOSTS Manager* by simply adding the files from above.

```
h**p://www.aldostools.com/hosts.html
```

While visiting the sites listed above, enhance your knowledge about HOSTS file and utilize it properly to improve the Ad Blocking on your PC.

*FINAL NOTE: If you open the hosts file (C:\WINDOWS\system32\drivers\etc) and see most if not all addresses have an IP addressess other than 127.0.0.1 or 0.0.0.0 then RUN windows update then an Anti-Virus program, then go back to my first point.
The Fortnight virus makes changes in your hosts file: C:\WINDOWS\system32\drivers\etc\hosts or C:\WINNT\system32\drivers\etc\hosts. The Windows hosts file serves to associate host names with IP addresses. The hosts file dropped by this virus contains of a list of URLs, each associated with a bogus IP address.* 
REFERENCE: Microsoft Security Bulletin MS03-011

```
h**p://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp
```

*A sample of an example INFECTED hosts file:* 

```
# Copyright   1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
66.159.20.80 moviesheaven.com
66.159.20.80 vidsvidsvids.com
66.159.20.80 my-teensex.com
66.159.20.80 nobull****movies.com
66.159.20.80 watch-xxx.com
66.159.20.80 wolrdteenparadise.com
66.159.20.80 www.google.com
66.159.20.80 worldsex-archives.com
66.159.20.80 ww2.link-o-rama.com
66.159.20.80 link-o-rama.com
How to Clean manually - simply remove anthing below "127.0.0.1       localhost" or some people have it "0.0.0.0       localhost":
# Copyright   1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
```

*WINDOWS UPDATE NOTE:* Akamai.net is used by Microsoft to host the Windows Update features, known as the "AutoUpdate" and "v5.windowsupdate.microsoft.com [63.209.144.181]". In addition, Akamai.net also hosts others, such as ad/spware websites.

So if either feature of the Windows Update is not working and/or you get "Windows Update Failure - Error Code 0x800A138F". Then close ALL broswers' windows, open *hosts* file, press {CTRL+F}->look for this address "a248.e.akamai.net [63.251.152.201]", without the brackets, and delete it then save and exit. Now try *h**ps://a248.e.akamai.net/v4.windowsupdate.microsoft.com/getmanifest.asp* again. If it works, then go to *h**p://windowsupdate.microsoft.com* and get your Updates. If it still does not work then your company or your ISP may be blocking this hostname. Or some anti-ad/spy programs may have this address blocked, such as *SPYBLOCKER*

```
h**p://spyblocker-software.com/IPB/index.php?showtopic=420&st=0&#entry1820
```
*DO NOT DELETE ALL AKAMAI.NET SITES, OTHERWISE YOU WILL END UP WITH AD/SPY SITES POPING BACK.*
Below is a small sample of hundreds of the Akamai.net servers that process ad/spy sites:
0.0.0.0	a08.g.akamai.net
0.0.0.0	a1.g.akamai.net
0.0.0.0	a10.g.akamai.net
0.0.0.0	a100.g.akamai.net
0.0.0.0	a100.g.akamaitech.net
0.0.0.0	a1016.g.akamai.net
0.0.0.0	a1028.g.akamai.net
0.0.0.0	a1032.g.akamai.net
0.0.0.0	a104.g.akamai.net
0.0.0.0	a1040.g.akamai.net
0.0.0.0	a1061.g.akamai.net
0.0.0.0	a1066.g.akamai.net
0.0.0.0	a108.g.akamai.net
0.0.0.0	a11.g.akamai.net
0.0.0.0	a1100.g.akamai.net
0.0.0.0	a111.g.akamai.net
0.0.0.0	a1156.g.akamai.net
0.0.0.0	a1168.g.akamai.net
0.0.0.0	a117.g.akamaitech.net
0.0.0.0	a1172.g.akamaitech.net
0.0.0.0	a1180.g.akamai.net
0.0.0.0	a1196.g.akamai.net
0.0.0.0	a12.g.akamai.net
0.0.0.0	a12.g.akamaitech.net
0.0.0.0	a1208.g.akamai.net
0.0.0.0	a1224.g.akamaitech.net
0.0.0.0	a1228.g.akamai.net
0.0.0.0	a1234.g.akamai.net
0.0.0.0	a1240.g.akamaitech.net
0.0.0.0	a1252.g.akamai.net
0.0.0.0	a1261.g.akamai.net
0.0.0.0	a1284.g.akamai.net
0.0.0.0	a13.g.akamai.net
0.0.0.0	a1300.g.akamai.net
0.0.0.0	a1316.g.akamai.net
0.0.0.0	a1356.g.akamai.net
0.0.0.0	a1360.g.akamai.net
0.0.0.0	a1380.g.akamai.net
0.0.0.0	a14.g.akamai.net


*Now continue to Example 2, below*

*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO BLOCK ADS AND MAINTAIN THE SUPERTRICK (hosts file - example 2)* 

Continuing from *example 1:*

```
http://forums.techguy.org:80/showthread.php?p=2617026
```

*Update your hosts file*
First, download and "save as" this 
*UPDATED FILE* (contains over 14,000 verified sites and about 500kb).

```
h**p://remember.mine.nu/getfile.asp?t=nc
```

Add it to your hosts file using 
*HOSTS MANAGER*

```
h**p://www.aldostools.com/hosts.html
```


*Update your proxy configuration, even if you aren't behind a proxy*
_Netscape Navigator_
Go to Edit->Preferences->Advanced->Proxies
Select "Manual Proxy Configuration" (even if you aren't using a proxy) and click "View"
From the final hosts file, after merging it with the one you downloaded, open the file in Wordpad and remove everything except the site addresses
_Replace the line breaks with a space to make the file as one line. Like this "000freexxx.com 039068a.dialer-select.com 1.h**pads.com 1000stars.ru 100free.com 100free.de 100free.nl 123adult.com"_

Paste the results into "No Proxy For" box
_This will tell Navigator to access these sites directly. Since your hosts file says they are the local machine, ad lookups will fail and you can surf in peace without distraction, with the added bonus that many web pages will load quite a bit faster_

_Internet Explorer 5.x+_
Go to Tools->Internet Options...->Connection tab
Select your Connection (Dialup or LAN) & press "Settings" button
Check "Use a proxy server for your..." checkbox
Click "Bypass proxy server for local addresses" checkbox
You are done - No need to add anything in "No Proxy For" box


*NOTES*
If you run a webserver on your PC
_All the servers in this file point to the ip 127.0.0.1 (localhost), you will need to open the "Hosts" file in a regular text editor (wordpad/bbedit/vim etc) and replace 127.0.0.1 for 127.0.0.2 or another "non-existant" ip address
[*]Alternatively you can simply download this dedicated Hosts file for servers with the ip set at 127.0.0.3 *here*. You will need to rename this file "Hosts"


Code:


h**p://remember.mine.nu/getfile.asp?ff=se

_
_
[*]If you use the browser Mozilla , but after installing Hosts you keep getting a "connection refused.." error dialog
This is a bug in Mozilla (version 1.1 and below) due to the browser not having a built in error page when a website/adserver cannot be contacted, therefore an alert dialog is used instead of error page
This has been reported as a bug to the Mozilla project and is still awaiting to be set as a default setting into a release
If you have Mozilla 1.2a or above you can add to your user preferences file (prefs.js) this line:
*user_pref("browser.xul.error_pages.enabled", true);*
This will stop the annoying dialog popup as 1.2a has the option to remove the dialog though this isn't enabled by default yet

_




If you installed it and now you can't visit site X
_Then probably the site in question is in the "black" list and is stopping your visit
[*]check when you access the site does your taskbar/statusbar say "connecting to 127.0.0.1" if so then it is most likely within this file, in which case you will need to open this "Hosts" file in a text editor (wordpad/bbedit/vim etc) and search for the line that contains the address of the site that you want to visit
[*]Simply delete that line or place a # before the line which deactivates that particular entry, then reboot or re-flush your dns, and you will then be able to visit the site in question
This Hosts file is designed to be extremely comprehensive and to get the best out of it some people will find they need to edit it manually to remove certain sites for their own browsing preferences (using the above instructions)
Web sites will not be placed in this file if they have had no observed hostile activities or privacy breaches, and with banner advertising only the server from which the advert banner originates will be blocked and not the whole site
The sorts of activity that determines addition to this file is:
adverts, banners, multiple popup windows /exit pages, webbugs, script/java exploits, privacy breaches, dialer droppers, user tracking and counters, viruses, spyware, circle sites, spammer sites, underhand practices etc.
If a site is visited and they have these kinds of activities going on, then they will most likely to be entered into this Hosts file by myself or other users who contribute to this project
You can always use this program, *Hosts Toggle* to turn on/off the Hosts file with one click

_



```
h**p://www.accs-net.com/hosts/HostsToggle/
```




If you installed it and your Windows 2000 PC hangs every 10 minutes and/or is slow
_This seems to be a bug in Win2K as it will not handle large Hosts files such as this one, it can be worked around by 2 different methods, if you are not on a LAN network or use a direct connection to the internet (t1/dsl/adsl/cable) (modems untested but believed to work also) the first simple method is as follows
Locate the hosts file you installed and rename to hosts.txt (this will disable it tempoarily)
Right Click on "My Computer" on the desktop and choose "Manage"
Scroll to the "services" section and locate "dns client" r-click on this and choose "properties"
Stop the service and from the dropdown choose "disable"
Rename "hosts.txt" back to "hosts" and you should be able to use the hosts file as normal, a reboot might be required to get it working fully
This method has been known to work on many Win2k* setups without any adverse effects. Also known to work for some XP users who experience slow network startup and/or IE or OE is very slow to start, the procedure to disable the dns client is the same as above. Of course if you still have problems or cannot connect to the internet after implementing this workaround it is advised you do not use this Hosts file and restore the "dns client" back to an "automatic" state and restart the dns client. Alternativly you will need *this software*


Code:


h**p://www.pyrenean.com/config.php

and see *this page* for implementing an advanced dns solution (for expert users only)
_


```
h**p://www.accs-net.com/hosts/DNSKong2K/Setting%20Windows%202000%20to%20use%20DNSKong.htm
```



If you installed it and can still see some banners
_After checking the obvious, have you got it installed in the correct location for your Operating system?
[*]Check to see if the banners image is coming from a different server than the one you are visiting (right click on banner and choose properties too see the web address of the images location)
[*]This is because some websites serve their banners from the same site as the content, in those cases a Hosts file will not block them as it would stop access to the entire site which isn't the idea, this Hosts file blocks access only if they have a seperate advert server to the main one and it is in this Hosts file, otherwise adverts will be seen
[*]If you use a specific web proxy (specified by your ISP's internet settings) then this Hosts file will not work as using a explicit proxy bypasses the Hosts file functionality. Please remember to that this file while being very comprehensive cannot include every banner server in the world and has included only the well known advertisers and mainly english speaking websites
[*]If you wish to have 100% advert free browsing then using something like the Promoxitron or Junkbuster proxy or Mozillas BannerBlind which will remove 99.9% of adverts_

How do you know if the file is working?
_Quite simply, can you see (h**p://doubleclick.net/)* this site* or (h**p://fastclick.net/)* this site*. If you can still see those sites than the Hosts file is not working and you should check your settings and installation_

Does this have a virus in it?
_No it doesn't, its only a plain text file so it cannot do any harm to your computer, there are no install programs or executable files just a simple single text file_


*WINDOWS UPDATE NOTE:* Akamai.net is used by Microsoft to host the Windows Update features, known as the "AutoUpdate" and "v5.windowsupdate.microsoft.com [63.209.144.181]". In addition, Akamai.net also hosts others, such as ad/spware websites.

So if either feature of the Windows Update is not working and/or you get "Windows Update Failure - Error Code 0x800A138F". Then close ALL broswers' windows, open *hosts* file, press {CTRL+F}->look for this address "a248.e.akamai.net [63.251.152.201]", without the brackets, and delete it then save and exit. Now try (h**ps://a248.e.akamai.net/v5.windowsupdate.microsoft.com/getmanifest.asp)* (h**ps://a248.e.akamai.net/v5.windowsupdate.microsoft.com/getmanifest.asp)*  again. If it works, then go to * (h**p://windowsupdate.microsoft.com)*  and get your Updates. If it still does not work then your company or your ISP may be blocking this hostname. Or some anti-ad/spy programs may have this address blocked, such as h**p://spyblocker-software.com/IPB/index.php?showtopic=420&st=0&#entry1820 *SPYBLOCKER*.

*DO NOT DELETE ALL AKAMAI.NET SITES, OTHERWISE YOU WILL END UP WITH AD/SPY SITES POPING BACK.*
Below is a small sample of hundreds of the Akamai.net servers that process ad/spy sites:
0.0.0.0	a08.g.akamai.net
0.0.0.0	a1.g.akamai.net
0.0.0.0	a10.g.akamai.net
0.0.0.0	a100.g.akamai.net
0.0.0.0	a100.g.akamaitech.net
0.0.0.0	a1016.g.akamai.net
0.0.0.0	a1028.g.akamai.net
0.0.0.0	a1032.g.akamai.net
0.0.0.0	a104.g.akamai.net
0.0.0.0	a1040.g.akamai.net
0.0.0.0	a1061.g.akamai.net
0.0.0.0	a1066.g.akamai.net
0.0.0.0	a108.g.akamai.net
0.0.0.0	a11.g.akamai.net
0.0.0.0	a1100.g.akamai.net
0.0.0.0	a111.g.akamai.net
0.0.0.0	a1156.g.akamai.net
0.0.0.0	a1168.g.akamai.net
0.0.0.0	a117.g.akamaitech.net
0.0.0.0	a1172.g.akamaitech.net
0.0.0.0	a1180.g.akamai.net
0.0.0.0	a1196.g.akamai.net
0.0.0.0	a12.g.akamai.net
0.0.0.0	a12.g.akamaitech.net
0.0.0.0	a1208.g.akamai.net
0.0.0.0	a1224.g.akamaitech.net
0.0.0.0	a1228.g.akamai.net
0.0.0.0	a1234.g.akamai.net
0.0.0.0	a1240.g.akamaitech.net
0.0.0.0	a1252.g.akamai.net
0.0.0.0	a1261.g.akamai.net
0.0.0.0	a1284.g.akamai.net
0.0.0.0	a13.g.akamai.net
0.0.0.0	a1300.g.akamai.net
0.0.0.0	a1316.g.akamai.net
0.0.0.0	a1356.g.akamai.net
0.0.0.0	a1360.g.akamai.net
0.0.0.0	a1380.g.akamai.net
0.0.0.0	a14.g.akamai.net


*Now continue to Example 3, below*

*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO BLOCK ADS AND MAINTAIN THE SUPERTRICK (hosts file - example 3)*
_The most common way of detecting spam is by using spam databases (blacklists, sometimes incorrectly referred to as RBLs, since RBL is trademarked by MAPS) that list the addresses of mail servers known (or believed) to send spam. This is done by taking the IP address of the remote mail server, converting it to a domain name using the ip4r format (1.2.3.4 becomes 4.3.2.1.bl.example.com), and seeing if that name exists.

Below is a list of all known DNS-based spam databases (some links may be temporarley down or unresolved, please send me a PM with any:_
*
Standard IP-based Spam Databases
*

*ABL* - _"Arbitrary Blackhole List. No TXT records, missing test entry 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://spammers.v6net.org
```

*BGISOCBL* - _"Bulgarian Spam Prevention System. Designed primarily to protect isoc.bg's members from receiving Bulgarian spam. *Warning:* Can't Be Tested."_

```
h**p://dnsbl.isoc.bg
```

*BGISOCWL* - _"Bulgarian Spam Prevention System Whitelist. Designed primarily to protect isoc.bg's members from receiving Bulgarian spam; this is a WHITELIST, which lists 'good' IPs. No TXT records, missing test entry 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://dnswl.isoc.bg
```

*BLARSBL* - _"Confirmed that it is working on 24 Oct 2001. Has 15 different return values, indicating the reason for the listing (IE could be split up into as many as 12 tests). Includes interesting tests such as no [email protected] - address, and originating a DoS attack. Does not have TXT records. *Warning:* May contain a number of IPs that no longer are associated with spammers, and are now allocated to legitimate customers that can not be removed. May also blacklist entire ISPs."_

```
h**p://block.blars.org
```

*BLITZEDALL* - _"Combines the BLITZEDh**p, BLITZEDSOCKS, BLITZEDWINGATE, BLITZEDCISCO, and BLITZEDPOST tests. Confirmed that it is working on 09 Apr 2002."_

```
h**p://opm.blitzed.org
```

*BLITZEDCISCO* - _"Lists Cisco proxies. Assumed to be working on 20 Feb 2003 (since bitmask tests can't be tested)."_

```
h**p://opm.blitzed.org
```

*BLITZEDh**p* - _"Lists open h**p (CONNECT) proxies. Confirmed that it is working on 03 Feb 2002."_

```
h**p://opm.blitzed.org
```

*BLITZEDPOST* - _"Lists open h**p (POST) proxies. Assumed to be working on 20 Feb 2003 (since bitmask tests can't be tested)."_

```
h**p://opm.blitzed.org
```

*BLITZEDSOCKS* - _"Lists open SOCKS proxies. Confirmed that it is working on 03 Feb 2002."_

```
h**p://opm.blitzed.org
```

*BLITZEDWINGATE* - _"Lists open wingate proxies. Confirmed that it is working on 03 Feb 2002."_

```
h**p://opm.blitzed.org
```

*BONDEDSENDER* - _"A *whitelist* of E-mail senders that have posted a bond to help prove that their E-mail is legitimate."_

```
h**p://query.bondedsender.org
```

*BORDERWORLDSBL* - _"A private spam database. *Warning:* Can't Be Tested."_
*CBL* - _"Lists IPs that send to large spamtraps, and are running open proxies, worms/viruses, trojan horses, etc. Confirmed 01 Aug 2003."_

```
h**p://cbl.abuseat.org
```

*CHICKENBONER* - _"Unknown, apparently no website. *Warning:* Can't Be Tested."_

```
h**p://fl.chickenboner.biz
```

*CLUECENTRAL* - _"Lists IPs in certain countries. Missing test entry 127.0.0.2. Confirmed 18 Jun 2002 *Warning:* Can't Be Tested."_

```
h**p://rbl.cluecentral.net
```

*COMPU-PMO* - _"Undocumented. Apparently lists "pm0.com" sources. Confirmed 10 Jan 2002. *Warning:* Can't Be Tested."_

```
h**p://pm0-no-more.compu.net
```

*CSMA* - _"Lists IPs of mailservers that send spam twice in a short timeframe to the McFadden Associates mailservers. Confirmed 29 Sep 2003."_

```
h**p://bl.csma.biz
```

*CSMA-SBL* - _"Lists IPs of mailservers that send spam to the McFadden Associates mailservers, even once. More aggressive than the CSMA test, and best used with score-based anti-spam programs. Confirmed 20 - Oct 2003."_

```
h**p://sbl.csma.biz
```

*COMPU* - _"Undocumented (but confirmed). 'Primarily for hosts which were not blocked by other blackhole sites and spammed compu.net' according to one source."_

```
h**p://blackhole.compu.net
```

*DEADBEEF* - _"Lists ISPs that have no way to report abuse. Confirmed 11 Mar 2003."_

```
h**p://bl.deadbeef.com
```

*DNSRBL-DUN* - _"Lists dialup lines (modems, DSL, cable). *Warning:* uses 127.0.0.1 as its test entry. Verified 19 Jun 2002."_

```
h**p://dun.dnsrbl.net
```

*DNSRBL-SPAM* - _"Lists known spammers, based on E-mail sent to 'honey pot' addresses. *Warning:* uses 127.0.0.1 as its test entry. Verified 19 Jun 2002."_

```
h**p://spam.dnsrbl.net
```

*DSBL* - _"Distributed Sender Boycott List. This is a 'trusted' portion of DSBL, that accepts submissions of open relays and any other unsecure servers that spammers can use to send spam. Confirmed on 28 Mar 2002."_

```
h**p://list.dsbl.org
```

*DSBLALL* - _"Distributed Sender Boycott List. This is the 'untrusted' version (IE anyone can submit to it) of the DSBL database, which accepts submissions of open relays and any other unsecure servers that spammers can use to send spam. Note that it will likely contain some popular free mail services and the like, if their users maliciously submit entries. Confirmed on 05 Apr 2002."_

```
h**p://unconfirmed.dsbl.org
```

*DSBLMULTI* - _"Distributed Sender Boycott List. This is a 'trusted' portion of DSBL, that lists multi-hop relays from trusted sources. Confirmed on 09 Apr 2002."_

```
h**p://multihop.dsbl.org
```

*DUINV* - _"Lists IPs that belong to dialup connections. No TXT records, missing test entry 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://duinv.aupads.org
```

*DULRU* - _"Apparently lists dialup lines in Russia (site is in Russian). No TXT records, missing test entry 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://dul.ru
```

*EASYNET-DNSBL* - _"Lists direct spam sources, indirect spam sources (using open relays or other conduits to send spam), open proxy hits, Spamhaus SBL hits, opt-out mailers, and relay-probing sources. Click link for full - description. Confirmed that the zone and entries exist on Nov 26 2001. Was WIREHUB-DNSBL."_

```
h**p://blackholes.easynet.nl
```

*EASYNET-DYNA* - _"Lists dynamic IP ranges (per /24, to attain maximum granularity and a minimum of false postives by probing several IP numbers in each /24 and examining PTR records). Confirmed 14 Dec 2001. Was WIREHUB-DYNA."_

```
h**p://dynablock.easynet.nl
```

*EASYNET-PROXIES* - _"Lists both regular open proxies and trojaned servers with open proxy functionality. Was WIREHUB-PROXIES."_

```
h**p://proxies.blackholes.easynet.nl
```

*FABELSOURCES* - _"Lists networks (mostly in Asia and South America) that keep sending spam. Confirmed on 23 Jan 2002."_

```
h**p://spamsources.fabel.dk
```

*FIVETENDUL* - _"Lists spam sites before they get into DUL; includes some DSL IPs. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENFREE* - _"Lists mailservers used by free mail services that either have no abuse address address listed at abuse.net, or that ignore abuse complaints. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENIGNORE* - _"Lists IP ranges of companies that ignore spam complaints. *Warning:* May block large ISPs. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENKLEZ* - _"Lists mailservers that send AV notification responses to Klez and similar viruses that forge the return address. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENMULTI* - _"Lists multi-stage open relays. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENOPTIN* - _"Lists bulk mailers that don't use confirmed opt-in. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENOTHER* - _"Lists servers with 'other issues.' NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENSINGLE* - _"Lists single-stage open relays. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENSRC* - _"Lists direct spam sources. *Warning:* Lists entire Class B ranges if 1 IP sends them spam! NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENTCPA* - _"Lists companies that violate the TCPA act, by leaving pre-recorded telephone sales calls or not maintaining a do-not-call list. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_
*FIVETENWEBFORM* - _"Lists servers running vulnerable web scripts that can send spam. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole')."_

```
h**p://blackholes.five-ten-sg.com
```

*FLOWGO* - _"Unknown and undocumented, but operational (confirmed 24 Oct 2001). 'Lists FloNetwork systems' according to one source. Flonetwork was apparently bought out by DoubleClick."_

```
h**p://flowgoaway.com
```

*GIPPER* - _"A listing of computers which are running an insecure h**p proxy that allows arbitrary port connections. No TXT records, no 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://proxy.bl.gweep.ca
```

*GIRL* - _"Gweep.ca Insecure Relay List. Lists open relays. No TXT records, no 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://relays.bl.gweep.ca
```

*GRIP* - _"Randomly lists random IPs. Obviously, this should not be used as a spam test. No TXT records, no 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://random.bl.gweep.ca
```

*HIL* - _"Lists IPs of mailservers that infringe on Habeas' intellectual property, and are unwilling or unable to rectify the situation in a timely matter. Note that it is not DNS-accessible yet; it requires that you connect directly to hil.habeas.com. No TXT records. Confirmed 30 Oct 2002. *Warning:* Can't Be Tested."_

```
h**p://hil.habeas.com
```

*HILLI* - _"Undocumented."_

```
h**p://blocked.hilli.dk
```

*HUL* - _"Lists IPs of Habeas licensees. Used as a whitelist. Requires a license agreement to be filled out. *Warning:* Can't Be Tested."_
*ICMFORBIDDEN* - _"Lists IPs of companies that took ORBS to court. No TXT records, no 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://forbidden.icm.edu.pl
```

*INFORMATIONWAVE* - _"Lists spammers. No TXT records, no 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://blacklist.informationwave.net
```

*INTERSIL* - _"Undocumented (but confirmed)."_

```
h**p://blackholes.intersil.net
```

*IPWHOIS* - _"Lists domains that have incorrect or otherwise bad information in their IP whois data. Note that this MAY have the same flaw as the BADWHOIS test and could list major portions of the Internet."_

```
h**p://ipwhois.rfc-ignorant.org
```

*JAMMDNSBL* - _"Currently undocumented. Returns 127.0.0.2 for spammers, .3 for open relays, .4 for insecure E-mail scripts, .5 for open proxies, and .6 for dynamic IP ranges. *Warning:* Lists IP ranges for some entire countries."_

```
h**p://dnsbl.jammconsulting.com
```

*KEMPTBL* - _"Lists any mailserver that sends spam or E-mail with forged headers. You must contact them to use it. *Warning:* Can't Be Tested."_
*KITHRUP* - _"Unknown. Note the possibly odd '0.0.0.0' response that could break existing anti-spam programs."_

```
h**p://3y.spam.mrs.kithrup.com
```

*KROPKA-IP* - _"Lists static IPs, whole networks. *Warning:* Can't Be Tested."_
*KROPKA-DIALUPS* - _"Lists dialups and dynamic IPs. *Warning:* Can't Be Tested."_
*KROPKA-RELAYS* - _"Lists open relays. *Warning:* Can't Be Tested."_
*KROPKA-PROXIES* - _"Lists open proxies. *Warning:* Can't Be Tested."_
*KROPKA-FORMS* - _"Lists unsecured forms and subscriptions. *Warning:* Can't Be Tested."_
*KROPKA-LAMEAV* - _"Lists systems that send virus notifications to forged sender. *Warning:* Can't Be Tested."_

```
h**p://all.rbl.kropka.net
```


Continue below due to character amount limitation......

*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

......Continuing from above

*KUNDENSERVER* - _"Run by a large web hosting company that tests mailservers that connect to it, to see if they are open relays. Lists the open relays for several weeks/months."_

```
h**p://relays.bl.kundenserver.de
```

*LBL* - _"Has many different criteria for listing, such as companies that favor spam, spamware vendors."_

```
h**p://lbl.lagengymnastik.dk
```

*LNSGBLOCK* - _"Lists blocks of addresses that may contain spammers, but only if there are no reverse DNS entries. Confirmed test entry on 08 Jan 2002."_
*LNSGBULK* - _"Lists bulk mailers that don't have confirmed opt-in, or that allow spam to be sent. Confirmed test entry on 08 Jan 2002."_
*LNSGDUL* - _"Lists dialup lines (remember, DUL-type tests should NOT be run against local users). Confirmed that the zone exists on 30 Oct 2001, confirmed test entry on 08 Jan 2002."_
*LNSGMULTI* - _"Lists multiple stage open relays that are not on other spam databases. Confirmed test entry on 08 Jan 2002."_
*LNSGOR* - _"Lists single-stage open relays that are not on other spam databases. Confirmed test entry on 08 Jan 2002."_
*LNSGSRC* - _"Lists spam sources (any mail server sending spam). Confirmed test entry on 08 Jan 2002."_

```
h**p://spamguard.leadmon.net
```

*MAILDEFLECTOR* - _"A pay service that lists IPs based on spambait addresses and customer submissions. Customers can add/remove IP ranges and/or countries for their own use, using a simple checkbox list. $150/year/server, 60 day free trial (free for non-profits/hobbyists). *Warning:* Can't Be Tested."_
*MAPS-DUL* - _"MAPS DUL (Dialup User List) was another very important ip4r DNS lookup, but since it now requires a subscription, other dialup tests may be used instead. It lists the IP addresses of lots of 'dialup lines' -- the connections that individuals get when then dial into the Internet. Although lots of legitimate E-mail originates from dialup lines, legitimate users very rarely if ever send mail directly to the receiving SMTP server; they send mail to their ISP's mail server. Therefore, it is safe to say that if anyone listed in DUL connects to your mail server, they are not sending legitimate E-mail. We recommend using the DUL test. *A pay service as of 7/31/2001. Warning:* Can't Be Tested."_

```
h**p://dialups.mail-abuse.org
```

*MAPS-NML* - _"MAPS NML (Non-confirming Mailing List) lists mail servers that send out mailing list E-mail for lists that do not confirm the subscriptions. Mailing lists that send E-mail without confirming will often end up sending spam, as people think it is a cute practical joke to add their friends to the list.*A pay service*. Unconfirmed. *Warning:* Can't Be Tested."_
*MAPS-OPS* - _"MAPS OPS (Open Proxy Stopper) lists computers that are running open proxies. *A pay service.* Unconfirmed. *Warning:* Can't Be Tested."_
*MAPS-RBL* - _"MAPS RBL (Realtime Blackhole List) was once the most important ip4r DNS lookup, but it is less used now that it requires a subscription. It lists networks known to be friendly or neutral to spammers. In most cases, it is very good about only listing mail servers that send out a lot of spam, and not simply open relays that get hijacked once and then are secured. Because of this, we recommend using the RBL test. *A pay service as of 7/31/2001. Warning:* Can't Be Tested."_

```
h**p://blackholes.mail-abuse.org
```

*MAPS-RBLPLUS* - _"MAPS RBL+ is a paid service that apparently combines RBL, RSS, DUL, and OPS into a single lookup. It appears that you can't test it without a subscription. *Warning:* Can't Be Tested."_

```
h**p://rbl-plus.mail-abuse.org
```

*MAPS-RSS* - _"MAPS RSS (Relay Spam Stopper) lists spam-relaying mail servers. These are open relays that have been known to send spam. They may well be legitimate mail servers that were open relays, and may be closed soon. However, they were open relays and did send spam. This is similar to RBL, except that the mail servers may be anti-spam and quick to fix the problem. In that case, you may be blocking legitimate mail until the problem is fixed. There is no grace period, so if the server is caught sending spam and is still an open relay, it will be listed immediately. In June, 2001 it contained about 100,000 mail servers! *A pay service as of 7/31/2001. Warning:* Can't Be Tested."_

```
h**p://relays.mail-abuse.org
```

*MITSUBISHI* - _"A private spam database. You can perform a lookup at"_

```
h**p://www.DNSstuff.com
```

*NERD* - _"Lists IPs in certain countries. Missing test entry of 127.0.0.2. Confirmed 18 Jun 2002. *Warning:* Can't Be Tested."_

```
h**p://countries.nerd.dk
```

*NETHERRELAYS* - _"Lists mailservers that send to non-existent accounts at nether.net. Zone transfers requested for large use hosts."_

```
h**p://relays.nether.net
```

*NETHERUNSURE* - _"Lists mailservers that cannot be tested. Zone transfers requested for large use hosts."_

```
h**p://unsure.nether.net
```

*NJABL* - _"Lists open relays and known spam sources. Test listing confirmed 07 Jan 2002."_
*NJABLDUL* - _"Lists dialup lines and other dynamic IP ranges. NOTE: As with other dialup lists, you should NOT use this to scan mail from your users, if you are an ISP. Test listing confirmed 07 Jan 2002."_
*NJABLFORMMAIL* - _"Lists servers with insecure formmail scripts. Test listing confirmed 29 Oct 2002."_
*NJABLMULTI* - _"Lists multi-stage open relays. Will notify the appropriate NIC one week in advance of listing, to allow them to correct the problem. Test listing confirmed 29 Oct 2002."_
*NJABLPROXIES* - _"Lists open proxy servers. Test listing confirmed 29 Oct 2002."_
*NJABLSOURCES* - _"Lists spam sources. Will include commercial spammers, direct-to-mx, and proxies. IP ranges will be added only if they can be identified with the spammer. Test listing confirmed 29 Oct 2002."_

```
h**p://dnsbl.njabl.org
```

*NLKUNBLACKLIST* - _"Documentation not in English. No TXT records, missing test entry of 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://blacklist.sci.kun.nl
```

*NLKUNWHITELIST* - _"Documentation not in English. Apparently a whitelist. No TXT records, missing test entry of 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://whitelist.sci.kun.nl
```

*NOMOREFUNN* - _"Undocumented. Will list dialup networks that send spam, and are outside Scandinavia. Lists IPs that send spam or attempt relaying. Also lists networks of Danish spammers. Confirmed 09 Apr 2002."_

```
h**p://no-more-funn.moensted.dk
```

*ORID* - _"Designed to list mailservers sending spam, at the time they are sending it (not before or after)."_

```
h**p://dnsbl.antispam.or.id
```

*ORDB* - _"Open Relay Database. Lists open relays. Has corresponding TXT records. Had about 81,000 entries as of 7/23/01, hit 200,000 on 22 Jan 2002. Will notify servers when they get listed, and will automatically re-test periodically."_

```
h**p://relays.ordb.org
```

*ORVEDB* - _"Lists hosts that are verified as open relays. No TXT records, missing test entry 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://orvedb.aupads.org
```

*PDL* - _"Pan-Am Internet Services' Dynamic List. Lists home dialup, broadband, and similar networks. No TXT records, missing 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://dialups.visi.com
```

*POSTFIXGATE* - _"A *pay service* with a list of mail servers that send spam. Includes TXT records. Verified Nov 28 2001. *Warning:* Can't Be Tested."_

```
h**p://bl.redhatgate.com
```

*RELAYWATCHER* - _"RelayWatcher was designed to create a network of relay testers that report their results to a central server."_

```
h**p://relaywatcher.n13mbl.com
```

*REYNOLDSOHPS* - _"Reynolds Open h**p Proxy Server Block List. Lists servers that have open web proxies that are being abused. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://ohps.bl.reynolds.net.au
```

*REYNOLDSOMRS* - _"Reynolds Open Multi-Level Relay Server Block List. [*Both ip4r and rhsbl*] Lists servers that are open multi-level relays and being abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Also appears to list open proxies. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://omrs.bl.reynolds.net.au
```

*REYNOLDSOSPS* - _"Reynolds Open Socks Proxy Server Block List. [*Both ip4r and rhsbl*] Lists servers that have open socks proxies that are being abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://osps.bl.reynolds.net.au
```

*REYNOLDSOSRS* - _"Reynolds Open Single-level Relay Server Block List. [*Both ip4r and rhsbl*] Lists servers that are open relays and being abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Also appears to list open proxies. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://osrs.bl.reynolds.net.au
```

*REYNOLDSOWFS* - _"Reynolds Open Web Form Server Block List. [*Both ip4r and rhsbl*] Lists servers with web form scripts that have been abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://owfs.bl.reynolds.net.au
```

*REYNOLDSOWPS* - _"Reynolds Open Wingate Proxy Server Block List. Lists servers that have open wingates that are being abused. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://owps.bl.reynolds.net.au
```

*REYNOLDSRDTS* - _"Reynolds Dialup/DSL Type Services Block List. Lists dialup, DSL, and other dynamic IP ranges. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://rdts.bl.reynolds.net.au
```

*REYNOLDSRICN* - _"Reynolds Incorrectly Configured Networks. Lists networks which appear to be incorrect configured. Includes networks with no/few reverse DNS entries, or lots of spam. Appears to list Class C ranges (dangerous!) rather than assigned network ranges. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://ricn.bl.reynolds.net.au
```

*REYNOLDSRMST* - _"Reynolds Multiple Spam Traps Block List. [*Both ip4r and rhsbl*] Lists IPs/domains that send to spamtraps. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003."_

```
h**p://rmst.bl.reynolds.net.au
```

*REYNOLDST1* - _"Reynolds 'Type 1' Block List. Lists servers that are listed in any of the other Reynolds lists. Free for first 1,000 lookups per day. Confirmed on 23 Jan 2003."_

```
h**p://t1.bl.reynolds.net.au
```

*ROPE* - _"Undocumented except in a mailing list. Apparently lists IPs sending spam to the person running rope.net. Confirmed 09 Apr 2002. No TXT records."_

```
h**p://rbl.rope.net
```

*RSBL* - _"Lists hosts that were verified a true and ostensible spammer activity. *Warning:* Will list legitimate mailservers that have no reverse DNS entry. No TXT records, missing test entry 127.0.0.2. *Warning:* Can't Be Tested."_

```
h**p://rsbl.aupads.org
```

*RSL* - _"visi.com Relay Stop List (RSL) is a list of mail servers that have relayed spam recently."_

```
h**p://relays.visi.com
```

*SATOS* - _"A personal blacklist, that lists IPs of spammers that send to the administrator of cluecentral.net. *Warning:* Can't Be Tested."_

```
h**p://satos.rbl.cluecentral.net
```

*SBBL* - _"Lists IPs of mailservers that send to spambait addresses at they.com. IPs are automatically removed."_

```
h**p://sbbl.they.com
```

*SBL* - _"Spamhaus Block List. Lists 'known spammers, spam gangs or spam support services'. Confirmed on 21 Mar 2002."_

```
h**p://sbl.spamhaus.org
```

*SCHULTE* - _"Lists mailservers that the administrator of the schulte.org domain doesn't want to get mail from. No TXT records, missing 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://rbl.schulte.org
```

*SDERB* - _"Scary Devil Enterprises Realtime Blocklist. Lists IPs of mailservers that have sent mail to bad addresses on SDE mailservers in the past 2 1/2 hours, that are not in several other spam databases. No TXT records, missing 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://msgid.bl.gweep.ca
```

*SENDERBASE* - _"Keeps track of how much E-mail is being sent from IPs/domains, has information about many of them, and will soon have a DNS lookup service. *Warning:* Can't Be Tested."_
*SERVICESNET* - _"Lists all IPs in South Korea; see URL for details. Unconfirmed 28 Oct 2002 due to no 127.0.0.2 test entry. *Warning:* Can't Be Tested."_

```
h**p://korea.services.net
```

*SORBS-BLOCK* - _"Spam and Open Relay Blocking System. This test lists networks that request never to be tested. Confirmed on 28 Aug 2003. Can also be used with the zone block.dnsbl.sorbs.net."_
*SORBS-DUL* - _"Spam and Open Relay Blocking System. This test lists dynamic IP ranges. Confirmed on 28 Aug 2003. Can also be used with the zone dul.dnsbl.sorbs.net."_
*SORBS-h**p* - _"Spam and Open Relay Blocking System. This test lists Open h**p Proxy servers. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone h**p.dnsbl.sorbs.net."_
*SORBS-MISC* - _"Spam and Open Relay Blocking System. This test lists open proxy servers not listed in the SORBS-h**p or SORBS-SOCKS tests. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone misc.dnsbl.sorbs.net."_
*SORBS-SMTP* - _"Spam and Open Relay Blocking System. This test lists open relays. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone smtp.dnsbl.sorbs.net."_
*SORBS-SOCKS* - _"Spam and Open Relay Blocking System. This test lists Open SOCKS Proxy servers. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone socks.dnsbl.sorbs.net."_
*SORBS-SPAM* - _"Spam and Open Relay Blocking System. This test lists hosts that have sent spam to the admins of SORBS. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone spam.dnsbl.sorbs.net."_
*SORBS-WEB* - _"Spam and Open Relay Blocking System. This test lists web servers which have vulnerabilities that can be used by spammers (such as formmail scripts). Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone web.dnsbl.sorbs.net."_
*SORBS-ZOMBIE* - _"Spam and Open Relay Blocking System. This test lists networks hijacked from their original owners, some of which are already spamming.. Confirmed on 12 May 2003. Can also be used with the zone zombie.dnsbl.sorbs.net."_

```
h**p://dnsbl.sorbs.net
```

*SPAMBAG* - _"Lists networks that send out spam, perform dictionary attacks, both the direct sources and the networks used by them (and networks used to sell software used by them). *Warning:* Will list large ISPs that tolerate spamming (IE Sprint). May return codes other than 127.0.0.2. Test listing confirmed 14 Dec 2001."_

```
h**p://blacklist.spambag.org
```

*SPAMCOP* - _"Lists mail servers that have a high spam-to-legitimate-mail ratio. Catches about the most spam of all tests. Donations are requested."_

```
h**p://bl.spamcop.net
```

*SPEWS* - _"SPEWS is a list of areas on the Internet which several system administrators deny E-mail from. *Warning:* Intentionally lists legitimate mailservers that either have IPs close to spammers, or that had problems in the past that have been completely fixed. Should *not* be used to block mail, although could be used in a weighting system."_

```
h**p://spews.bl.reynolds.net.au
```

[*TECHNOVISION* - _"Lists IPs of mailservers that have sent spam to the administrator of technovision.dk."_

```
h**p://bl.technovision.dk
```

*TRIUMF* - _"Unconfirmable on 09 Apr 2002. *Warning:* Can't Be Tested."_

```
h**p://rbl.triumpf.ca
```

*TUBERLIN* - _"Unconfirmable on 09 Apr 2002. No documentation. *Warning:* Can't Be Tested."_

```
h**p://rblmap.tu-berlin.de
```

*UCEB* - _"A hardcore spam list; lists mailservers that have sent spam. Returns multiple A records. Confirmed 29 Oct 2002."_

```
h**p://blackholes.uceb.org
```

*URBL* - _"Lists every IP address (for the totally clueless: that means that every E-mail from anybody on the Internet will be blocked). Should not be used, of course. This one was included because it has a good point: you REALLY should know what and why a test blocks before using it. Confirmed 09 Apr 2002. *Warning:* Can't Be Tested."_

```
h**p://blocked.secnap.net
```

*US* - _"Lists IPs of about 20 different countries and many ISPs (one zone per country/ISP), including Verio. Confirmed 23 Aug 2002. *Warning:* Can't Be Tested."_

```
h**p://blackholes.us
```

*VOX* - _"Lists IPs that phydiux.com and it's partners have received spam from. Confirmed on 23 Oct 2002."_

```
h**p://vox.schpider.com
```

*WSFF* - _"Unconfirmable on 09 Apr 2002. No documentation. *Warning:* Can't Be Tested."_

```
h**p://will-spam-for-food.eu.org
```

*WYTNIJ* - _"Looks like a valid spam database, but untestable (on 24 Mar 2002). Instruction appear to be in Polish, although it's a Tonga domain. *Warning:* Can't Be Tested."_

```
h**p://spam.wytnij.to
```

*XBL* - _"Extreme spam Blocking List, possibly designed to have every known IP listed. *Warning:* They include Sprint and uunet IPs, and will not remove non-spammers from the list. Can return 127.0.0.2 as well as the documented 127.0.0.4. Re-confirmed 21 Mar 2002."_

```
h**p://xbl.selwerd.cx
```

*YAMTA-SPAM* - _"Lists IPs of spammers that have sent spam to the servers of the people that run this test. Confirmed on 30 Jun 2003."_
*YAMTA-PROBES* - _"Lists IPs of spammers that probed the servers of the people that run this test, to see if they are running an open relay. Confirmed on 30 Jun 2003.."_

```
h**p://spamsources.yamta.org
```

*YBL* - _"Lists all known Yahoo (and subsidiaries) netblocks, worldwide. Confirmed on 01 Jun 2002."_

```
h**p://ybl.megacity.org
```

*Now continue to Next step, below*

*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO SPEED-UP YOUR IP RESOLVING IN THE SUPERTRICK (hosts file)* 

Continuing from *example 1*

```
http://forums.techguy.org:80/showthread.php?p=2617026
```
& *example 2:*

```
http://forums.techguy.org:80/showthread.php?p=2617032
```

*Gather and Insert IP into HOSTS file*
*Download and Install ActiveURLs*, *you will need this -* _"Smart explorer-like bookmark manager and web monitoring program. Detects dead links and duplicates, checks web sites for new stuff, monitor web-site availability_

```
h**p://www.ezgoal.com/channels/internet/f.asp?f=199969&fl=internet+software
```

*Enable and Clean your Internet Log Program*
If you have Sygate Personal Firewarll, then
Double-click on the icon in the notification area (bottom right corner of Windows)
From menu, select TOOLS then OPTIONS
Click on the "Log" tab. Change "Traffic Log File" and "Capture Full Packet" sizes to 10000. Make sure you "Capture Full Packet" is checked and hit "OK" to close that window
Click the "Log" button
Make sure all programs that could access the internet are closed
From menu, select "Traffic Log". Then "File" & "Clear". Do the same to the "Packet Log"

If you have Norton Internet Security, then
Double-click on the icon in the notification area (bottom right corner of Windows)
In the left, under "Norton Internet Security", select "Statistics"
Click "View Logs" button
A window opens. Right-click on "Connections" and select "Enable Loggin" then "Change Log File Size" to 2048K and click "OK"
Highlight "Connections". From menu, select "Log" then "ClearCategory"


*Check ALL of your bookmarks using ActiveURLs and/or browse to sites u regularly visit*
*Using Excel combine the files, if there is more than one. All you need is the Remote Host IP and Remote Host and in that order*
*Clean out the duplicates, localhost and any sites you feel are not worth to speed-up*
*Open HOSTS file and inser a new line with # right after "127.0.0.1 localhost"*
*Copy & paste the cells from Excel into the HOSTS file. Remember, the IP must in the first column then the letter address.*

*Now for the FUN and SURE way of speeding*
*Windows 2k/XP*
First, open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
*Note the following lines (all hex dwords):*
Class = 008 (8) - indicates that TCP/IP is a name service provider, don't change
LocalPriority = 1f3 (499) - local names cache
HostsPriority = 1f4 (500) - the HOSTS file
DnsPriority = 7d0 (2000) - DNS
NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS
What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:
*Change the "Priority" lines to:*
LocalPriority = 005 (5) - local names cache
HostsPriority = 006 (6) - the HOSTS file
DnsPriority = 007 (7) - DNS
NetbtPriority = 008 (8) - NetBT name-resolution, including WINS
*Reboot for changes to take effect*

*Windows 9x/ME*
The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above
Open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider
*You should see the following settings:*
Class=hex:08,00,00,00

LocalPriority=hex:f3,01,00,00
HostsPriority=hex:f4,01,00,00
DnsPriority=hex:d0,07,00,00
NetbtPriority=hex:d1,07,00,00
*The "priority" lines should be changed to:*
LocalPriority=hex:05,00,00,00
HostsPriority=hex:06,00,00,00
DnsPriority=hex:07,00,00,00
NetbtPriority=hex:08,00,00,00
*Reboot for changes to take effect*


*System.ini IRQ Tweak - Windows 9x/ME ONLY*
*Find your Network Card's IRQ*
In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ
Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter

*Adding the entry to System.ini*
Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"
Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.
Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect

*Additional Thoughts*
The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more
This tweak may or may not work for you. It is not a documented tweak by Windows
Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini
In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications
If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller
For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card



*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO STOP SPAM VIA WINDOWS MESSENGER SERVICE*
_Below you'll find many ways (sorted in the most successful ratio first) to stop the Windows Messenger service, depending on your system environment, some may require more than one process. *This service is available only on NT, 2K, XP & Server 2003. Administrator Login is REQUIRED*_

*About The Messenger Service*
Messenger is a Windows Service that runs in the background
Messenger is not the same as MSN Messenger or any other Instant Messaging Program
Messenger does not facilitate two-way chatting
Many Windows Programs, Firewalls, UPS and Antiviruses require the Messenger Service
Antivirus and UPS software, among others, may not work if Messenger is disabled
The Messenger Service is usually turned on by default in most Windows NT, 2K and XP systems

*Manually*
*Example 1*
Click Start, Run and enter the following command:
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
_NOTE: This will prevent a long delay when opening Outlook Express if you have the Contacts pane enabled_
To prevent this, click Start, Run and enter {REGEDIT} Go to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express
Right click in the right pane and select New, Dword value
Give it the name Hide Messenger Double click this new entry and set the value to 2
End result should look EXACTLY like this:
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express]
Value Name: Hide Messenger
Data Type: REG_DWORD (DWORD Value)
Value Data: (2 = remove messenger)

*Example 2*
Copy and paste the following to Run Command Bar in the Start Menu:
RunDll32.exe advpack.dll,LaunchINFSection
%windir%\inf\msmsgs.inf,BLC.Remove

*Example 3*
If Example 5 didn't work, then try this - Many users miss or don't know of it
Click on Start then go to RUN and type:
C:\WINDOWS\inf\sysoc.inf
Change:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
To:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7
Then use Add/Remove Windows Components to remove Messenger
NOTE: You can also prevent access to Windows Messenger using Group Policy or the Set Program Access and Defaults utility added by default in Windows XP SP1 and Windows 2000 SP3

*Example 4*
Open Windows Messenger
From the menu, select "Tools" then "Options" then "Preferences" tab
Uncheck "Run this program when Windows starts"
Open Outlook Express
From the menu, select "Tools" then "Options" then "General" tab
Uncheck the option to "Automatically log on", if it's there
Also in Outlook Express, select "View" then "Layout"
Uncheck the option to "display Contacts" - _The program will open a connection and display a list of all Contacts on line if you do not_
In "Startup Folder" make sure there is no entry there for Messenger
Open Norton Anti-Virus if you have it installed
Click "Options" then "Instant Messenger"
Unckeck "Windows Messenger (recommended"
_NOTE: This list ought to work in disassociate MSN from Outlook Express, so that it'll only start up if you really want it to_

*Example 5*
*2000*
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties
Click the STOP button
Select Disable in the Startup Type scroll bar
Click OK

*XP Home*
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties
Click the STOP button
Select Disable in the Startup Type scroll bar
Click OK

*XP Professional*
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable in the Startup Type scroll bar
Click OK

*Windows NT*
Click Start ->Control Panel
Double Click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop
Then choose Disable as the Startup Type
Click OK
_NOTE: If you stop the service and don't adjust the startup type, the Messenger service will start automatically the next time you reboot. Keep in mind that when you disable the Messenger service, you'll no longer receive messages about an attached UPS, and you won't be notified of print job completion, performance alerts, or antivirus activity (from Windows) not the program you're using for those purposes._

*Example 6*
To disable receipt of messenger pop-ups, verify that your firewall disables inbound traffic on UDP ports 135, 137, and 138, and TCP ports 135 and 139. On a system connected directly to the Internet, you should also disable inbound traffic on TCP port 445. If the system you want to protect is part of a Win2K-based network with Active Directory (AD), don't block incoming traffic on port 445 - * Microsoft Knowledge Base Article - 330904*

```
h**p://support.microsoft.com/default.aspx?scid=kb;en-us;330904
```
_NOTE: You can use the firewall approach only if your system doesn't communicate with legacy systems that rely on NetBIOS name resolution to locate machines and shared resources. If, for example, you let users running Windows 9x share your printer or scanner, when you disable inbound NetBIOS traffic, users won't be able to connect to these shared resources. Regardless of the method you choose, you can stop messenger spam_


*Program*
*Example 1*

_NOTE: On Oct 15, 2003, Microsoft releases Critical Security Bulletin MS03-043 warning users that the Windows Messenger Service running and exposed by default in all versions of Windows NT, 2000 and XP, contains a "Remote Code Execution" vulnerability that allows any not otherwise secured and protected Windows machine to be taken over and remotely compromised over the Internet_
*Shoot the Messenger*

```
h**p://grc.com/files/shootthemessenger.exe
```


*Example 2*
*Messenger Disable*

```
h**p://www.dougknox.com/xp/utils/MessengerDisable.zip
```
_NOTE: If you choose to uninstall Windows Messenger on a system with SP1 installed, you will receive an error message about "un-registering" an OCX file. This is normal, and doest not affect the removal process. Windows Messenger will still be removed_


*TEST*
*Example 1*
Right-click "My Computer"
Select "Manage"
Under "System Tools" right-click on "Shared Folders"
Choose "All Tasks" and select "Send Console Message..."
If you recieve the following error message then the service has been disabled, otherwise confirm that you have disabled it or try another example
*"The following error occured while reading the list of sessions from Windows clients:
Error 2114: The Server service is not started."*

*Example 2*
Click Start then "Run"
Type in {cmd.exe}
Type in net send 127.0.0.1 hi
If you get a popup "hi" message, then confirm that you have disabled it or try another example


*IF YOU INSIST*
If you insist on keeping Windows Messenger, then I'd recommend *Messenger Manager* - _"Allows you to keep your messenger service running, as is intended and needed by Windows. This ensures that vital system errors and notifications may be sent informing you of Important System Events"_

```
h**p://www.sellertools.com/default.asp?i=MessageManager3.htm
```

However, as a replacement to Windows Messenger remote control feature, I'd recommend this free tool *Virtual Network Computing* - _"It is a remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home"_

```
h**p://www.realvnc.com/download.html
```



*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*HOW TO TWEAK THE REGISTRY SETTINGS FOR MAXIMUM PROTECTION FROM NETWORK ATTACK*

_The following registry settings will help to increase the resistance of the NT or Windows 2000 network stack to network denial of service attacks. All of the TCP/IP parameters are registry values located under the registry key:_

*HKEY_LOCAL_MACHINE*
*\SYSTEM*
*\CurrentControlSet*
*\Services:*
*\Tcpip*
*\Parameters*
*SynAttackProtect*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD
*Valid Range*: 0, 1, 2
0 (no synattack protection)
1 (reduced retransmission retries and delayed RCE (route cache entry) creation if the TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are satisfied.)
2 (in addition to 1 a delayed indication to Winsock is made.) 
*Note:* When the system finds itself under attack the following options on any socket can no longer be enabled : Scalable windows (RFC 1323) and per adapter configured TCP parameters (Initial RTT, window size). This is because when protection is functioning the route cache entry is not queried before the SYN-ACK is sent and the Winsock options are not available at this stage of the connection. 
*Default*: 0 (False)
*Recommendation*: 2
*Description*: Synattack protection involves reducing the amount of retransmissions for the SYN-ACKS, which will reduce the time for which resources have to remain allocated. The allocation of route cache entry resources is delayed until a connection is made. If synattackprotect = 2, then the connection indication to AFD is delayed until the three-way handshake is completed. Also note that the actions taken by the protection mechanism only occur if TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are exceeded

*TcpMaxHalfOpen*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD-Number
*Valid Range*: 100-0xFFFF
*Default*: 100 (Professional, Server), 500 (advanced server)
*Recommendation*: default
*Description*: This parameter controls the number of connections in the SYN-RCVD state allowed before SYN-ATTACK protection begins to operate. If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen backlog on the port you want to protect(see Backlog Parameters for more information) . See the SynAttackProtect parameter for more details

*TcpMaxHalfOpenRetried*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD-Number
*Valid Range*: 80-0xFFFF
*Default*: 80 (Professional, Server), 400 (Advanced Server)
*Recommendation*: default
*Description*: This parameter controls the number of connections in the SYN-RCVD state for which there has been at least one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate. See the SynAttackProtect parameter for more details

*EnablePMTUDiscovery*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD-Boolean
*Valid Range*: 0, 1 (False, True)
*Default*: 1 (True)
*Recommendation*: 0
*Description*: When this parameter is set to 1 (True) TCP attempts to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. Fragmentation adversely affects TCP throughput and network congestion. Setting this parameter to 0 causes an MTU of 576 bytes to be used for all connections that are not to hosts on the local subnet

*NoNameReleaseOnDemand*
*Key*: Netbt\Parameters
*Value Type*: REG_DWORD-Boolean
*Valid Range*: 0, 1 (False, True)
*Default*: 0 (False)
*Recommendation*: 1
*Description*: This parameter determines whether the computer releases its NetBIOS name when it receives a name-release request from the network. It was added to allow the administrator to protect the machine against malicious name-release attacks

*EnableDeadGWDetect*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD-Boolean
*Valid Range*: 0, 1 (False, True)
*Default*: 1 (True)
*Recommendation*: 0
*Description*: When this parameter is 1, TCP is allowed to perform dead-gateway detection. With this feature enabled, TCP may ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways may be defined in the Advanced section of the TCP/IP configuration dialog in the Network Control Panel. See the "Dead Gateway Detection" section in this paper for details

*KeepAliveTime*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD-Time in milliseconds
*Valid Range*: 1-0xFFFFFFFF
*Default*: 7,200,000 (two hours)
*Recommendation*: 300,000
*Description*: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application

*PerformRouterDiscovery*
*Key*: Tcpip\Parameters\Interfaces\
*Value Type*: REG_DWORD
*Valid Range*: 0,1,2
0 (disabled)
1 (enabled)
2 (enable only if DHCP sends the router discover option)
*Default*: 2, DHCP-controlled but off by default.
*Recommendation*: 0
*Description*: This parameter controls whether Windows 2000 attempts to perform router discovery per RFC 1256 on a per-interface basis. See also SolicitationAddressBcast

*EnableICMPRedirects*
*Key*: Tcpip\Parameters
*Value Type*: REG_DWORD
*Valid Range*: 0, 1 (False, True)
*Default*: 1 (True)
*Recommendation*: 0 (False)
*Description*: This parameter controls whether Windows 2000 will alter its route table in response to ICMP redirect messages that are sent to it by network devices such as a routers

*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*COPY/MOVE TO Function*
_Did you ever want to right-click in explorer and simply move or copy file/directory?? Well, now you can. Simply create a new text file called "install_copy_move_to.vbs" and copy/paste the first code below, then create another new text file called "uninstall_copy_move_to.vbs" and copy/paste the second code. Then run "install_copy_move_to.vbs", test it by right-clicking a file or directory in explorer. To uninstall, simply run "uninstall_copy_move_to.vbs". Please note that upon executing this script, your Anti-Virus program, Windows and/or Firewall programs will alert you to stop this script, simply because of this extension "vbs". "vbs" is a common virus, trojan and other type of script that malicious users use. However, I assure you this script is safe, yet please follow the notes from above and ALWAYS backup your registery and system before any of these or anyone's tips. ENJOY._

*First Code*

```
If (MsgBox ("Are you sure you want to install the Copy/Move To Extensions?", VBYesNo) = vbYes) then
	Set WshShell = WScript.CreateObject("WScript.Shell")

	' Copy uninstall file and Add uninstall reg entry
	WinDir = WshShell.ExpandEnvironmentStrings("%Windir%")
	Set fso = WScript.CreateObject("Scripting.FileSystemObject")
	Call fso.CopyFile("uninstallcopymoveto.vbs", _
		WinDir & "\uninstallcopymoveto.vbs", True)
	Set fso = Nothing
	BaseKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Copy Move To Extensions\"
	Call WshShell.RegWrite (BaseKey & "DisplayName", _
		"Copy/Move To Extensions","REG_SZ")
	Call WshShell.RegWrite (BaseKey & "UninstallString", _
		"cscript.exe " & WinDir & "\uninstallcopymoveto.vbs" ,"REG_SZ")

	' Add Copy/Move Extensions
	Call WshShell.RegWrite ("HKCR\Directory\shellex\ContextMenuHandlers\Copy To\", "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")
	Call WshShell.RegWrite ("HKCR\*\shellex\ContextMenuHandlers\Copy To\",  "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")
	Call WshShell.RegWrite ("HKCR\Directory\shellex\ContextMenuHandlers\Move To\", "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")
	Call WshShell.RegWrite ("HKCR\*\shellex\ContextMenuHandlers\Move To\",  "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")

	Set WshShell = Nothing

	MsgBox "Install Finished!"
End If
```
*Second Code*

```
If (MsgBox ("Are you sure you want to uninstall the Copy/Move To Extensions?", VBYesNo) = vbYes) then
	Set WshShell = WScript.CreateObject("WScript.Shell")

	' Remove Copy/Move Extensions
	Call WshShell.RegDelete ("HKCR\Directory\shellex\ContextMenuHandlers\Copy To\")
	Call WshShell.RegDelete ("HKCR\*\shellex\ContextMenuHandlers\Copy To\")
	Call WshShell.RegDelete ("HKCR\Directory\shellex\ContextMenuHandlers\Move To\")
	Call WshShell.RegDelete ("HKCR\*\shellex\ContextMenuHandlers\Move To\")

	' Remove uninstall reg entry and delete uninstall file
	BaseKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Copy Move To Extensions\"
	Call WshShell.RegDelete (BaseKey)

	WinDir = WshShell.ExpandEnvironmentStrings("%Windir%")
	Set fso = WScript.CreateObject("Scripting.FileSystemObject")
	Call fso.DeleteFile(WinDir & "\uninstallcopymoveto.vbs", True)
	Set fso = Nothing

	Set WshShell = Nothing

	MsgBox "Uninstall Finished!"
End If
```
*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## 0110 (May 15, 2005)

*REGISTRY TWEAKS TO SPEED UP YOUR INTERNET SPEED*
_Instructions: Open notepad, copy and paste the code, then save using the names I have here. Click that file and select "YES" to apply the tweak. You may have to reboot for the tweak to work._

*WARNING:* editing the registry can be dangerous if you don't know what you're doing, make sure to *USE YOUR HEAD*, if you removed something you didn't want to, don't worry, just use the back up in this program

*DNS Parameters (dns.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Dnscache\Parameters] 
"CacheHashTableBucketSize"=dword:00000001 
"CacheHashTableSize"=dword:00000180 
"MaxCacheEntryTtlLimit"=dword:0000fa00 
"MaxSOACacheEntryTtlLimit"=dword:0000012d
_When you type a site's address and click go, the browser will have to resolve that address into an IP first. With this tweak the DNS is used so it would not be needed to ask for such info every time you click go._

*Scheduled Tasks (remote.reg)*
[HKEY_LOCAL_MACHINE/Software/ Microsoft/ Windows/ Current Version/ Explorer/ RemoteComputer/ NameSpace]
Find the key named {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it.
_This key instructs Windows to search for Scheduled Tasks on remote computers. Most people don't ever use it, so why keep it._

*Forward Buffer Memory (buffer.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"ForwardBufferMemory"=dword:00024a00 
"NumForwardPackets"=dword:0000024a 
"MaxForwardBufferMemory"=dword:00024a00 
"MaxNumForwardPackets"=dword:0000024a
_This controls how much RAM TCP/IP uses for storing packet data in the router packet queue._

*Special Tweak-TCPIP1 (tcpip1.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters] 
"DefaultReceiveWindow"=dword:00004000 
"DefaultSendWindow"=dword:00004000 
"DisableAddressSharing"=dword:00000000 
"DisableRawSecurity"=dword:00000000 
"DynamicBacklogGrowthDelta"=dword:00000032 
"FastCopyReceiveThreshold"=dword:00000800 
"FastSendDatagramThreshold"=dword:00000800 
"IgnorePushBitOnReceives"=dword:00000000 
"IrpStackSize"=dword:00000004 
"LargeBufferListDepth"=dword:0000000a 
"LargeBufferSize"=dword:00002000 
"MaxActiveTransmitFileCount"=dword:00000002 
"MaxFastTransmit"=dword:00000040 
"MaxFastCopyTransmit"=dword:00000080 
"MediumBufferListDepth"=dword:00000018 
"MediumBufferSize"=dword:00001000 
"OverheadChargeGranularity"=dword:00000001 
"PriorityBoost"=dword:00000002 
"SmallBufferSize"=dword:00000400 
"SmallBufferListDepth"=dword:00000020 
"StandardAddressLength"=dword:00000018 
"TransmitWorker"=dword:00000020

*Special Tweak-TCPIP 2 (tcpip2.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3FEFA8E3-66C7-4C49-BCB0-3B4078E677C2}] 
"MTU"=dword:000005c0 
"MaxMTU"=dword:000005dc 
"RWIN"=dword:00001f8e

*Cable/56K Modem (cable.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] 
"ForwardBroadcasts"=dword:00000000 
"IPEnableRouter"=dword:00000000 
"UseDomainNameDevolution"=dword:00000000 
"EnableICMPRedirect"=dword:00000000 
"DeadGWDetectDefault"=dword:00000001 
"DontAddDefaultGatewayDefault"=dword:00000000 
"EnableSecurityFilters"=dword:00000001 
"AllowUnqualifiedQuery"=dword:00000000 
"PrioritizeRecordData"=dword:00000001 
"TCP1320Opts"=dword:00000001 
"TcpWindowSize"=dword:0003e900 
"TcpMaxDupAcks"=dword:00000001 
"EnablePMTUDiscovery"=dword:00000001 
"EnableFastRouteLookup"=dword:00000000 
"FFPControlFlags"=dword:00000001 
"FFPFastForwardingCacheSize"=dword:00030d40 
"ForwardBufferMemory"=dword:00019df7 
"MaxFreeTcbs"=dword:000007d0 
"MaxFreeTWTcbs"=dword:000007d0 
"MaxHashTableSize"=dword:00000800 
"MaxNormLookupMemory"=dword:00030d40 
"GlobalMaxTcpWindowSize"=dword:0003e900 
"TcpRecvSegmentSize"=dword:000005c0 
"LargeBufferSize"=dword:00002000 
"CacheTimeout"=dword:0000ea60 
"TCP132Opts"=dword:00000001 
"MaxForwardBufferMemory"=dword:001f4000 
"AllowUserRawAccess"=dword:00000000 
"ArpCacheLife"=dword:000002bc 
"ArpCacheSize"=dword:00000080 
"BufferMultiplier"=dword:00000200 
"DefaultRegistrationTTL"=dword:00000014 
"DefaultTTL"=dword:00000030 
"DisableAddressSharing"=dword:00000001 
"DisableReplaceAddressesInConflicts"=dword:00000000 
"DisableReverseAddressRegistrations"=dword:00000001 
"DisjointNameSpace"=dword:00000001 
"DynamicBacklogGrowthDelta"=dword:00000032 
"EnableDeadGWDetect"=dword:00000000 
"EnablePMTUBHDetect"=dword:00000000 
"IPReassemblyTimeOut"=dword:0000005a 
"KeepAliveTime"=dword:00023280 
"NoNameReleaseOnDemand"=dword:00000001 
"PerformRouterDiscovery"=dword:00000002 
"QueryIpMatching"=dword:00000000 
"SackOpts"=dword:00000001 
"SmallBufferSize"=dword:00000800 
"SmallerBufferSize"=dword:00000400 
"SynAckProtect"=dword:00000002 
"Tcp1323Opts"=dword:00000003 
"TCPDisableReceiveChecksum"=dword:00000000 
"TCPDisableSendChecksum"=dword:00000000 
"TcpKeepCnt"=dword:00000064 
"TcpKeepTries"=dword:0000000a 
"TcpLogLevel"=dword:00000000 
"TcpMaxConnectAttempts"=dword:00000002 
"TcpMaxHalfOpen"=dword:00000064 
"TcpMaxHalfOpenRetried"=dword:00000050 
"TcpMaxRetransmissionAttempts"=dword:00000005 
"TcpNumConnections"=dword:00000080 
"TcpSendDownMax"=dword:00008000 
"TcpSendSegmentSize"=dword:000005c0 
"TcpTimedWaitDelay"=dword:0000001e 
"UDPDisableSendChecksum"=dword:00000000 
"UDPDisableReceiveChecksum"=dword:00000000 
"UpdateSecurityLevel "=dword:00000000 
"TcpUseRFC1122UrgentPointer"=dword:00000000 
"MaxConnectionsPerServer"=dword:0000000a 
"MaxConnectionsPer1_0Server"=dword:00000014 
"FastSendDatagramThreshold"=dword:00001000 
"TransmitWorker"=dword:00000020 
"InitialSmallBufferCount"=dword:00000140 
"InitialMediumBufferCount"=dword:000000f0 
"InitialLargeBufferCount"=dword:00000064 
"DefaultReceiveWindow"=dword:0000e666 
"DefaultSendWindow"=dword:0000e666 
"MediumBufferSize"=dword:00001000 
"IgnorePushBitOnReceives"=dword:00000000 
"PriorityBoost"=dword:00000000 
"MaxFastTransmit"=dword:0000fa00 
"DefaultTOSValue"=dword:0000005c 
"IGMPLevel"=dword:00000002 
"BSDUrgent"=dword:00000001 
"BCastNameQueryCount"=dword:00000001 
"BcastQueryTimeout"=dword:00000064 
"LocalCopyMade"=dword:00000001 
"KeepAliveInterval"=dword:0000015e 
"MaxConnections"=dword:00000064 
"MaxConnectRetries"=dword:00000005 
"MaxDataRetries"=dword:00000063 
"LanaBase"=dword:00000000 
"NameTableSize"=dword:000000ff 
"NameSrvQueryTimeout"=dword:00000064 
"SessionKeepAlive"=dword:00001c20 
"SessionTableSize"=dword:000000ff 
"TcpMaxDataRetransmissions"=dword:00000006 
"DisableUserTOSSetting"=dword:00000000 
"Size/Small/Medium/Large"=dword:00000003 
"MaxDupAcks"=dword:00000003 
"RoutingBufSize"=dword:00023c00 
"RoutingPackets"=dword:00000064 
"MaxNumForwardPackets"=dword:0000024a 
"NumForwardPackets"=dword:0000024a

*LanMan Workstation (lanman.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] 
"AutoShareWks"=dword:00000000 
"AutoShareServer"=dword:00000000 
"MaxCmds"=dword:00000020 
"MaxThreads"=dword:00000020 
"MaxCollectionCount"=dword:00000020 
"CacheFileTimeout"=dword:0000000f 
"DormantFileLimit"=dword:00000032

*NetBT Parameters (netbt.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] 
"NbProvider"="_tcp" 
"NameServerPort"=dword:00000089 
"BcastQueryTimeout"=dword:000002ee 
"NameSrvQueryCount"=dword:00000003 
"NameSrvQueryTimeout"=dword:000005dc 
"Size/Small/Medium/Large"=dword:00000001 
"SessionKeepAlive"=dword:0036ee80 
"TransportBindName"="\\Device\\" 
"EnableLMHOSTS"=dword:00000001 
"EnablePortLocking"=dword:00000001 
"BcastNameQueryCount"=dword:00000001 
"CacheTimeout"=dword:0000ea60 
"Size/Small/Medium/Large"=dword:00000003 
"NoNameReleaseOnDemand"=dword:00000001

*MRU/MTU (mru_mtu.reg)*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3FEFA8E3-66C7-4C49-BCB0-3B4078E677C2}] 
"MTU"=dword:000005c0 
"MaxMTU"=dword:000005dc 
"RWIN"=dword:00001f8e


----------



## 0110 (May 15, 2005)

*CAN'T ACCESS SOME WEBSITES?*
_Does this happen to you? Every now and then when posting or previewing a post, or simply browsing; you get the page not available message or takes a long time to view? If you look at your firewall's log, you'll see that your ISP's and/or router IP is blocked (192.168.1.254 or .1)._

Find the IP address of your gateway. If you're using Windows 2000 or XP, run IPCONFIG at a command prompt on the Host computer. If you're using Windows 98 or Me, run WINIPCFG on the Host computer. Either way, you'll get an address that looks like *xxx.xxx.xxx.xxx* (where the x's represent numbers). 
Then, go to one of your Client machines, and type the following: 
*PING -f -l 1500 xxx.xxx.xxx.xxx*
_(where *xxx.xxx.xxx.xxx* is the gateway address you obtained in the first step). You'll probably get an error message indicating that it must be fragmented. If you do, type the following:_
*PING -f -l 1492 xxx.xxx.xxx.xxx*
If that doesn't work, try this: 
*PING -f -l 1472 xxx.xxx.xxx.xxx*

The numbers in each of these examples (1500, 1492, 1472) are the MTU values. Continue issuing this command with lower and lower MTU numbers until you get ping responses instead of an error message. The highest MTU value that works is the one you need to be using. If an MTU of 1500 (the first command, above) does not produce an error, then this solution won't work for you.
The next step is to configure all your Client computers to use the new, lower MTU as the default for all Internet communication.

*Windows 2000 and XP: *

Run the Registry Editor (*REGEDIT.EXE*) on one of your "Client" machines. 
Navigate to *HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Tcpip\ Parameters\ Interfaces* 
There should be several subkeys under the Interfaces key; most likely, you'll find three. View the contents of each key by clicking, and find the one that corresponds to your primary network adapter; it will be the one with more values than the other two, and will have an IP address value set to something like 192.168.0.x. 
Once you've found the correct subkey, create a new *DWORD* value in it _(Edit -> New -> DWORD Value)_, and name the value *MTU*. 
Double-click the new value, choose the Decimal option, and type the *MTU* value determined above. 
Click Ok when you're done - you'll need to restart Windows for this change take effect. 
Repeat this for each Client machine.
*Windows 98/Me: *

Run the Registry Editor (*REGEDIT.EXE*) on one of your "Client" machines. 
Navigate to *HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Class\ Net\*
Under that branch, find a key (numbered, such as 0005) that contains has *TCP/IP* assigned to the DriverDesc value. 
Select New from the Edit menu, then String Value, and type *MaxMTU* for the name of the new value. 
Double-click the new value, choose the Decimal option, and type the *MTU* value determined above. 
Click Ok when you're done - you'll need to restart Windows for this change take effect. 
Repeat this for each Client machine.
*TCP/IP Analyzer Test*

```
h**p://forums.speedguide.net:8117/
```
*TCP Optimizer v.2 Beta*

```
h**p://www.speedguide.net/files/TCPOptimizer2_rc1.exe
```
*TCP Optimizer v.1*

```
h**p://www.speedguide.net/files/TCPOptimizer.exe
```
*REFERENCES:*

```
h**p://rfc.net/rfc1191.html
h**p://support.microsoft.com/default.aspx?scid=kb;EN-US;q314053
h**p://www.cisco.com/warp/public/105/38.shtml
h**p://www.speedguide.net/tcpoptimizer.php
h**p://www.broadbandnuts.com/index.php?page=rwin
h**p://www.broadbandnuts.com/index.php?page=ping
h**p://www.broadbandnuts.com/index.php?page=dslpppoe
h**p://www.broadbandnuts.com/index.php?page=2kxpdef
h**p://www.broadbandnuts.com/index.php?page=win9xme
h**p://www.broadbandnuts.com/index.php?board=8;action=display;threadid=2150
h**p://www.broadbandnuts.com/index.php?page=dslwire1
h**p://www.j79zlr.com/cablenutXP2k.php h**p://www.j79zlr.com/cablenutME98.php
h**p://secinf.net/info/nt/2000ip/tcpipimp.html
h**p://www.perfectdrivers.com/
```
*RESULTS WILL VARY*
No matter how good your systems may be, they're only as effective as what you put into them.


----------



## oldie (Sep 28, 2003)

!!!!0*^%];


----------



## ~Candy~ (Jan 27, 2001)

Why might I sense possible plagarism here?

0110, since I'm sure you didn't write this yourself, you'd better post some links to the actual sites where you copied and pasted from.


----------



## brindle (Jun 14, 2002)

This is one time when I do wish I was online with my computer. I have many appropriate smilies to use in expressing my feeling to this thread.

Oldie and Candy touched on them though.......


----------



## WhitPhil (Oct 4, 2000)

Seems to have come from here???


----------



## Kenny94 (Dec 16, 2004)

To prevent blisters on your index finger by using your mouse on this thread/post.....  Press the Home key and End key on your keyboard..


----------



## ~Candy~ (Jan 27, 2001)

Thanks WhitPhil, I did a couple of googles earlier but didn't get that one


----------



## WhitPhil (Oct 4, 2000)

Candy:

You just need to get a real search engine


----------



## ~Candy~ (Jan 27, 2001)

Thanks, can't say I've even seen nor heard of that one


----------



## WhitPhil (Oct 4, 2000)

Give it a try. 
I find that, because it "clusters" the results, I can sift through the junk a lot easier.


----------



## franca (Aug 26, 2002)

WhitPhil said:


> Candy:
> 
> You just need to get a real search engine


I Like it........ :up:


----------



## Stoner (Oct 26, 2002)

I took a look at Vivismo and it looks very promising. 
I like the clustered results idea a lot :up:


----------



## Flrman1 (Jul 26, 2002)

Does vivisimo have a toolbar?


----------



## josdegr (Apr 10, 2005)

searched for a VIVISIMO toolbar. found the following. i do not know if this fits the bill. but maybe worth a look.

http://clusty.com/toolbar


----------



## Flrman1 (Jul 26, 2002)

Thanks jo. That looks like it. I'm going to give it a spin! :up:


----------



## cybertech (Apr 16, 2002)

I've used it for quite some time. I like it.


----------



## 0110 (May 15, 2005)

AcaCandy said:


> Why might I sense possible plagarism here?
> 
> 0110, since I'm sure you didn't write this yourself, you'd better post some links to the actual sites where you copied and pasted from.


Originally I posted these exact same posts (some I've updated a bit) on the old KLK++ forum on Nov 1 2003, 10:59 PM (h**p://www.filesharinghelp.com/internationalforums/index.php?showtopic=6266&st=0&#) - the new admin added my tips but not in full. He even used my tips and posted here (h**p://www.filesharinghelp.com/internationalforums/index.php?showtopic=11181) and here (h**p://www.filesharinghelp.com/internationalforums/index.php?showtopic=11183) and many more where he gives credit (h**p://www.filesharinghelp.com/internationalforums/index.php?showuser=5294) accordingly.

I've posted the same in many other forums, like recently here (h**p://forums.bizhat.com/viewtopic.php?t=11037). Come to find out later that one of the mods there have already copied and pasted my exact post here (h**p://forums.bizhat.com/post-46276.html) later via PM, he recognized that and welcomed me to their forum. as for any other of the same exact POSTS as what u here, projectw, bizhat, the original KLK++ forum and many other forums with either nikita69 or 0110 (zerooneonezero) member, were all copied and pasted from my original post on Nov 1 2003, 10:59 PM.

As for the "I'm sure you didn't write this yourself", if i may suggest, please research, ask, then conclude.


----------



## ~Candy~ (Jan 27, 2001)

And the link from post # 17?


----------



## 0110 (May 15, 2005)

do u mean my 17th post (http://forums.techguy.org/showthread.php?p=2617176)? what link?


----------



## ~Candy~ (Jan 27, 2001)

WhitPhil's link above.

Post #17 of THIS thread. This post of mine, here, is number 32 of this thread.


----------



## 0110 (May 15, 2005)

i've already mentioned it in my earlier response. ur still on a post that was posted on May 6 2005, 06:40 PM and copied from mine which posted on Nov 1 2003, 10:59 PM. hmmm.... 2003 sound earlier than 2005, don't u think?

I can understand how u would FIRST think or assume to be copied/pasted from somewhere. However, a better way of approaching anything posted on the net and I mean any, is to research, ask, research more if needed, then respond.


----------



## ~Candy~ (Jan 27, 2001)

And you complained to the forum where YOU were plagarized then?


----------



## 0110 (May 15, 2005)

if ur speaking of WhitPhil's link, i wasn't aware of it and frankly i have a lot more important things in my life than COMPLAIN. as for the bizhat, i simply posted in a form of a question rather than what u did, assume and accuse.


----------



## ~Candy~ (Jan 27, 2001)

I'm still not too convinced, but I don't have time to research now.


----------



## 0110 (May 15, 2005)

then let the other members know ur finding, as for me i already know the facts. cheers and it's been a different experience browsing this forum.


----------



## ~Candy~ (Jan 27, 2001)

In your first post, very, very early, you post about Windows XP Home, do you not? Do you have Windows XP Home?

Your quote:
*This option is not installed in Windows XP Home Edition. To install you will need the XP Home CDRom. Navigate to %CDROM%\VALUEADD\MSFT\NTBACKUP\. Look for Ntbackup.msi and double-click it to execute the install wizard.*


----------



## 0110 (May 15, 2005)

ur point?


----------



## ~Candy~ (Jan 27, 2001)

Oh, I'm sure you get my point


----------



## 0110 (May 15, 2005)

first u were sure i didn't write these posts, u assumed i simply copied and pasted. showed u the facts. now ur sure i get ur points, after asking u what's ur point. this is simply childish on ur part.


----------



## ~Candy~ (Jan 27, 2001)

http://www.lincproject.org/toolkit/techtips/2000_troubleshooting.shtml

A Circuit Rider's Guide To Troubleshooting PCs A how to guide to determining what is wrong with your computer hardware, and basic first steps in correcting the problem. Published: 5/1/2000


----------



## ~Candy~ (Jan 27, 2001)

Post # 10, is a copy and paste from here:

http://www.microsoft.com/technet/security/topics/networksecurity/secdeny.mspx


----------



## Flrman1 (Jul 26, 2002)

Busted!


----------



## Stoner (Oct 26, 2002)

:down:


----------



## jboucher (Apr 27, 2005)

I agree that anybody posting someone else's tips (especially that many, and that detailed vs just a few general tips) ought to post the source for two reasons. Firstly to give credit to the person who authored the tips. Secondly and equally important so that the forum administrator here can go view it and ensure it is not copyrighted material. If the original source is not known, then at minimum where it was copied from in hopes it can be traced back to the source from that point.

Having said that I do not know 0110, therefore cannot say if he/she authored them or not. I do know that the exact same content exists elsewhere on the Internet. 0110 if you did author them, very good job. If you did not, please be clear about it up front when doing so. Or in this case, be clear about it after the fact. As I explained above if the material is copyrighted, the forum admin needs to know that and ensure that the author's permission was granted before reproducing the material.


----------



## Flrman1 (Jul 26, 2002)

http://forums.bizhat.com/post-46276.html


----------



## jboucher (Apr 27, 2005)

That posting on MS's web site that the Forum Admin noted in a link is certainly the same as what is in posting #10 in this discussion. So the options we have are 1 - 0110 works (or worked) for MS and wrote that, 2 - 0110 was hired as an outside consultant by MS and wrote that, or 3 - 0110 copied & pasted that information from MS (sounds so much nicer than saying he probably stole copyrighted material don't you think - I can't imagine MS not having a copyright on everything they post on their site) when he prepared his "tips" back in 2003.

Everybody relies on resources from others when authoring their own works. A person learns from other people's works. But in doing so you ensure that permission is obtained when quoting someone else's work, and give appropriate credit in your writings for such cases, and in your bibliography you note the reference material you relied upon to author your material. For all I know you authored everything else except that part. But you think anyone is going to buy that now? Failing to give credit where credit is due takes credit away from your own work in the long run.


----------



## ~Candy~ (Jan 27, 2001)

0110
Junior Member 
Last Activity: Yesterday 08:05 PM 
Offline 


The sound of silence.............................


----------



## josdegr (Apr 10, 2005)

jboucher said:


> I agree that anybody posting someone else's tips (especially that many, and that detailed vs just a few general tips) ought to post the source for two reasons. Firstly to give credit to the person who authored the tips. Secondly and equally important so that the forum administrator here can go view it and ensure it is not copyrighted material. If the original source is not known, then at minimum where it was copied from in hopes it can be traced back to the source from that point.


   :up: very well said. should apply to everyone.


----------

