well I can see 21 non system processes on the task manager.
So what are all these going? some are obvious like Ybrowser.exe or aim.exe, but what the hell are things like OSD.exe?
well I can see 21 non system processes on the task manager.
So what are all these going? some are obvious like Ybrowser.exe or aim.exe, but what the hell are things like OSD.exe?
You want to come down to about 13 or 14 so your comp will run quick here are the instructions.
Go to www.BlackViper.com and hit the XP services. It will tell you step by step instructions on how to do it.
These are all the ones I disable.
...
ok I assume you mean this page
http://www.blackviper.com/WinXP/servicecfg.htm
i cant really figure out how this helps me...
So how exactly do I find what exactly are these programs that start running every time I start...
QUOTE:FISH Well I can see 21 non system processes on the task manager.
When you use CONTROL+ALT+DELETE and you see processes XPservices are related to them so the more you disable services the more that will not show up.
QUOTE:FISH So how exactly do I find what exactly are these programs that start running every time I start
Are you just wanting to know which ones to turn off with the program starter that I gave you the link to?
QUOTE: FISH i cant really figure out how this helps me...
Ummmm.....Well the link to blkviper I gave you tells about almost all of them in your TASK MANAGER.
hm, one of the things on startup is MSBlast, I have no idea, but someone told me that this was a virus, and that it was this
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
is that true?
It helps because many of those processes you are seeing are tied to a service. Learning which ones to shut off will help you in reducing the amount of processes running.
I'll just share with you the registry entry I created over at blackviper (excellent resource by the way).
Ok:
This is the one I use, to use it just open up note pad and paste in it there and then save it as a .reg file. Then simply merge it into your registry or double click it.
That particular one may not be for everyone, but it's a damn good one.
I also do a couple of registry tweaks to fine tune what I'm shooting for, I think you'll like them. Especially since what I'm showing you in this thread will effectively shut down every single port from being open on an XP machine. Pending you don't need any special things like ftp, telnet, etc..
Ok here are the other tweaks I do after a fresh install:
HKEY_LOCAL_MACHINE-->Software--> Microsoft--> Ole--> Enable DCOM Set it's value to a N instead of the Y thats shown.
HKEY_LOCAL_MACHINE-->Software--> Microsoft--> Rpc Once there, take a look over at the right hand panel and you'll see "DCOM protocols", double click it. Do not modify the entire value, but instead only remove ncacn_ip_tcp from the DCOM Protocols value, and leave everything else untouched.
HKEY_LOCAL_MACHINE-->SYSTEM-->CurrentControlSet-->Services-->NetBT-->Paramaters now look in the right hand panel at TransportBindName and double click it. It should have a value set of "/device/" just remove it and your good to go.
Now reboot and then go to the run prompt and type in cmd--> then netstat -an and tell me what you see. I think you'll be pleased with what you find.
~|The|Snowman
[edit] I've removed that huge quote and attached as a txt file. Please attach rather than post huge lists in future. Thanks. peterska2
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Alerter]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ALG]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AppMgmt]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AudioSrv]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BITS]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Browser]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\cisvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ClipSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\COMSysApp]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CryptSvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dhcp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\dmadmin]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\dmserver]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ERSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\EventSystem]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\FastUserSwitchingCompatibility]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Fax]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\helpsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\HidServ]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IISADMIN]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ImapiService]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Iprip]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanworkstation]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LmHosts]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LPDSVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Messenger]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\mnmsrvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSDTC]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSFtpsvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSIServer]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSMQ]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSMQTriggers]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetDDE]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetDDEdsdm]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netman]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Nla]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NtLmSsp]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NtmsSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PlugPlay]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PolicyAgent]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ProtectedStorage]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasAuto]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasMan]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RDSessMgr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RemoteAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RemoteRegistry]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcLocator]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RSVP]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SamSs]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCardDrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCardSvr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Schedule]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\seclogon]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SENS]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ShellHWDetection]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SimpTcp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SMTPSVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SNMP]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SNMPTRAP]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Spooler]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\srservice]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SSDPSRV]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\stisvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SwPrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SysmonLog]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TapiSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TermService]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Themes]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TlntSvr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TrkWks]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\uploadmgr]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\upnphost]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UPS]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VSS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W3SVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WebClient]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winmgmt]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WmdmPmSp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Wmi]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WmiApSrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wuauserv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WZCSVC]
"Start"=dword:00000004
hmm, ok
snowman, you totaly lost me there :'(
What? Just read it again bro, I'm sure when you do, you will see the gold in it. Someone back me up here would ya? :!:
Just take what I posted up there inside the quotes and paste it inside notepad. Then simply save it as "myservices.reg" or whatever you want to call it and then double click it as an admin. You can do the other reg tweaks in regedit if you'd like. Have fun makeing your computer much faster and safer.
~|The|Snowman
That was a good one |SNOW| Now thats a reg tweak if Ive ever seen one.
Fish did you not get the removal tool from symantec to get rid of blaster?
what removal tool...
I know my post might seem a little overwhelming, but in reality the steps are very simple.
To find notepad just hit: Start-> Programs--> Accessories Just look around half way down that list.
To get to the run command just hit: Start and then look right in that column. You cant miss it.
Take care.
~Snowman
ok, that long thing you posted, what exactly does that do?
What kind of file extension is a .reg? and what do you mean by "double click it as an admin"
ok, that long thing you posted, what exactly does that do?
What kind of file extension is a .reg? and what do you mean by "double click it as an admin"
Ok, what that will do is shutdown known useless services in the services manager. If you want to see where the changes will be made type in services.msc in the run prompt.
Not only does that speed up your computer, but it will also shutdown your open ports. Each port on a computer is tied to a service, if you aren't using a service then you should always shut it down.
Ports are the things hackers look for on their victims machines. If there is an open port on a computer then chances are a hacker can get in through it.
Many people rely on firewalls alone to "block" or stealth these ports. You can do even better than that by shutting them down altogether. Running that reg file will effectively do that, along with the other reg tweaks I provided you.
A .reg file is just a registry file. Basically the registry is the backbone or brain of your computer.
What I mean by doubleclick it as admin is after you have pasted that information into notepad and saved it as a .reg file like myservices.reg you can simply doubleclick the .reg file to merge it into your registry. In other words once you doubleclick the .reg file the information will be put into your registry automatically.
Simple as pie.
~Snowman
"double click it as an admin"
I see what you meant, i just read the sentence wrong.
Ok i copied that into a notepad and made it a .reg, when I ran it, it asked me if im sure I want to add the to my registry, after i hit yes it says it cant import the file because its not a proper registry script
Make sure you copied it right that looks correct to me.Dude do you even know how many newbies would like to have this info this is nuts.Nobody ever gave this great amount of detail in a post here is what you entry should look like in note pad.
[edit] huge list removed and attached as a text file. peterska2
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Alerter]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ALG]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AppMgmt]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AudioSrv]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BITS]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Browser]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\cisvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ClipSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\COMSysApp]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CryptSvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dhcp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\dmadmin]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\dmserver]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ERSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\EventSystem]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\FastUserSwitchingCompatibility]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Fax]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\helpsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\HidServ]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IISADMIN]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ImapiService]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Iprip]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanworkstation]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LmHosts]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LPDSVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Messenger]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\mnmsrvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSDTC]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSFtpsvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSIServer]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSMQ]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSMQTriggers]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetDDE]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetDDEdsdm]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netman]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Nla]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NtLmSsp]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NtmsSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PlugPlay]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PolicyAgent]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ProtectedStorage]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasAuto]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasMan]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RDSessMgr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RemoteAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RemoteRegistry]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcLocator]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RSVP]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SamSs]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCardDrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCardSvr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Schedule]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\seclogon]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SENS]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ShellHWDetection]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SimpTcp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SMTPSVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SNMP]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SNMPTRAP]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Spooler]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\srservice]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SSDPSRV]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\stisvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SwPrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SysmonLog]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TapiSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TermService]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Themes]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TlntSvr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TrkWks]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\uploadmgr]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\upnphost]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UPS]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VSS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W3SVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WebClient]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winmgmt]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WmdmPmSp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Wmi]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WmiApSrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wuauserv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WZCSVC]
"Start"=dword:00000004
hm, one of the things on startup is MSBlast, I have no idea, but someone told me that this was a virus, and that it was this
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
is that true?
W32.Blaster.Worm Removal Tool
DUDE we have to get this off your comp first download the removal tool from symantec
http://securityresponse.symantec.com/avcenter/FixBlast.exe
That is the link you need fish.
And on the registry entry, be sure to include the line that says "Windows Registry Editor Version 5.00". Log into your admin account and then doubleclick the .reg file.
And when you're in notepad and you hit "save as" go down to "Save type as" and make sure its set to "all files" otherwise notepad is gonna save it as a text file and thats not what were shooting for here. This will work.
~Snowman
Don't forget to backup your registry before you make all those changes to it .
and Yes MBLAST is a virus ,and I think you need to deal with it before you try and tweek your registry .
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
I'm using Winxp pro , 3 useres, all admin,Cable internet,would it be safe for me to use/rey that reg tweek
I'm using Winxp pro , 3 useres, all admin,Cable
Talk about vulnerability.
I'm using Winxp pro , 3 useres, all admin,Cable internet,would it be safe for me to use/rey that reg tweek.
Yes, especially if you have no special need of certain services. Disabling the ones I have mentioned here will cause no harm. I have been using this one for quite some time.
I must add though, if you are using XP-pro there will be a few services that you will need to disable on your own, cause I based that .reg tweak on XP-home. There are only a handful of extra services that come with XP-pro, but I cant think of them off the top of my head at the moment. I'm gonna go check for you.
~Snowman
I use cable too caper.
fax service
ftp publishing services
iis admin (i think)
remote registry (anything remote makes me nervous)
Ok, I went and looked, and these are the ones that I believe your XP-pro boxes have that my XP-home box doesn't have. You're gonna need to see if these are safe or not to disable though.
Hope that helps.
~Snowman
fax service
ftp publishing services
iis admin (i think)
remote registry (anything remote makes me nervous)Ok, I went and looked, and these are the ones that I believe your XP-pro boxes have that my XP-home box doesn't have. You're gonna need to see if these are safe or not to disable though.
Hope that helps.
~Snowman
Thank You .
Talk about vulnerability.
Doing it this way for about 1 1/2 yrs now ,with no major problems .the users are all in the family .Me .Wife and teen aged Daughter
Thank You .
Anytime. :cool:
I added the long list of reg changes and the 3 changes that you do on a fresh install and computer is still working !!
Awesome!!
Would you care to tell us how many open ports still remain on your box? Hopefully little to none. :)
If I'm guessing correctly there should either be none, or port 1025 UDP. <-- I hate this port, sometimes it shows up and sometimes it doesn't. It used to never show up after doing my tweaks, but now it just wont go away, so I have it blocked at the firewall.
none!:)
Its about time someone uses the Infamous BlackVipers info!!! Im telling you the guy is UBER
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.