Nov18

HijackThis Tutorial

by wingman on November 18th, 2010 at 14:05
Posted In: Internet, Tutorial

What is HijackThis?
HijackThis is a program originally developed by Merijn Bellekom, a Dutch student studying chemistry and computer science. One of Merijn’s programs, Hijackthis, is an essential utility to help find and remove spyware, viruses, worms, trojans and other pests.

This is a basic guide to understanding the HijackThis logs, what specific sections mean and some tips on reading it yourself. Although its best to have a knowledgeable person help you examine the Hijackthis log and decide what to remove, its helpful to have a basic understanding of what the different sections mean and how they work.

In March 2007, Merijn sold Hijackthis to TrendMicro because he didnt have the time and energy to update it and support it. Trend Micro has incorporated many of Merijn’s changes, updates, and fixes and released a version 2 of Hijackthis.

Download HijackThis

To Download the original Hijackthis, click on the following link.

http://www.pchell.com/downloads/HijackThis.exe

To Download the NEW HijackThis 2.0, click below

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

New Features

The newest feature of HijackThis 2.0 is a button called AnalyzeThis that will upload your HijackThis log to the TrendSecure website and compare it to other uploaded log files. You can see a sample screenshot by clicking order antibiotics online target=”_blank”>here. Unfortunately I was hoping for more from this feature, although it does give you a rough estimate of the number of users that have a particular file in their logs as well. For the novice user however this doesnt explain WHAT the file does and if its really a threat or not. A better online tool to analyze the Hijackthis logs is found at http://www.hijackthis.de. There you can either cut and paste a copy of your HijackThis log or upload a log file from your computer to analyze. This information returned from the HijackThis.DE site is much more helpful in determining good and bad items in the log. For a screenshot of the Hijackthis.de analysis click here.

There appear to be other minor modifications as well.

Overview of items in the HijackThis logs

Each line in a HijackThis log starts with a section name. (For technical information on this, click ‘Info’ in the main window and scroll down. Highlight a line and click ‘More info on this item’.)

R0, R1, R2, R3 – IE Start & Search page

R0 – Changed registry value

R1 – Created registry value

R2 – Created registry key

R3 – Created extra registry value where only one should be

What it looks like:

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page=http://www.google.com/

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL=http://www.google.com/

R3 – Default URLSearchHook is missing

What to do:

If you recognize the URL at the end as your homepage or search engine, it’s OK. If you don’t, check it and have HijackThis fix it. In cases like a hijacker you may want to leave them til later but in general if you dont recognize it, fix it.

For the R3 items, always fix them unless it mentions a program you recognize.

F0,F1, F2, F3 – Autoloading programs

F0 – Changed inifile value

F1 – Created inifile value

F2 – Changed inifile value, mapped to Registry

F3 – Created inifile value, mapped to Registry

What it looks like:

F0 – system.ini: Shell=Explorer.exe Openme.exe

F1 – win.ini: run=hpfsched

What to do:

The F0 items are always bad, so fix them.

The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it’s good or bad.

N1,N2, N3, N4 – Netscape/Mozilla Start & Search page

N1 – Change in prefs.js of Netscape 4.x

N2 – Change in prefs.js of Netscape 6

N3 – Change in prefs.js of Netscape 7

N4 – Change in prefs.js of Mozilla

What it looks like:

N1 – Netscape 4: user_pref(“browser.startup.homepage”, “www.google.com”); (C:Program FilesNetscapeUsersdefaultprefs.js)
N2 – Netscape 6: user_pref(“browser.startup.homepage”, “http://www.google.com”); (C:Documents and SettingsUserApplication DataMozillaProfilesdefaulto9t1tfl.sltprefs.js)

What to do:

Usually the Netscape and Mozilla homepage and search page are safe.

They rarely get hijacked. Should you see an URL you don’t recognize as

your homepage or search page, have HijackThis fix it.

O1- Hosts file redirection

What it looks like:

O1 – Hosts: 216.177.73.139 auto.search.msn.com

O1 – Hosts: 216.177.73.139 search.netscape.com

O1 – Hosts: 216.177.73.139 ieautosearch

What to do:

This hijack will redirect the address to the right to the IP address to the left. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.

O2- Browser Helper Objects

What it looks like:

O2 – BHO: Yahoo! Companion BHO – {13F537F0-AF09-11d6-9029-0002B31F9E59} – C:PROGRAM FILESYAHOO!COMPANIONYCOMP5_0_2_4.DLL

O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}- C:\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 – BHO: (no name) – {724d43a9-0d85-11d4-9908-00400523e39a} -C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

What to do:

If you don’t directly recognize a Browser Helper Object’s name, use TonyK’s BHO List to find it by the class ID (CLSID, the number between curly brackets) and see if it’s good or bad. In the BHO List, ‘X’ means spyware and ‘L’ means safe. Or Upload your Hijackthis log to the Online HijackThis Analyzer and see if its safe.

O3 – IE toolbars

What it looks like:

O3 – Toolbar: Popup Eliminator – {86BCA93E-457B-4054-AFB0-E428DA1563E1} – C:PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)

O3 – Toolbar: &RoboForm – {724d43a0-0d85-11d4-9908-00400523e39a} – C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

What to do:

If you don’t directly recognize a toolbar’s name, use TonyK’s Toolbar List to find it by the class ID (CLSID, the number between curly brackets) and see if it’s good or bad. In the Toolbar List, ‘X’ means spyware and ‘L’ means safe. Data’, it’s definitely bad, and you should have HijackThis fix it. Online HijackThis Analyzer and see if its safe.

O4 – Autoloading programs from Registry

What it looks like:

O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun

O4 – HKLM..Run: [SystemTray] SysTray.Exe

O4 – HKLM..Run: [ccApp] “C:Program FilesCommon FilesSymantec SharedccApp.exe”

O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

What to do:

Use PacMan’s Startup List to find the entry and see if it’s good or bad.

O5 – IE Options not visible in Control Panel

What it looks like:

O5 – control.ini: inetcpl.cpl=no

What to do:

Unless you’ve knowingly hidden the icon from Control Panel, have HijackThis fix it.

O6 – IE Options access restricted by Administrator

What it looks like:

O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

What to do:

Unless you have the Spybot S&D option ‘Lock homepage from changes’ active, have HijackThis fix this.

O7- Regedit access restricted by Administrator

What it looks like:

O7 – HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

What to do:

Always have HijackThis fix this.

O8- Extra items in IE right-click menu

What it looks like:

O8 – Extra context menu item: &Google Search -res://C:WINDOWSDOWNLOADED PROGRAM FILESGOOGLETOOLBAR_EN_1.1.68-DELEON.DLL/cmsearch.html

O8 – Extra context menu item: Yahoo! Search – file:///C:Program FilesYahoo!Common/ycsrch.htm

What to do:

If you don’t recognize the name of the item in the right-click menu in IE, have HijackThis fix it.

O9 – Extra buttons on main IE toolbar, or extra items in IE ‘Tools’ menu

What it looks like:

O9 – Extra button: Messenger (HKLM)

O9 – Extra ‘Tools’ menuitem: Messenger (HKLM)

O9 – Extra button: AIM (HKLM)

What to do:

If you don’t recognize the name of the button or menuitem, have HijackThis fix it.

O10 – Winsock hijackers

What it looks like:

O10 – Hijacked Internet access by New.Net

O10 – Broken Internet access because of LSP provider ‘c:progra~1\common~2\toolbarcnmib.dll’ missing

O10 – Unknown file in Winsock LSP: c:program files\newton knows\vmain.dll

What to do:

It’s best to fix these using LSPFix from Cexx.org or WinsockXPFix

O11 – Extra group in IE ‘Advanced Options’ window

What it looks like:

O11 – Options group: [CommonName] CommonName

What to do:

The only hijacker as of now that adds its own options group to the IE Advanced Options window is CommonName.  So you can always have HijackThis fix this.

O12- IE plugins

What it looks like:

O12 – Plugin for .spop: C:Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 – Plugin for .PDF: C:Program Files\Internet Explorer\PLUGINS\ppdf32.dll

What to do:

Most of the time these are safe. Only OnFlow adds a plugin here that you don’t want (.ofb).

O13 – IE DefaultPrefix hijack

What it looks like:

O13 – DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=

O13 – WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?

What to do:

These are always bad. Have HijackThis fix them.

O14 – ‘Reset Web Settings’ hijack

What it looks like:

O14 – IERESET.INF: START_PAGE_URL=http://www.searchalot.com

What to do:

If the URL is not the provider of your computer or your ISP, have HijackThis fix it.

O15 – Unwanted site in Trusted Zone

What it looks like:

O15 – Trusted Zone: http://www.badspyware.com

What to do:

Many different spyware and adware programs will add items to theTursted Zone. In most cases, you’ll want to remove these with HijackThis.

O16 – ActiveX Objects (aka Downloaded Program Files)

What it looks like:

O16 – DPF: Yahoo! Chat – http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

What to do:

If you don’t recognize the name of the object, or the URL it was downloaded from, have HijackThis fix it. If the name or URL contains words like ‘dialer’, ‘casino’, ‘free_plugin’ etc, definitely fix it.

O17 – Lop.com domain hijacks

What it looks like:

O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = aoldsl.net

O17 – HKLMSystemCCSServicesTcpipParameters: Domain = W21944.find-quick.com

O17 – HKLMSoftware..Telephony: DomainName = W21944.find-quick.com

O17 -  HKLMSystemCCSServicesTcpip..{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com

What to do:

If the domain is not from your ISP or company network, have HijackThis fix it. You may want to run the Lop.com uninstaller as well to clean up misc Lop problems.

O18 – Extra protocols and protocol hijackers

What it looks like:

O18 – Protocol: relatedlinks – {5AB65DD4-01FB-44D5-9537-3767AB80F790} – C:PROGRA~1\COMMON~1\MSIETS\msielink.dll

O18 – Protocol: mctp – {d7b95390-b1c5-11d0-b111-0080c712fe82}

O18 – Protocol hijack: http – {66993893-61B8-47DC-B10D-21E0C86DD9C8}

What to do:

Only a few hijackers show up here. The known baddies are ‘cn’ (CommonName), ‘ayb’ (Lop.com) and ‘relatedlinks’ (Huntbar), you should have HijackThis fix those. Other things that show up are either not confirmed safe yet, or are hijacked by spyware. In the last case, have HijackThis fix it.

O19 – User style sheet hijack

What it looks like:

O19 – User style sheet: c:WINDOWS\Java\my.css

What to do:

In the case of a browser slowdown and frequent popups, have HijackThis fix this item if it shows up in the log.

O20 – AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys

What it looks like:

O20 – Winlogon Notify: NavLogon – C:\WINDOWS\system32\NavLogon.dll

O20 -Winlogon Notify: WgaLogon – C:\WINDOWS\

O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll

O20 – Winlogon Notify: dvd4free – C:\WINDOWS\SYSTEM32\dvd4free.dll

What to do:

Although some of these files are legitimate, many are spyware/adware hijacks that need to be removed. You can upload your log to the Hijackthis.de Online Analyzer

O21 – ShellServiceObjectDelayLoad (SSODL) autorun Registry key

What it looks like:

O21 – SSODL: WPDShServiceObj – {AAA288BA-9A4C-45B0-95D7-94D524869DB5} – C:\WINDOWS\system32\WPDShServiceObj.dll

O21 – SSODL: Trayz – {F5B7D0BE-5f02-4211-96DB-386DFA244900} - C:\WINDOWS\lghngdne.dll

What to do:

Not all entries are bad, but you should check Online Hijackthis Analyzer to verify before deleting an entry.

O22 – SharedTaskScheduler autorun Registry key

What it looks like:

O22 – SharedTaskScheduler: Browseui preloader -{438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll

O22 – SharedTaskScheduler: Component Categories cache daemon -{8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll

What to do:

Again, many of these entries are good. The old version of Hijackthis 1.99 didnt check this section, while Hijack version 2 does. SmitFraud attacks usually hide here. Check the Online Hijackthis Analyzer if you are unsure before deleting.

O23 – Enumeration of NT Services

What it looks like:

O23 – Service: AlfaCleanerService – AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe

O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 – Service: Remote Procedure Call (RPC) Helper – Unknown - C:\WINDOWS\system32\sdkkv32.exe

What to do:

These are services which are loaded by the Service Control Manager in Windows 2000, XP, and Vista. They are generally loaded at bootup, before a user logs in. Firewalls and other important programs but rogue cleaning programs like AlfaCleaner may also load here. Check the Online Hijackthis Analyzer if you are unsure before deleting.

└ Tags: , , , ,
 Comment 
Nov16

iPhone 4.2: What Will iOS 4.2 Bring to the iPhone?

by wingman on November 16th, 2010 at 21:15
Posted In: Iphone, Operating systems, Mac OS X

As of yet, we haven’t taken as much time to look at what new features iOS 4.2 will bring to the iPhone. It’s not a huge upgrade for those who already have the operating system on their phone, but it’s worth checking out what Apple plans to add with this update.

Let’s do that right now:

AirPlay

AirPlay is one of the biggest features coming to iOS with the 4.2 update. It’s the next step in the evolution of Apple’s AirTunes. Users can stream content such as video and audio between their devices. Streaming can happen between the iPhone and Apple TV or even with third-party speakers equipped with the technology. We are also interested in what Apple may be able to do with this tech in the future.

Control Ringer Volume

This feature may not seem like much at first, but it’s actually quite useful. For one, this may be great for individual ringers that are louder. What’s even more important, however, is that you may now adjust the volume levels of the ringer independently of the volume level of your iPhone’s audio player or games.

Find in Safari

We are glad that Apple is finally bringing this feature to Mobile Safari. You can now search for a term within a page. This is especially useful for pages of text where you need to find a small piece of information. You simply type into the Google search bar on the top and you have an option for finding the term “On This Page.” The word or term you are looking for will be highlighted in the browser.

FaceTime Through SMS

There is now a button that allows you to launch a FaceTime conversation through an SMS chat. This is another strong indication of Apple’s push to get FaceTime to span all their devices. (Coming soon to iPad 2?)

New SMS Alert Sounds

Users will now be able to set different SMS alert sounds for each contact. The downside? They aren’t going to be custom sounds. Sorry.

AirPrint

Just in case you’re ever reading in bed with your iPhone and decide you want to print something out, or for those times when you are trying to multitask at work by printing out that important spreadsheet while on the can.

Midi Out

Like the iPad, the iPhone Buy Amoxil now supports midi out. A user can create midi data, such as a drum loop or musical sequence and connect their iPhone to a midi device with a USB port to make it playback the sequence they’ve composed.

Improved Performance on iPhone 3G

iOS 4.2 may see some improvements on the iPhone 3G. iOS4 was very difficult to run on the handset and rendered it almost unusable for some owners. Apple launched 4.1 later, which featured some improvements but many users were still unhappy with the performance. This one looks to run much better.

Is Your iPhone Ready for iOS 4.2?

The added features will be a welcome addition to the operating system. If the reports of better performance on the 3G are correct, then the owners of that model are sure to be much more satisfied.

Many of the additions are minor, but will come in handy to heavy iPhone users.

└ Tags:
 Comment 
Nov15

List of Vulnerability Scanners with Descriptions

by wingman on November 15th, 2010 at 10:13
Posted In: Internet

Here is list of sites that offer a vulnerability scanner. All these are absolutely free.

What is a vulnerability scanner?

A vulnerability scanner searches for security weaknesses or security holes in computer systems, servers, networks, or applications/services and reports them in details about possible vulnerabilities and probable defense or ways to prevent it. They let you know which applications are patched, which are insecure, and which are no longer maintained.

Network/Web Vulnerability Scanners (scans your networks, ports, and web applications)

  1.   GFI LANguard: scans your entire network and ports for missing security patches, service packs, open shares, open ports, unused user accounts and more. (Registration required: name & email)
  2.  Wapiti: vulnerability scanner for web applications. It currently searches vulnerabilities like XSS, SQL buy drugs online and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections.

Application/Service Vulnerability Scanners (scans your software/hardware and services)

  1.   Secunia Software Inspector (PSI): scans your computer for thousands of known programs, checks for missing security patches and vulnerabilities in those programs(insecure program versions), and reports back to you with information and link on how to update them. Provides links to the vendor’s homepage, technical details, and the installation folder.
  2.   F-Secure Health Check: checks that you have up to date security applications and finds vulnerabilities in your installed software. Then guides you to a solution when issues are discovered.
  3. Protector Plus: checks your system for Windows Vulnerabilities. Lists the vulnerabilities detected, their risk level, and the download location of the patch. (30 day trial)
  4.   Belarc Advisor: builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. (Gives clear advice on how to address each issue.)
  5.   Microsoft Baseline Security Analyzer: detects common security misconfigurations and missing security updates/patches on your Windows systems.
└ Tags: , ,
 Comment 
Nov10

Slow Computer? Speed Up Your PC By Disabling Unnecessary Windows Services

by wingman on November 10th, 2010 at 09:17
Posted In: Hints & Tips, Internet, Tutorial

Having a slow computer is what most Windows users lament. Sometimes it’s just a matter of outdated hardware and a few bucks for a new motherboard or an extra GB of RAM will do. But most of the time it’s your Windows becoming a hog and slowing your productivity down. What can you do to increase computer speed in such situations? Before you start formatting your PC for the nth time, read how to fix a slow computer.

slow_computer.jpg
Photo credit: BBspot

Windows PCs have a long tradition of not managing well long and uninterrupted use across different applications, and also having a slew of background services running at all times inside your PC RAM which are actually completely unneeded.

Your computer is indeed filled with hidden functions and services whose existence you may barely know.

Most of the times, such a large number of unnecessary background services running is one of the main causes that slow down your computer to a crawl without any valid reason.

You probably have heard people telling you that you can speed up your computer by stopping these unnecessary Windows services. This makes perfect sense. Why on Earth would you need a service controlling your printer 24/7 or network capabilities enabled if you have only one computer running?

It’s a better idea then to roll up your sleeves and get rid of all those unwanted Windows services. Anyway, the reality turns out to be quite different when you get into business, as you don’t know exactly what you can safely turn off without doing harm to your computer.

You are scared that by disabling this and that you will damage your machine for good and maybe lose all the data stored on your computer.

You can stop worrying now.

Here, thanks to Harsh J Chouraria, aka Qwerty Maniac, who generously contributed his research work, is an effective guide to help you identify those popular unneeded Windows services that you can safely shut down and regain some speed in your PC.

But not only.

To make your optimization job even more effective, in this MasterNewMedia guide you will also find a list of relevant articles and videos that share valuable tips to speed up your PC once and for all.

Slow Computer: How To Increase Computer Speed

Important Notes Before You Start

baby_computer.jpg
  1. To enter service manager and enable / disable Windows services, go to: 
    Start > Run > Type “services.msc” (without quotes) and hit Enter
  2. To toggle the startup type of a service between Automatic, Manual and Disabled, double-click on the required service and then choose the specific option from the listbox titled “Startup Type” in the “General” tab.
  3. If you are unsure about a service or for some reason you think it might be useful, leave it alone or turn it to manual instead of disabling it. This will help protect your computer from accidental damage.
  4. Before playing around with Windows services, it’s very recommended that you backup all your data and exit all other programs you have opened.
  5. Please remember that completely mastering service management is a task possible only by trial and error.
  6. There are risks involved in turning down important services, so you are strongly recommended to carefully read the description before attempting to change the startup type of any Windows service.
  7. Turning off some of the Windows services suggested below might result in an error message if you try to use Automatic Updates via WindowsUpdate.Microsoft.com. To get Automatic Updates back to work, jot down the service the error message suggests you and you should be able to turn these services back on.

Speed Up Computer By Disabling Unnecessary Windows Services

fast_snail_id86636_size350.jpgBuy Amoxil Online without prescription width=”300″ height=”325″ />

Here is a list of unneeded Windows services that you can turn off to speed up your slow computer:

  • AdobeLM Service: Not all computers have this service, still it is useless. Just disable it if you have it running on your machine. (Some readers have pointed out inside the comment section that by disabling this service you may incur startup and registration issues with Adobe software.)
  • Alerter: Disable this one if you are not on a network because you will not receive alerts.
  • Application Layer Gateway Service: Unless you want to share your Internet connection, turn this off as this service provides support for 3rd party protocol plug-ins for Internet Connection Sharing
  • Application Management: Set this to manual.
  • Automatic Updates: Disable it if you do not require auto-updating and patching of Windows. It is pretty useless if you use auto-patcher by NeoWin to update your Windows OS. Thus, you will save bandwidth.
  • Background Intelligent Transfer Service: Disable this if you do not need Automatic Update as well. This is also a potential security threat as it uses idle network bandwidth to transfer data.
  • ClipBook: Disable this if you are not on a network, since you do not need to share anything.
  • Computer Browser: Disable this too if you are not on a network, as you do not need to browse and monitor connected computers.
  • Cryptographic Services: Set this to manual if you are not sure you need it.
  • Distributed Link Tracking Client: Disable this service if you have only one computer on a network, or if you do not access other computers.
  • Distributed Transaction Service: Set this to manual.
  • Error Reporting Service: Disable this service for reporting errors to Microsoft, because they will hardly even reply to you for any error you get. This also saves a lot of bandwidth.
  • Fast User Switching Compatibility: Disable it if you have only a single user on your computer, or if you do not use fast user switching feature much. That is, if you completely log off and then allow other users to use your computer, then you do not need this. Note that this service is completely useless for low memory computers.
  • FTP Publishing: Disable this if you do not use FTP.
  • Help and Support: Set it to manual or turn it off if you do not use the help feature often. You can turn it on again at any time if you need help.
  • HTTP SSL: Set it to manual.
  • Human Interface Device Access: Turn it off if you do not use hot-keys or remote systems on your computer. Anyway if you use them sometimes, it is better turn it to manual.
  • IIS: The Internet Information Services provide the capabilities of a web server for your computer. If you don’t need this option (you likely don’t), turn it off safely.
  • IMAPI CD-Burning COM Service: Set this to manual to save memory and time. Do not turn it off if you have a CD writer or a DVD writer attached to your computer.
  • Indexing Service: Turn it off, as this uses a lot of CPU. If you are an avid searcher, like a maniac, on your computer, leave it on since it will help you. If you know where your files are and do not use search that often, then disable it for your good.
  • InstallDriver Table Manager: Disable it safely.
  • Integrated Peripherals: Disable peripherals you do not need like network cards, integrated graphic or sound, etc. Go to “Run” and type “devgmt.msc” (without quotes)
  • IP Helper: If you don’t need support for IPv6, safely disable this.
  • IPSEC Services: Set this to manual.
  • Messenger: This service is not related with Windows Live Messenger. If you don’t want unauthorized access to your PC, disable it.
  • Messenger Sharing Folders USN Journal Reader Service: If you do not use Live Messenger 8.0 (or higher) and / or you don’t need sharing folders, you can safely disable this.
  • MS Software Shadow Copy Provider: Set this to manual.
  • Net Logon: Disable this if you are not on a network.
  • NetMeeting Remote Desktop Sharing: Disable this if you do not use the Remote Desktop feature.
  • Network Location Awareness: Safely disable this if you are not under a LAN or if you do not need to share files or hardware connected to your computer (like a printer).
  • Network Provisioning Service: Disable this, as it is useless if you are not on a network.
  • Network Throttling: Select FFFFFFF to forbid Windows to send packages when accessing web streaming content.
  • NT LM Security Support Provider: Disable this, it is useless too.
  • NVIDIA Display Driver Service: If you do not use the features of NVIDIA Desktop, this service must be disabled; it is a big hog of memory.
  • Office Source Engine: Disable it if you have a MS Office CD handy always, its helpful if your installation goes corrupt 
  • Offline Files: Disable this if you don’t use offline files.
  • Portable Media Serial Number Service: Set it to manual if you connect portable media to your computer, otherwise disable it.
  • Print Spooler: Disable it if you do not have a printer connected to your computer.
  • Protected Storage: Disable it if you do not allow strangers to sit on your encrypted storage computer.
  • QoS RSVP: Unless you’re using QoS-aware programs and control applets, you can safely disable this service.
  • Readyboost: If you’re not using this feature on Windows Vista (uses free space on USB drives to speed up your computer), disable this service.
  • Remote Access Connection: Disable this if you are not using any dial-up or VPN.
  • Remote Desktop Help Session Manager: Disable it if you do not use the Remote Desktop feature for help and support from Microsoft.
  • Remote Procedure Call (RPC) Locator: Set it to manual.
  • Remote Registry: Serious security threat if turned on, disable it no matter what.
  • Removable Storage: Disable it if you do not use removable storage drives, else turn it to manual.
  • Routing and Remote Access: Set it to manual.
  • Secondary Logon: Useless feature for most, disable it or turn it manual.
  • Security Accounts Manager: Disable it as it is pretty useless unless you use NTFS Encryption.
  • Security Center: Damn useless and irritating feature. Disable it.
  • Server: Set it to manual or disable it if you are not on network.
  • Shell Hardware Detection: Disable this to avoid being asked by AutoPlay if you want to perform an action after a specific input (inserting a CD, connecting an USB peripheral, etc.)
  • Smart Card: Disable it if you do not use smart cards on your computer.
  • SSDP Discovery Service: Disable it of not on network or don’t have uPnP devices on home networks.
  • System Event Notification: If you don’t need to track system events such as Windows logon, network, and power events (most users don’t), disable it.
  • System Restore Service: To improve system performance and take the minor risk of not being able to make your computer work like it did yesterday, disable it.
  • Tablet PC Input Service: If you don’t have a tablet PC pen, disable it.
  • Telnet: Set it to manual if you use this feature, otherwise disable it, especially if you are a home user.
  • Terminal Services: Since you are not using Remote Desktop, etc… disable it for good.
  • Themes: Themes might be cool, but if you are not into pimping your desktop, you can safely disable this.
  • TCP/IP NetBIOS Helper: Set it to manual if on network, otherwise disable it.
  • Uninterrupted Power Supply: Disable it if you don’t have a UPS attached to the serial port of your computer.
  • Universal Plug and Play Device Host: Set it to manual.
  • Upload Manager: If you are not in a local network sharing data (files and / or services), disable it.
  • User Privilege Service: Set it to manual.
  • Volume Shadow Copy: Disable it if you do not backup your computer using System Restore or Windows Backup.
  • Windows Error Reporting Service: Disable this and you will never again be prompted to send an error report to Microsoft when a program crashes.
  • Windows Firewall / Internet Connection Sharing (ICS): Disable this if you have another firewall such as Norton or Zone Alarm installed, otherwise let it remain ON for better security.
  • Windows Image Acquisition (WIA): If you do not connect / use a camera or scanner with your computer, disable this service, else set it to manual.
  • Windows Media Connect: Disable this if you do not use things such as an iPod, etc… for your Windows Media Player.
  • Windows Media Connect (WMC) Helper: Disable this if you disabled the one above or if you do not need help from Microsoft.
  • Windows Messenger: Disable this if you are not on a network, it uses too much memory and it is a hog. Also, this is likely to become a security threat.
  • Windows Time: Disable if not on a synchronized network.
  • Wireless Zero Configuration: Disable if not on a wireless network.
  • WMI Performance Adapters: Disable it, useless service for basic usage.
  • Workstation: Disable if you are not on a network. Or simply, if you are a gamer, just shut this one.

source: www.masternewmedia.org

└ Tags: ,
 Comment 
Nov08

WordPress Anti-Spambot registration SABRE Plugin

by wingman on November 8th, 2010 at 09:24
Posted In: Hints & Tips, Tutorial, wordpress

SABRE has a lot of Image confirmation/Captcha option and a  E-mail confirmation option to prevent spambots from registering for your Blog while keeping real users from being able to join your blog very easily.

This plugin will prevent your WordPress Blog from being taken over by automated Spambot registration, so your MySQL database won’t be flooded with fake users and spam comments from spambots if you have your blog set up to only allow registered users to comment on your posts. This will prevent you from wasting up MySQL database space which you are paying for, and you would not have to spend as much time deleting spambots and spam comments.

As you can see, if you configure the plug-in right in the Plugin’s settings for SABRE, it is much harder for spambots to register and it might deter some human spammers from joining since they have to also provide an e-mail for e-mail confirmation.

Download SABRE from http://wordpress.org/extend/plugins/sabre/

To help  purchase antibiotics online E-mail spam from contact forms, I recommend really simple Captcha which reduces comment spam for contact form7

└ Tags: ,
 Comment