...............Best Tools Here...............

0110 · 17-May-2005, 12:04 AM #1

HOW TO DELETE STUBBORN FILES?
First, a brief explanation on why this happens. This is usually because an active process has an open handle to the file which prevents it from being deleted. Normally if you close down all running programs you'll find that most files will then be free to delete, but that's not always the case, and in some cases it may even be a trojan that's preventing itself from being deleted.

BASIC REGISTRY RULE: Any changes made to the registry file are crucial to the running of Windows and if damaged or misconfigured, could cause severe problems.
Follow Microsfot's recommended instructions to "BackUP" all important data first. It's recommended to save the backup on a CD, DVD or seperate HD due to the size factor (large)

Code:

h**p://search.microsoft.com/search/results.aspx?st=b&na=88&View=en-us&qu=backup

This option is not installed in Windows XP Home Edition. To install you will need the XP Home CDRom. Navigate to %CDROM%\VALUEADD\MSFT\NTBACKUP\. Look for Ntbackup.msi and double-click it to execute the install wizard.

MoveFileEx - A Windows function that moves an existing file or directory
1. WARNING: editing the registry can be dangerous if you don't know what you're doing, make sure to USE YOUR HEAD, if you removed something you didn't want to, don't worry, just use the back up in this program
2. The MOVEFILE_DELAY_UNTIL_REBOOT option places an entry under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations and the file is moved or deleted (if destination NULL) when the system next reboots. Unfortunately as this is not supported under Windows95/98 an application must use entries in WININIT.ini to achieve the same effect.
3. BOOL MoveFileEx (LPCTSTR pExistingFilePath, LPCTSTR pNewFilePath, DWORD dwFlags)
  - TRUE if function succeeded
    
    pExistingFilePath.......Source path to an existing file
    pNewFilePath............New location for the file
    dwFlags....................Optoions controlling the move
  - Move or rename a file
    
    Move or rename a file to a new location.
    Only meaningfully implemented on NT. Windows95 returns
    ERROR_CALL_NOT_IMPLEMENTED, use MoveFile instead.
    The source and destination path should be on the same drive as the system can then just change folder entries without actually copying the file contents. If MOVEFILE_COPY_ALLOWED is supplied and the system needs to copy the file it will require the additional disk space for the temporary file, in this case the original file is deleted only after the copy is successful.
4. The flags allow more control over the move, it can be zero or a combination of the following values :
  MOVEFILE_REPLACE_EXISTING.......The destination can be overwritten if it exists
  MOVEFILE_COPY_ALLOWED.............Allow a copy if destination on a different drive to the source
  MOVEFILE_DELAY_UNTIL_REBOOT...The move takes place on reboot (NT only)
  MOVEFILE_WRITE_THROUGH...........Do not return until changes flushed to disk (NT only)
OR
Using Windows InProcServer32 process
1. WARNING: editing the registry can be dangerous if you don't know what you're doing, make sure to USE YOUR HEAD, if you removed something you didn't want to, don't worry, just use the back up in this program
2. Open notepad, copy and paste the code below. Then save the file as "avifix.inf" without the quotes
  ; Windows XP explorer movie fix.
  ;
  ; WARNING - Use this file at your own risk.
  ;
  ; Executing this file will remove a registry key which makes explorer load shmedia.dll.
  ; Simply put, this removes the annoying "permission denied" errors when trying to
  ; move/copy/delete AVI files.
  ;
  ; To use this fix, right-click on the file and select install. Done.
  ;
  ; Information about the registry key from multiple sources.
  ; Inf-file compiled by Moo (2002-03-22).
  ; Idea by Duxus. Thanks to the kind people of "[BBB] Sweden #01", you know who you are!
  ;
  
  [version]
  signature="$Windows NT$"
  
  [DefaultInstall]
  DelReg = Reduce.Reg
  
  [Reduce.Reg]
  HKLM, "SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InProcServer32"
3. Right-click "avifix.inf" and select install
OR
Delete the file in DOS mode (99.99% success ratio)
1. Download & install DOS Here (197kb) - "An Explorer Shell Extension to provide easy and quick access to the DOS Prompt in the requested folder"
  Code:
```
h**p://user.tninet.se/~fgo483j/files/ch20.zip
```
2. Open Explorer and go to the directory where the stubborn file resides (DO NOT HIGHLIGHT THE FILE)
3. Right Click and select "CMD here"
4. Close all open applications
5. Open the Task Manager and click on the Processes tab, select "explorer.exe" under Image Name, click "End Process"
6. You will only have the command prompt and the task manager open
7. In the Command Prompt, DEL the offending files (DEL *.mpg, DEL mus*.avi, DEL test.wmv, etc.)
8. The files should now delete without a problem. Now go back to the task manager and click on the Applications tab. Click the "New Task..." button. in the dialog, type explorer.exe and click OK
OR
Delete the file association first
1. WARNING: editing the registry can be dangerous if you don't know what you're doing, make sure to USE YOUR HEAD, if you removed something you didn't want to, don't worry, just use the back up in this program
2. Start >Run >regedit {enter}
3. Navigate to this key HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
4. Delete the "Default" key
5. Close regedit
6. Follow the above test again, is a simple del doesn't work
AND
Delete the file in DOS mode
1. Start >Run >cmd {enter}
2. Navigate to the folder the file is in, i.e. if its in c:\folder\anotherfolder\file, type "cd c:\folder\anotherfolder" {enter} The coomand prompt should change to let you know you are in the correct directory.
3. Type "dir /x" {enter}
4. The offending file will be listed like (filena~1.xxx)
5. Type attrib -r -s -a -h filename.extension {enter}
6. Take note of the name and type "del filena~1.xxx" {enter}
OR
Try to take ownership of the file
1. Right click the file
2. Select the security Tab
3. Select properties
4. Select Advanced
5. Select Owner
6. Find the User or group you wish to give ownership to and select it
7. Click apply
8. now try deleting it.
OR
If the file is Media (MP3, MPG, AVI, etc...)
1. Remember the filename (X) and location
2. Run another file (Y) with the same extension
3. now Delete the file (X)
  This occurs sometimes when windows thinks that the file (X) ur trying to delete is still open, eventhough u closed the app and the file.
OR
Try one of these small programs
1. FreeFile - "FreeFile will free a file by finding the process that holds the lock, and allow you to terminate it"
  Code:
```
h**p://www.skrubbeltrang.com/Tools.aspx?Tool=FreeFile
```
2. ZAP - "deletes files that are either in use or otherwise cannot be deleted" (works with XP & 2K)
  Code:
```
h**p://helpdesk.kixtart.org/Download/Utils/zap.exe
```
3. DELLATER (3kb) - "DelLater is the ideal program to use when you can't delete a file, no matter how hard you try" - This tool does the same as above in Option 1
  Code:
```
h**p://www.diamondcs.com.au/downloads/dellater.zip
```
4. DeepDelete (15kb) - "DeepDelete is a file shredder designed to totally delete files on your hard drive. It works by overwriting files many times before deleting them, making them almost impossible to recover. DeepDelete uses a standard of stredding that is more powerful than the official US DoD standards." - This tool is no longer updated/developed
  Code:
```
h**p://www.methlabs.org/deepdelete_r3.zip
```

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

NOTE: Mods/Admins, if you feel this thread belongs in another area, kindly either let me know or move it accordingly and I'll continue from there. cheers.

0110 · 17-May-2005, 12:06 AM #2

HOW TO TROUBLESHOOT YOUR PC? (Guide)

The challenge with a problem is not so much the solution but figuring out what the actual problem is. For instance: if your internet connection is lost you might automatically assume it's a problem your ISP, yet the problem might actually be a cable connection problem, a corrupted software file, a conflict with another software program running at the same time, a virus or any number of other problems. By doing some basic troubleshooting you can effectively identify problems and get farther down the path to an actual solution. Also, if you need to call a manufacturers help-line, the call will be much more productive if you've done some troubleshooting before hand.

Before you do anything:

Check your mental state and don’t panic! My personal theory to computer problems is that there is a direct connection between the amount of stress a user is under and the number of times a computer will crash. Chances are that when you are in a rush to get a document out the door, you will forget to close open applications, or to save your work and you will send too many commands (like printing, spell-check, etc.) at once. If you're moving fast on the computer, it pays to take a moment, take a deep breath, close unnecessary programs and save your work. Also, if you're trying to solve a problem that your computer is having, you will need full mental capabilities. So if you're feeling frustrated and tired while trying to troubleshoot - take a break! You’ll find you’ll solve your problems much faster if you have a fresh mind and attitude. Don’t panic either. Sometimes computer problems can appear to be much more serious than they really are. Panicking can lead you to jump to a solution of a perceived problem before you’ve actually identified the real problem.

Some initial steps:
1. Check the component's documentation and/or the manufacturer's website: The appendix of most manuals will contain a troubleshooting guide that will identify the most common problems the component may have. Most software installations include placing a readme file in the programs directory that will list all known incompatibilities. Manufacturer websites can be extremely helpful as well, with support pages that will direct you to common problems and solutions that may include a software "patch" that can be downloaded directly from the site and then run on your hard drive
2. Check for Viruses: Any strange behavior on a computer could be due to a virus. Use an anti-viral program to scan your system - and follow the instructions on the use of the anti-viral program closely
3. Use diagnostic utilities: Software crashes can often be caused by corrupted files or registry conflicts. Using a program like Window's Scan Disk (found under System Tools in the Accessories folder on your program menu) can identify and fix corrupted files. Norton Utilities has a program called "System Check" that both checks the integrity of your files and looks for software conflicts and will repair problems
If none of those steps work - it's time to use your brain!
1. Ask yourself - when did the problem I’m experiencing first start? If you made any change, such as installing new software or adding hardware, to the computer and now you are having a problem, chances are the change is the cause. Also, while you're trying to identify problems and solutions remember to make only one change to your system at a time, so you can easily trace your steps.
2. Determine if the problem is repeatable or if it is intermittent: A repeatable problem is one that occurs all the time, or always in response to a specific user action
  - For example, if the computer crashes everytime you print a document - that’s a repeatable problem
  An intermittent problem will appear to happen spontaneously or randomly. An intermittent problem is usually the result of a specific set of circumstances happening occasionally. With these problems it is important to try to establish a pattern involved in the problem. Keep a problem log at the computer and try to write down all the circumstances occurring when the crash occurred, including the most minute detail.
3. Use the process of elimination: Start to remove components from your system one at a time. After you remove a component test to see if the problem still exists. This is a great way to figure out if the problem is caused by a conflict between software programs and/or hardware. Start by removing the most recently installed stuff first
Some Final Tips:
1. If you call the helpline - be patient and prepared: You will have to wait on hold awhile to get to get an actual person on the phone. Like death and taxes that's just a fact of life. If you can review all the troubleshooting steps you took to identify the problem, the technical assistance operator will be able to identify the solution more quickly and effectively
  - Remember: if you get a technical assistance operator on the line don't hang up until you're sure the problem has been solved
2. If the equipment is new, send it back: Most equipment is under warranty and if there is anything severely wrong with it, you should send it back. This may not help your immediate goal, but it will save you plenty of time in the long run. If the equipment is under warranty, the vendor will deal with it

The most important thing to remember while troubleshooting is to be patient and observant. By using these steps you should easily be able to resolve even the most inexplicable problems

original post is by my good friend TWEAKER.

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:10 AM #3

HOW TO ELIMINATE BIG PROBLEMS WITH SMALL PROGRAMS?

INTERNET RELATED
1. AD-AWARE (1.7mb) - "Standard Edition is THE award winning, free, multicomponent detection and removal utility that consistently leads the industry in safety, user satisfaction, support and reliability"
  Code:
```
h**p://lavasoft.element5.com/support/download/
```
2. AOL HIDER (475kb) - "Excellent program that simply hides AOL into the task window in the bottom right corner. Makes it look like you have a real internet connection! Compatable with all versions"
  Code:
```
h**p://www.simbak2k.net/exes/aolhider104.zip
```
3. FPIPE - "FPipe is a source port forwarder/redirector. It can create a TCP or UDP stream with a source port of your choice. This is useful for getting past firewalls that allow traffic with source ports of say 23, to connect with internal servers"
  Code:
```
h**p://www.foundstone.com/resources/proddesc/fpipe.htm
```
4. FPORT - "Reports all open TCP/IP and UDP ports and maps them to the owning application"
  Code:
```
h**p://www.foundstone.com/resources/termsofuse.htm?file=fport.zip
```
5. MAGIC MAIL MONITOR (71kb) - Tiny POP3 compliant Mail Checker: the best choice for checking one or multiple account quickly, at periodic interval. Fully configurable, nice interface
  Code:
```
h**p://www.geeba.org/magic/
```
6. MAILINATOR - "Have you ever needed an email .. NOW? Have you ever gone to a website that asks for your email for no reason (other than they are going to sell your email address to the highest bidder so you get spammed forever)?"
  Code:
```
h**p://www.mailinator.com/mailinator/Welcome.do
```
7. NET LIMITER [614KB) - "NetLimiter is an ultimate internet traffic control tool" *****
  Code:
```
h**p://www.netlimiter.com/
```
8. NESSUS - "A security scanner which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way." For Linux ONLY
  Code:
```
h**p://www.nessus.org/download.html
```
9. NETSCAN PRO (925kb) - "NETSCAN PRO is the real advanced TCP/IP monitoring utility which allows you to monitor all network activity at your computer. NETSCAN PRO 3.3 has a graphical and text interface which makes the program unique in its kind! It's very easy to use! All you do is run the program and see all established connections and opened ports at your computer"
  Code:
```
h**p://www.7forces.com/files/ns3setup.exe
```
10. NO ADS (215kb) - "Popup killing at its best! This nifty utility is great when surfing websites. If a popup appears, open the program that is in the task tray and double click it and its gone. It will then store it and kill it in the future too. It is the first one I've seen that supports AOL! Even works great with programs like KaZaA"
  Code:
```
h**p://www.simbak2k.net/exes/NASetup.exe
```
11. Online JPEG compressor - "Can help you to make your pages load faster by reducing the size of your JPEG files. It will display multiple versions of a given image compressed at different levels for you to pick the smallest image at the best possible image quality you require"
  Code:
```
h**p://www.chami.com/jc/
```
12. PCS NETWORK TOOLS (1150kb) - "The PCS Network Tools is a collection of essential network diagnostic tools. These tools include DNS resolution which provides the IP Address, Hostname, Hostname Alias, Mailhost, and Name Server Records for an entered host. In addition, the following tools are also included: IP Scanner, Traceroute, Ping, Whois, Finger, Time, Quote of the Day, and extensive Localhost information. Local information includes the hostname, alias, IP address, MAC address, username, Primary Domain Controller, NetBIOS, memory, windows version and build, and other vital information"
  Code:
```
h**p://www.learnxgroup.com/software/pcsnt.html
```
13. PEER GUARDIAN - PeerGuardian 2 is Methlabs’ premier IP blocker for Windows. With features like support for multiple lists, a list editor, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), PeerGuardian 2 is the safest and easiest way to protect your privacy on P2P. Plus, by integrating with Blocklist.org, lists are built custom just for you. - Look for the Linux/OSX version on this site
  Code:
```
h**p://prdownloads.sourceforge.net/peerguardian/pg2-050423-x64.exe?download
```
14. PING PLOTTER - "This exceptional GUI-based traceroute tool has features I’ve only seen in expensive industrial-strength tools, including dynamic tracking of changes in node response time — great for tracking a network outage across time. It’s also very fast!" - For NT/2K/XP ONLY
  Code:
```
h**p://www.pingplotter.com/downloads/pngplt_1.exe
```
15. PROXIRAMA (154kb) - "A tool for finding and testing proxy servers. it will test them for anonymity, speed, if it's a gateway proxy, h**ps support (=chainability) and geographical location. furthermore, it can be used as a local proxy server that redirects your traffic through a arbitrarily long chain of anonymous proxies. it is small, fast, and easy to use"
  Code:
```
h**p://gaamoa.securibox.net/ProxyramaSetup.exe
```
16. SPYBOT - SEARCH & DESTORY (3.5mb) - "This free program can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover"
  Code:
```
h**p://www.safer-networking.org/index.php?lang=en&page=download
```
17. TCPDUMP (341kb) - "TCPDUMP for Windows is a clone of TCPDUMP based on Packet Sniffer SDK, the popular command-line packet capture tool. It can provide very detailed information about any network conversation that runs across the wire."
  Code:
```
h**p://microolap.com/downloads/tcpdump/tcpdump.zip
```
OS RELATED
1. FILE
  1. BCWIPE - "Is intended to give you a confidence that your deleted files cannot be recovered by an intruder" For Linux/FreeBSD/OpenBSD/Solaris/Digital UNIX/Irix/Windows
    Code:
```
h**p://www.jetico.com/download.htm
```
  2. BEST CRYPT - "A Data Encryption system provides the most comprehensive and easy-to-use secure data storage and access control facilities available" For Linux/FreeBSD/OpenBSD/Solaris/Digital UNIX/Irix/Windows
    Code:
```
h**p://www.jetico.com/download.htm
```
  3. CIA UNERASE - " Is the first product using the CIS technology to recover deleted files. Using CIS, CIA Unerase recovers almost any file you deleted even before you installed CIA Unerase and files where all other solutions on the market failed. CIA Unerase is the smallest, easiest and fastest Unerasing-tool we know"
    Code:
```
h**p://217.160.136.183/en/Download/down.php?login=1&loginemail=nikita69@mailinator.com&loginname=tina&status=aktiv&CIA_Unerase=1
```
  4. DARIK'S BOOT AND NUKE (1962kb) - "Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction." Available in floppy and CD version. This tool is very dangerous. After using the WinImage extractor to create the “nuke” boot floppy disk, you then reboot the target system with the disk in drive A. The main point of this program is to securely delete everything, so NEVER run it on a system that you intend to use again.
    Code:
```
h**p://dban.sourceforge.net/
```
  5. ERASER (2745kb) - "Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is FREE software and its source code is released under GNU General Public License.
    The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.
    Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting methods." The US Defence Security Service (DSS) is one of their clients.
    Code:
```
h**p://prdownloads.sourceforge.net/eraser/Eraser57Setup.zip
```
  6. DELLATER (3kb) - "DelLater is the ideal program to use when you can't delete a file, no matter how hard you try"
    Code:
```
h**p://www.diamondcs.com.au/downloads/dellater.zip
```
  7. HIDE IT - Hide running applications
    Code:
```
h**p://www.annoyances.org/downloads/ftp/hideit.zip
```
  8. KILL - "Shuts down one or more running Windows NT tasks or processes" - For 2K/XP
    Code:
```
h**p://helpdesk.kixtart.org/Download/Utils/KILL.EXE
```
  9. KILL95 - Shuts down any processes running in memory
    Code:
```
h**p://helpdesk.kixtart.org/Download/Utils/kill95.zip
```
  10. ZAP - "deletes files that are either in use or otherwise cannot be deleted" - For 2K/XP *****
    Code:
```
h**p://helpdesk.kixtart.org/Download/Utils/zap.exe
```
2. CONTROL/MONITOR
  1. CIS - "A free security scanner written and maintained by Cerberus Information Security, Ltd and is designed to help administrators locate and fix security holes in their computer systems. This tool is a must!" To see the checks it does, go h**p://www.cerberus-infosec.co.uk/vulndb.txt]HERE - For NT/2K
    Code:
```
h**p://www.cerberus-infosec.co.uk/CIS-5.0.02.zip
```
  2. COOL BEANS SYSTEM INFO (820kb) - "A small but powerful program that monitors your computer's CPU, physical memory, and swap memory usage"
    Code:
```
h**p://dl.winsite.com/files/180/ar1/winxp/sysutil/sysinf02.exe
```
  3. DEPENDENCY WALKER (406KB) - "A free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules." Can be helpful to identify missing files/dll after installtion of programs
    Code:
```
h**p://www.dependencywalker.com/depends21_x86.zip
```
  4. HHD SRVADMIN - "A very useful as a replacement to the ordinary NT service and device control panel applets, because it repeats and extends the functionality provided by them. Plus, it allows administrators to perform tasks, which usually not available to them without installing Windows NT Resource Kit." For NT/2K
    Code:
```
h**p://www.hhdsoftware.com/Download/srvadmfull.zip
```
  5. NTFS Reader for DOS - This is an absolutely essential recovery tool if you use NTFS partitions. Add this 147 KB executable file to your Win9x-based boot floppy and it will let you read any NTFS partition and copy off files to any FAT partition. (Don’t be thrown when the page says “Demo software.” It’s outright freeware.) - For NT/2K/XP ONLY
    Code:
```
h**p://www.ntfs.com/downloads/readntfs.zip
```
  6. NTSubst - "Extended version of the NT subst command. NtSubst allows you to assign the drive letter not only to any valid path, but also any valid NT Object Manager path." For NT/2000
    Code:
```
h**p://www.hhdsoftware.com/Download/ntsubst.exe
```
  7. POWER PROMPT - "will allow you to run programs as System"
    Code:
```
h**p://www.skrubbeltrang.com/Tools.aspx?Tool=PowerPrompt
```
  8. PROCESS EXPLORER (150kb) - "The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work"
    Code:
```
h**p://www.sysinternals.com/files/procexpnt.zip
```
  9. REVELATION - Discloses passwords that are only displayed as asterisks. I suppose, ultimately, this is a cracker’s tool; but there are practical, legitimate uses for it, so I decided to post the link. - For 9x/2K/XP. Please use it in good faith.
    Code:
```
h**p://www.snadboy.com/RevelationV2.zip
```
  10. RUN AS USER v4.1 - The function of this software is to allow Administrators to deploy applications that require elevated user rights to users who have restricted rights without having to issue Administrator Credentials to the user. It does this by passing a Run As User type command to the Operating System for the duration of the task at hand. It will only give the elevated rights to that specific task, so you can be safe knowing that the user will not have access to any restricted resources while the application is running. Other uses of this software include running games that require the administrator account to run. - For XP. Please use it in good faith.
    Code:
```
h**p://www.palmersoft.co.uk/software/runasusersetup.exe
```
  11. SHUTDOWN - Small commandline utility that makes it a breeze to log off, shutdown, restart, hibernate, or put in stand-by mode your Win XP computer. It’s the only utility I know that shuts down Win XP and then reliably powers off the computer. For XP ONLY.
    Code:
```
h**p://aumha.org/downloads/shutdown.zip
```
  12. STARTUP CPL - "A nifty control panel applet that allows you to easily configure which programs run when your computer starts."
    Code:
```
h**p://www.mlin.net/files/StartupCPL.zip
```
  13. STARTUP MONITOR - "A small utility that runs transparently (it doesn't even use a tray icon) and notifies you when any program registers itself to run at system startup. It prevents those utterly useless tray applications from registering themselves behind your back, and it acts as a security tool against trojans like BackOrifice or Netbus."
    Code:
```
h**p://www.mlin.net/files/StartupMonitor.zip
```
  14. STORM WINDOW - A great and FREE utility for Windows desktop security
    Code:
```
h**p://www.cetussoft.com/stormwin.htm
```
3. INFORMATION
  1. ADVISOR - Displays all your PC info (hardware/software) on one page
    Code:
```
h**p://www.belarc.com/Programs/advisor.exe
```
  2. SKRUB THE WEB - "Search Microsoft Knowledge Base, MSDN, Google and Google Groups in a single click"
    Code:
```
h**p://www.skrubbeltrang.com/Tools.aspx?Tool=SkrubTheWeb
```
4. UTILITIES
  1. DOS HERE (197kb) - "An Explorer Shell Extension to provide easy and quick access to the DOS Prompt in the requested folder"
    Code:
```
h**p://user.tninet.se/~fgo483j/files/ch20.zip
```
5. TWEAKS
  1. ANSWERS THAT WORK - "Through our support service we often come across problems caused primarily by programs running in the background, programs which in most cases start at the same time as Windows. Sometimes these programs are useful and need to be there; quite often, however, they are not needed, and in too many cases they cause severe problems." This is not a program, however it would be a great small utility if packaged.
    Code:
```
h**p://www.answersthatwork.com/
```
  2. BOOTVIS (990kb) - "Bootvis.exe is a performance tracing and visualization tool that Microsoft designed to help PC system designers and software developers identify performance issues for boot/resume timing while developing new PC products or supporting software."
    
    Code:
    
    h**p://download.soft32.com/files/19687/bootvis.msi
  3. ERUNT - "Finally, a tool to back up the Win XP Registry! (Microsoft didn’t include one with Win XP itself.)" - For NT/2K/XP ONLY
    - NTRegOpt is included in the above file - This optimizes the Win NT/2K/XP Registry much as SCANREG /OPT does for Win98/ME.
    Code:
```
h**p://home.t-online.de/home/lars.hederer/erunt/erunt.zip
```
  4. HIJACK THIS - "HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers." - USE WITH CAUTION AND AT YOUR RISK
    Code:
```
h**p://www.tomcoyote.org/hjt/hijackthis.zip
```
  5. TWEAKUI - THE BEST OF ALL THE PowerToys! This should be standard on every (pre-XP) Windows computer whatsoever! Many new features added.
    Code:
```
h**p://download.microsoft.com/download/winme/Install/1.0/WinMe/EN-US/Tweakui.exe
```

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:14 AM #4

HOW TO BLOCK ADS AND MAINTAIN THE SUPERTRICK (hosts file - example 1)

Get the original FILE

Get a list of updated Ad sites from ACCS-NET

Code:

h**p://www.accs-net.com/hosts/get_hosts.html

SomeoneWhoCares

Code:

h**p://someonewhocares.org/hosts/

MVPS

Code:

h**p://www.mvps.org/winhelp2002/hosts.txt

Blood Image

Code:

h**p://www.bloodimage.com/hosts_bak

EveryThingIsnt

Code:

h**p://everythingisnt.com/Hosts

and if you want more then always
Google here

Code:

h**p://www.google.com/search?hl=en&ie=ISO-8859-1&q=hosts+file

and here

Code:

h**p://www.google.com/search?hl=en&ie=ISO-8859-1&q=windows+hosts+file

Update file either manually or use HOSTS Manager by simply adding the files from above.
Code:
```
h**p://www.aldostools.com/hosts.html
```

While visiting the sites listed above, enhance your knowledge about HOSTS file and utilize it properly to improve the Ad Blocking on your PC.

FINAL NOTE: If you open the hosts file (C:\WINDOWS\system32\drivers\etc) and see most if not all addresses have an IP addressess other than 127.0.0.1 or 0.0.0.0 then RUN windows update then an Anti-Virus program, then go back to my first point.
The Fortnight virus makes changes in your hosts file: C:\WINDOWS\system32\drivers\etc\hosts or C:\WINNT\system32\drivers\etc\hosts. The Windows hosts file serves to associate host names with IP addresses. The hosts file dropped by this virus contains of a list of URLs, each associated with a bogus IP address.
REFERENCE: Microsoft Security Bulletin MS03-011

Code:

h**p://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp

A sample of an example INFECTED hosts file:

Code:

# Copyright   1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
66.159.20.80 moviesheaven.com
66.159.20.80 vidsvidsvids.com
66.159.20.80 my-teensex.com
66.159.20.80 no********movies.com
66.159.20.80 watch-xxx.com
66.159.20.80 wolrdteenparadise.com
66.159.20.80 www.google.com
66.159.20.80 worldsex-archives.com
66.159.20.80 ww2.link-o-rama.com
66.159.20.80 link-o-rama.com
How to Clean manually - simply remove anthing below "127.0.0.1       localhost" or some people have it "0.0.0.0       localhost":
# Copyright   1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

WINDOWS UPDATE NOTE: Akamai.net is used by Microsoft to host the Windows Update features, known as the "AutoUpdate" and "v5.windowsupdate.microsoft.com [63.209.144.181]". In addition, Akamai.net also hosts others, such as ad/spware websites.

So if either feature of the Windows Update is not working and/or you get "Windows Update Failure - Error Code 0x800A138F". Then close ALL broswers' windows, open hosts file, press {CTRL+F}->look for this address "a248.e.akamai.net [63.251.152.201]", without the brackets, and delete it then save and exit. Now try h**ps://a248.e.akamai.net/v4.windowsupdate.microsoft.com/getmanifest.asp again. If it works, then go to h**p://windowsupdate.microsoft.com and get your Updates. If it still does not work then your company or your ISP may be blocking this hostname. Or some anti-ad/spy programs may have this address blocked, such as SPYBLOCKER
Code:
```
h**p://spyblocker-software.com/IPB/index.php?showtopic=420&st=0&#entry1820
```
DO NOT DELETE ALL AKAMAI.NET SITES, OTHERWISE YOU WILL END UP WITH AD/SPY SITES POPING BACK.
Below is a small sample of hundreds of the Akamai.net servers that process ad/spy sites:
1. 0.0.0.0 a08.g.akamai.net
2. 0.0.0.0 a1.g.akamai.net
3. 0.0.0.0 a10.g.akamai.net
4. 0.0.0.0 a100.g.akamai.net
5. 0.0.0.0 a100.g.akamaitech.net
6. 0.0.0.0 a1016.g.akamai.net
7. 0.0.0.0 a1028.g.akamai.net
8. 0.0.0.0 a1032.g.akamai.net
9. 0.0.0.0 a104.g.akamai.net
10. 0.0.0.0 a1040.g.akamai.net
11. 0.0.0.0 a1061.g.akamai.net
12. 0.0.0.0 a1066.g.akamai.net
13. 0.0.0.0 a108.g.akamai.net
14. 0.0.0.0 a11.g.akamai.net
15. 0.0.0.0 a1100.g.akamai.net
16. 0.0.0.0 a111.g.akamai.net
17. 0.0.0.0 a1156.g.akamai.net
18. 0.0.0.0 a1168.g.akamai.net
19. 0.0.0.0 a117.g.akamaitech.net
20. 0.0.0.0 a1172.g.akamaitech.net
21. 0.0.0.0 a1180.g.akamai.net
22. 0.0.0.0 a1196.g.akamai.net
23. 0.0.0.0 a12.g.akamai.net
24. 0.0.0.0 a12.g.akamaitech.net
25. 0.0.0.0 a1208.g.akamai.net
26. 0.0.0.0 a1224.g.akamaitech.net
27. 0.0.0.0 a1228.g.akamai.net
28. 0.0.0.0 a1234.g.akamai.net
29. 0.0.0.0 a1240.g.akamaitech.net
30. 0.0.0.0 a1252.g.akamai.net
31. 0.0.0.0 a1261.g.akamai.net
32. 0.0.0.0 a1284.g.akamai.net
33. 0.0.0.0 a13.g.akamai.net
34. 0.0.0.0 a1300.g.akamai.net
35. 0.0.0.0 a1316.g.akamai.net
36. 0.0.0.0 a1356.g.akamai.net
37. 0.0.0.0 a1360.g.akamai.net
38. 0.0.0.0 a1380.g.akamai.net
39. 0.0.0.0 a14.g.akamai.net

Now continue to Example 2, below

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:17 AM #5

HOW TO BLOCK ADS AND MAINTAIN THE SUPERTRICK (hosts file - example 2)

Continuing from example 1:

Code:

http://forums.techguy.org:80/showthread.php?p=2617026

Update your hosts file
1. First, download and "save as" this
  UPDATED FILE (contains over 14,000 verified sites and about 500kb).
  Code:
```
h**p://remember.mine.nu/getfile.asp?t=nc
```
2. Add it to your hosts file using
  HOSTS MANAGER
  Code:
```
h**p://www.aldostools.com/hosts.html
```
Update your proxy configuration, even if you aren't behind a proxy
1. Netscape Navigator
  1. Go to Edit->Preferences->Advanced->Proxies
  2. Select "Manual Proxy Configuration" (even if you aren't using a proxy) and click "View"
  3. From the final hosts file, after merging it with the one you downloaded, open the file in Wordpad and remove everything except the site addresses
    - Replace the line breaks with a space to make the file as one line. Like this "000freexxx.com 039068a.dialer-select.com 1.h**pads.com 1000stars.ru 100free.com 100free.de 100free.nl 123adult.com"
  4. Paste the results into "No Proxy For" box
    This will tell Navigator to access these sites directly. Since your hosts file says they are the local machine, ad lookups will fail and you can surf in peace without distraction, with the added bonus that many web pages will load quite a bit faster
2. Internet Explorer 5.x+
  1. Go to Tools->Internet Options...->Connection tab
  2. Select your Connection (Dialup or LAN) & press "Settings" button
  3. Check "Use a proxy server for your..." checkbox
  4. Click "Bypass proxy server for local addresses" checkbox
  5. You are done - No need to add anything in "No Proxy For" box
NOTES
1. If you run a webserver on your PC
  1. All the servers in this file point to the ip 127.0.0.1 (localhost), you will need to open the “Hosts” file in a regular text editor (wordpad/bbedit/vim etc) and replace 127.0.0.1 for 127.0.0.2 or another "non-existant" ip address
  2. Alternatively you can simply download this dedicated Hosts file for servers with the ip set at 127.0.0.3 here. You will need to rename this file "Hosts"
    
    Code:
    
    h**p://remember.mine.nu/getfile.asp?ff=se
2. If you use the browser Mozilla , but after installing Hosts you keep getting a "connection refused.." error dialog
  This is a bug in Mozilla (version 1.1 and below) due to the browser not having a built in error page when a website/adserver cannot be contacted, therefore an alert dialog is used instead of error page
  
  This has been reported as a bug to the Mozilla project and is still awaiting to be set as a default setting into a release
  
  If you have Mozilla 1.2a or above you can add to your user preferences file (prefs.js) this line:
  user_pref("browser.xul.error_pages.enabled", true);
  
  This will stop the annoying dialog popup as 1.2a has the option to remove the dialog though this isn't enabled by default yet
3. If you installed it and now you can't visit site X
  1. Then probably the site in question is in the "black" list and is stopping your visit
  2. Simply delete that line or place a # before the line which deactivates that particular entry, then reboot or re-flush your dns, and you will then be able to visit the site in question
    This Hosts file is designed to be extremely comprehensive and to get the best out of it some people will find they need to edit it manually to remove certain sites for their own browsing preferences (using the above instructions)
    
    Web sites will not be placed in this file if they have had no observed hostile activities or privacy breaches, and with banner advertising only the server from which the advert banner originates will be blocked and not the whole site
    
    The sorts of activity that determines addition to this file is:
    adverts, banners, multiple popup windows /exit pages, webbugs, script/java exploits, privacy breaches, dialer droppers, user tracking and counters, viruses, spyware, circle sites, spammer sites, underhand practices etc.
    
    If a site is visited and they have these kinds of activities going on, then they will most likely to be entered into this Hosts file by myself or other users who contribute to this project
    
    You can always use this program, Hosts Toggle to turn on/off the Hosts file with one click
    - - Code:
        
        h**p://www.accs-net.com/hosts/HostsToggle/
4. If you installed it and your Windows 2000 PC hangs every 10 minutes and/or is slow
  1. This seems to be a bug in Win2K as it will not handle large Hosts files such as this one, it can be worked around by 2 different methods, if you are not on a LAN network or use a direct connection to the internet (t1/dsl/adsl/cable) (modems untested but believed to work also) the first simple method is as follows
    Locate the hosts file you installed and rename to hosts.txt (this will disable it tempoarily)
    
    Right Click on "My Computer" on the desktop and choose "Manage"
    
    Scroll to the "services" section and locate "dns client" r-click on this and choose "properties"
    
    Stop the service and from the dropdown choose "disable"
    
    Rename "hosts.txt" back to "hosts" and you should be able to use the hosts file as normal, a reboot might be required to get it working fully
    
    This method has been known to work on many Win2k* setups without any adverse effects. Also known to work for some XP users who experience slow network startup and/or IE or OE is very slow to start, the procedure to disable the dns client is the same as above. Of course if you still have problems or cannot connect to the internet after implementing this workaround it is advised you do not use this Hosts file and restore the "dns client" back to an "automatic" state and restart the dns client. Alternativly you will need this software
    
    Code:
    
    h**p://www.pyrenean.com/config.php
    and see this page for implementing an advanced dns solution (for expert users only)
    - Code:
      
      h**p://www.accs-net.com/hosts/DNSKong2K/Setting%20Windows%202000%20to%20use%20DNSKong.htm
5. If you installed it and can still see some banners
  1. After checking the obvious, have you got it installed in the correct location for your Operating system?
  2. If you wish to have 100% advert free browsing then using something like the Promoxitron or Junkbuster proxy or Mozillas BannerBlind which will remove 99.9% of adverts
6. How do you know if the file is working?
  1. Quite simply, can you see (h**p://doubleclick.net/) this site or (h**p://fastclick.net/) this site. If you can still see those sites than the Hosts file is not working and you should check your settings and installation
7. Does this have a virus in it?
  1. No it doesn't, its only a plain text file so it cannot do any harm to your computer, there are no install programs or executable files just a simple single text file
WINDOWS UPDATE NOTE: Akamai.net is used by Microsoft to host the Windows Update features, known as the "AutoUpdate" and "v5.windowsupdate.microsoft.com [63.209.144.181]". In addition, Akamai.net also hosts others, such as ad/spware websites.

So if either feature of the Windows Update is not working and/or you get "Windows Update Failure - Error Code 0x800A138F". Then close ALL broswers' windows, open hosts file, press {CTRL+F}->look for this address "a248.e.akamai.net [63.251.152.201]", without the brackets, and delete it then save and exit. Now try (h**ps://a248.e.akamai.net/v5.windowsupdate.microsoft.com/getmanifest.asp) (h**ps://a248.e.akamai.net/v5.windowsupdate.microsoft.com/getmanifest.asp) again. If it works, then go to (h**p://windowsupdate.microsoft.com) and get your Updates. If it still does not work then your company or your ISP may be blocking this hostname. Or some anti-ad/spy programs may have this address blocked, such as h**p://spyblocker-software.com/IPB/index.php?showtopic=420&st=0&#entry1820 SPYBLOCKER.
DO NOT DELETE ALL AKAMAI.NET SITES, OTHERWISE YOU WILL END UP WITH AD/SPY SITES POPING BACK.
Below is a small sample of hundreds of the Akamai.net servers that process ad/spy sites:
1. 0.0.0.0 a08.g.akamai.net
2. 0.0.0.0 a1.g.akamai.net
3. 0.0.0.0 a10.g.akamai.net
4. 0.0.0.0 a100.g.akamai.net
5. 0.0.0.0 a100.g.akamaitech.net
6. 0.0.0.0 a1016.g.akamai.net
7. 0.0.0.0 a1028.g.akamai.net
8. 0.0.0.0 a1032.g.akamai.net
9. 0.0.0.0 a104.g.akamai.net
10. 0.0.0.0 a1040.g.akamai.net
11. 0.0.0.0 a1061.g.akamai.net
12. 0.0.0.0 a1066.g.akamai.net
13. 0.0.0.0 a108.g.akamai.net
14. 0.0.0.0 a11.g.akamai.net
15. 0.0.0.0 a1100.g.akamai.net
16. 0.0.0.0 a111.g.akamai.net
17. 0.0.0.0 a1156.g.akamai.net
18. 0.0.0.0 a1168.g.akamai.net
19. 0.0.0.0 a117.g.akamaitech.net
20. 0.0.0.0 a1172.g.akamaitech.net
21. 0.0.0.0 a1180.g.akamai.net
22. 0.0.0.0 a1196.g.akamai.net
23. 0.0.0.0 a12.g.akamai.net
24. 0.0.0.0 a12.g.akamaitech.net
25. 0.0.0.0 a1208.g.akamai.net
26. 0.0.0.0 a1224.g.akamaitech.net
27. 0.0.0.0 a1228.g.akamai.net
28. 0.0.0.0 a1234.g.akamai.net
29. 0.0.0.0 a1240.g.akamaitech.net
30. 0.0.0.0 a1252.g.akamai.net
31. 0.0.0.0 a1261.g.akamai.net
32. 0.0.0.0 a1284.g.akamai.net
33. 0.0.0.0 a13.g.akamai.net
34. 0.0.0.0 a1300.g.akamai.net
35. 0.0.0.0 a1316.g.akamai.net
36. 0.0.0.0 a1356.g.akamai.net
37. 0.0.0.0 a1360.g.akamai.net
38. 0.0.0.0 a1380.g.akamai.net
39. 0.0.0.0 a14.g.akamai.net

Now continue to Example 3, below

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:26 AM #6

HOW TO BLOCK ADS AND MAINTAIN THE SUPERTRICK (hosts file - example 3)
The most common way of detecting spam is by using spam databases (blacklists, sometimes incorrectly referred to as RBLs, since RBL is trademarked by MAPS) that list the addresses of mail servers known (or believed) to send spam. This is done by taking the IP address of the remote mail server, converting it to a domain name using the ip4r format (1.2.3.4 becomes 4.3.2.1.bl.example.com), and seeing if that name exists.

Below is a list of all known DNS-based spam databases (some links may be temporarley down or unresolved, please send me a PM with any:
Standard IP-based Spam Databases

1. ABL - ”Arbitrary Blackhole List. No TXT records, missing test entry 127.0.0.2. Warning: Can't Be Tested.”
  Code:
```
h**p://spammers.v6net.org
```
2. BGISOCBL - ”Bulgarian Spam Prevention System. Designed primarily to protect isoc.bg's members from receiving Bulgarian spam. Warning: Can't Be Tested.”
  Code:
```
h**p://dnsbl.isoc.bg
```
3. BGISOCWL - ”Bulgarian Spam Prevention System Whitelist. Designed primarily to protect isoc.bg's members from receiving Bulgarian spam; this is a WHITELIST, which lists 'good' IPs. No TXT records, missing test entry 127.0.0.2. Warning: Can't Be Tested.”
  Code:
```
h**p://dnswl.isoc.bg
```
4. BLARSBL - ”Confirmed that it is working on 24 Oct 2001. Has 15 different return values, indicating the reason for the listing (IE could be split up into as many as 12 tests). Includes interesting tests such as no abuse@ - address, and originating a DoS attack. Does not have TXT records. Warning: May contain a number of IPs that no longer are associated with spammers, and are now allocated to legitimate customers that can not be removed. May also blacklist entire ISPs.”
  Code:
```
h**p://block.blars.org
```
5. BLITZEDALL - ”Combines the BLITZEDh**p, BLITZEDSOCKS, BLITZEDWINGATE, BLITZEDCISCO, and BLITZEDPOST tests. Confirmed that it is working on 09 Apr 2002.”
  Code:
```
h**p://opm.blitzed.org
```
6. BLITZEDCISCO - ”Lists Cisco proxies. Assumed to be working on 20 Feb 2003 (since bitmask tests can't be tested).”
  Code:
```
h**p://opm.blitzed.org
```
7. BLITZEDh**p - ”Lists open h**p (CONNECT) proxies. Confirmed that it is working on 03 Feb 2002.”
  Code:
```
h**p://opm.blitzed.org
```
8. BLITZEDPOST - ”Lists open h**p (POST) proxies. Assumed to be working on 20 Feb 2003 (since bitmask tests can't be tested).”
  Code:
```
h**p://opm.blitzed.org
```
9. BLITZEDSOCKS - ”Lists open SOCKS proxies. Confirmed that it is working on 03 Feb 2002.”
  Code:
```
h**p://opm.blitzed.org
```
10. BLITZEDWINGATE - ”Lists open wingate proxies. Confirmed that it is working on 03 Feb 2002.”
  Code:
```
h**p://opm.blitzed.org
```
11. BONDEDSENDER - ”A whitelist of E-mail senders that have posted a bond to help prove that their E-mail is legitimate.”
  Code:
```
h**p://query.bondedsender.org
```
12. BORDERWORLDSBL - ”A private spam database. Warning: Can't Be Tested.”
13. CBL - ”Lists IPs that send to large spamtraps, and are running open proxies, worms/viruses, trojan horses, etc. Confirmed 01 Aug 2003.”
  Code:
```
h**p://cbl.abuseat.org
```
14. CHICKENBONER - ”Unknown, apparently no website. Warning: Can't Be Tested.”
  Code:
```
h**p://fl.chickenboner.biz
```
15. CLUECENTRAL - ”Lists IPs in certain countries. Missing test entry 127.0.0.2. Confirmed 18 Jun 2002 Warning: Can't Be Tested.”
  Code:
```
h**p://rbl.cluecentral.net
```
16. COMPU-PMO - ”Undocumented. Apparently lists "pm0.com" sources. Confirmed 10 Jan 2002. Warning: Can't Be Tested.”
  Code:
```
h**p://pm0-no-more.compu.net
```
17. CSMA - ”Lists IPs of mailservers that send spam twice in a short timeframe to the McFadden Associates mailservers. Confirmed 29 Sep 2003.”
  Code:
```
h**p://bl.csma.biz
```
18. CSMA-SBL - ”Lists IPs of mailservers that send spam to the McFadden Associates mailservers, even once. More aggressive than the CSMA test, and best used with score-based anti-spam programs. Confirmed 20 - Oct 2003.”
  Code:
```
h**p://sbl.csma.biz
```
19. COMPU - ”Undocumented (but confirmed). 'Primarily for hosts which were not blocked by other blackhole sites and spammed compu.net' according to one source.”
  Code:
```
h**p://blackhole.compu.net
```
20. DEADBEEF - ”Lists ISPs that have no way to report abuse. Confirmed 11 Mar 2003.”
  Code:
```
h**p://bl.deadbeef.com
```
21. DNSRBL-DUN - ”Lists dialup lines (modems, DSL, cable). Warning: uses 127.0.0.1 as its test entry. Verified 19 Jun 2002.”
  Code:
```
h**p://dun.dnsrbl.net
```
22. DNSRBL-SPAM - ”Lists known spammers, based on E-mail sent to 'honey pot' addresses. Warning: uses 127.0.0.1 as its test entry. Verified 19 Jun 2002.”
  Code:
```
h**p://spam.dnsrbl.net
```
23. DSBL - ”Distributed Sender Boycott List. This is a 'trusted' portion of DSBL, that accepts submissions of open relays and any other unsecure servers that spammers can use to send spam. Confirmed on 28 Mar 2002.”
  Code:
```
h**p://list.dsbl.org
```
24. DSBLALL - ”Distributed Sender Boycott List. This is the 'untrusted' version (IE anyone can submit to it) of the DSBL database, which accepts submissions of open relays and any other unsecure servers that spammers can use to send spam. Note that it will likely contain some popular free mail services and the like, if their users maliciously submit entries. Confirmed on 05 Apr 2002.”
  Code:
```
h**p://unconfirmed.dsbl.org
```
25. DSBLMULTI - ”Distributed Sender Boycott List. This is a 'trusted' portion of DSBL, that lists multi-hop relays from trusted sources. Confirmed on 09 Apr 2002.”
  Code:
```
h**p://multihop.dsbl.org
```
26. DUINV - ”Lists IPs that belong to dialup connections. No TXT records, missing test entry 127.0.0.2. Warning: Can't Be Tested.”
  Code:
```
h**p://duinv.aupads.org
```
27. DULRU - ”Apparently lists dialup lines in Russia (site is in Russian). No TXT records, missing test entry 127.0.0.2. Warning: Can't Be Tested.”
  Code:
```
h**p://dul.ru
```
28. EASYNET-DNSBL - ”Lists direct spam sources, indirect spam sources (using open relays or other conduits to send spam), open proxy hits, Spamhaus SBL hits, opt-out mailers, and relay-probing sources. Click link for full - description. Confirmed that the zone and entries exist on Nov 26 2001. Was WIREHUB-DNSBL.”
  Code:
```
h**p://blackholes.easynet.nl
```
29. EASYNET-DYNA - ”Lists dynamic IP ranges (per /24, to attain maximum granularity and a minimum of false postives by probing several IP numbers in each /24 and examining PTR records). Confirmed 14 Dec 2001. Was WIREHUB-DYNA.”
  Code:
```
h**p://dynablock.easynet.nl
```
30. EASYNET-PROXIES - ”Lists both regular open proxies and trojaned servers with open proxy functionality. Was WIREHUB-PROXIES.”
  Code:
```
h**p://proxies.blackholes.easynet.nl
```
31. FABELSOURCES - ”Lists networks (mostly in Asia and South America) that keep sending spam. Confirmed on 23 Jan 2002.”
  Code:
```
h**p://spamsources.fabel.dk
```
32. FIVETENDUL - ”Lists spam sites before they get into DUL; includes some DSL IPs. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
33. FIVETENFREE - ”Lists mailservers used by free mail services that either have no abuse address address listed at abuse.net, or that ignore abuse complaints. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
34. FIVETENIGNORE - ”Lists IP ranges of companies that ignore spam complaints. Warning: May block large ISPs. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
35. FIVETENKLEZ - ”Lists mailservers that send AV notification responses to Klez and similar viruses that forge the return address. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
36. FIVETENMULTI - ”Lists multi-stage open relays. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
37. FIVETENOPTIN - ”Lists bulk mailers that don't use confirmed opt-in. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
38. FIVETENOTHER - ”Lists servers with 'other issues.' NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
39. FIVETENSINGLE - ”Lists single-stage open relays. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
40. FIVETENSRC - ”Lists direct spam sources. Warning: Lists entire Class B ranges if 1 IP sends them spam! NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
41. FIVETENTCPA - ”Lists companies that violate the TCPA act, by leaving pre-recorded telephone sales calls or not maintaining a do-not-call list. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
42. FIVETENWEBFORM - ”Lists servers running vulnerable web scripts that can send spam. NOTE: If you are listed, you can find the address to get removed on their page ('blackhole').”
  Code:
```
h**p://blackholes.five-ten-sg.com
```
43. FLOWGO - ”Unknown and undocumented, but operational (confirmed 24 Oct 2001). 'Lists FloNetwork systems' according to one source. Flonetwork was apparently bought out by DoubleClick.”
  Code:
```
h**p://flowgoaway.com
```
44. GIPPER - ”A listing of computers which are running an insecure h**p proxy that allows arbitrary port connections. No TXT records, no 127.0.0.2 test entry. Warning: Can't Be Tested.”
  Code:
```
h**p://proxy.bl.gweep.ca
```
45. GIRL - ”Gweep.ca Insecure Relay List. Lists open relays. No TXT records, no 127.0.0.2 test entry. Warning: Can't Be Tested.”
  Code:
```
h**p://relays.bl.gweep.ca
```
46. GRIP - ”Randomly lists random IPs. Obviously, this should not be used as a spam test. No TXT records, no 127.0.0.2 test entry. Warning: Can't Be Tested.”
  Code:
```
h**p://random.bl.gweep.ca
```
47. HIL - ”Lists IPs of mailservers that infringe on Habeas' intellectual property, and are unwilling or unable to rectify the situation in a timely matter. Note that it is not DNS-accessible yet; it requires that you connect directly to hil.habeas.com. No TXT records. Confirmed 30 Oct 2002. Warning: Can't Be Tested.”
  Code:
```
h**p://hil.habeas.com
```
48. HILLI - ”Undocumented.”
  Code:
```
h**p://blocked.hilli.dk
```
49. HUL - ”Lists IPs of Habeas licensees. Used as a whitelist. Requires a license agreement to be filled out. Warning: Can't Be Tested.”
50. ICMFORBIDDEN - ”Lists IPs of companies that took ORBS to court. No TXT records, no 127.0.0.2 test entry. Warning: Can't Be Tested.”
  Code:
```
h**p://forbidden.icm.edu.pl
```
51. INFORMATIONWAVE - ”Lists spammers. No TXT records, no 127.0.0.2 test entry. Warning: Can't Be Tested.”
  Code:
```
h**p://blacklist.informationwave.net
```
52. INTERSIL - ”Undocumented (but confirmed).”
  Code:
```
h**p://blackholes.intersil.net
```
53. IPWHOIS - ”Lists domains that have incorrect or otherwise bad information in their IP whois data. Note that this MAY have the same flaw as the BADWHOIS test and could list major portions of the Internet.”
  Code:
```
h**p://ipwhois.rfc-ignorant.org
```
54. JAMMDNSBL - ”Currently undocumented. Returns 127.0.0.2 for spammers, .3 for open relays, .4 for insecure E-mail scripts, .5 for open proxies, and .6 for dynamic IP ranges. Warning: Lists IP ranges for some entire countries.”
  Code:
```
h**p://dnsbl.jammconsulting.com
```
55. KEMPTBL - ”Lists any mailserver that sends spam or E-mail with forged headers. You must contact them to use it. Warning: Can't Be Tested.”
56. KITHRUP - ”Unknown. Note the possibly odd '0.0.0.0' response that could break existing anti-spam programs.”
  Code:
```
h**p://3y.spam.mrs.kithrup.com
```
57. KROPKA-IP - ”Lists static IPs, whole networks. Warning: Can't Be Tested.”
  KROPKA-DIALUPS - ”Lists dialups and dynamic IPs. Warning: Can't Be Tested.”
  KROPKA-RELAYS - ”Lists open relays. Warning: Can't Be Tested.”
  KROPKA-PROXIES - ”Lists open proxies. Warning: Can't Be Tested.”
  KROPKA-FORMS - ”Lists unsecured forms and subscriptions. Warning: Can't Be Tested.”
  KROPKA-LAMEAV - ”Lists systems that send virus notifications to forged sender. Warning: Can't Be Tested.”
  Code:
```
h**p://all.rbl.kropka.net
```

Continue below due to character amount limitation......

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:28 AM #7

......Continuing from above

KUNDENSERVER - ”Run by a large web hosting company that tests mailservers that connect to it, to see if they are open relays. Lists the open relays for several weeks/months.”
Code:
```
h**p://relays.bl.kundenserver.de
```
LBL - ”Has many different criteria for listing, such as companies that favor spam, spamware vendors.”
Code:
```
h**p://lbl.lagengymnastik.dk
```
LNSGBLOCK - ”Lists blocks of addresses that may contain spammers, but only if there are no reverse DNS entries. Confirmed test entry on 08 Jan 2002.”
LNSGBULK - ”Lists bulk mailers that don't have confirmed opt-in, or that allow spam to be sent. Confirmed test entry on 08 Jan 2002.”
LNSGDUL - ”Lists dialup lines (remember, DUL-type tests should NOT be run against local users). Confirmed that the zone exists on 30 Oct 2001, confirmed test entry on 08 Jan 2002.”
LNSGMULTI - ”Lists multiple stage open relays that are not on other spam databases. Confirmed test entry on 08 Jan 2002.”
LNSGOR - ”Lists single-stage open relays that are not on other spam databases. Confirmed test entry on 08 Jan 2002.”
LNSGSRC - ”Lists spam sources (any mail server sending spam). Confirmed test entry on 08 Jan 2002.”
Code:
```
h**p://spamguard.leadmon.net
```
MAILDEFLECTOR - ”A pay service that lists IPs based on spambait addresses and customer submissions. Customers can add/remove IP ranges and/or countries for their own use, using a simple checkbox list. $150/year/server, 60 day free trial (free for non-profits/hobbyists). Warning: Can't Be Tested.”
MAPS-DUL - ”MAPS DUL (Dialup User List) was another very important ip4r DNS lookup, but since it now requires a subscription, other dialup tests may be used instead. It lists the IP addresses of lots of 'dialup lines' -- the connections that individuals get when then dial into the Internet. Although lots of legitimate E-mail originates from dialup lines, legitimate users very rarely if ever send mail directly to the receiving SMTP server; they send mail to their ISP's mail server. Therefore, it is safe to say that if anyone listed in DUL connects to your mail server, they are not sending legitimate E-mail. We recommend using the DUL test. A pay service as of 7/31/2001. Warning: Can't Be Tested.”
Code:
```
h**p://dialups.mail-abuse.org
```
MAPS-NML - ”MAPS NML (Non-confirming Mailing List) lists mail servers that send out mailing list E-mail for lists that do not confirm the subscriptions. Mailing lists that send E-mail without confirming will often end up sending spam, as people think it is a cute practical joke to add their friends to the list.A pay service. Unconfirmed. Warning: Can't Be Tested.”
MAPS-OPS - ”MAPS OPS (Open Proxy Stopper) lists computers that are running open proxies. A pay service. Unconfirmed. Warning: Can't Be Tested.”
MAPS-RBL - ”MAPS RBL (Realtime Blackhole List) was once the most important ip4r DNS lookup, but it is less used now that it requires a subscription. It lists networks known to be friendly or neutral to spammers. In most cases, it is very good about only listing mail servers that send out a lot of spam, and not simply open relays that get hijacked once and then are secured. Because of this, we recommend using the RBL test. A pay service as of 7/31/2001. Warning: Can't Be Tested.”
Code:
```
h**p://blackholes.mail-abuse.org
```
MAPS-RBLPLUS - ”MAPS RBL+ is a paid service that apparently combines RBL, RSS, DUL, and OPS into a single lookup. It appears that you can't test it without a subscription. Warning: Can't Be Tested.”
Code:
```
h**p://rbl-plus.mail-abuse.org
```
MAPS-RSS - ”MAPS RSS (Relay Spam Stopper) lists spam-relaying mail servers. These are open relays that have been known to send spam. They may well be legitimate mail servers that were open relays, and may be closed soon. However, they were open relays and did send spam. This is similar to RBL, except that the mail servers may be anti-spam and quick to fix the problem. In that case, you may be blocking legitimate mail until the problem is fixed. There is no grace period, so if the server is caught sending spam and is still an open relay, it will be listed immediately. In June, 2001 it contained about 100,000 mail servers! A pay service as of 7/31/2001. Warning: Can't Be Tested.”
Code:
```
h**p://relays.mail-abuse.org
```
MITSUBISHI - ”A private spam database. You can perform a lookup at”
Code:
```
h**p://www.DNSstuff.com
```
NERD - ”Lists IPs in certain countries. Missing test entry of 127.0.0.2. Confirmed 18 Jun 2002. Warning: Can't Be Tested.”
Code:
```
h**p://countries.nerd.dk
```
NETHERRELAYS - ”Lists mailservers that send to non-existent accounts at nether.net. Zone transfers requested for large use hosts.”
Code:
```
h**p://relays.nether.net
```
NETHERUNSURE - ”Lists mailservers that cannot be tested. Zone transfers requested for large use hosts.”
Code:
```
h**p://unsure.nether.net
```
NJABL - ”Lists open relays and known spam sources. Test listing confirmed 07 Jan 2002.”
NJABLDUL - ”Lists dialup lines and other dynamic IP ranges. NOTE: As with other dialup lists, you should NOT use this to scan mail from your users, if you are an ISP. Test listing confirmed 07 Jan 2002.”
NJABLFORMMAIL - ”Lists servers with insecure formmail scripts. Test listing confirmed 29 Oct 2002.”
NJABLMULTI - ”Lists multi-stage open relays. Will notify the appropriate NIC one week in advance of listing, to allow them to correct the problem. Test listing confirmed 29 Oct 2002.”
NJABLPROXIES - ”Lists open proxy servers. Test listing confirmed 29 Oct 2002.”
NJABLSOURCES - ”Lists spam sources. Will include commercial spammers, direct-to-mx, and proxies. IP ranges will be added only if they can be identified with the spammer. Test listing confirmed 29 Oct 2002.”
Code:
```
h**p://dnsbl.njabl.org
```
NLKUNBLACKLIST - ”Documentation not in English. No TXT records, missing test entry of 127.0.0.2. Warning: Can't Be Tested.”
Code:
```
h**p://blacklist.sci.kun.nl
```
NLKUNWHITELIST - ”Documentation not in English. Apparently a whitelist. No TXT records, missing test entry of 127.0.0.2. Warning: Can't Be Tested.”
Code:
```
h**p://whitelist.sci.kun.nl
```
NOMOREFUNN - ”Undocumented. Will list dialup networks that send spam, and are outside Scandinavia. Lists IPs that send spam or attempt relaying. Also lists networks of Danish spammers. Confirmed 09 Apr 2002.”
Code:
```
h**p://no-more-funn.moensted.dk
```
ORID - ”Designed to list mailservers sending spam, at the time they are sending it (not before or after).”
Code:
```
h**p://dnsbl.antispam.or.id
```
ORDB - ”Open Relay Database. Lists open relays. Has corresponding TXT records. Had about 81,000 entries as of 7/23/01, hit 200,000 on 22 Jan 2002. Will notify servers when they get listed, and will automatically re-test periodically.”
Code:
```
h**p://relays.ordb.org
```
ORVEDB - ”Lists hosts that are verified as open relays. No TXT records, missing test entry 127.0.0.2. Warning: Can't Be Tested.”
Code:
```
h**p://orvedb.aupads.org
```
PDL - ”Pan-Am Internet Services' Dynamic List. Lists home dialup, broadband, and similar networks. No TXT records, missing 127.0.0.2 test entry. Warning: Can't Be Tested.”
Code:
```
h**p://dialups.visi.com
```
POSTFIXGATE - ”A pay service with a list of mail servers that send spam. Includes TXT records. Verified Nov 28 2001. Warning: Can't Be Tested.”
Code:
```
h**p://bl.redhatgate.com
```
RELAYWATCHER - ”RelayWatcher was designed to create a network of relay testers that report their results to a central server.”
Code:
```
h**p://relaywatcher.n13mbl.com
```
REYNOLDSOHPS - ”Reynolds Open h**p Proxy Server Block List. Lists servers that have open web proxies that are being abused. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://ohps.bl.reynolds.net.au
```
REYNOLDSOMRS - ”Reynolds Open Multi-Level Relay Server Block List. [*Both ip4r and rhsbl*] Lists servers that are open multi-level relays and being abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Also appears to list open proxies. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://omrs.bl.reynolds.net.au
```
REYNOLDSOSPS - ”Reynolds Open Socks Proxy Server Block List. [*Both ip4r and rhsbl*] Lists servers that have open socks proxies that are being abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://osps.bl.reynolds.net.au
```
REYNOLDSOSRS - ”Reynolds Open Single-level Relay Server Block List. [*Both ip4r and rhsbl*] Lists servers that are open relays and being abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Also appears to list open proxies. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://osrs.bl.reynolds.net.au
```
REYNOLDSOWFS - ”Reynolds Open Web Form Server Block List. [*Both ip4r and rhsbl*] Lists servers with web form scripts that have been abused. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://owfs.bl.reynolds.net.au
```
REYNOLDSOWPS - ”Reynolds Open Wingate Proxy Server Block List. Lists servers that have open wingates that are being abused. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://owps.bl.reynolds.net.au
```
REYNOLDSRDTS - ”Reynolds Dialup/DSL Type Services Block List. Lists dialup, DSL, and other dynamic IP ranges. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://rdts.bl.reynolds.net.au
```
REYNOLDSRICN - ”Reynolds Incorrectly Configured Networks. Lists networks which appear to be incorrect configured. Includes networks with no/few reverse DNS entries, or lots of spam. Appears to list Class C ranges (dangerous!) rather than assigned network ranges. Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://ricn.bl.reynolds.net.au
```
REYNOLDSRMST - ”Reynolds Multiple Spam Traps Block List. [*Both ip4r and rhsbl*] Lists IPs/domains that send to spamtraps. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). Free for first 1,000 lookups per day. Confirmed on 24 Jan 2003.”
Code:
```
h**p://rmst.bl.reynolds.net.au
```
REYNOLDST1 - ”Reynolds 'Type 1' Block List. Lists servers that are listed in any of the other Reynolds lists. Free for first 1,000 lookups per day. Confirmed on 23 Jan 2003.”
Code:
```
h**p://t1.bl.reynolds.net.au
```
ROPE - ”Undocumented except in a mailing list. Apparently lists IPs sending spam to the person running rope.net. Confirmed 09 Apr 2002. No TXT records.”
Code:
```
h**p://rbl.rope.net
```
RSBL - ”Lists hosts that were verified a true and ostensible spammer activity. Warning: Will list legitimate mailservers that have no reverse DNS entry. No TXT records, missing test entry 127.0.0.2. Warning: Can't Be Tested.”
Code:
```
h**p://rsbl.aupads.org
```
RSL - ”visi.com Relay Stop List (RSL) is a list of mail servers that have relayed spam recently.”
Code:
```
h**p://relays.visi.com
```
SATOS - ”A personal blacklist, that lists IPs of spammers that send to the administrator of cluecentral.net. Warning: Can't Be Tested.”
Code:
```
h**p://satos.rbl.cluecentral.net
```
SBBL - ”Lists IPs of mailservers that send to spambait addresses at they.com. IPs are automatically removed.”
Code:
```
h**p://sbbl.they.com
```
SBL - ”Spamhaus Block List. Lists 'known spammers, spam gangs or spam support services'. Confirmed on 21 Mar 2002.”
Code:
```
h**p://sbl.spamhaus.org
```
SCHULTE - ”Lists mailservers that the administrator of the schulte.org domain doesn't want to get mail from. No TXT records, missing 127.0.0.2 test entry. Warning: Can't Be Tested.”
Code:
```
h**p://rbl.schulte.org
```
SDERB - ”Scary Devil Enterprises Realtime Blocklist. Lists IPs of mailservers that have sent mail to bad addresses on SDE mailservers in the past 2 1/2 hours, that are not in several other spam databases. No TXT records, missing 127.0.0.2 test entry. Warning: Can't Be Tested.”
Code:
```
h**p://msgid.bl.gweep.ca
```
SENDERBASE - ”Keeps track of how much E-mail is being sent from IPs/domains, has information about many of them, and will soon have a DNS lookup service. Warning: Can't Be Tested.”
SERVICESNET - ”Lists all IPs in South Korea; see URL for details. Unconfirmed 28 Oct 2002 due to no 127.0.0.2 test entry. Warning: Can't Be Tested.”
Code:
```
h**p://korea.services.net
```
SORBS-BLOCK - ”Spam and Open Relay Blocking System. This test lists networks that request never to be tested. Confirmed on 28 Aug 2003. Can also be used with the zone block.dnsbl.sorbs.net.”
SORBS-DUL - ”Spam and Open Relay Blocking System. This test lists dynamic IP ranges. Confirmed on 28 Aug 2003. Can also be used with the zone dul.dnsbl.sorbs.net.”
SORBS-h**p - ”Spam and Open Relay Blocking System. This test lists Open h**p Proxy servers. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone h**p.dnsbl.sorbs.net.”
SORBS-MISC - ”Spam and Open Relay Blocking System. This test lists open proxy servers not listed in the SORBS-h**p or SORBS-SOCKS tests. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone misc.dnsbl.sorbs.net.”
SORBS-SMTP - ”Spam and Open Relay Blocking System. This test lists open relays. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone smtp.dnsbl.sorbs.net.”
SORBS-SOCKS - ”Spam and Open Relay Blocking System. This test lists Open SOCKS Proxy servers. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone socks.dnsbl.sorbs.net.”
SORBS-SPAM - ”Spam and Open Relay Blocking System. This test lists hosts that have sent spam to the admins of SORBS. Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone spam.dnsbl.sorbs.net.”
SORBS-WEB - ”Spam and Open Relay Blocking System. This test lists web servers which have vulnerabilities that can be used by spammers (such as formmail scripts). Confirmed on 11 Dec 2002. May return multiple A records. Can also be used with the zone web.dnsbl.sorbs.net.”
SORBS-ZOMBIE - ”Spam and Open Relay Blocking System. This test lists networks hijacked from their original owners, some of which are already spamming.. Confirmed on 12 May 2003. Can also be used with the zone zombie.dnsbl.sorbs.net.”
Code:
```
h**p://dnsbl.sorbs.net
```
SPAMBAG - ”Lists networks that send out spam, perform dictionary attacks, both the direct sources and the networks used by them (and networks used to sell software used by them). Warning: Will list large ISPs that tolerate spamming (IE Sprint). May return codes other than 127.0.0.2. Test listing confirmed 14 Dec 2001.”
Code:
```
h**p://blacklist.spambag.org
```
SPAMCOP - ”Lists mail servers that have a high spam-to-legitimate-mail ratio. Catches about the most spam of all tests. Donations are requested.”
Code:
```
h**p://bl.spamcop.net
```
SPEWS - ”SPEWS is a list of areas on the Internet which several system administrators deny E-mail from. Warning: Intentionally lists legitimate mailservers that either have IPs close to spammers, or that had problems in the past that have been completely fixed. Should not be used to block mail, although could be used in a weighting system.”
Code:
```
h**p://spews.bl.reynolds.net.au
```
[TECHNOVISION - ”Lists IPs of mailservers that have sent spam to the administrator of technovision.dk.”
Code:
```
h**p://bl.technovision.dk
```
TRIUMF - ”Unconfirmable on 09 Apr 2002. Warning: Can't Be Tested.”
Code:
```
h**p://rbl.triumpf.ca
```
TUBERLIN - ”Unconfirmable on 09 Apr 2002. No documentation. Warning: Can't Be Tested.”
Code:
```
h**p://rblmap.tu-berlin.de
```
UCEB - ”A hardcore spam list; lists mailservers that have sent spam. Returns multiple A records. Confirmed 29 Oct 2002.”
Code:
```
h**p://blackholes.uceb.org
```
URBL - ”Lists every IP address (for the totally clueless: that means that every E-mail from anybody on the Internet will be blocked). Should not be used, of course. This one was included because it has a good point: you REALLY should know what and why a test blocks before using it. Confirmed 09 Apr 2002. Warning: Can't Be Tested.”
Code:
```
h**p://blocked.secnap.net
```
US - ”Lists IPs of about 20 different countries and many ISPs (one zone per country/ISP), including Verio. Confirmed 23 Aug 2002. Warning: Can't Be Tested.”
Code:
```
h**p://blackholes.us
```
VOX - ”Lists IPs that phydiux.com and it's partners have received spam from. Confirmed on 23 Oct 2002.”
Code:
```
h**p://vox.schpider.com
```
WSFF - ”Unconfirmable on 09 Apr 2002. No documentation. Warning: Can't Be Tested.”
Code:
```
h**p://will-spam-for-food.eu.org
```
WYTNIJ - ”Looks like a valid spam database, but untestable (on 24 Mar 2002). Instruction appear to be in Polish, although it's a Tonga domain. Warning: Can't Be Tested.”
Code:
```
h**p://spam.wytnij.to
```
XBL - ”Extreme spam Blocking List, possibly designed to have every known IP listed. Warning: They include Sprint and uunet IPs, and will not remove non-spammers from the list. Can return 127.0.0.2 as well as the documented 127.0.0.4. Re-confirmed 21 Mar 2002.”
Code:
```
h**p://xbl.selwerd.cx
```
YAMTA-SPAM - ”Lists IPs of spammers that have sent spam to the servers of the people that run this test. Confirmed on 30 Jun 2003.”
YAMTA-PROBES - ”Lists IPs of spammers that probed the servers of the people that run this test, to see if they are running an open relay. Confirmed on 30 Jun 2003..”
Code:
```
h**p://spamsources.yamta.org
```
YBL - ”Lists all known Yahoo (and subsidiaries) netblocks, worldwide. Confirmed on 01 Jun 2002.”
Code:
```
h**p://ybl.megacity.org
```

Now continue to Next step, below

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 12:33 AM

HOW TO SPEED-UP YOUR IP RESOLVING IN THE SUPERTRICK (hosts file)

Continuing from example 1

Code:

http://forums.techguy.org:80/showthread.php?p=2617026

& example 2:

Code:

http://forums.techguy.org:80/showthread.php?p=2617032

Gather and Insert IP into HOSTS file
1. Download and Install ActiveURLs, you will need this - "Smart explorer-like bookmark manager and web monitoring program. Detects dead links and duplicates, checks web sites for new stuff, monitor web-site availability
  Code:
```
h**p://www.ezgoal.com/channels/internet/f.asp?f=199969&fl=internet+software
```
2. Enable and Clean your Internet Log Program
  1. If you have Sygate Personal Firewarll, then
    1. Double-click on the icon in the notification area (bottom right corner of Windows)
    2. From menu, select TOOLS then OPTIONS
    3. Click on the "Log" tab. Change "Traffic Log File" and "Capture Full Packet" sizes to 10000. Make sure you "Capture Full Packet" is checked and hit "OK" to close that window
    4. Click the "Log" button
      Make sure all programs that could access the internet are closed
    5. From menu, select "Traffic Log". Then "File" & "Clear". Do the same to the "Packet Log"
  2. If you have Norton Internet Security, then
    1. Double-click on the icon in the notification area (bottom right corner of Windows)
    2. In the left, under "Norton Internet Security", select "Statistics"
    3. Click "View Logs" button
    4. A window opens. Right-click on "Connections" and select "Enable Loggin" then "Change Log File Size" to 2048K and click "OK"
    5. Highlight "Connections". From menu, select "Log" then "ClearCategory"
3. Check ALL of your bookmarks using ActiveURLs and/or browse to sites u regularly visit
4. Using Excel combine the files, if there is more than one. All you need is the Remote Host IP and Remote Host and in that order
5. Clean out the duplicates, localhost and any sites you feel are not worth to speed-up
6. Open HOSTS file and inser a new line with # right after "127.0.0.1 localhost"
7. Copy & paste the cells from Excel into the HOSTS file. Remember, the IP must in the first column then the letter address.
Now for the FUN and SURE way of speeding
1. Windows 2k/XP
  1. First, open the Windows Registry using Regedit, and (after backing up) navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
  2. Note the following lines (all hex dwords):
    Class = 008 (8) - indicates that TCP/IP is a name service provider, don't change
    LocalPriority = 1f3 (499) - local names cache
    HostsPriority = 1f4 (500) - the HOSTS file
    DnsPriority = 7d0 (2000) - DNS
    NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS
  3. What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:
  4. Change the "Priority" lines to:
    LocalPriority = 005 (5) - local names cache
    HostsPriority = 006 (6) - the HOSTS file
    DnsPriority = 007 (7) - DNS
    NetbtPriority = 008 (8) - NetBT name-resolution, including WINS
  5. Reboot for changes to take effect
2. Windows 9x/ME
  1. The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above
  2. Open the Windows Registry using Regedit, and (after backing up) navigate to:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvi der
  3. You should see the following settings:
    Class=hex:08,00,00,00
    
    LocalPriority=hex:f3,01,00,00
    HostsPriority=hex:f4,01,00,00
    DnsPriority=hex:d0,07,00,00
    NetbtPriority=hex:d1,07,00,00
  4. The "priority" lines should be changed to:
    LocalPriority=hex:05,00,00,00
    HostsPriority=hex:06,00,00,00
    DnsPriority=hex:07,00,00,00
    NetbtPriority=hex:08,00,00,00
  5. Reboot for changes to take effect
System.ini IRQ Tweak - Windows 9x/ME ONLY
1. Find your Network Card's IRQ
  1. In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ
  2. Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter
2. Adding the entry to System.ini
  1. Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"
  2. Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.
    Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect
3. Additional Thoughts
  1. The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more
  2. This tweak may or may not work for you. It is not a documented tweak by Windows
  3. Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini
  4. In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications
  5. If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller
  6. For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:35 AM #9

HOW TO STOP SPAM VIA WINDOWS MESSENGER SERVICE
Below you'll find many ways (sorted in the most successful ratio first) to stop the Windows Messenger service, depending on your system environment, some may require more than one process. This service is available only on NT, 2K, XP & Server 2003. Administrator Login is REQUIRED

About The Messenger Service

Messenger is a Windows Service that runs in the background
Messenger is not the same as MSN Messenger or any other Instant Messaging Program
Messenger does not facilitate two-way chatting
Many Windows Programs, Firewalls, UPS and Antiviruses require the Messenger Service
Antivirus and UPS software, among others, may not work if Messenger is disabled
The Messenger Service is usually turned on by default in most Windows NT, 2K and XP systems

Manually
1. Example 1
  1. Click Start, Run and enter the following command:
    RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
    NOTE: This will prevent a long delay when opening Outlook Express if you have the Contacts pane enabled
  2. To prevent this, click Start, Run and enter {REGEDIT} Go to:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express
  3. Right click in the right pane and select New, Dword value
  4. Give it the name Hide Messenger Double click this new entry and set the value to 2
  5. End result should look EXACTLY like this:
    System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express]
    Value Name: Hide Messenger
    Data Type: REG_DWORD (DWORD Value)
    Value Data: (2 = remove messenger)
2. Example 2
  1. Copy and paste the following to Run Command Bar in the Start Menu:
    RunDll32.exe advpack.dll,LaunchINFSection
    %windir%\inf\msmsgs.inf,BLC.Remove
3. Example 3
  1. If Example 5 didn't work, then try this - Many users miss or don't know of it
  2. Click on Start then go to RUN and type:
    C:\WINDOWS\inf\sysoc.inf
  3. Change:
    msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
  4. To:
    msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7
  5. Then use Add/Remove Windows Components to remove Messenger
    NOTE: You can also prevent access to Windows Messenger using Group Policy or the Set Program Access and Defaults utility added by default in Windows XP SP1 and Windows 2000 SP3
4. Example 4
  1. Open Windows Messenger
  2. From the menu, select "Tools" then "Options" then "Preferences" tab
  3. Uncheck "Run this program when Windows starts"
  4. Open Outlook Express
  5. From the menu, select "Tools" then "Options" then "General" tab
  6. Uncheck the option to "Automatically log on", if it's there
  7. Also in Outlook Express, select "View" then "Layout"
  8. Uncheck the option to "display Contacts" - The program will open a connection and display a list of all Contacts on line if you do not
  9. In "Startup Folder" make sure there is no entry there for Messenger
  10. Open Norton Anti-Virus if you have it installed
  11. Click "Options" then "Instant Messenger"
  12. Unckeck "Windows Messenger (recommended"
    NOTE: This list ought to work in disassociate MSN from Outlook Express, so that it'll only start up if you really want it to
5. Example 5
  1. 2000
    - Click Start-> Settings-> Control Panel-> Administrative Tools->Services
    - Scroll down and highlight "Messenger"
    - Right-click the highlighted line and choose Properties
    - Click the STOP button
    - Select Disable in the Startup Type scroll bar
    - Click OK
  2. XP Home
    - Click Start->Settings ->Control Panel
    - Click Performance and Maintenance
    - Click Administrative Tools
    - Double click Services
    - Scroll down and highlight "Messenger"
    - Right-click the highlighted line and choose Properties
    - Click the STOP button
    - Select Disable in the Startup Type scroll bar
    - Click OK
  3. XP Professional
    - Click Start->Settings ->Control Panel
    - Click Administrative Tools
    - Click Services
    - Double click Services
    - Scroll down and highlight "Messenger"
    - Right-click the highlighted line and choose Properties.
    - Click the STOP button.
    - Select Disable in the Startup Type scroll bar
    - Click OK
  4. Windows NT
    - Click Start ->Control Panel
    - Double Click Administrative Tools
    - Select Services-> Double-click on Messenger
    - In the Messenger Properties window, select Stop
    - Then choose Disable as the Startup Type
    - Click OK
    NOTE: If you stop the service and don’t adjust the startup type, the Messenger service will start automatically the next time you reboot. Keep in mind that when you disable the Messenger service, you'll no longer receive messages about an attached UPS, and you won’t be notified of print job completion, performance alerts, or antivirus activity (from Windows) not the program you're using for those purposes.
6. Example 6
  1. To disable receipt of messenger pop-ups, verify that your firewall disables inbound traffic on UDP ports 135, 137, and 138, and TCP ports 135 and 139. On a system connected directly to the Internet, you should also disable inbound traffic on TCP port 445. If the system you want to protect is part of a Win2K-based network with Active Directory (AD), don't block incoming traffic on port 445 - Microsoft Knowledge Base Article - 330904
    Code:
```
h**p://support.microsoft.com/default.aspx?scid=kb;en-us;330904
```
    NOTE: You can use the firewall approach only if your system doesn't communicate with legacy systems that rely on NetBIOS name resolution to locate machines and shared resources. If, for example, you let users running Windows 9x share your printer or scanner, when you disable inbound NetBIOS traffic, users won't be able to connect to these shared resources. Regardless of the method you choose, you can stop messenger spam
Program
1. Example 1
  1. NOTE: On Oct 15, 2003, Microsoft releases Critical Security Bulletin MS03-043 warning users that the Windows Messenger Service running and exposed by default in all versions of Windows NT, 2000 and XP, contains a "Remote Code Execution" vulnerability that allows any not otherwise secured and protected Windows machine to be taken over and remotely compromised over the Internet
  2. Shoot the Messenger
    Code:
```
h**p://grc.com/files/shootthemessenger.exe
```
2. Example 2
  1. Messenger Disable
    Code:
```
h**p://www.dougknox.com/xp/utils/MessengerDisable.zip
```
    NOTE: If you choose to uninstall Windows Messenger on a system with SP1 installed, you will receive an error message about "un-registering" an OCX file. This is normal, and doest not affect the removal process. Windows Messenger will still be removed
TEST
1. Example 1
  1. Right-click "My Computer"
  2. Select "Manage"
  3. Under "System Tools" right-click on "Shared Folders"
  4. Choose "All Tasks" and select "Send Console Message..."
  5. If you recieve the following error message then the service has been disabled, otherwise confirm that you have disabled it or try another example
    "The following error occured while reading the list of sessions from Windows clients:
    Error 2114: The Server service is not started."
2. Example 2
  1. Click Start then "Run"
  2. Type in {cmd.exe}
  3. Type in net send 127.0.0.1 hi
  4. If you get a popup "hi" message, then confirm that you have disabled it or try another example
IF YOU INSIST
1. If you insist on keeping Windows Messenger, then I'd recommend Messenger Manager - "Allows you to keep your messenger service running, as is intended and needed by Windows. This ensures that vital system errors and notifications may be sent informing you of Important System Events"
  Code:
```
h**p://www.sellertools.com/default.asp?i=MessageManager3.htm
```
2. However, as a replacement to Windows Messenger remote control feature, I'd recommend this free tool Virtual Network Computing - "It is a remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home"
  Code:
```
h**p://www.realvnc.com/download.html
```

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:36 AM **#10**

HOW TO TWEAK THE REGISTRY SETTINGS FOR MAXIMUM PROTECTION FROM NETWORK ATTACK

The following registry settings will help to increase the resistance of the NT or Windows 2000 network stack to network denial of service attacks. All of the TCP/IP parameters are registry values located under the registry key:

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services:
\Tcpip
\Parameters

SynAttackProtect
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD
3. Valid Range: 0, 1, 2
  0 (no synattack protection)
  1 (reduced retransmission retries and delayed RCE (route cache entry) creation if the TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are satisfied.)
  2 (in addition to 1 a delayed indication to Winsock is made.)
  Note: When the system finds itself under attack the following options on any socket can no longer be enabled : Scalable windows (RFC 1323) and per adapter configured TCP parameters (Initial RTT, window size). This is because when protection is functioning the route cache entry is not queried before the SYN-ACK is sent and the Winsock options are not available at this stage of the connection.
4. Default: 0 (False)
5. Recommendation: 2
6. Description: Synattack protection involves reducing the amount of retransmissions for the SYN-ACKS, which will reduce the time for which resources have to remain allocated. The allocation of route cache entry resources is delayed until a connection is made. If synattackprotect = 2, then the connection indication to AFD is delayed until the three-way handshake is completed. Also note that the actions taken by the protection mechanism only occur if TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are exceeded
TcpMaxHalfOpen
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD—Number
3. Valid Range: 100–0xFFFF
4. Default: 100 (Professional, Server), 500 (advanced server)
5. Recommendation: default
6. Description: This parameter controls the number of connections in the SYN-RCVD state allowed before SYN-ATTACK protection begins to operate. If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen backlog on the port you want to protect(see Backlog Parameters for more information) . See the SynAttackProtect parameter for more details
TcpMaxHalfOpenRetried
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD—Number
3. Valid Range: 80–0xFFFF
4. Default: 80 (Professional, Server), 400 (Advanced Server)
5. Recommendation: default
6. Description: This parameter controls the number of connections in the SYN-RCVD state for which there has been at least one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate. See the SynAttackProtect parameter for more details
EnablePMTUDiscovery
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD—Boolean
3. Valid Range: 0, 1 (False, True)
4. Default: 1 (True)
5. Recommendation: 0
6. Description: When this parameter is set to 1 (True) TCP attempts to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. Fragmentation adversely affects TCP throughput and network congestion. Setting this parameter to 0 causes an MTU of 576 bytes to be used for all connections that are not to hosts on the local subnet
NoNameReleaseOnDemand
1. Key: Netbt\Parameters
2. Value Type: REG_DWORD—Boolean
3. Valid Range: 0, 1 (False, True)
4. Default: 0 (False)
5. Recommendation: 1
6. Description: This parameter determines whether the computer releases its NetBIOS name when it receives a name-release request from the network. It was added to allow the administrator to protect the machine against malicious name-release attacks
EnableDeadGWDetect
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD—Boolean
3. Valid Range: 0, 1 (False, True)
4. Default: 1 (True)
5. Recommendation: 0
6. Description: When this parameter is 1, TCP is allowed to perform dead-gateway detection. With this feature enabled, TCP may ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways may be defined in the Advanced section of the TCP/IP configuration dialog in the Network Control Panel. See the "Dead Gateway Detection" section in this paper for details
KeepAliveTime
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD—Time in milliseconds
3. Valid Range: 1–0xFFFFFFFF
4. Default: 7,200,000 (two hours)
5. Recommendation: 300,000
6. Description: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application
PerformRouterDiscovery
1. Key: Tcpip\Parameters\Interfaces\
2. Value Type: REG_DWORD
3. Valid Range: 0,1,2
  0 (disabled)
  1 (enabled)
  2 (enable only if DHCP sends the router discover option)
4. Default: 2, DHCP-controlled but off by default.
5. Recommendation: 0
6. Description: This parameter controls whether Windows 2000 attempts to perform router discovery per RFC 1256 on a per-interface basis. See also SolicitationAddressBcast
EnableICMPRedirects
1. Key: Tcpip\Parameters
2. Value Type: REG_DWORD
3. Valid Range: 0, 1 (False, True)
4. Default: 1 (True)
5. Recommendation: 0 (False)
6. Description: This parameter controls whether Windows 2000 will alter its route table in response to ICMP redirect messages that are sent to it by network devices such as a routers

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:43 AM **#11**

COPY/MOVE TO Function
Did you ever want to right-click in explorer and simply move or copy file/directory?? Well, now you can. Simply create a new text file called "install_copy_move_to.vbs" and copy/paste the first code below, then create another new text file called "uninstall_copy_move_to.vbs" and copy/paste the second code. Then run "install_copy_move_to.vbs", test it by right-clicking a file or directory in explorer. To uninstall, simply run "uninstall_copy_move_to.vbs". Please note that upon executing this script, your Anti-Virus program, Windows and/or Firewall programs will alert you to stop this script, simply because of this extension "vbs". "vbs" is a common virus, trojan and other type of script that malicious users use. However, I assure you this script is safe, yet please follow the notes from above and ALWAYS backup your registery and system before any of these or anyone's tips. ENJOY.

First Code

Code:

If (MsgBox ("Are you sure you want to install the Copy/Move To Extensions?", VBYesNo) = vbYes) then
	Set WshShell = WScript.CreateObject("WScript.Shell")

	' Copy uninstall file and Add uninstall reg entry
	WinDir = WshShell.ExpandEnvironmentStrings("%Windir%")
	Set fso = WScript.CreateObject("Scripting.FileSystemObject")
	Call fso.CopyFile("uninstallcopymoveto.vbs", _
		WinDir & "\uninstallcopymoveto.vbs", True)
	Set fso = Nothing
	BaseKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Copy Move To Extensions\"
	Call WshShell.RegWrite (BaseKey & "DisplayName", _
		"Copy/Move To Extensions","REG_SZ")
	Call WshShell.RegWrite (BaseKey & "UninstallString", _
		"cscript.exe " & WinDir & "\uninstallcopymoveto.vbs" ,"REG_SZ")

	' Add Copy/Move Extensions
	Call WshShell.RegWrite ("HKCR\Directory\shellex\ContextMenuHandlers\Copy To\", "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")
	Call WshShell.RegWrite ("HKCR\*\shellex\ContextMenuHandlers\Copy To\",  "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")
	Call WshShell.RegWrite ("HKCR\Directory\shellex\ContextMenuHandlers\Move To\", "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")
	Call WshShell.RegWrite ("HKCR\*\shellex\ContextMenuHandlers\Move To\",  "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" ,"REG_SZ")

	Set WshShell = Nothing

	MsgBox "Install Finished!"
End If

Second Code

Code:

If (MsgBox ("Are you sure you want to uninstall the Copy/Move To Extensions?", VBYesNo) = vbYes) then
	Set WshShell = WScript.CreateObject("WScript.Shell")

	' Remove Copy/Move Extensions
	Call WshShell.RegDelete ("HKCR\Directory\shellex\ContextMenuHandlers\Copy To\")
	Call WshShell.RegDelete ("HKCR\*\shellex\ContextMenuHandlers\Copy To\")
	Call WshShell.RegDelete ("HKCR\Directory\shellex\ContextMenuHandlers\Move To\")
	Call WshShell.RegDelete ("HKCR\*\shellex\ContextMenuHandlers\Move To\")

	' Remove uninstall reg entry and delete uninstall file
	BaseKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Copy Move To Extensions\"
	Call WshShell.RegDelete (BaseKey)

	WinDir = WshShell.ExpandEnvironmentStrings("%Windir%")
	Set fso = WScript.CreateObject("Scripting.FileSystemObject")
	Call fso.DeleteFile(WinDir & "\uninstallcopymoveto.vbs", True)
	Set fso = Nothing

	Set WshShell = Nothing

	MsgBox "Uninstall Finished!"
End If

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

0110 · 17-May-2005, 12:45 AM **#12**

REGISTRY TWEAKS TO SPEED UP YOUR INTERNET SPEED
Instructions: Open notepad, copy and paste the code, then save using the names I have here. Click that file and select "YES" to apply the tweak. You may have to reboot for the tweak to work.

WARNING: editing the registry can be dangerous if you don't know what you're doing, make sure to USE YOUR HEAD, if you removed something you didn't want to, don't worry, just use the back up in this program

DNS Parameters (dns.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Dnscache\Parameters]
  "CacheHashTableBucketSize"=dword:00000001
  "CacheHashTableSize"=dword:00000180
  "MaxCacheEntryTtlLimit"=dword:0000fa00
  "MaxSOACacheEntryTtlLimit"=dword:0000012d
  When you type a site's address and click go, the browser will have to resolve that address into an IP first. With this tweak the DNS is used so it would not be needed to ask for such info every time you click go.
Scheduled Tasks (remote.reg)
1. [HKEY_LOCAL_MACHINE/Software/ Microsoft/ Windows/ Current Version/ Explorer/ RemoteComputer/ NameSpace]
  Find the key named {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it.
  This key instructs Windows to search for Scheduled Tasks on remote computers. Most people don't ever use it, so why keep it.
Forward Buffer Memory (buffer.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
  "ForwardBufferMemory"=dword:00024a00
  "NumForwardPackets"=dword:0000024a
  "MaxForwardBufferMemory"=dword:00024a00
  "MaxNumForwardPackets"=dword:0000024a
  This controls how much RAM TCP/IP uses for storing packet data in the router packet queue.
Special Tweak-TCPIP1 (tcpip1.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
  "DefaultReceiveWindow"=dword:00004000
  "DefaultSendWindow"=dword:00004000
  "DisableAddressSharing"=dword:00000000
  "DisableRawSecurity"=dword:00000000
  "DynamicBacklogGrowthDelta"=dword:00000032
  "FastCopyReceiveThreshold"=dword:00000800
  "FastSendDatagramThreshold"=dword:00000800
  "IgnorePushBitOnReceives"=dword:00000000
  "IrpStackSize"=dword:00000004
  "LargeBufferListDepth"=dword:0000000a
  "LargeBufferSize"=dword:00002000
  "MaxActiveTransmitFileCount"=dword:00000002
  "MaxFastTransmit"=dword:00000040
  "MaxFastCopyTransmit"=dword:00000080
  "MediumBufferListDepth"=dword:00000018
  "MediumBufferSize"=dword:00001000
  "OverheadChargeGranularity"=dword:00000001
  "PriorityBoost"=dword:00000002
  "SmallBufferSize"=dword:00000400
  "SmallBufferListDepth"=dword:00000020
  "StandardAddressLength"=dword:00000018
  "TransmitWorker"=dword:00000020
Special Tweak-TCPIP 2 (tcpip2.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{3FEFA8E3-66C7-4C49-BCB0-3B4078E677C2}]
  "MTU"=dword:000005c0
  "MaxMTU"=dword:000005dc
  "RWIN"=dword:00001f8e
Cable/56K Modem (cable.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
  "ForwardBroadcasts"=dword:00000000
  "IPEnableRouter"=dword:00000000
  "UseDomainNameDevolution"=dword:00000000
  "EnableICMPRedirect"=dword:00000000
  "DeadGWDetectDefault"=dword:00000001
  "DontAddDefaultGatewayDefault"=dword:00000000
  "EnableSecurityFilters"=dword:00000001
  "AllowUnqualifiedQuery"=dword:00000000
  "PrioritizeRecordData"=dword:00000001
  "TCP1320Opts"=dword:00000001
  "TcpWindowSize"=dword:0003e900
  "TcpMaxDupAcks"=dword:00000001
  "EnablePMTUDiscovery"=dword:00000001
  "EnableFastRouteLookup"=dword:00000000
  "FFPControlFlags"=dword:00000001
  "FFPFastForwardingCacheSize"=dword:00030d40
  "ForwardBufferMemory"=dword:00019df7
  "MaxFreeTcbs"=dword:000007d0
  "MaxFreeTWTcbs"=dword:000007d0
  "MaxHashTableSize"=dword:00000800
  "MaxNormLookupMemory"=dword:00030d40
  "GlobalMaxTcpWindowSize"=dword:0003e900
  "TcpRecvSegmentSize"=dword:000005c0
  "LargeBufferSize"=dword:00002000
  "CacheTimeout"=dword:0000ea60
  "TCP132Opts"=dword:00000001
  "MaxForwardBufferMemory"=dword:001f4000
  "AllowUserRawAccess"=dword:00000000
  "ArpCacheLife"=dword:000002bc
  "ArpCacheSize"=dword:00000080
  "BufferMultiplier"=dword:00000200
  "DefaultRegistrationTTL"=dword:00000014
  "DefaultTTL"=dword:00000030
  "DisableAddressSharing"=dword:00000001
  "DisableReplaceAddressesInConflicts"=dword:00000000
  "DisableReverseAddressRegistrations"=dword:00000001
  "DisjointNameSpace"=dword:00000001
  "DynamicBacklogGrowthDelta"=dword:00000032
  "EnableDeadGWDetect"=dword:00000000
  "EnablePMTUBHDetect"=dword:00000000
  "IPReassemblyTimeOut"=dword:0000005a
  "KeepAliveTime"=dword:00023280
  "NoNameReleaseOnDemand"=dword:00000001
  "PerformRouterDiscovery"=dword:00000002
  "QueryIpMatching"=dword:00000000
  "SackOpts"=dword:00000001
  "SmallBufferSize"=dword:00000800
  "SmallerBufferSize"=dword:00000400
  "SynAckProtect"=dword:00000002
  "Tcp1323Opts"=dword:00000003
  "TCPDisableReceiveChecksum"=dword:00000000
  "TCPDisableSendChecksum"=dword:00000000
  "TcpKeepCnt"=dword:00000064
  "TcpKeepTries"=dword:0000000a
  "TcpLogLevel"=dword:00000000
  "TcpMaxConnectAttempts"=dword:00000002
  "TcpMaxHalfOpen"=dword:00000064
  "TcpMaxHalfOpenRetried"=dword:00000050
  "TcpMaxRetransmissionAttempts"=dword:00000005
  "TcpNumConnections"=dword:00000080
  "TcpSendDownMax"=dword:00008000
  "TcpSendSegmentSize"=dword:000005c0
  "TcpTimedWaitDelay"=dword:0000001e
  "UDPDisableSendChecksum"=dword:00000000
  "UDPDisableReceiveChecksum"=dword:00000000
  "UpdateSecurityLevel "=dword:00000000
  "TcpUseRFC1122UrgentPointer"=dword:00000000
  "MaxConnectionsPerServer"=dword:0000000a
  "MaxConnectionsPer1_0Server"=dword:00000014
  "FastSendDatagramThreshold"=dword:00001000
  "TransmitWorker"=dword:00000020
  "InitialSmallBufferCount"=dword:00000140
  "InitialMediumBufferCount"=dword:000000f0
  "InitialLargeBufferCount"=dword:00000064
  "DefaultReceiveWindow"=dword:0000e666
  "DefaultSendWindow"=dword:0000e666
  "MediumBufferSize"=dword:00001000
  "IgnorePushBitOnReceives"=dword:00000000
  "PriorityBoost"=dword:00000000
  "MaxFastTransmit"=dword:0000fa00
  "DefaultTOSValue"=dword:0000005c
  "IGMPLevel"=dword:00000002
  "BSDUrgent"=dword:00000001
  "BCastNameQueryCount"=dword:00000001
  "BcastQueryTimeout"=dword:00000064
  "LocalCopyMade"=dword:00000001
  "KeepAliveInterval"=dword:0000015e
  "MaxConnections"=dword:00000064
  "MaxConnectRetries"=dword:00000005
  "MaxDataRetries"=dword:00000063
  "LanaBase"=dword:00000000
  "NameTableSize"=dword:000000ff
  "NameSrvQueryTimeout"=dword:00000064
  "SessionKeepAlive"=dword:00001c20
  "SessionTableSize"=dword:000000ff
  "TcpMaxDataRetransmissions"=dword:00000006
  "DisableUserTOSSetting"=dword:00000000
  "Size/Small/Medium/Large"=dword:00000003
  "MaxDupAcks"=dword:00000003
  "RoutingBufSize"=dword:00023c00
  "RoutingPackets"=dword:00000064
  "MaxNumForwardPackets"=dword:0000024a
  "NumForwardPackets"=dword:0000024a
LanMan Workstation (lanman.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Para meters]
  "AutoShareWks"=dword:00000000
  "AutoShareServer"=dword:00000000
  "MaxCmds"=dword:00000020
  "MaxThreads"=dword:00000020
  "MaxCollectionCount"=dword:00000020
  "CacheFileTimeout"=dword:0000000f
  "DormantFileLimit"=dword:00000032
NetBT Parameters (netbt.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
  "NbProvider"="_tcp"
  "NameServerPort"=dword:00000089
  "BcastQueryTimeout"=dword:000002ee
  "NameSrvQueryCount"=dword:00000003
  "NameSrvQueryTimeout"=dword:000005dc
  "Size/Small/Medium/Large"=dword:00000001
  "SessionKeepAlive"=dword:0036ee80
  "TransportBindName"="\\Device\\"
  "EnableLMHOSTS"=dword:00000001
  "EnablePortLocking"=dword:00000001
  "BcastNameQueryCount"=dword:00000001
  "CacheTimeout"=dword:0000ea60
  "Size/Small/Medium/Large"=dword:00000003
  "NoNameReleaseOnDemand"=dword:00000001
MRU/MTU (mru_mtu.reg)
1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{3FEFA8E3-66C7-4C49-BCB0-3B4078E677C2}]
  "MTU"=dword:000005c0
  "MaxMTU"=dword:000005dc
  "RWIN"=dword:00001f8e

0110 · 17-May-2005, 12:46 AM **#13**

CAN'T ACCESS SOME WEBSITES?
Does this happen to you? Every now and then when posting or previewing a post, or simply browsing; you get the page not available message or takes a long time to view? If you look at your firewall's log, you'll see that your ISP's and/or router IP is blocked (192.168.1.254 or .1).

Find the IP address of your gateway. If you're using Windows 2000 or XP, run IPCONFIG at a command prompt on the Host computer. If you're using Windows 98 or Me, run WINIPCFG on the Host computer. Either way, you'll get an address that looks like xxx.xxx.xxx.xxx (where the x's represent numbers).
1. Then, go to one of your Client machines, and type the following:
2. PING -f -l 1500 xxx.xxx.xxx.xxx
  (where xxx.xxx.xxx.xxx is the gateway address you obtained in the first step). You'll probably get an error message indicating that it must be fragmented. If you do, type the following:
3. PING -f -l 1492 xxx.xxx.xxx.xxx
  If that doesn't work, try this:
4. PING -f -l 1472 xxx.xxx.xxx.xxx
The numbers in each of these examples (1500, 1492, 1472) are the MTU values. Continue issuing this command with lower and lower MTU numbers until you get ping responses instead of an error message. The highest MTU value that works is the one you need to be using. If an MTU of 1500 (the first command, above) does not produce an error, then this solution won't work for you.

The next step is to configure all your Client computers to use the new, lower MTU as the default for all Internet communication.

Windows 2000 and XP:

Run the Registry Editor (REGEDIT.EXE) on one of your "Client" machines.
Navigate to HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Tcpip\ Parameters\ Interfaces
There should be several subkeys under the Interfaces key; most likely, you'll find three. View the contents of each key by clicking, and find the one that corresponds to your primary network adapter; it will be the one with more values than the other two, and will have an IP address value set to something like 192.168.0.x.
Once you've found the correct subkey, create a new DWORD value in it (Edit -> New -> DWORD Value), and name the value MTU.
Double-click the new value, choose the Decimal option, and type the MTU value determined above.
Click Ok when you're done - you'll need to restart Windows for this change take effect.
Repeat this for each Client machine.

Windows 98/Me:

Run the Registry Editor (REGEDIT.EXE) on one of your "Client" machines.
Navigate to HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Class\ Net\
Under that branch, find a key (numbered, such as 0005) that contains has TCP/IP assigned to the DriverDesc value.
Select New from the Edit menu, then String Value, and type MaxMTU for the name of the new value.
Double-click the new value, choose the Decimal option, and type the MTU value determined above.
Click Ok when you're done - you'll need to restart Windows for this change take effect.
Repeat this for each Client machine.

TCP/IP Analyzer Test

Code:

h**p://forums.speedguide.net:8117/

TCP Optimizer v.2 Beta

Code:

h**p://www.speedguide.net/files/TCPOptimizer2_rc1.exe

TCP Optimizer v.1

Code:

h**p://www.speedguide.net/files/TCPOptimizer.exe

REFERENCES:

Code:

h**p://rfc.net/rfc1191.html
h**p://support.microsoft.com/default.aspx?scid=kb;EN-US;q314053
h**p://www.cisco.com/warp/public/105/38.shtml
h**p://www.speedguide.net/tcpoptimizer.php
h**p://www.broadbandnuts.com/index.php?page=rwin
h**p://www.broadbandnuts.com/index.php?page=ping
h**p://www.broadbandnuts.com/index.php?page=dslpppoe
h**p://www.broadbandnuts.com/index.php?page=2kxpdef
h**p://www.broadbandnuts.com/index.php?page=win9xme
h**p://www.broadbandnuts.com/index.php?board=8;action=display;threadid=2150
h**p://www.broadbandnuts.com/index.php?page=dslwire1
h**p://www.j79zlr.com/cablenutXP2k.php h**p://www.j79zlr.com/cablenutME98.php
h**p://secinf.net/info/nt/2000ip/tcpipimp.html
h**p://www.perfectdrivers.com/

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

oldie · 17-May-2005, 12:52 PM **#14**

!!!!0*^%];

~Candy~ · 17-May-2005, 01:34 PM **#15**

Why might I sense possible plagarism here?

0110, since I'm sure you didn't write this yourself, you'd better post some links to the actual sites where you copied and pasted from.

Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze games gaming hard drive hardware hdmi internet java laptop malware memory monitor motherboard music network obp printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!