Securing/Repairing/Speed Up Your Windows PC

Discussion in 'Computers Archive' started by William, May 17, 2005.

  1. William Guest

    This was originally posted by NegativeTrend last year, and it's a very informative topic, so I figured I'd repost it, and sticky it this time.

    Virus, Spyware, Adware, Malware
    If you feel you have trojans/viruses/spyware do this. Hit Ctrl+Alt+Del. Look for any processes not specified as a System or a windows process. (http://www.liutilities.com/products/wintaskspro/processlibrary/) Once you end the offending process run regedit search for entries by that exe name. Delete them all and then search for files or folders with them. Open command prompt and type netstat and show see if there are weird connections to proxies and stuff. Check for a trojan. That is the way spyware adware malware etc are d/led. I personally would suggest an alternative browser since most attacks are aimed at IE and if you don't know how to stop them then a safer option would be better. If you feel you have been hijacked, have a virus, etc check these forums for info on hijacks and other problems. http://annoyances.org/

    Spyware/Virus scanners
    Ad-Aware
    Spybot Search & Destroy - Update then go to the "Immunize tab and click the big button that says "Immunize" and voila you are protected against a few attacks.
    AVG Anti-Virus
    HijackThis (post logs from this program on a knowledgable computer board)

    Alternative Browsers
    Mozilla
    Opera

    Helpful Utilities
    WinTasks 5 Pro

    IE Bad Page Blocker
    https://netfiles.uiuc.edu/ehowes/www/resource.htm -If you still insist in using this horrible buggered up thing they call IE then please download this.
    Make sure to update all applications before running a scan with them. One thing you should knnow that if you have bad spyware it is almost always accompanied by a trojan that auto-downloads the spyware upon deletion. After you find out what to clear with HJT run in safe mode and get rid of them. (F8 when booting)

    Windows Messenger Pop-Ups
    If you have been using the internet on Windows you may have noticed that occasionally there are pop-ups advertising how you have spyware etc. etc. This was a system that was going to be used by Microsoft to inform you of updates problems etc. but has been used to send ads. To disable these pop-ups do this:
    Start>Run>type 'msconfig' (without the single quote)> Go to the Services tab>Look for the Service labeled "Messenger" and untick it>Restart your computer for the effects to take place.

    General Maitenence
    After using your Windows PC fora while you may notice a slow down in performance. Here are a few general fixes/tweaks to get it back up to speed.
    First off is defragmenting. To defrag your HD click Start>Program Files>Accessories>System Tools>Defrag. Pretty simple from there. Just click defrag and wait while it works its magic. You should defrag every month or so if you are just using it for general purposes. (chatting, browsing the web, typing reprts) Another time you should defrag is after the installation of a game, installation of a relatively big application, or after you downloaded around 100 mp3s.
    One of the downsides of windows is it's registry. It is how all viruses, spyware, etc. recreates and makes itself function. The registry also stores old data that make your prgram work. So you uninstall something and some of the data gets left behind making your computer a bit slower. I have found that this program works good for cleaning up and fixing some of these problems. Registry Mechanic If you feel your experianced enough though go ahead and browse through your registry yourself by going to Start>Run>and typing regedit.
    You always want the most up to date everything for your computer for security, speed, and fixes for problems. Search for your hardware devices and make sure you have the most recent drivers for these items. (You can see your hardware in Start>Settings>Control Panel.)
    You should also search for updates for Windows by opening Internet Explorer, clicking tools and then going to Windows Update. Install if it asks you to and it will automatically search for updates to your current Windows version. You should always install the Service Packs/Critical Updates because those are the things you need most to keep your computer safe from evul hakurz.

    Internet Optimizations
    Ok so you dropped cash on a bitching broadband connection and you want the most out of it. It works fine as is but if you want it to be better and more stable you should tweak it.

    First off is registry tweaks. (advanced users only)
    Here are a few terms that might help you understand these tweaks more.
    MTU: Maximum Transmission Unit; MTU is the largest packet of data that can be sent at one time on the network. Raising it will allow to send more at once, but also can cause fragmentation of that data if the size requirement is not met.

    RWIN: Receive Window; How much data can be sent out before the other server sends a response.

    TTL: Time to Live; The total number of hops that a packet will be allowed to take.

    MSS: Max segment guide; This is the largest size of a TCP send that Winsock will accept. This is set automatically though, so don't fret this.

    Editing the Windows 2000/XP Registry

    To edit the Registry, you need to use an editor, such as Regedit. As with previous Windows versions, it can be accessed from the Start Menu ( START > Run > type "Regedit" ). Note that most of the values recommended on these pages are not present in the Registry by default and you might have to add them manually. Also, for most of the tweaks to take effect you must Reboot.

    It is strongly recommended that you backup your Registry before editing. The easiest way to backup your Registry is from within the Registry Editor, just choose "Export Registry File" from the pull-down menu.

    Recommended settings for Windows 2000 & XP

    Windows 2000 & XP, unlike NT supports large windows as described in RFC1323 ( the 'RcvWindow' has a maximum value of 2**30 rather than 64K), and includes some other improvements over its predecessors you can use to speed up any TCP/IP transfers. The best settings are listed in red, the descriptions and other options are added to provide you with better understanding and enable you to customize your settings.

    All the following entries, unless otherwise noted should be placed in the Windows 2000/XP Registry under the key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    TCPWindowSize

    The value of TCP Window in the Windows 2000 Registry is DWORD, representing number of bytes, with range from 0 to 2^30. The recommended values (in red) optimize TCP for any high speed Internet connection and work best in most cases, however if you'd like to use a custom value follow these guidelines:

    For best results, the TCPWindow should be a multiple of MSS (Maximum Segment Size). MSS is generally MTU - 40, where MTU (Maximum Transmission Unit) is the largest packet size that can be transmitted. MTU is usually 1500 (1492 for PPPoE connections). To determine the MTU value of your ISP, check out the Advanced Registry Editing section of our site.

    There are three places in the Windows 2000 Registry where you can add the TCP Window parameter.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    GlobalMaxTcpWindowSize="256960"
    (DWORD, number of bytes) Valid range is from MSS to 2^30. Add the value as a decimal. Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. If you choose to use a RWIN lower than 65535, you can simply make it multiple of MSS and turn scaling off (Tcp1323Opts=0)

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    TcpWindowSize="256960"
    (DWORD, number of bytes) Valid range is from MSS to 2^30. Add the value as a decimal. TcpWindowSize can also exist under TcpipParametersInterface - if added at this location, it overrides the global setting for this particular . Note (10/20/00): Seems MS has found another bug in Windows 2000, the TCPWindowSize should be configured with the global setting (GlobalMaxTcpWindowsSize) rather than this one - Q263088

    Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. If you choose to use a RWIN lower than 65535, you can simply make it multiple of MSS and turn scaling off (Tcp1323Opts=0)

    Tcp1323Opts

    Tcp1323Opts is a necessary setting in order to enable Large TCPWindow support as described in RFC 1323. Without this parameter, the TCPWindow is limited to 64K.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    Tcp1323Opts="1"
    (DWORD, recommended setting is 1. The possible settings are 0 - Disable RFC 1323 options, 1 - Window scaling but no Timestamp options, 3 - Window scaling and Time stamp options.)

    Note: Tcp1323Opts="3" might help in some cases where there is increased packet loss, however generally you'll achieve better throughput with Tcp1323Opts="1", since Timestamps add 12 bytes to the header of each packet.

    DefaultTTL

    DefaultTTL determines the time in seconds and the number of hops a packet lives. While it does not directly affect speed, a larger value increases the amount of time it takes for a packet to be considered lost, discarded and retransmitted. A value that's too small can cause packets to distant servers not to reach their destination at all.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    DefaultTTL="64"
    (DWORD, recommended setting is 64. Other settings that are widely used are 128 and 32)

    EnablePMTUDiscovery

    When set to 1 (True), TCP attempts to discover MTU automatically over the path to a remote host. Setting this parameter to 0 causes MTU to default to 576 which reduces overall performance over high speed connections. Note that this setting is different than our Windows 9x recommendation.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    EnablePMTUDiscovery="1"
    (DWORD - boolean, valid settings are 0-->False and 1-->True. Many connections perform better with this entry at 1, however, if you prefer to set your upstream to send fixed 1500 packets, you might want to use 0 instead). When set at 1, establishing connections and initial transfer speed might slow down a bit, however you will get better throughput if somewhere in the path large packets need to be fragmented.

    EnablePMTUBHDetect

    Setting this parameter to 1 (True) enables "black hole" routers to be detected, however it also increases the maximum number of retransmissions for a given segment. In most cases you'd want to keep BHDetect to 0 (False).

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    EnablePMTUBHDetect="0"
    (DWORD - boolean, valid settings are 0-->False and 1-->True. Recommended setting is 0)

    SackOpts

    This parameter controls whether or not SACK (Selective Acknowledgement) support is enabled, as specified in RFC 2018. SACK is especially important for connections using large TCP Window sizes.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    SackOpts="1"
    (DWORD - boolean, recommended setting is 1. Possible settings are 0 - No Sack options or 1 - Sack Option enabled).

    TcpMaxDupAcks

    This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before "fast retransmit" is triggered to resend the segment that has been dropped in transit.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    TcpMaxDupAcks="2"
    (DWORD - range 1-3, recommended setting is 2).

    Additional TCP/IP Related Parameters

    The additional TCP related parameters are not necessary in most cases, and you shouldn't expect any drastic improvements, however we added them for those of you who like experimenting. You might be able to gain that last bit of performance, or customize your TCP/IP behavior even more with those. Keep in mind you should familiarize yourself with what the parameters mean and how they affect your connection before changing their values

    MTU

    Setting MTU overrides the default MTU for the network interface it is added to. Note that if EnablePMTUDiscovery is set to 1, TCP will use the smaller value of this local MTU and the "Discovered" MTU of the underlying network connection. If you'd rather use only the MTU value specified here, you'd have to disable PMTUDiscovery, which would prevent your system from detecting the network MTU.

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
    MTU="1500"
    (DWORD, valid range is from 68 to MTU of network).

    Note: For Windows XP PPPoE, there is an additional location for MTU that might need to be adjusted (to 1480, or up to 1492 as per the PPPoE specs), depending on the PPPoE software you use. Check the following location in the Registry:
    HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters\Protocols\0
    ProtocolMTU="1480"


    Windows 2000 Web Patch

    According to the HTTP specs, only limited number of simultaneous connections are allowed, while loading pages. To increase that number, you can add the following entries to the Registry (they are not present by default):

    HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    "MaxConnectionsPerServer"=dword:00000020
    "MaxConnectionsPer1_0Server"=dword:00000020

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    "MaxConnectionsPerServer"=dword:00000020
    "MaxConnectionsPer1_0Server"=dword:00000020


    Note: Keep in mind that although those values work fine in most cases, they exceed the HTTP specs and therefore might cause problems with some websites. If you experience problems, just remove the entries. While these entries might improve web page loading considerably, they tend to strain webservers more and have no effect on throughput.

    Tweak DNS Errors Caching in Windows 2000 & XP

    Windows 2000 & XP has built-in DNS (Domain Name System) caching, which basically caches resolved hostnames for faster access and reduced DNS lookups. This is generally a great feature, with the only downside that failed DNS lookups get cached by default as well... When a DNS lookup fails (due to temporary DNS problems), Windows still caches the unsuccessful DNS query, and in turn fails to connect to a host regardless of the fact that the DNS server might be able to handle your lookup seconds later.

    There are a couple of different ways to tweak Windows 2k & XP not to cache failed DNS lookups:

    1. You can flush the DNS cache manually, by going to Command Prompt and typing: ipconfig /flushdns
    2. You can wait for the cached lookup to expire or reboot the system...

    Or you can permanently solve this issue by tweaking a few Registry entries.

    Here are the related Registry entries (recommended values are highlighted in red):

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]

    NegativeCacheTime=0 (DWORD, default value: 0x12C (300 seconds), range: 0x0–0xFFFFFFFF seconds) Description: Determines how long an entry recording a negative answer to a query remains in the DNS cache. When the time specified in the value of this entry expires, the DNS client deletes the answer record from cache.

    NetFailureCacheTime=0 (DWORD, default value: 0x1E (30 seconds), range: 0x0–0xFFFFFFFF seconds) Description: Determines for how long the DNS client stops sending queries when it suspects that the network is down. When the DNS client does not receive responses to repeated queries sent to any network adapter, the DNS client stops sending queries for the time specified in the value of this entry. During that time, the DNS client returns a timeout response to all queries. If the value of this entry is 0x0, this optimizing feature is disabled. DNS continues to send queries to an unresponsive network.

    NegativeSOACacheTime=0 (DWORD. default value: 0x78 (120 secnds), range: 0x0–0xFFFFFFFF seconds) Description: Determines how long an entry recording a negative answer to a query for an SOA (Start of Authority) record remains in the Domain Name System (DNS) cache. When the time specified in the value expires, the DNS client deletes the answer record from the cache.

    Note: As always when editing the Registry, a backup is a good idea, and reboot might be required for changes to take effect.

    Editing your Web browser's settings for faster loading of pages.

    According to the HTTP specs, only limited number of simultaneous connections are allowed, while loading pages. To increase that number, add the following entries to the Registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    "MaxConnectionsPer1_0Server"=dword:00000020
    "MaxConnectionsPerServer"=dword:00000010


    Host Resolution Priority Tweak
    In regedit navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider

    Note the following lines (all hex dwords):
    Class = 008 (8) - indicates that TCP/IP is a name service provider, don't change.

    LocalPriority = 1f3 (499) - local names cache
    HostsPriority = 1f4 (500) - the HOSTS file
    [color=redDnsPriority = 7d0 (2000)[/color] - DNS
    NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS

    What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:

    Change the "Priority" lines to:
    LocalPriority = 005 (5) - local names cache
    HostsPriority = 006 (6) - the HOSTS file
    DnsPriority = 007 (7) - DNS
    NetbtPriority = 008 (8) - NetBT name-resolution, including WINS

    Windows 9x & ME

    The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above.

    Open the Windows Registry using Regedit, and (after backing up) navigate to:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider[/red]

    You should see the following settings:
    Class=hex:08,00,00,00

    LocalPriority=hex:f3,01,00,00
    HostsPriority=hex:f4,01,00,00
    DnsPriority=hex:d0,07,00,00
    NetbtPriority=hex:d1,07,00,00

    The "priority" lines should be changed to:
    LocalPriority=hex:05,00,00,00
    HostsPriority=hex:06,00,00,00
    DnsPriority=hex:07,00,00,00
    NetbtPriority=hex:08,00,00,00


    Ok your registry is nice and sexy so now lets talk drivers and allocating more memory to your precious network card.

    Updating the drivers on your NIC (Network Interface Card) can give you the most noticeable speed boost above everything else. Some good places to check for drivers would be: www.drivershq.com, www.download.com, and www.google.com. Update those drivers for sure. To find out what kind of NIC you have, go to your control panel, system, device manager. Go down to network adapters and it will have the company and brand name if your card. Now in the same spot, highlight your NIC click properties. Then click on resources and get the IRQ (Interrupt Request) number. Close that down. Now go to Start, run, and type sysedit (hit OK). Open the system.ini window and scroll down to a header that says [386enh] and anywhere under that header put Irq##=4096 (Where ## equals the number of your NIC's IRQ) Close that down and save it. You have now allocated 4mb of memory to your network card, this should speed things up a bit.
    [IMG]

    Ok so you downloaded Windows XP SP2 and you noticed a slow down in downloaidng performance? Windows XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time. This of course doesn't help very well. Use this Event ID Patcher to remove this limit. This is a patching program for removing or changing the limit imposed on connection attempts in SP2. The patcher has the ability to restore tcpip.sys back to the original.

    Various Tweaks
    Removing all the pretty animated effects in XP gives a big performance bump and can make the OS a lot more tolerable for impatient people like myself. To access some of these effects, right click My Computer and choose Properties. Then navigate to the Advanced tab. Click on Settings under Performance. The effects are configurable under Visual Effects. Also, note that while here, you can also change the cache, memory, and processor settings under Advanced.
    [IMG]
    Turn off all visual effects and you should notice a significant speed boost.
  2. Namakubi Someday, one day, who knows? Someday I suppose...

    Two things I've noticed from quickly glancing at this:

    If you use IE like I do, here are 2 additional things to do to prevent spyware. Download a program called Spysites and install it. Make sure to add ALL of the sites in their database. Disable activex in your internet options.

    Looking at this IE-SPYAD it seems similar to spysites, but, I say install both for maximum spyware killing goodness.
  3. ProtoJMB Gone

    Also, Microsoft has a new program in the beta stages that you can download for free. Microsoft Anti-spyware, it is only for

    Windows 2000; Windows 2000 Advanced Server; Windows 2000 Professional Edition ; Windows 2000 Server; Windows 2000 Service Pack 2; Windows 2000 Service Pack 3; Windows 2000 Service Pack 4; Windows Server 2003; Windows XP; Windows XP Home Edition ; Windows XP Media Center Edition; Windows XP Professional Edition ; Windows XP Service Pack 1; Windows XP Service Pack 2; Windows XP Tablet PC Edition.

    So if you have ME, or anything below that, your out of luck for this program. I haven't tried it myself, but I hear it is good. I will have to try it when I have time.
  4. Namakubi Someday, one day, who knows? Someday I suppose...

    I'm out of luck. That's alright though. I'm protected enough that I rarely get spyware.
  5. NegativeTrend Stoned Immaculate

    Also there is an AVG Plus out now with a build in firewall that works like a charm.
  6. Liquid Transition New Member

    It should also be made aware that the Messenger service is also used in some networks to send 'net send' messages to other machines. If this service is stopped or disabled, other computers on your network will not be able to communicate to your machine via the means of net send. Of couse, many users are most likely on a standalone machine or have no use for sending net send messages to one another, this still stands as a warning for those who do.

    Of course, as with anything you modify in your computer, be sure you're well aware of the service you're stopping (or more importantly disabling). Familiarise yourself with what the service functions as, what other services it provides or what services depend on it to be functioning. Not everything will work with a simple click of a mouse.
  7. ProtoJMB Gone

    Found a pretty good Hard Drive Diagnostics program that will test/repair drives. It should work with most drives anyhow. It's called Drive Fitness Test.

    http://www.hitachigst.com/hdd/support/download.htm

    On that page is Drive Fitness test, and some other programs. Some of those programs only work with Hitachi drives, but I am pretty sure Drive Test will work with other hard drives not made by Hitachi. I used it on this one hard drive I was having problems with and it fixed it right up.
  8. Liquid Transition New Member

    Speaking of hard drive diagnositic utilities, most hard drive manufacturers provide their own unique diagnostic tools that are readily available on their website. Seagate also provide a wide collection of tools for other non-Seagate hard drives as well as their own Seagate diagnostic tools.

    Another neat little tool users might find helpful is the Hiren's Boot Disk that can be downloaded freely here.
  9. Cinos New Member

    CCleaner is a rather good tool at removing unnecessary files & registry entries. Free, too.
  10. I did that visual effects modifier as mentioned. I clicked on the "Best performance" button and it works a hella lot better. Picks up more wireless signals and lets me play Diablo more fluently :D

Share This Page