Securing/Repairing/Speeding up your Windows PC

Virus, Spyware, Adware, Malware
If you feel you have trojans/viruses/spyware do this. Hit Ctrl+Alt+Del. Look for any processes not specified as a System or a windows process. (http://www.liutilities.com/products/wintaskspro/processlibrary/) Once you end the offending process run regedit search for entries by that exe name. Delete them all and then search for files or folders with them. Check for a trojan using the AVG link I provided below. That is the way spyware adware malware etc are downloaded. I personally would suggest an alternative browser since most attacks are aimed at IE and if you don't know how to stop them then a safer option would be better. If you feel you have been hijacked, have a virus, etc check these forums for info on hijacks and other problems. http://annoyances.org/

Spyware/Virus scanners
[url=http://www.lavasoftusa.com/software/adaware/]Ad-Aware[/url]
[url=http://www.safer-networking.org/en/index.html]Spybot Search & Destroy[/url] - Update then go to the "Immunize tab and click the big button that says "Immunize" and voila you are protected against a few attacks.
[url=http://www.grisoft.com/us/us_index.php]AVG Anti-Virus[/url]
[url=http://www.spychecker.com/program/hijackthis.html]HijackThis (post logs from this program on a knowledgable computer board)[/url]

Alternative Browsers
[url=http://www.mozilla.org/]Mozilla[/url]
[url=http://www.opera.com/]Opera[/url]

Helpful Utilities
[url=http://www.liutilities.com/products/wintaskspro/]WinTasks 5 Pro[/url]

IE Bad Page Blocker
https://netfiles.uiuc.edu/ehowes/www/resource.htm -If you still insist in using this horrible buggered up thing they call IE then please download this.
Make sure to update all applications before running a scan with them. One thing you should knnow that if you have bad spyware it is almost always accompanied by a trojan that auto-downloads the spyware upon deletion. After you find out what to clear with HJT run in safe mode and get rid of them. (F8 when booting)

Windows Messenger Pop-Ups
If you have been using the internet on Windows you may have noticed that occasionally there are pop-ups advertising how you have spyware etc. etc. This was a system that was going to be used by Microsoft to inform you of updates problems etc. but has been used to send ads. To disable these pop-ups do this:
Start>Run>type 'msconfig' (without the single quote)> Go to the Services tab>Look for the Service labeled "Messenger" and untick it>Restart your computer for the effects to take place.

General Maintenance
After using your Windows PC for a while you may notice a slow down in performance. Here are a few general fixes/tweaks to get it back up to speed.
First off is defragmenting. To defrag your HD click Start>Program Files>Accessories>System Tools>Defrag. Pretty simple from there. Just click defrag and wait while it works its magic. You should defrag every month or so if you are just using it for general purposes. (chatting, browsing the web, typing reprts) Another time you should defrag is after the installation of a game, installation of a relatively big application, or after you downloaded around 100 mp3s.
One of the downsides of windows is it's registry. It is how all viruses, spyware, etc. recreates and makes itself function. The registry also stores old data that make your prgram work. So you uninstall something and some of the data gets left behind making your computer a bit slower. I have found that this program works good for cleaning up and fixing some of these problems. [url=http://www.winguides.com/regmech/]Registry Mechanic[/url] If you feel your experianced enough though go ahead and browse through your registry yourself by going to Start>Run>and typing regedit.
You always want the most up to date everything for your computer for security, speed, and fixes for problems. Search for your hardware devices and make sure you have the most recent drivers for these items. (You can see your hardware in Start>Settings>Control Panel.)
You should also search for updates for Windows by opening Internet Explorer, clicking tools and then going to Windows Update. Install if it asks you to and it will automatically search for updates to your current Windows version. You should always install the Service Packs/Critical Updates because those are the things you need most to keep your computer safe from evul hakurz.

Internet Optimizations
Ok so you dropped cash on a .....ing broadband connection and you want the most out of it. It works fine as is but if you want it to be better and more stable you should tweak it.

First off is registry tweaks. (advanced users only)
Here are a few terms that might help you understand these tweaks more.
MTU: Maximum Transmission Unit; MTU is the largest packet of data that can be sent at one time on the network. Raising it will allow to send more at once, but also can cause fragmentation of that data if the size requirement is not met.

RWIN: Receive Window; How much data can be sent out before the other server sends a response.

TTL: Time to Live; The total number of hops that a packet will be allowed to take.

MSS: Max segment guide; This is the largest size of a TCP send that Winsock will accept. This is set automatically though, so don't fret this.

Editing the Windows 2000/XP Registry[b]

To edit the Registry, you need to use an editor, such as Regedit. As with previous Windows versions, it can be accessed from the Start Menu ( START > Run > type "Regedit" ). Note that most of the values recommended on these pages are not present in the Registry by default and you might have to add them manually. Also, for most of the tweaks to take effect you must Reboot.

It is strongly recommended that you backup your Registry before editing. The easiest way to backup your Registry is from within the Registry Editor, just choose "Export Registry File" from the pull-down menu.

[b]Recommended settings for Windows 2000 & XP

Windows 2000 & XP, unlike NT supports large windows as described in RFC1323 ( the 'RcvWindow' has a maximum value of 2**30 rather than 64K), and includes some other improvements over its predecessors you can use to speed up any TCP/IP transfers. The best settings are listed in red, the descriptions and other options are added to provide you with better understanding and enable you to customize your settings.

All the following entries, unless otherwise noted should be placed in the Windows 2000/XP Registry under the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

TCPWindowSize

The value of TCP Window in the Windows 2000 Registry is DWORD, representing number of bytes, with range from 0 to 2^30. The recommended values (in red) optimize TCP for any high speed Internet connection and work best in most cases, however if you'd like to use a custom value follow these guidelines:

For best results, the TCPWindow should be a multiple of MSS (Maximum Segment Size). MSS is generally MTU - 40, where MTU (Maximum Transmission Unit) is the largest packet size that can be transmitted. MTU is usually 1500 (1492 for PPPoE connections). To determine the MTU value of your ISP, check out the Advanced Registry Editing section of our site.

There are three places in the Windows 2000 Registry where you can add the TCP Window parameter.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
GlobalMaxTcpWindowSize="256960" (DWORD, number of bytes) Valid range is from MSS to 2^30. Add the value as a decimal. Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. If you choose to use a RWIN lower than 65535, you can simply make it multiple of MSS and turn scaling off (Tcp1323Opts=0)

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
TcpWindowSize="256960" (DWORD, number of bytes) Valid range is from MSS to 2^30. Add the value as a decimal. TcpWindowSize can also exist under TcpipParametersInterface - if added at this location, it overrides the global setting for this particular . Note (10/20/00): Seems MS has found another bug in Windows 2000, the TCPWindowSize should be configured with the global setting (GlobalMaxTcpWindowsSize) rather than this one - Q263088

Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. If you choose to use a RWIN lower than 65535, you can simply make it multiple of MSS and turn scaling off (Tcp1323Opts=0)

Tcp1323Opts

Tcp1323Opts is a necessary setting in order to enable Large TCPWindow support as described in RFC 1323. Without this parameter, the TCPWindow is limited to 64K.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Tcp1323Opts="1" (DWORD, recommended setting is 1. The possible settings are 0 - Disable RFC 1323 options, 1 - Window scaling but no Timestamp options, 3 - Window scaling and Time stamp options.)

Note: Tcp1323Opts="3" might help in some cases where there is increased packet loss, however generally you'll achieve better throughput with Tcp1323Opts="1", since Timestamps add 12 bytes to the header of each packet.

DefaultTTL

DefaultTTL determines the time in seconds and the number of hops a packet lives. While it does not directly affect speed, a larger value increases the amount of time it takes for a packet to be considered lost, discarded and retransmitted. A value that's too small can cause packets to distant servers not to reach their destination at all.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DefaultTTL="64" (DWORD, recommended setting is 64. Other settings that are widely used are 128 and 32)

EnablePMTUDiscovery

When set to 1 (True), TCP attempts to discover MTU automatically over the path to a remote host. Setting this parameter to 0 causes MTU to default to 576 which reduces overall performance over high speed connections. Note that this setting is different than our Windows 9x recommendation.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
EnablePMTUDiscovery="1" (DWORD - boolean, valid settings are 0-->False and 1-->True. Many connections perform better with this entry at 1, however, if you prefer to set your upstream to send fixed 1500 packets, you might want to use 0 instead). When set at 1, establishing connections and initial transfer speed might slow down a bit, however you will get better throughput if somewhere in the path large packets need to be fragmented.

EnablePMTUBHDetect

Setting this parameter to 1 (True) enables "black hole" routers to be detected, however it also increases the maximum number of retransmissions for a given segment. In most cases you'd want to keep BHDetect to 0 (False).

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
EnablePMTUBHDetect="0" (DWORD - boolean, valid settings are 0-->False and 1-->True. Recommended setting is 0)

SackOpts

This parameter controls whether or not SACK (Selective Acknowledgement) support is enabled, as specified in RFC 2018. SACK is especially important for connections using large TCP Window sizes.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SackOpts="1" (DWORD - boolean, recommended setting is 1. Possible settings are 0 - No Sack options or 1 - Sack Option enabled).

TcpMaxDupAcks

This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before "fast retransmit" is triggered to resend the segment that has been dropped in transit.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
TcpMaxDupAcks="2" (DWORD - range 1-3, recommended setting is 2).

Additional TCP/IP Related Parameters

The additional TCP related parameters are not necessary in most cases, and you shouldn't expect any drastic improvements, however we added them for those of you who like experimenting. You might be able to gain that last bit of performance, or customize your TCP/IP behavior even more with those. Keep in mind you should familiarize yourself with what the parameters mean and how they affect your connection before changing their values

MTU

Setting MTU overrides the default MTU for the network interface it is added to. Note that if EnablePMTUDiscovery is set to 1, TCP will use the smaller value of this local MTU and the "Discovered" MTU of the underlying network connection. If you'd rather use only the MTU value specified here, you'd have to disable PMTUDiscovery, which would prevent your system from detecting the network MTU.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
MTU="1500" (DWORD, valid range is from 68 to MTU of network).

Note: For Windows XP PPPoE, there is an additional location for MTU that might need to be adjusted (to 1480, or up to 1492 as per the PPPoE specs), depending on the PPPoE software you use. Check the following location in the Registry:
HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters\Protocols\0
ProtocolMTU="1480"

Windows 2000 Web Patch

According to the HTTP specs, only limited number of simultaneous connections are allowed, while loading pages. To increase that number, you can add the following entries to the Registry (they are not present by default):

HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer1_0Server"=dword:00000020

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer1_0Server"=dword:00000020

Note: Keep in mind that although those values work fine in most cases, they exceed the HTTP specs and therefore might cause problems with some websites. If you experience problems, just remove the entries. While these entries might improve web page loading considerably, they tend to strain webservers more and have no effect on throughput.

Tweak DNS Errors Caching in Windows 2000 & XP

Windows 2000 & XP has built-in DNS (Domain Name System) caching, which basically caches resolved hostnames for faster access and reduced DNS lookups. This is generally a great feature, with the only downside that failed DNS lookups get cached by default as well... When a DNS lookup fails (due to temporary DNS problems), Windows still caches the unsuccessful DNS query, and in turn fails to connect to a host regardless of the fact that the DNS server might be able to handle your lookup seconds later.

There are a couple of different ways to tweak Windows 2k & XP not to cache failed DNS lookups:

1. You can flush the DNS cache manually, by going to Command Prompt and typing: ipconfig /flushdns
2. You can wait for the cached lookup to expire or reboot the system...

Or you can permanently solve this issue by tweaking a few Registry entries.

Here are the related Registry entries (recommended values are highlighted in red):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]

NegativeCacheTime=0 (DWORD, default value: 0x12C (300 seconds), range: 0x0

Updating the drivers on your NIC (Network Interface Card) can give you the most noticeable speed boost above everything else. Some good places to check for drivers would be: [url]www.drivershq.com[/url], [url]www.download.com[/url], and [url]www.google.com[/url]. Update those drivers for sure. To find out what kind of NIC you have, go to your control panel, system, device manager. Go down to network adapters and it will have the company and brand name if your card. Now in the same spot, highlight your NIC click properties. Then click on resources and get the IRQ (Interrupt Request) number. Close that down. Now go to Start, run, and type sysedit (hit OK). Open the system.ini window and scroll down to a header that says [386enh] and anywhere under that header put Irq##=4096 (Where ## equals the number of your NIC's IRQ) Close that down and save it. You have now allocated 4mb of memory to your network card, this should speed things up a bit.


Ok so you downloaded Windows XP SP2 and you noticed a slow down in downloaidng performance? Windows XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time. This of course doesn't help very well. Use this [url=http://www.lvllord.de/]Event ID Patcher[/url] to remove this limit. This is a patching program for removing or changing the limit imposed on connection attempts in SP2. The patcher has the ability to restore tcpip.sys back to the original.

Various Tweaks
Removing all the pretty animated effects in XP gives a big performance bump and can make the OS a lot more tolerable for impatient people like myself. To access some of these effects, right click My Computer and choose Properties. Then navigate to the Advanced tab. Click on Settings under Performance. The effects are configurable under Visual Effects. Also, note that while here, you can also change the cache, memory, and processor settings under Advanced.

Turn off all visual effects and you should notice a significant speed boost.

Firewalls and more coming eventually trust me. :) (reposted for Nep0)

Generally, I just use Norton's Anti-Virus and Norton's Utilities on a regular basis. It has all the anti-spam stuff included. It's very easy to use and well worth the $30 a year for the anti-virus software. Also, I don't know how many people I have met that don't even know how to defragment their computer. It's a big help! Of course, Norton's Utilities has one of those as well.

[quote=NegativeTrend]Windows Messenger Pop-Ups
If you have been using the internet on Windows you may have noticed that occasionally there are pop-ups advertising how you have spyware etc. etc. This was a system that was going to be used by Microsoft to inform you of updates problems etc. but has been used to send ads.
Actually, the Messenger service was installed for Network Administrators that wished to send information to every user or selected users on their network quickly and easily. Users using Windows 95, 98, and Windows ME are not affected by the Messenger service and needn't take any measures against it. The program Network Administrators use in Windows 95, 98 and ME is Winpopup, which is not available in NT, Windows 2000, Windows XP and Windows 2003.

[quote]To disable these pop-ups do this:
Start>Run>type 'msconfig' (without the single quote)> Go to the Services tab>Look for the Service labeled "Messenger" and untick it>Restart your computer for the effects to take place.
For users that are using Windows NT, Windows 2000, Windows XP and Windows 2003, open Administrative Tools in the Control Panel, then open the Services tool. Scroll down the list until a service named Messenger is listed. If the service has been started, right-click and stop the service. Then right-click the Messenger service again, select Properties then turn the service from Automatic (or Manual) to Disabled. Messenger has nothing to do with Windows Messenger that comes with Windows XP by default or MSN Messenger. This service is abused by companies as a way to earn money by sending advertisements to your machine. This service is not needed unless you wish to send messages to other computers on your network. If you do wish to send messages to other computers on your network, it is advised that you find another program to handle such a task. Also take not that the MSConfig utility is only available to Windows 95, 98 and Windows ME. If you wish to use the MSConfig utility, you will need to download it from the Internet.

Also, optimising your Internet connection may not be helpful in every case. If you decide to optimise your connection, be sure to back up the settings that are in use before you change their values. If you experience any difficulty using the Internet or any computers on your network experience problems connecting to the Internet, simply restore the old settings. If that doesn't work, a simple re-install of the TCP/IP on the host machine will restore connectivity.

As for firewalls, I recommend [url=http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp]ZoneAlarm[/url] if you are looking for a free firewall that will stealth your computer entirely. Take note however that if you use Internet Connection Sharing on your network, you will need to reduce the Internet protect level from high to Medium. Internet Connection Sharing does not work on a high setting with the free ZoneAlarm firewall. If you wish to use ICS without sacrificing some security, I recommend using ZoneAlarm Pro, which is not a free produc. A fifteen day trial download is available for ZoneAlarm Pro. Note that the link provided will direct you to a page that offers free Spyware detection and removal before you download and install your ZoneAlarm firewall.

If you are strapped for cash and need Anti-Virus protection for your computer, [url=http://www.avast.com/eng/avast_4_home.html]Avast![/url] offer a free Anti-Virus program for private, non commercial use only. The product also contains six real-time protection areas, for those who wish to monitor their computer as they work. Another handy program, curtesy of McAfee is [url=http://vil.nai.com/vil/stinger/]Stinger[/url]. Stinger provides a simple solution to trojan and virus detection and removal for free and works on all Windows operating systems. All the user needs to do is download the latest virus definitions, which are also free, start Stinger and press "scan" and the program will do the rest of the work. You can also set options for Stinger to ask you what to do before it takes any action, to create backups, so on and so forth. Particularly handy for those users who have little knowledge on their computers or don't know how to manually remove a virus.

As for visual effects, Windows 2000 users can adjust some settings by right-clicking their desktop, then selecting Properties. Choose the Effects tab, then adjust any visual settings as you wish. There aren't as many settings readily available to change in comparison to Windows XP, however.

I personally don't recommend a software firewall if you can opt for a hardware firewall. A good hardware firewall is [url=http://www.smoothwall.org/]Linux SmoothWall[/url].
[quote]SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely

[quote=NegativeTrend]You could have just linked to the page you snagged that from.
Actually, I wrote that from what I know, not a Microsoft website. I would kindly ask of you not to accuse me of such things.

[quote]I would also like to point out that AVG has a free edition as well which works great. Guess I should have linked to that one.
You did link to AVG Free, I was merely providing an alternative for others who do not wish to use AVG. I have found that AVG does not detect all viruses available; Avast! has helped me in many instances when AVG has not.