Friday, January 23, 2009

Make your Windows XP super fast

Here we are again at Haktech :)

this guide is a step by step guide on how to Make your
Windows XP super fast ;)






PART 1


Disable Windows Services to make XP super Fast.

Set this services to automatic

Automatic Updates
DHCP Client
Event Log
Plug and Play
Themes
Windows Audio
Remote Procedure Call (RPC)
Shell Hardware Detection
DCOM Server Process Launcher


Set this services to Manual:

Background Intelligent Transfer
Cryptographics Services
Windows Installer

Delete Files that is not needed:
just make sure you have backup if you
want to use this hack :)

Files to Delete (Service Files)
1.) Alerter Service
C:\WINDOWS\system32\alrsvc.dll (Alerter Service DLL)

2.)Application Layer Gateway Service
C:\WINDOWS\System32\ALG.EXE (Application Layer Gateway Service)

3.)Application Management
C:\WINDOWS\system32\appmgmts.dll

4.)Clipbook
C:\WINDOWS\system32\CLIPBRD.EXE (Windows NT ClipBook Viewer)
C:\WINDOWS\system32\CLIPSRV.EXE (Windows NT DDE Server)

5.)COM+ Event System & COM+ System Application
C:\WINDOWS\system32\catsrv.dll
C:\WINDOWS\system32\catsrvps.dll
C:\WINDOWS\system32\catsrvut.dll
C:\WINDOWS\system32\clbcatex.dll
C:\WINDOWS\system32\clbcatq.dll
C:\WINDOWS\system32\colbact.dll
C:\WINDOWS\system32\comaddin.dll
C:\WINDOWS\system32\comrepl.dll

C:\WINDOWS\system32\COMRES.DLL
(this file is needed to access the Windows Optional

Components Wizard)

C:\WINDOWS\system32\comsnap.dll
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\comuid.dll
C:\WINDOWS\system32\DCOMCNFG.EXE
(DCOM Configuration) - "Needed to display and configure

DCOM configurations"

C:\WINDOWS\system32\DLLHOST.EXE
(COM Surrogate) The COM+ process manager. The Service File

for Microsoft Software Shadow Copy Provider

C:\WINDOWS\system32\DLLHST3G.EXE
(COM Surrogate) A COM+ process component
C:\WINDOWS\system32\emptyregdb.dat
C:\WINDOWS\system32\es.dll(Main Service File)
C:\WINDOWS\system32\mfcsubs.dll (System Restore Dependency)
C:\WINDOWS\system32\mtxex.dll
C:\WINDOWS\system32\mtxlegih.dll
C:\WINDOWS\system32\stclient.dll
C:\WINDOWS\system32\txflog.dll (Kernel-mode File-based Log)

Delete the Com folder and its contents
C:\WINDOWS\system32\Com

Computer Browser
C:\WINDOWS\system32\browser.dll
(Computer Browser Service DLL) This dll allows application

to embed an IE window


Distributed Link Tracking Client

C:\WINDOWS\system32\dfsshlex.dll Distributed File System shell extension
C:\WINDOWS\system32\trkwks.dll (Distributed Link Tracking Client)


Distributed Transaction Coordinator


C:\WINDOWS\system32\MSDTC.EXE (Microsoft DTC console program)

C:\WINDOWS\system32\msdtclog.dll (Microsoft DTC log manager)
C:\WINDOWS\system32\msdtcprf.h
C:\WINDOWS\system32\msdtcprf.ini
C:\WINDOWS\system32\msdtcprx.dll
(Microsoft DTC OLE Transactions interface proxy)
C:\WINDOWS\system32\msdtctm.dll (Microsoft DTC transaction manager)
C:\WINDOWS\system32\msdtcuiu.dll (Microsoft DTC administrative component)
C:\WINDOWS\system32\mtxclu.dll (Microsoft DTC amd MTS clustering support)
C:\WINDOWS\system32\xolehlp.dll (Microsoft DTC helper APIs)

Delete the MsDtc folder
C:\WINDOWS\system32\MsDtc


DNS Client
C:\WINDOWS\system32\dnsrslvr.dll (DNS Caching Resolver Service)


Error Reporting Service
C:\WINDOWS\system32\DUMPREP.EXE
(Windows Error Reporting Dump Reporting Tool)
C:\WINDOWS\system32\ersvc.dll (Windows Error Reporting Service)
C:\WINDOWS\system32\faultrep.dll Windows Error Reporting


Fast User Switching Compatibility
(Remove this if you are the only one using your computer)

C:\WINDOWS\system32\MSHTA.EXE
(HTML Application Host). The application used to run an

HTML Application (HTA) file. You will need this file in order to access
User Accounts from the Control Panel.
C:\WINDOWS\system32\nusrmgr.cpl
(Windows User Manager). Control Panel applet for User Accounts.

C:\WINDOWS\system32\shsvcs.dll
(Shell Services Dll) This file will detect CD,USB etc..

C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
(Microsoft Help Center Service)

Http SSL
C:\WINDOWS\system32\w3ssl.dll (SSL service for HTTP)

Human Interface Device Access
C:\WINDOWS\system32\HidServ.dll

IMAPI CD-Burning COM Service
You cannot burn audio CDs with Windows Media
without the IMAPI CD-Burning COM

Service.
C:\WINDOWS\system32\IMAPI.EXE (CD-Burning COM Service)

Indexing Service
C:\WINDOWS\system32\ciadmin.dll "CI Administration (MMC)"
C:\WINDOWS\system32\ciadv.msc
C:\WINDOWS\system32\cic.dll (CIC - MMC controls for Taskpad)

C:\WINDOWS\system32\CIDAEMON.EXE (Content Index Filter Daemon)

C:\WINDOWS\system32\ciodm.dll

C:\WINDOWS\system32\CISVC.EXE (Content Index Service)

C:\WINDOWS\system32\idq.dll
C:\WINDOWS\system32\infosoft.dll
C:\WINDOWS\system32\ixsso.dll (indexing Service Server-side Object)
C:\WINDOWS\system32\LangWrbk.dll
C:\WINDOWS\system32\mimefilt.dll (Microsoft ® IMimeFilter Persistent Handler DLL)
C:\WINDOWS\system32\nlhtml.dll (Net Library HTML filter)
C:\WINDOWS\system32\offfilt.dll(OffFilt)

C:\WINDOWS\system32\query.dll (Content Index Utility DLL)
C:\WINDOWS\system32\webhits.dll (Indexing Service Webhits)

Remove these Indexing Service Language Resources Files

C:\WINDOWS\system32\noise.chs
C:\WINDOWS\system32\noise.cht
C:\WINDOWS\system32\noise.dat
C:\WINDOWS\system32\noise.deu Deutsch (German)
C:\WINDOWS\system32\noise.eng English_UK
C:\WINDOWS\system32\noise.enu English_US
C:\WINDOWS\system32\noise.esn Spanish
C:\WINDOWS\system32\noise.fra French
C:\WINDOWS\system32\noise.ita Italian
C:\WINDOWS\system32\noise.nld Dutch
C:\WINDOWS\system32\noise.sve Swedish
C:\WINDOWS\system32\noise.tha

C:\WINDOWS\system32\wbcache.deu Deutsch (German)
C:\WINDOWS\system32\wbcache.enu English_US
C:\WINDOWS\system32\wbcache.esn Spanish
C:\WINDOWS\system32\wbcache.fra French
C:\WINDOWS\system32\wbcache.ita Italian
C:\WINDOWS\system32\wbcache.nld Dutch
C:\WINDOWS\system32\wbcache.sve Swedish

C:\WINDOWS\system32\wbdbase.deu Deutsch (German)
C:\WINDOWS\system32\wbdbase.enu English_US
C:\WINDOWS\system32\wbdbase.esn Spanish
C:\WINDOWS\system32\wbdbase.fra French
C:\WINDOWS\system32\wbdbase.ita Italian
C:\WINDOWS\system32\wbdbase.nld Dutch
C:\WINDOWS\system32\wbdbase.sve Swedish


IPSEC Services
IPsec (Internet Protocol Security)
is integrated with the Active Directory Service.
C:\WINDOWS\system32\oakley.dll (Oakley Key Manager).
Reported by MHC one of our forum
members:
The oakley.dll is associated with the IP Security (IPSEC) service and implements

key encryption/decryption. You need this file if you enable the IPSEC service.

C:\WINDOWS\system32\polstore.dll
(Policy Storage dll). IPsec uses a module called the

IPsec Policy Store (polstore.dll) so that the IPsec Policy
Agent and the IPsec Policy

Management MMC snap-in can use one module to access
all three supported policy storage

locations: local, remote computer, and Active Directory.

Local Disk Manager and Local Disk Manager Administrative Service

C:\WINDOWS\system32\DmServer.dll (Logical Disk Manager service dll)
C:\WINDOWS\system32\DmAdmin.exe

Messenger
C:\WINDOWS\system32\msgsvc.dll (NT Messenger Service)

MS Software Shadow Copy Provider

C:\WINDOWS\system32\DLLHOST.EXE (COM Surrogate)

Netmeeting Remote Desktop Sharing

C:\WINDOWS\system32\ils.dll
C:\WINDOWS\system32\mnmdd.dll (Application Sharing Display Driver)

C:\WINDOWS\system32\MNMSRVC.EXE
(NetMeeting Remote Desktop Sharing)

C:\WINDOWS\system32\msconf.dll (Conferencing Utility Dll)
C:\WINDOWS\system32\msg723.acm
(Microsoft G.723.1 CODEC for MSACM also used by some VOIP)
C:\WINDOWS\system32\msh261.drv (Microsoft H.261 ICM Driver)
C:\WINDOWS\system32\msh263.drv (Microsoft H.263 ICM Driver)
C:\WINDOWS\system32\nmevtmsg.dll (NetMeeting Event Logging DLL)
C:\WINDOWS\system32\nmmkcert.dll (NetMeeting Event Logging DLL)

C:\WINDOWS\system32\drivers\mnmdd.sys (Frame buffer simulator)

Delete Folder (Microsoft NetMeeting)
C:\Program Files\Netmeeting

---NETWORK---

Network Location Awareness (NLA)
Just disable Network Location Awareness (NLA), Do not delete Mswsock.dll, because it is

needed by Internet Explorer.


Network Provisioning Service

C:\WINDOWS\system32\xmlprov.dll
C:\WINDOWS\system32\xmlprovi.dll

--NETWORK---


NVIDIA Display Driver Service
(if you have this in your system then you can remove)
C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Driver Helper Service)


Performance Logs and Alerts

C:\WINDOWS\system32\DISKPERF.EXE
(Network DDE - DDE Communication). Used to switch

performance counters for the disk subsystem on and off.

C:\WINDOWS\system32\loadperf.dll
(Load & Unload Performance Counters). One of the files

needed to access Windows Optional Components Wizard.
The VMWare program will need the

loadperf.dll for its installation.

C:\WINDOWS\system32\LODCTR.EXE
(Load PerfMon Counters). Used to add new counters to

Performance Monitor.
C:\WINDOWS\system32\logman.exe Performance Log Utility

C:\WINDOWS\system32\PDH.DLL
(Windows Performance Data Helper DLL). Needed if you install

Windows Media Player 11. you can delete this after the installation

C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfci.h
C:\WINDOWS\system32\perfci.ini
C:\WINDOWS\system32\perfctrs.dll
C:\WINDOWS\system32\perfd009.dat
C:\WINDOWS\system32\perfdisk.dll
C:\WINDOWS\system32\perffilt.h
C:\WINDOWS\system32\perffilt.ini
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfi009.dat
C:\WINDOWS\system32\perfmon.exe

C:\WINDOWS\system32\perfmon.msc
Microsoft Common Console Document
System Performance Monitor)

C:\WINDOWS\system32\perfnet.dll
(Microsoft Windows Network Service Performance ObjectsDLL)
C:\WINDOWS\system32\perfos.dll
(Windows System Performance Objects DLL)
C:\WINDOWS\system32\perfproc.dll
(Windows System Process Performance Objects DLL)
C:\WINDOWS\system32\PerfStringBackup.INI
C:\WINDOWS\system32\perfwci.h
C:\WINDOWS\system32\perfwci.ini
C:\WINDOWS\system32\prflbmsg.dll
(Perflib Event Messages)
C:\WINDOWS\system32\pschdcnt.h
C:\WINDOWS\system32\pschdprf.dll
(Microsoft® Windows™ PSched Performance Monitor)
C:\WINDOWS\system32\pschdprf.ini
C:\WINDOWS\system32\rsvpperf.dll
(Microsoft® Windows™ RSVP Performance Monitor)

C:\WINDOWS\system32\SMLOGSVC.EXE
(Performance Logs and Alerts Service).
An application that allows statistics to be monitored
and collected on local and remote Computers

C:\WINDOWS\system32\sysmon.ocx (System Monitor Control)
C:\WINDOWS\system32\UNLODCTR.EXE
(Unload PerfMon Counters)

Portable Media Serial Number Service
C:\WINDOWS\system32\MsPMSNSv.dll
(Microsoft Media Device Service Provider)
C:\WINDOWS\system32\MsPMSP.dll
(Microsoft Media Device Service Provider)
C:\WINDOWS\system32\MSSCP.dll
(Windows Media Secure Content Provider)
C:\WINDOWS\system32\MSWMDM.dll
(Windows Media Device Manager Core) - Needed by Windows

Media Player for burning process, you can delete this if you
used 3rd party burning software.

C:\WINDOWS\system32\WMDMLOG.dll
(Windows Media Device Manager Logger)
C:\WINDOWS\system32\WMDMPS.dll
(Windows Media Device Manager Proxy Stub)
Needed by Windows Media Player for burning process,
you can delete this if you used 3rd party burning software.

Protected Storage
C:\WINDOWS\system32\psbase.dll Protected Storage default provider
C:\WINDOWS\system32\pstorec.dll (Protected Storage COM interfaces)
C:\WINDOWS\system32\pstorsvc.dll Protected storage server


QoS RSVP
C:\WINDOWS\system32\qosname.dll
(Microsoft Windows GetQosByName Service Provider)
C:\WINDOWS\system32\RSVP.EXE
(Resource Reservation Protocol. QoS RSVP Service.). A
protocol that sets up a reserved pathway with a
specific quality of service for a set of data packets.

C:\WINDOWS\system32\rsvp.ini
C:\WINDOWS\system32\rsvpcnts.h
C:\WINDOWS\system32\rsvpmsg.dll (RSVP Messages dll)
C:\WINDOWS\system32\rsvpsp.dll
(Microsoft Windows Rsvp Service Provider)

Removable Storage
C:\WINDOWS\system32\ntmsdba.dll
Removable Storage Manager API)
C:\WINDOWS\system32\ntmsevt.dll
(Removable Storage Manager Event Logger)
C:\WINDOWS\system32\ntmsmgr.msc
(Removable Storage Console)
C:\WINDOWS\system32\ntmsoprq.msc
(Removable Storage Console)
C:\WINDOWS\system32\ntmssvc.dll
(Removable Storage Manager)

C:\WINDOWS\system32\RSM.EXE
(Removable Storage Manager Command Line Interface)
C:\WINDOWS\system32\rsmps.dll (RSM Proxy Stub)
C:\WINDOWS\system32\RSMSINK.EXE
(Removable Storage Sink Layer)
C:\WINDOWS\system32\RSMUI.EXE (Removable Storage UI Layer)
Removable Storage Manager 3 MLL files to interpret supported media labels.

C:\WINDOWS\system32\mll_hp.dll (HP Media Label Library)
C:\WINDOWS\system32\mll_mtf.dll
(MTF (Microsoft Tape Format) Media Label Library)
C:\WINDOWS\system32\mll_qic.dll (QIC113 Media Label Library)

Delete folder C:\WINDOWS\system32\NtmsData

Routing and Remote Access (Dial-up Server for Windows)
C:\WINDOWS\system32\adptif.dll (IPX Interface via WinSock)
C:\WINDOWS\system32\dgnet.dll (Dgnet Module)

C:\WINDOWS\system32\dgrpsetu.dll (Digi RealPort® Driver Upgrade)

C:\WINDOWS\system32\dgsetup.dll (DGSETUP dll)

C:\WINDOWS\system32\ifmon.dll (IF Monitor dll)
C:\WINDOWS\system32\ipmontr.dll (IP Router Monitor dll)
C:\WINDOWS\system32\ipnathlp.dll (Microsoft NAT Helper Components)
C:\WINDOWS\system32\ippromon.dll (IP Protocols Monitor dll)
C:\WINDOWS\system32\iprtprio.dll (IP Routing Protocol Priority dll)
C:\WINDOWS\system32\iprtrmgr.dll (IP Router Manager)
C:\WINDOWS\system32\ipxmontr.dll (IPX Router Monitor dll)
C:\WINDOWS\system32\ipxpromn.dll (IPX Router Monitor dll)
C:\WINDOWS\system32\ipxrip.dll (IPX RIP)

C:\WINDOWS\system32\IPXROUTE.EXE (NWLink Source Routing Application)

C:\WINDOWS\system32\ipxrtmgr.dll (IPX ROUTER MANAGER)
C:\WINDOWS\system32\ipxsap.dll (SAP Agent dll)
C:\WINDOWS\system32\ipxwan.dll (IPXWAN)
C:\WINDOWS\system32\mprddm.dll (Demand Dial Manager Supervisor)
C:\WINDOWS\system32\mprdim.dll (Dynamic Interface Manager)
C:\WINDOWS\system32\mprmsg.dll (Multi-Protocol Router Service Messages dll)
C:\WINDOWS\system32\mprui.dll (Multiple Provider)
C:\WINDOWS\system32\routetab.dll (Microsoft Routing Table dll)
C:\WINDOWS\system32\rtipxmib.dll (Microsoft Router IPX MIB subagent)
C:\WINDOWS\system32\rtm.dll (Routing Table Manager)

C:\WINDOWS\system32\driver\ipfltdrv.sys
(IP FILTER DRIVER)
C:\WINDOWS\system32\driver\ipinip.sys
(IP in IP Encapsulation Driver)
C:\WINDOWS\system32\driver\ipnat.sys
(IP Network Address Translator)
C:\WINDOWS\system32\driver\nwlnkflt.sys
(NWLINK2 Traffic Filter Driver)
C:\WINDOWS\system32\driver\nwlnkfwd.sys
(NWLINK2 Forwarder Driver)
C:\WINDOWS\system32\driver\nwlnkipx.sys
(NWLINK2 IPX Protocol Driver)
C:\WINDOWS\system32\driver\nwlnknb.sys
(NWLINK2 IPX Netbios Protocol Driver)
C:\WINDOWS\system32\driver\nwlnkspx.sys
(NWLINK2 SPX Protocol Driver)

Delete Folder C:\WINDOWS\system32\ias

Secondary Logon

C:\WINDOWS\system32\RUNAS.EXE
(Run As Utility). A utility that allows a process to be
implemented with a new user ID and password combination.
Typically used to run a process or application as an Administrator
or other user with higher levels of privileges than the
currently logged on user.

C:\WINDOWS\system32\sclgntfy.dll
(Secondary Logon Service Notification)
C:\WINDOWS\system32\seclogon.dll
(Secondary Logon Service DLL)

Security Accounts Manager
Disable Security Accounts Manager

C:\WINDOWS\system32\SCECLI.DLL
(Windows Security Configuration Editor Client Engine)

Security Center
C:\WINDOWS\system32\wscntfy.exe
(Windows Security Center Notification Application)
C:\WINDOWS\system32\wscsvc.dll
(Windows Security Center Service)
C:\WINDOWS\system32\wscui.cpl (Security Center)

Smart Card (Delete this if you are not using smartcard)

C:\WINDOWS\system32\scarddlg.dll (Smart Card Common Dialog)
C:\WINDOWS\system32\scardssp.dll (Smart Card Base Service Providers)
C:\WINDOWS\system32\SCARDSVR.EXE
(Smart Card Resource Management Server)
C:\WINDOWS\system32\sccbase.dll
(Infineon SICRYPT® Base Smart Card CSP)
C:\WINDOWS\system32\sccsccp.dll
(Infineon SICRYPT® Smart Card Crypto Provider COM Objects)
C:\WINDOWS\system32\scredir.dll
(Smart Card Redirection for TS)
C:\WINDOWS\system32\slbcsp.dll
(Schlumberger Smart Card CryptoAPI Library)
C:\WINDOWS\system32\slbiop.dll
(Schlumberger Smart Card Interoperability Library v2)
C:\WINDOWS\system32\slbrccsp.dll
(Schlumberger Smart Card CryptoAPI Resource File)

SSDP Discovery Service
"Universal Plug and Play Device Host" do not remove if you want plug and play host
C:\WINDOWS\system32\ssdpsrv.dll (SSDP Service dll)

System Event Notification

C:\WINDOWS\system32\sens.dll (System Event Notification Service)
C:\WINDOWS\system32\sensapi.dll (SENS Connectivity API dll)
C:\WINDOWS\system32\senscfg.dll (SENS Setup/Setup Tool)

System Restore Service
C:\WINDOWS\system32\srclient.dll (SR CLIENT dll)
C:\WINDOWS\system32\srrstr.dll
(System Restore Restore Operation Library)
C:\WINDOWS\system32\srsvc.dll (System Restore Service)

C:\WINDOWS\system32\drivers\sr.sys
(System Restore Filesystem Filter Driver)

Delete Folder and its contents
C:\WINDOWS\system32\Restore

TCP/IP NetBIOS Helper

C:\WINDOWS\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL)
C:\WINDOWS\system32\tcpmib.dll (Standard TCP/IP Port Monitor Helper dll)
C:\WINDOWS\system32\tcpmon.dll (Standard TCP/IP Port Monitor dll)
C:\WINDOWS\system32\tcpmon.ini
C:\WINDOWS\system32\tcpmonui.dll (Standard TCP/IP Port Monitor UI dll)

TCP/IP Command Line Tools (Delete this if you dont use them)

C:\WINDOWS\system32\ARP.EXE
(TCP/IP Arp Command). The Address Resolution Protocol

command-line utility used to manage the ARP cache on TCP/IP systems.

C:\WINDOWS\system32\FINGER.EXE
(TCPIP Finger Command). A TCP/IP utility used to obtain
information about a user account via a remote system.

C:\WINDOWS\system32\FTP.EXE
(File Transfer Program). A TCP/IP command-line File Transfer
Protocol (FTP) utility used to transfer files between
the local system and a remote FTP server.

C:\WINDOWS\system32\HOSTNAME.EXE
(Hostname APP). A TCP/IP command-line utility that
displays the hostname of the current system.

C:\WINDOWS\system32\IPCONFIG.EXE
(IP Configuration Utility). A TCP/IP command-line tool
that displays the IP configuration for all installed
interfaces and can be used to renew
and release DHCP leases.

C:\WINDOWS\system32\LPQ.EXE
(TCP/IP Line Printer Queue Command). Displays printer queue
information on a printer hosted on a Unix system.

C:\WINDOWS\system32\LPR.EXE .
(TCP/IP Line Printer Command.) Prints to a printer hosted on
a Unix system.
C:\WINDOWS\system32\NBTSTAT.EXE
(TCP/IP NetBios Information).
Displays NetBIOS over TCP/IP statistics.

C:\WINDOWS\system32\NETSTAT.EXE
(TCP/IP Netstat Command).
Displays TCP/IP network statistics.

C:\WINDOWS\system32\NSLOOKUP.EXE
(nslookup APP). Name Server Lookup. Used to display
diagnostic and statistical information from DNS servers.

C:\WINDOWS\system32\PATHPING.EXE
(TCP/IP PathPing Command). A command for verifying an IP
route that enables the user to specify options to test for along the path.

C:\WINDOWS\system32\PING.EXE
(TCP/IP Ping Command). A TCP/IP utility used to test the
existence of, or the capability to communicate with, remote systems.

C:\WINDOWS\system32\RCP.EXE
(TCP/IP Remote Copy Command). A TCP/IP utility used to copy
files between the current system and a remote RSHD (Remote Shell) server.

C:\WINDOWS\system32\REXEC.EXE
(TCP/IP Remote Exec Command). Used to issue commands on
remote systems running the REXEC service.

C:\WINDOWS\system32\ROUTE.EXE
(TCP/IP Route Command).
Used to view and edit the local routing table.

C:\WINDOWS\system32\RSH.EXE
(TCP/IP Remote Shell Command). Issues commands on remote
systems running the RSH service.

C:\WINDOWS\system32\TCPSVCS.EXE
(TCP/IP Services Application).
The TCP Services provider.

C:\WINDOWS\system32\TFTP.EXE
(Trivial File Transfer Protocol App). An alternative FTP
program for use over User Datagram Protocol (UDP).

C:\WINDOWS\system32\TRACERT.EXE
(TCP/IP Traceroute Command).
Used to identify the route between the local system and
a remote system on a TCP/IP network.

C:\WINDOWS\system32\TRACERT6.EXE
(IPv6 Traceroute Command). A tool to trace the route a
packet would take to get from the source host to the destination host.

Terminal Services (Terminal Services Core)
C:\WINDOWS\system32\cdmodem.dll (Modem Connection Driver)
C:\WINDOWS\system32\cfgbkend.dll (Configuration Backend Interface)

C:\WINDOWS\system32\drprov.dll
(Microsoft Terminal Server Network Provider). Needed to
display Microsoft Terminal Services in My Network Places under Entire Network.

C:\WINDOWS\system32\icaapi.dll (dll Interface to TermDD Device Driver)
C:\WINDOWS\system32\LOGOFF.EXE
(Session Logoff Utility). A utility to terminate a user's session on the PC.
C:\WINDOWS\system32\MSG.EXE
(Message Utility). A utility for sending messages to other users.
C:\WINDOWS\system32\mstlsapi.dll
C:\WINDOWS\system32\MSTSC.EXE
(Remote Desktop Connection). An application that enables a
computer to be accessed remotely.

C:\WINDOWS\system32\mstscax.dll
(Terminal Services ActiveX Client)
C:\WINDOWS\system32\perfts.dll
(Windows 2000 Terminal Services Performance Objects)
C:\WINDOWS\system32\QAPPSRV.EXE
(Query Terminal Server Utility).
Identifies terminal servers on the network.

C:\WINDOWS\system32\QPROCESS.EXE
(Query Process Utility). Displays processes running on a
machine. Can be sorted by username and other criteria.

C:\WINDOWS\system32\QWINSTA.EXE
(Query Session Utility). Displays session information and
related statistics, such as connect and flow control settings.

C:\WINDOWS\system32\rdchost.dll (RDSHost Client Module)
C:\WINDOWS\system32\rdpcfgex.dll
(Terminal Server Connection Configuration Extension)
C:\WINDOWS\system32\RDPCLIP.EXE
(RDP Clip Monitor). A Remote Desktop Protocol component.
C:\WINDOWS\system32\rdpdd.dll RDP Display Driver
C:\WINDOWS\system32\rdpsnd.dll Terminal Server Multimedia Driver
C:\WINDOWS\system32\rdpwsx.dll (RDP Extension dll)
C:\WINDOWS\system32\RDSADDIN.EXE
(Remote Desktop Addin). A Remote Desktop Terminal

Services session add-in.
C:\WINDOWS\system32\RDSHOST.EXE
(RDSHost Server Module). A Remote Desktop Service module.
C:\WINDOWS\system32\REGINI.EXE
(Registry Initializer). A utility to change Registry values
from a command line or script.

C:\WINDOWS\system32\remotepg.dll
(Remote Sessions CPL Extension). The applet in System
Properties for Remote Access will disappear when you remove the remotepg.dll.

C:\WINDOWS\system32\RESET.EXE (Reset Utility). A Terminal Services reset utility.
C:\WINDOWS\system32\RWINSTA.EXE
(Reset Session Utility). A utility to reset a hardware or
software session.

C:\WINDOWS\system32\SHADOW.EXE (Session Utility).
A Session Remote Control utility.
C:\WINDOWS\system32\termsrv.dll (Terminal Server Service).
C:\WINDOWS\system32\tsappcmp.dll
(Terminal Services Application Compatibility dll)
C:\WINDOWS\system32\tscfgwmi.dll
(Terminal Server Configuration WMI provider)
C:\WINDOWS\system32\TSCON.EXE
(Session Connection Utility).
Attaches a user session to a terminal session.
C:\WINDOWS\system32\TSCUPGRD.EXE
(Setup Custom Action DLL). The Terminal Services setup component.
C:\WINDOWS\system32\tsddd.dll (Framebuffer Display Driver)
C:\WINDOWS\system32\TSDISCON.EXE
(Session Disconnect Utility). A Terminal Services utility
for disconnecting a session.

C:\WINDOWS\system32\TSKILL.EXE
(End Process Utility). A utility to terminate a Terminal
Services process on a session-by-session basis or for all sessions.

C:\WINDOWS\system32\tslabels.h
C:\WINDOWS\system32\tslabels.ini

C:\WINDOWS\system32\TSSHUTDN.EXE
(System Shutdown Utility). A Terminal Services utility to
perform a controlled shutdown of the server. Includes variables for rebooting or powering
down the server.

C:\WINDOWS\system32\usrlogon.cmd
C:\WINDOWS\system32\utildll.dll (WinStation utility support dll)


C:\WINDOWS\system32\drivers\rdpcdd.sys (RDP Miniport)
C:\WINDOWS\system32\drivers\rdpdr.sys (Microsoft RDP Device redirector)
C:\WINDOWS\system32\drivers\rdpwd.sys (RDP Terminal Stack Driver)
C:\WINDOWS\system32\drivers\tdpipe.sys (Named Pipe Transport Driver)
C:\WINDOWS\system32\drivers\tdtcp.sys (TCP Transport Driver)
C:\WINDOWS\system32\drivers\termdd.sys (Terminal Server Driver)


C:\WINDOWS\system32\wbem\tscfgwmi.mfl
C:\WINDOWS\system32\wbem\tscfgwmi.mof



Uninterruptible Power Supply (Delete this if you dont use UPS)

C:\WINDOWS\system32\apcups.dll (APC Smart Provider)
C:\WINDOWS\system32\UPS.EXE (UPS Service)



Universal Plug and Play Device Host

C:\WINDOWS\system32\ssdpsrv.dll (SSDP Service)
C:\WINDOWS\system32\ssdpapi.dll (SSDP Client API dll)
C:\WINDOWS\system32\udhisapi.dll (UPnP Device Host ISAPI Extension)
C:\WINDOWS\system32\upnp.dll (Universal Plug and Play API)
C:\WINDOWS\system32\UPNPCONT.EXE (UPnP Device Host Container)
C:\WINDOWS\system32\upnphost.dll (UPnP Device Host ISAPI Extension)
C:\WINDOWS\system32\upnpui.dll (UPNP Tray Monitor and Folder)

Delete Folder
C:\WINDOWS\system32\icsxml



To be continued on Part2 of the speedup xp hack only here on haktech.
i will be making a software to automaticaly speed up windowsxp.
but it will take some time.
it will be posted here on haktech. please do check it out.. :)

Cleaning Junk and TEMP files..

Cleaning Junk and TEMP files..

*.chk, *.bak, *.cnt, *.diz, *.doc, *.gid, *.log

Warning: do not delete the edb.chk and edb.log file, this is needed for Microsoft Windows Update website.

To delete this junkfiles..

got to start->search
in the search window, click on "all files and folders"

then click on the textbox "All or part of the file name"

then enter *.chk then search..
windows will give you search result of all the .chk junk files. you can delete this files.

and do the same process for *.bakm *.cnt, *.diz

remember for *.doc its a word document. make sure you dont use it anymore before deleting..

Saturday, January 3, 2009

Backdoor.TDSS.ade removal

Backdoor.TDSS.ade removal????

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.ipower.com/secure/login.bml?err=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


follow the Removal Guide Here
any problems you can contact me or post your help at the forum.

Thursday, January 1, 2009

rel=nofollow is dead?

I was thinking is rel=nofollow dead?. the dea cam up to my mind thinking that it is no more working..anyway i have bumped up with this 11 reasons against nofollow and why we should not
use them.

11 Reasons against nofollow

  1. nofollow does not prevent comment spam
  2. nofollow is confusingly named
  3. nofollow harms the connections between web sites
  4. nofollow is not useful for humans, just for search engines using PageRank or a similar technique
  5. nofollow could be used to shut web sites out
  6. nofollow discriminates legitimate users as spammers
  7. nofollow heists commentators’ earned attention
  8. nofollow could be used to further discriminate weblogs<
  9. nofollow prevents the Web from being a web
  10. nofollow eliminates the dissemination of free speech
  11. nofollow was developed in privacy with only search engines companies taking part in the discussion
Article From http://www.nonofollow.net/11-reasons-against-nofollow

tags

Friend Connect