Tuesday, 9 June 2009

Virtual Memory Information

Tutorial Objective
This tutorial talks about anything about the virtual memory and how much virtual memory you need for your system.

Tutorial Introduction & Background

Today application is getting bigger and bigger. Therefore, it requires a bigger system memory in order for the system to hold the application data, instruction, and thread and to load it. The system needs to copy the application data from the HDD into the system memory in order for it to process and execute the data. Once the memory gets filled up with data, the system will stop loading the program. In this case, users need to add more memory onto their system to support that intense application. However, adding more system memory costs the money and the normal user only needs to run the the intense application that requires the memory only for one or two days. Therefore, virtual memory is introduced to solve that type of problem.

Terminology & Explanation
There are two types of memory, which are as follows:

* System Memory is a memory that is used to store the application data and instruction in order for the system to process and execute that application data and instruction. When you install the memory sticks to increase the system RAM, you are adding more system memory. System Memory can be known as either the physical memory or the main memory.

* Virtual Memory is a memory that uses a portion of HDD space as the memory to store the application data and instruction that the system deemed it doesn't need to process for now. Virtual Memory can be known as the logical memory, and it controls by the Operating System, which is Microsoft Windows. Adding the Virtual Memory can be done in system configuration.

Tutorial Information & Facts or Implementation

Virtual Memory is a HDD space that uses some portion of it as the memory. It is used to store application data and instruction that is currently not needed to be process by the system.

During the program loading process, the system will copy the application data and its instruction from the HDD into the main memory (system memory). Therefore the system can use its resources such as CPU to process and execute it. Once the system memory gets filled up, the system will start moving some of the data and instruction that don't need to process anymore into the Virtual Memory until those data and instruction need to process again. So the system can call the next application data and instruction and copy it into the main memory in order for the system to process the rest and load the program. When the data and instruction that is in the Virtual Memory needs to process again, the system will first check the main memory for its space. If there is space, it will simply swap those into the main memory. If there are not any space left for the main memory, the system will first check the main memory and move any data and instructions that doesn't need to be process into the Virtual Memory. And then swap the data and instruction that need to be process by the system from the Virtual Memory into the main memory.

Having too low of Virtual Memory size or large Virtual Memory size (meaning the size that is above double of the system memory) is not a good idea. If you set the Virtual Memory too low, then the OS will keep issuing an error message that states either Not enough memory or Virtual too low. This is because some portion of the system memory are used to store the OS Kernel, and it requires to be remain in the main memory all the time. Therefore the system needs to have a space to store the not currently needed process data and instruction when the main memory get filled up. If you set the Virtual Memory size too large to support the intensive application, it is also not a good idea. Because it will create the performance lagging, and even it will take the HDD free space. The system needs to transfer the application data and instruction back and forth between the Virtual Memory and the System Memory. Therefore, that is not a good idea. The ideal size for the Virtual Memory is the default size of Virtual Memory, and it should not be exceed the value of the triple size of system memory.

To determine how much virtual memory you need, since the user's system contains the different amount of RAM, it is based on the system. By default, the OS will set the appropriate size for Virtual Memory. The default and appropriate size of Virtual Memory is:

* 1.5 = .

For example, if your system contains 256 MB of RAM, you should set 384 MB for Virtual Memory.

256 MB of RAM (Main Memory) * 1.5 = 384 MB for Virtual Memory

If you would like to determine how much the Virtual Memory is for your system and/or would like to configure and add more virtual memory, follow the procedure that is shown below. The following procedure is based on windows XP Professional.

1-1) Go to right-click My Computer and choose Properties

1-2) In the System Properties dialog box, go to Advanced tab

1-3) Click Settings button that is from the Performance frame

1-4) Once the Performance Options shows up on the screen, go to Advanced tab

1-5) Under the Advanced tab, click the Change button from the Virtual Memory frame to access to the Virtual Memory setting

Then the Virtual Memory dialog box appears on the screen. In there, you are able to check how much the Virtual Memory you set. If you would like to modify the size of Virtual Memory, follow the procedure that is shown below.

2-1) In there, select the drive letter that is used to install the Operating System

2-2) Choose the option that says, "Custom Size:"

Once you choose that option, the setting for Initial Size and Maximum Size become available for you to set. Initial Size (MB) means the actual size of Virtual Memory, and Maximum Size (MB) means the maximum size of Virtual Memory that is allowed to use.
Let's say if your system contains 512 MB of RAM, then the ideal setting for the Virtual Memory is as follows:


Initial Size (MB): 768
Maximum Size (MB): 1500

Once you are happy with that Virtual Memory size, click the Set button from Paging file size for selected drive to apply the setting for the Virtual Memory size. Then click the OK button to apply the setting.

That's where you can manage and configure for the size of Virtual Memory.

Additional Information

* To maintain the good overall system performance, you should be using the default size of actual size for Virtual Memory and the triple the value of the size of the main memory for the maximum size of Virtual Memory. If you find that main memory plus virtual memory is not big enough to load the intensive application, then you will need to add more main memory onto your system.

Search Keyword

virtual memory

Wednesday, 3 June 2009

Antivirus Compare

Testbed consisted of 321 Viruses, Trojans and Worms, all for the Windows32 environment, and all reasonably new samples. I don't have any data on whether some of these are zoo, or ITW, but they are all real threats I feel someone is likely to encounter, since I got them off the internet (and i've verified they are real as each sample must be detected by at least 4 AV's for me to consider it). All scanners were installed on a clean system, without any traces of other anti-virus softwares - between each test the system and directories were cleaned, and the registry was sweeped. Each AV product was treated with a double-reboot, one before, and one after installation. Each scanner was set at its highest possible settings, and was triple checked for proper options and configuration. Most products were the full registered version when possible, others were fully functional unrestricted trials. All products were tested with the current version as of 6-14-04, and the latest definitions for that date. Each product was run through the test set a minimum of 3 times to establish proper settings and reliability, the only product to exhibit some variance on this was F-Secure, which had one scan come up less than the other two without any settings changes indicating a possible stability issue.

The final standings:

1) MKS-Vir
1a) eXtendia AVK
2) Kaspersky 5.0/4.5
2a) McAfee VirusScan 8.0
3) F-Secure
4) GData AVK
5) RAV + Norton (2 way tie)
6) Dr.Web
7) CommandAV + F-Prot + BitDefender (3 Way Tie)
8) ETrust
9) Trend
10) Panda
11) Avast! Pro
12) KingSoft
13) NOD32
14) AVG Pro
15) AntiVIR
16) ClamWIN
17) UNA
18) Norman
19) Solo
20) Proland
21) Sophos
22) Hauri
23) CAT Quickheal
24) Ikarus

Heuristics seemed to play some of a roll in this test, as no AV had every virus in my test in their definitions, and products with stronger heuristics were able to hold their position towards the top of the test. Double/Multi engined products put up strong showings as well, proving to me that the redundacy method works, and I think more AV companies should considering double-engines. The strongest heurisitical AV I noticed was F-Prot/Command, picking up only 247 samples with definitions but they were able to power through 67 additional hits on "Possible Virus" indicators - very strong! Norton with BloodHound activated had 30 Heuristical pickups, and DrWeb rounded up the pack with 20 heuristical pickups. eXtendia AVK grabs the number one slot with double engine scanning, anything the KAV engine missed, the RAV engine picked up with great redundancy on the double engine/definition system. McAfee actually missed only 2 samples with its definitions, but picked those 2 up as "Suspicious File", and therefore, scores nearly perfect as well.

The biggest dissapointments for me were Norman and Nod32. Even with Advanced-Heuristics enabled, NOD32 failed to pick up a large portion of the samples. Norman, while finding some of the toughest samples, managed to completely miss a large portion of them! Showing that their sandbox-emulation system has great potetential, but its far from complete.

Actual test numbers were:

Total Samples/Found Samples (321 total possible) + Number Missed + Detection Percentage

Discovered and tested MKS-Vir2004, from Poland. Surprisingly, this one with caught every sample perfectly on Medium Heuristics. Specifically, nearly 50 samples were picked up Heuristically giving it a perfect score of 321/321. However, when I increased Heuristics to "Super Deep", it picked up an addition 10 more suspicious files. Upon further investigation, it was found that it was picking up signatures of hacktool utilities left over in some of the archives and flagging those files. Indeed, this is impressive. MKS-Vir2004 exhibits the most advanced detection algorithms i've ever seen, clearly it only had signatures for 271 of my samples, but through code emulation, it was able to pick up all 321 samples!! It clearly labeled the Heuristically found ones as things as "Likely Win32 Trojan" or "Highly Suspicious Acting File". In addition, its scanning speed was incredibly quick, and its memory footprint was quite small. Impressive! Furthermore, this is a full featured and fairly polished product that appears to update at least once per day, and tech support responded to me within 5-15 minutes on my emails. Unfortunately, it appears to not be available in the US for purchase at this time.

1a) MKS_Vir 2004 - 321/321 0 Missed - 100%
1b) eXtendia AVK - 321/321 0 Missed - 100%
2a) Kaspersky 5.0 - 320/321 1 Missed - 99.70% (with Extended Database ON)
2b) McAfee VirusScan 8.0 - 319/321 + 2 (2 found as joke programs - heuristically) - 99%
3) F-Secure - 319/321 2 Missed - 99.37%
4) GData AVK - 317/321 4 Missed - 98.75%
5) RAV + Norton (2 way tie) - 315/321 6 Missed - 98.13%
6) Dr.Web - 310/321 11 Missed - 96.57%
7) CommandAV + F-Prot + BitDefender (3 Way Tie) - 309/321 12 Missed - 96.26%
8) ETrust - 301/321 20 Missed - 93.76%
9) Trend - 300/321 21 Missed - 93.45%
10) Avast! Pro - 299/321 22 Missed - 93.14%
11) Panda - 298/321 23 Missed - 92.83%
12) Virus Buster - 290/321 31 Missed - 90.34%
13) KingSoft - 288/321 33 Missed - 89.71%
14) NOD32 - 285/321 36 Missed (results identical with or without advanced heuristics) - 88.78%
15) AVG Pro - 275/321 46 Missed - 85.66%
16) AntiVIR - 268/321 53 Missed - 83.48%
17) Antidote - 252/321 69 Missed - 78.50%
18) ClamWIN - 247/321 74 Missed - 76.94%
19) UNA - 222/321 99 Missed - 69.15%
20) Norman - 215/321 106 Missed - 66.97%
21) Solo - 182/321 139 Missed - 56.69%
22) Fire AV - 179/321 142 Missed - 55.76%
23) V3 Pro - 109/321 212 Missed - 33.95%
24) Per_AV - 75/321 - 246 Missed - 23.36%
25) Proland - 73/321 248 Missed - 22.74%
26) Sophos - 50/321 271 Missed - 15.57%
27) Hauri - 49/321 272 Missed - 15.26%
28) CAT Quickheal - 21/321 300 Missed - 6%
29) Vir_iT - 10/321 311 Missed - 3%
30) Ikarus - Crashed on first virus. - 0%

Interesting also to note, is the detection level of the US AVK version with KAV+RAV engines was higher than the German version with KAV+BitDefender engines. Several vendors have free versions of their for purchase AV's, we didn't test the free versions, as it would serve no purpose for this test, but based on the results, none of the free versions would have been very impressive anyway. The term "Heuristics" seems like it should be taken very liberally, as some products that claim to be loaded with Heuristics scored miserably on items they clearly didn't have definitions for. Scanning speed was not measured, as it was totally irrelevant to my testing, and on-access scanners were not tested, as it would have been too time consuming, but considering most products have similar on-access engines as on-demand, and use the same database, results most likely, would be very similar.

Cut through the hype, cut through the marketing schemes, this was a real test, with real samples, and none of these samples were provided to the antivirus software vendors in advance. This is real world, and these are likely badguys you'll encounter, since I got them in my real encounters, and all were aquired on the internet in daily activities which anyone out there might be involved in. (Installing shareware, filesharing, surfing, etc). Keep in mind that with ITW tests the AV vendors have full disclosure of what they will be tested on in advance, not so here, so heuristics and real detection algorithms will play a big part, as well as the depth and scope of their definition database.

[Edit: After re-testing the Kaspersky products with Extended Database option turned ON, the moved up effectively scoring 100% considering the 1% margin of error]

VCD Quality Terms & Jargon CODE

All CREDITS go to http://www.vcdhelp.com/

A cam is a theater rip usually done with a digital video camera. A mini tripod is sometimes used, but a lot of the time this wont be possible, so the camera make shake. Also seating placement isn't always idle, and it might be filmed from an angle. If cropped properly, this is hard to tell unless there's text on the screen, but a lot of times these are left with triangular borders on the top and bottom of the screen. Sound is taken from the onboard microphone of the camera, and especially in comedies, laughter can often be heard during the film. Due to these factors picture and sound quality are usually quite poor, but sometimes we're lucky, and the theater will be fairly empty and a fairly clear signal will be heard.

A telesync is the same spec as a CAM except it uses an external audio source (most likely an audio jack in the chair for hard of hearing people). A direct audio source does not ensure a good quality audio source, as a lot of background noise can interfere. A lot of the times a telesync is filmed in an empty cinema or from the projection booth with a professional camera, giving a better picture quality. Quality ranges drastically, check the sample before downloading the full release. A high percentage of Telesyncs are CAMs that have been mislabeled.

A telecine machine copies the film digitally from the reels. Sound and picture should be very good, but due to the equipment involved and cost telecines are fairly uncommon. Generally the film will be in correct aspect ratio, although 4:3 telecines have existed. A great example is the JURASSIC PARK 3 TC done last year. TC should not be confused with TimeCode , which is a visible counter on screen throughout the film.

A pre VHS tape, sent to rental stores, and various other places for promotional use. A screener is supplied on a VHS tape, and is usually in a 4:3 (full screen) a/r, although letterboxed screeners are sometimes found. The main draw back is a "ticker" (a message that scrolls past at the bottom of the screen, with the copyright and anti-copy telephone number). Also, if the tape contains any serial numbers, or any other markings that could lead to the source of the tape, these will have to be blocked, usually with a black mark over the section. This is sometimes only for a few seconds, but unfortunately on some copies this will last for the entire film, and some can be quite big. Depending on the equipment used, screener quality can range from excellent if done from a MASTER copy, to very poor if done on an old VHS recorder thru poor capture equipment on a copied tape. Most screeners are transferred to VCD, but a few attempts at SVCD have occurred, some looking better than others.

Same premise as a screener, but transferred off a DVD. Usually letterbox , but without the extras that a DVD retail would contain. The ticker is not usually in the black bars, and will disrupt the viewing. If the ripper has any skill, a DVDscr should be very good. Usually transferred to SVCD or DivX/XviD.

A copy of the final released DVD. If possible this is released PRE retail (for example, Star Wars episode 2) again, should be excellent quality. DVDrips are released in SVCD and DivX/XviD.

Transferred off a retail VHS, mainly skating/sports videos and XXX releases.

TV episode that is either from Network (capped using digital cable/satellite boxes are preferable) or PRE-AIR from satellite feeds sending the program around to networks a few days earlier (do not contain "dogs" but sometimes have flickers etc) Some programs such as WWF Raw Is War contain extra parts, and the "dark matches" and camera/commentary tests are included on the rips. PDTV is capped from a digital TV PCI card, generally giving the best results, and groups tend to release in SVCD for these. VCD/SVCD/DivX/XviD rips are all supported by the TV scene.

A workprint is a copy of the film that has not been finished. It can be missing scenes, music, and quality can range from excellent to very poor. Some WPs are very different from the final print (Men In Black is missing all the aliens, and has actors in their places) and others can contain extra scenes (Jay and Silent Bob) . WPs can be nice additions to the collection once a good quality final has been obtained.

DivX Re-Enc
A DivX re-enc is a film that has been taken from its original VCD source, and re-encoded into a small DivX file. Most commonly found on file sharers, these are usually labeled something like Film.Name.Group(1of2) etc. Common groups are SMR and TND. These aren't really worth downloading, unless you're that unsure about a film u only want a 200mb copy of it. Generally avoid.

A lot of films come from Asian Silvers/PDVD (see below) and these are tagged by the people responsible. Usually with a letter/initials or a little logo, generally in one of the corners. Most famous are the "Z" "A" and "Globe" watermarks.

Asian Silvers / PDVD
These are films put out by eastern bootleggers, and these are usually bought by some groups to put out as their own. Silvers are very cheap and easily available in a lot of countries, and its easy to put out a release, which is why there are so many in the scene at the moment, mainly from smaller groups who don't last more than a few releases. PDVDs are the same thing pressed onto a DVD. They have removable subtitles, and the quality is usually better than the silvers. These are ripped like a normal DVD, but usually released as VCD.


VCD is an mpeg1 based format, with a constant bitrate of 1150kbit at a resolution of 352x240 (NTCS). VCDs are generally used for lower quality transfers (CAM/TS/TC/Screener(VHS)/TVrip(analogue) in order to make smaller file sizes, and fit as much on a single disc as possible. Both VCDs and SVCDs are timed in minutes, rather than MB, so when looking at an mpeg, it may appear larger than the disc capacity, and in reality u can fit 74min on a CDR74.

SVCD is an mpeg2 based (same as DVD) which allows variable bit-rates of up to 2500kbits at a resolution of 480x480 (NTSC) which is then decompressed into a 4:3 aspect ratio when played back. Due to the variable bit-rate, the length you can fit on a single CDR is not fixed, but generally between 35-60 Mins are the most common. To get a better SVCD encode using variable bit-rates, it is important to use multiple "passes". this takes a lot longer, but the results are far clearer.

These are basically VCD/SVCD that don't obey the "rules". They are both capable of much higher resolutions and bit-rates, but it all depends on the player to whether the disc can be played. X(S)VCD are total non-standards, and are usually for home-ripping by people who don't intend to release them.

DivX / XviD
DivX is a format designed for multimedia platforms. It uses two codecs, one low motion, one high motion. most older films were encoded in low motion only, and they have problems with high motion too. A method known as SBC (Smart Bit-rate Control) was developed which switches codecs at the encoding stage, making a much better print. The format is Ana orphic and the bit-rate/resolution are interchangeable. Due to the higher processing power required, and the different codecs for playback, its unlikely we'll see a DVD player capable of play DivX for quite a while, if at all. There have been players in development which are supposedly capable, but nothing has ever arisen. The majority of PROPER DivX rips (not Re-Encs) are taken from DVDs, and generally up to 2hours in good quality is possible per disc. Various codecs exist, most popular being the original Divx3.11a and the new XviD codecs.

CVD is a combination of VCD and SVCD formats, and is generally supported by a majority of DVD players. It supports MPEG2 bit-rates of SVCD, but uses a resolution of 352x480(ntsc) as the horizontal resolution is generally less important. Currently no groups release in CVD.

Is the recordable DVD solution that seems to be the most popular (out of DVD-RAM, DVD-R and DVD+R). it holds 4.7gb of data per side, and double sided discs are available, so discs can hold nearly 10gb in some circumstances. SVCD mpeg2 images must be converted before they can be burnt to DVD-R and played successfully. DVD>DVDR copies are possible, but sometimes extras/languages have to be removed to stick within the available 4.7gb.

MiniDVD/cDVD is the same format as DVD but on a standard CDR/CDRW. Because of the high resolution/bit-rates, its only possible to fit about 18-21 mins of footage per disc, and the format is only compatible with a few players.

Misc Info

Regional Coding
This was designed to stop people buying American DVDs and watching them earlier in other countries, or for older films where world distribution is handled by different companies. A lot of players can either be hacked with a chip, or via a remote to disable this.
1 USA, Canada
2 Europe, Middle East, Japan, South Africa
3 S.Korea, Taiwan, HK, ASEAN
4 Australia, NZ, Latin America
5 Ex-Soviets, Indian sub-continent, Africa
6 China
7 Reserved
8 International territory (airplanes, cruise ships, etc.)

RCE (Regional Coding Enhancement) was designed to overcome "Multiregion" players, but it had a lot of faults and was overcome. Very few titles are RCE encoded now, and it was very unpopular.

Macrovision is the copy protection employed on most commercial DVDs. Its a system that will display lines and darken the images of copies that are made by sending the VHS signals it can't understand. Certain DVD players (for example the Dansai 852 from Tescos) have a secret menu where you can disable the macrovision, or a "video stabaliser" costs about 30UKP from Maplin

NTSC and PAL are the two main standards used across the world. NTSC has a higher frame rate than pal (29fps compared to 25fps) but PAL has an increased resolution, and gives off a generally sharper picture. Playing NTSC discs on PAL systems seems a lot easier than vice-versa, which is good news for the Brits :) An RGB enabled scart lead will play an NTSC picture in full colour on most modern tv sets, but to record this to a VHS tape, you will need to convert it to PAL50 (not PAL60 as the majority of DVD players do.) This is either achieved by an expensive converter box (in the regions of £200+) an onboard converter (such as the Dansai 852 / certain Daewoos / Samsung 709 ) or using a World Standards VCR which can record in any format.

News Sites
There are generally 2 news sites, and I'm allowed to be biased :) For Games/Apps/Console ::
is generally regarded as the best, but for VCD/SVCD/DivX/TV/XXX
displays screen grabs and allows feedback. **NOTICE** neither site offers movie downloads, and requesting movies/trades etc on the forums of either is NOT permitted.
There are generally 3 news sites for film release for p2p and they are:
nforce - VCD Help

Release Files

The movies are all supplied in RAR form, whether its v2 (rar>.rxx) or v3 (part01.rar > partxx.rar) form.

VCD and SVCD films will extract to give a BIN/CUE. Load the .CUE into notepad and make sure the first line contains only a filename, and no path information. Then load the cue into Nero/CDRWin etc and this will burn the VCD/SVCD correctly. TV rips are released as MPEG. DivX files are just the plain DivX - .AVI

An NFO file is supplied with each movie to promote the group, and give general iNFOrmation about the release, such as format, source, size, and any notes that may be of use. They are also used to recruit members and acquire hardware for the group.

Also supplied for each disc is an SFV file. These are mainly used on site level to check each file has been uploaded correctly, but are also handy for people downloading to check they have all the files, and the CRC is correct. A program such as pdSFV or hkSFV is required to use these files.

Usenet Information

To get onto newsgroups, you will need a news server. Most ISPs supply one, but this is usually of poor retention (the amount of time the files are on server for) and poor completition (the amount of files that make it there). For the best service, a premium news server should be paid for, and these will often have bandwidth restrictions in place.

You will need a newsreader to access the files in the binary newsgroups. There are many different readers, and its usually down to personal opinion which is best. Xnews / Forte Agent / BNR 1 / BNR 2 are amongst the popular choices. Outlook has the ability to read newsgroups, but its recommended to not use that.

Usenet posts are often the same as those listed on VCDQUALiTY (i.e., untouched group releases) but you have to check the filenames and the description to make sure you get what you think you are getting. Generally releases should come down in .RAR sets. Posts will usually take more than one day to be uploaded, and can be spread out as far as a week.

PAR files
As well as the .rxx files, you will also see files listed as .pxx/.par . These are PARITY files. Parity files are common in usenet posts, as a lot of times, there will be at least one or two damaged files on some servers. A parity file can be used to replace ANY ONE file that is missing from the rar set. The more PAR files you have, the more files you can replace. You will need a program called SMARTPAR for this.

Scene Tags

Due to scene rules, whoever releases the first Telesync has won that race (for example). But if the quality of that release is fairly poor, if another group has another telesync (or the same source in higher quality) then the tag PROPER is added to the folder to avoid being duped. PROPER is the most subjective tag in the scene, and a lot of people will generally argue whether the PROPER is better than the original release. A lot of groups release PROPERS just out of desperation due to losing the race. A reason for the PROPER should always be included in the NFO.

In the case of a VCD, if a release is subbed, it usually means it has hard encoded subtitles burnt throughout the movie. These are generally in malaysian/chinese/thai etc, and sometimes there are two different languages, which can take up quite a large amount of the screen. SVCD supports switch able subtitles, so some DVDRips are released with switch able subs. This will be mentioned in the NFO file if included.

When a film has had a subbed release in the past, an Unsubbed release may be released

A limited movie means it has had a limited theater run, generally opening in less than 250 theaters, generally smaller films (such as art house films) are released as limited.

An internal release is done for several reasons. Classic DVD groups do a lot of .INTERNAL. releases, as they wont be dupe'd on it. Also lower quality theater rips are done INTERNAL so not to lower the reputation of the group, or due to the amount of rips done already. An INTERNAL release is available as normal on the groups affiliate sites, but they can't be traded to other sites without request from the site ops. Some INTERNAL releases still trickle down to IRC/Newsgroups, it usually depends on the title and the popularity. Earlier in the year people referred to Centropy going "internal". This meant the group were only releasing the movies to their members and site ops. This is in a different context to the usual definition.

Straight To Video. Was never released in theaters, and therefore a lot of sites do not allow these.

These are *WS* for widescreen (letterbox) and *FS* for Fullscreen.

A recode is a previously released version, usually filtered through TMPGenc to remove subtitles, fix color etc. Whilst they can look better, its not looked upon highly as groups are expected to obtain their own sources.

If a group releases a bad rip, they will release a Repack which will fix the problems.

A film can be nuked for various reasons. Individual sites will nuke for breaking their rules (such as "No Telesyncs") but if the film has something extremely wrong with it (no soundtrack for 20mins, CD2 is incorrect film/game etc) then a global nuke will occur, and people trading it across sites will lose their credits. Nuked films can still reach other sources such as p2p/usenet, but its a good idea to check why it was nuked first in case. If a group realise there is something wrong, they can request a nuke.

NUKE REASONS :: this is a list of common reasons a film can be nuked for (generally DVDRip)

** BAD A/R ** :: bad aspect ratio, ie people appear too fat/thin
** BAD IVTC ** :: bad inverse telecine. process of converting framerates was incorrect.
** INTERLACED ** :: black lines on movement as the field order is incorrect.

Dupe is quite simply, if something exists already, then theres no reason for it to exist again without proper reason.

You Want Lots Of Music, Appz, Anything?, Try Dex Hunting

So what's this Dex Hunting, anyway?

See: lots of people post files of any kind on their websites to share them with friends. Those files are "protected" by not mentioning them. There's no visible link given, and for literally hundreds of thousands this seems to be enough.

What they don't know: There are many nice techniques to locate the invisible stuff.

I don't want to get in too deep - and as I'm rather new here it's possible some of the tricks might have been posted elsewhere.

But if you want to find lots of music the way I described it - and want other people doing the "dirty" work I recommend:

A free message board - gathering place of the best "dex hunters" in the universe. There you will find loads of *fresh* (!) mp3 links. Not only this - they update with lightspeed. This is a site you won't visit once a month or once a week. I visit them hourly, and I know why.

Remember: as soon as a fresh dex is posted there, it will be invaded and can die within hours. But I swear there will be enough left for your needs.

Wanna try it for yourself?

Try this one. It's a search bot, and instead typing complicated data strings for Dex Hunting just type what you're looking for, and the bot does the rest for you. Sounds nice, huh?

not very sexy at first sight - but very effective.

Hope you'll like it!


What is a Proxy Server?

A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. The data you request come to the proxy first, and only then it transmits the data to you. I know many are looking for IP Maskers or Scramblers, but honestly, it aint real easy for the simple fact that any website that you visit needs your IP to send the info packets too. If its scrambled, you will get alot of errors and crazy redirects :P My solution? Read on........... for a good list of Proxy servers try here>> http://www.multiproxy.org/

Why do I need to use proxy servers?

Transfer speed improvement. Proxy servers accumulate and save files that are most often requested by thousands of Internet users in a special database, called “cache”. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately.
Security and privacy. Anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Sometimes you may encounter problems while accessing to web server when server administrator restricted access from your IP or even from wide IP range (for example restricting access from certain countries or geographical regions). So you try to access those pages using an anonymous proxy server.

What is a public proxy server?

It is a proxy server which is free and open for everybody on the Internet. Unfortunately most of them are not anonymous.
Free service trying to provide list of public HTTP proxy servers. Usually provide small list of proxies with low percent of functioning servers due to hosting restrictions on CPU time (they simply can't allow themselves to check many proxies every second especially in parallel).

The Solution?

When using an anonymous proxy server you don’t give a anybody chance to find out your IP address to use it in their own interests. ;) If there is a need to make an (inner) proxy connect to the outside world via another (outer) proxy server, you can use the same environment variables as are used to redirect clients to the proxy to make inner proxy use the outer one:
E.g. your (inner) proxy server's startup script could look like this:
http_proxy=http://outer.proxy.server:8082/export http_proxy/usr/etc/httpd -r /etc/inner-proxy.conf -p 8081

This is a little ugly, so there are also the following directives in the configuration file:
http_proxy http://outer.proxy.server/ftp_proxy http://outer.proxy.server/gopher_proxy http://outer.proxy.server/wais_proxy http://outer.proxy.server/

How to Bypass BIOS Passwords

BIOS passwords can add an extra layer of security for desktop and laptop computers. They are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. Unfortunately, BIOS passwords can also be a liability if a user forgets their password, or changes the password to intentionally lock out the corporate IT department. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in the warranty. Never fear, all is not lost. There are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS

This article is intended for IT Professionals and systems administrators with experience servicing computer hardware. It is not intended for home users, hackers, or computer thieves attempting to crack the password on a stolen PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, and please use this information responsibly. LabMice.net is not responsible for the use or misuse of this material, including loss of data, damage to hardware, or personal injury.
Before attempting to bypass the BIOS password on a computer, please take a minute to contact the hardware manufacturer support staff directly and ask for their recommended methods of bypassing the BIOS security. In the event the manufacturer cannot (or will not) help you, there are a number of methods that can be used to bypass or reset the BIOS password yourself. They include:

Using a manufacturers backdoor password to access the BIOS
Use password cracking software
Reset the CMOS using the jumpers or solder beads.
Removing the CMOS battery for at least 10 minutes
Overloading the keyboard buffer
Using a professional service

Please remember that most BIOS passwords do not protect the hard drive, so if you need to recover the data, simply remove the hard drive and install it in an identical system, or configure it as a slave drive in an existing system. The exception to this are laptops, especially IBM Thinkpads, which silently lock the hard drive if the supervisor password is enabled. If the supervisor password is reset without resetting the and hard drive as well, you will be unable to access the data on the drive.

Backdoor passwords

Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password. These passwords are case sensitive, so you may wish to try a variety of combinations. Keep in mind that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards. Laptops typically have better BIOS security than desktop systems, and we are not aware of any backdoor passwords that will work with name brand laptops.

WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords

Award BIOS backdoor passwords:

589589 589721 595595 598598

AMI BIOS backdoor passwords:


PHOENIX BIOS backdoor passwords:
ALFAROME BIOSTAR biostar biosstar CMOS cmos LKWPETER lkwpeter setup SETUP Syxz Wodj

Manufacturer Password
VOBIS & IBM merlin
Dell Dell
Biostar Biostar
Compaq Compaq
Enox xo11nE
Epox central
Freetech Posterie
IWill iwill
Jetway spooml
Packard Bell bell9
Siemens SKY_FOX
Toshiba Toshiba

Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot

Press both mouse buttons repeatedly during the boot

Password cracking software

The following software can be used to either crack or reset the BIOS on many chipsets. If your PC is locked with a BIOS administrator password that will not allow access to the floppy drive, these utilities may not work. Also, since these utilities do not come from the manufacturer, use them cautiously and at your own risk.

Cmos password recovery tools 3.1
!BIOS (get the how-to article)

Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings

Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS passwords. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturers documentation. If the documentation is unavailable, the jumpers/dipswitches can sometimes be found along the edge of the motherboard, next to the CMOS battery, or near the processor. Some manufacturers may label the jumper / dipswitch CLEAR - CLEAR CMOS - CLR - CLRPWD - PASSWD - PASSWORD - PWD. On laptop computers, the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop.
Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. Once you locate and rest the jumper switches, turn the computer on and check if the password has been cleared. If it has, turn the computer off and return the jumpers or dipswitches to its original position.

Removing the CMOS Battery

The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. (It looks like a small watch battery). If you unplug the PC and remove the battery for 10-15 minutes, the CMOS may reset itself and the password should be blank. (Along with any other machine specific settings, so be sure you are familiar with manually reconfiguring the BIOS settings before you do this.) Some manufacturers backup the power to the CMOS chipset by using a capacitor, so if your first attempt fails, leave the battery out (with the system unplugged) for at least 24 hours. Some batteries are actually soldered onto the motherboard making this task more difficult. Unsoldering the battery incorrectly may damage your motherboard and other components, so please don't attempt this if you are inexperienced. Another option may be to remove the CMOS chip from the motherboard for a period of time.
Note: Removing the battery to reset the CMOS will not work for all PC's, and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power, so removing the CMOS battery may not work at all. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. If you reset the BIOS password, but cannot reset the hard drive password, you may not be able to access the drive and it will remain locked, even if you place it in a new laptop. IBM Thinkpads have special jumper switches on the motherboard, and these should be used to reset the system.

Overloading the KeyBoard Buffer

On some older computer systems, you can force the CMOS to enter its setup screen on boot by overloading the keyboard buffer. This can be done by booting with the keyboard or mouse unattached to the systems, or on some systems by hitting the ESC key over 100 times in rapid succession.

Jumping the Solder Beads on the CMOS

It is also possible to reset the CMOS by connecting or "jumping" specific solder beads on the chipset. There are too many chipsets to do a breakdown of which points to jump on individual chipsets, and the location of these solder beads can vary by manufacturer, so please check your computer and motherboard documentation for details. This technique is not recommended for the inexperienced and should be only be used as a "last ditch" effort.

Using a professional service

If the manufacturer of the laptop or desktop PC can't or won't reset the BIOS password, you still have the option of using a professional service. Password Crackers, Inc., offers a variety of services for desktop and laptop computers for between $100 and $400. For most of these services, you'll need to provide some type of legitimate proof of ownership. This may be difficult if you've acquired the computer second hand or from an online auction.

What is the Registry?

The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.

The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article).

The Structure of The Registry
The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.

Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.

There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:

* HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface.
* HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings.
* HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
* HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch.
* HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
* HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.

Each registry value is stored as one of five main data types:

* REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
* REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.
* REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
* REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
* REG_SZ - This type is a standard string, used to represent human readable text values.

Other data types not available through the standard registry editors include:

* REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format.
* REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format.
* REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type.
* REG_NONE - No defined value type.
* REG_QWORD - A 64-bit number.
* REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format.
* REG_RESOURCE_LIST - A device-driver resource list.

Editing The Registry

The Registry Editor (REGEDIT.EXE) is included with most version of Windows (although you won't find it on the Start Menu) it enables you to view, search and edit the data within the Registry. There are several methods for starting the Registry Editor, the simplest is to click on the Start button, then select Run, and in the Open box type "regedit", and if the Registry Editor is installed it should now open and look like the image below.

An alternative Registry Editor (REGEDT32.EXE) is available for use with Windows NT/2000, it includes some additional features not found in the standard version, including; the ability to view and modify security permissions, and being able to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ.

Create a Shortcut to Regedit
This can be done by simply right-clicking on a blank area of your desktop, selecting New, then Shortcut, then in the Command line box enter "regedit.exe" and click Next, enter a friendly name (e.g. 'Registry Editor') then click Finish and now you can double click on the new icon to launch the Registry Editor.

Using Regedit to modify your Registry
Once you have started the Regedit you will notice that on the left side there is a tree with folders, and on the right the contents (values) of the currently selected folder.

Like Windows explorer, to expand a certain branch (see the structure of the registry section), click on the plus sign [+] to the left of any folder, or just double-click on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side. You can add a new key or value by selecting New from the Edit menu, or by right-clicking your mouse. And you can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete.

Note: it is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It's much better to be safe than sorry!

Importing and Exporting Registry Settings

A great feature of the Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below:



"CmdLine"="setup -newsetup"

The layout is quite simple, REGEDIT4 indicated the file type and version, [HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values are from, "SetupType"=dword:00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary.

So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry.

Deleting keys or values using a REG file
It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this:




The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like:




Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first.

Regedit Command Line Options
Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. Listed below are some of the options, please note the some of the functions are operating system specific.

* regedit.exe [options] [filename] [regpath]
* [filename] Import .reg file into the registry
* /s [filename] Silent import, i.e. hide confirmation box when importing files
* /e [filename] [regpath] Export the registry to [filename] starting at [regpath]
e.g. regedit /e file.reg HKEY_USERS\.DEFAULT
* /L:system Specify the location of the system.dat to use
* /R:user Specify the location of the user.dat to use
* /C [filename] Compress (Windows 98)
* /D [regpath] Delete the specified key (Windows 98)

Maintaining the Registry

How can you backup and restore the Registry?

Windows 95
Microsoft included a utility on the Windows 95 CD-ROM that lets you create backups of the Registry on your computer. The Microsoft Configuration Backup program, CFGBACK.EXE, can be found in the \Other\Misc\Cfgback directory on the Windows 95 CD-ROM. This utility lets you create up to nine different backup copies of the Registry, which it stores, with the extension RBK, in your \Windows directory. If your system is set up for multiple users, CFGBACK.EXE won't back up the USER.DAT file.

After you have backed up your Registry, you can copy the RBK file onto a floppy disk for safekeeping. However, to restore from a backup, the RBK file must reside in the \Windows directory. Windows 95 stores the backups in compressed form, which you can then restore only by using the CFGBACK.EXE utility.

Windows 98
Microsoft Windows 98 automatically creates a backup copy of the registry every time Windows starts, in addition to this you can manually create a backup using the Registry Checker utility by running SCANREGW.EXE from Start | Run menu.

What to do if you get a Corrupted Registry
Windows 95, 98 and NT all have a simple registry backup mechanism that is quite reliable, although you should never simply rely on it, remember to always make a backup first!

Windows 95
In the Windows directory there are several hidden files, four of these will be SYSTEM.DAT & USER.DAT, your current registry, and SYSTEM.DA0 & USER.DA0, a backup of your registry. Windows 9x has a nice reature in that every time it appears to start successfully it will copy the registry over these backup files, so just in case something goes wrong can can restore it to a known good state. To restore the registry follow these instruction:
* Click the Start button, and then click Shut Down.
* Click Restart The Computer In MS-DOS Mode, then click Yes.
* Change to your Windows directory. For example, if your Windows directory is c:\windows, you would type the following:

cd c:\windows

* Type the following commands, pressing ENTER after each one. (Note that SYSTEM.DA0 and USER.DA0 contain the number zero.)

attrib -h -r -s system.dat
attrib -h -r -s system.da0
copy system.da0 system.dat
attrib -h -r -s user.dat
attrib -h -r -s user.da0
copy user.da0 user.dat

* Restart your computer.

Following this procedure will restore your registry to its state when you last successfully started your computer.

If all else fails, there is a file on your hard disk named SYSTEM.1ST that was created when Windows 95 was first successfully installed. If necessary you could also change the file attributes of this file from read-only and hidden to archive to copy the file to C:\WINDOWS\SYSTEM.DAT.

Windows NT
On Windows NT you can use either the "Last Known Good" option or RDISK to restore to registry to a stable working configuration.

How can I clean out old data from the Registry?
Although it's possible to manually go through the Registry and delete unwanted entries, Microsoft provides a tool to automate the process, the program is called RegClean. RegClean analyzes Windows Registry keys stored in a common location in the Windows Registry. It finds keys that contain erroneous values, it removes them from the Windows Registry after having recording those entries in the Undo.Reg file.

Windows 2000 Tips

Speed up the Boot Menu

Tired of waiting thirty seconds to boot Windows 2000 if you don't select from the boot menu? Speed up the booting process by only showing the available operating systems for just a couple of seconds.

Right-click "My Computer" on the desktop and choose "Properties". On the "System Properties" multi-tabbed dialog box that follows, click "Advanced". Click the "Startup and Recovery..." button. Then, on the "Startup and Recovery" dialog box that follows, next to "Display list of operating systems for ... seconds", select the number of seconds that you want the computer to wait before continuing with the default OS. When you're done, press "OK" to close the dialog box.

Desktop Disappearing?

Although Windows 2000 is more stable than previous versions of NT, in some situations, strange things can happen. If, for example, Explorer crashes, most of your desktop, including the "Start" button, disappears. To bring back Explorer without rebooting your machine, press CONTROL-ALT-DELETE. When the "Windows Security" dialog box appears, click the "Task Manager" button. If the "Windows Task Manager' dialog box appears as it should, select the "File" menu and then "New Task (Run)". When the "Create New Task" dialog box appears, just type in "Explorer" and press the "OK" button. Windows Explorer should then reappear, complete with the "Start" button.

Change Process Priority

Is a particular program or process running too fast or too slow? Is a program or process taking too much of your CPU time or can you allow a process or program to take more of your computing power? To change these settings for a particular process, just right-click on an empty area of your taskbar and choose "Task Manager..." On the "Windows Task Manager" dialog box that follows, select a process and right-click it. On the popup menu that appears, select "Set Priority" and choose one of the following priorities: "Realtime", "High", "Above Normal", "Normal", "Below Normal", or "Low". The lower the priority is on the popup menu, the lower percentage of CPU time will be delegated to said priority.

Note that depending on the process and your administrative rights to your machine, you may not be able to change a particular process's priority.

Put the Desktop in your Taskbar

Do you frequently multitask? If so, all of the windows created by running applications can quickly cover your desktop. If you'd like, you can make the desktop icons immediately accessible from your taskbar. Just right-click an empty area of your taskbar, choose "Toolbars", and check "Desktop". Your desktop icons will then be immediately accessible without having to minimize your current windows. If you have a lot of desktop icons, click on the two greater-than arrows (">>") to the right of your desktop icons and a popup menu will appear allowing you to select from any of the available desktop icons not immediately visible on your taskbar.

Changing DOS Window Titles

If you use DOS a lot, you may frequently have more than one DOS window open at once. Perhaps you'll have one a window for FTP, one for debugging a batch file, one for doing basic tasks such as displaying directories, etc. If so, it can get very confusing navigating between the different DOS windows since each of their titles just say "Command Prompt". If you'd like, you can change the titles of a DOS window so you can easily see what tasks you are performing in each window.

To change the title of a Windows 2000 command prompt window, just enter in the TITLE command, followed by your desired window title. For example, to name a DOS window "Debugging Window", just enter the following command at a DOS prompt:

TITLE Debugging Window

Save the Current Directory Name

Windows 2000 lets you temporarily store the name of the current directory that you are in, letting you recall the directory name later after you are doing other processing. This may be useful if you are jumping around DOS directories a lot, either manually or through a batch file.

To store the name of the current directory, or rather, to PUSH the name of the current directory onto the stack, enter the PUSHD command followed by the name of a directory that you would like to access next. For example, if you are in the "C:\Program Files" directory and want to push that directory name onto the stack, jumping to the C:\WINNT" directory, enter:


After you are done working in the "C:\WINNT" directory and ready to go back to the "C:\Program Files" directory, don't type in "CD C:\Program Files", just POP the old directory from the stack by entering:

How to install System restore on server 2003

Found this on Google, may be useful to someone!

Before we begin, you'll need an XP CD. Doesn't matter if it's home or pro. It shouldn't matter if it has a service pack on it, since all the files will be the same source. In testing i used a slipstreamed cd that already had sp1 on it.

In XP, system restore is installed in syssetup.inf under the inf.always section. If you have XP installed, you can open up %windir%\inf\syssetup.inf and search for [Infs.Always], you'll see the section xp looks at for installing system components. You'll notice it has sr.inf, this is the inf for system restore. For server 2003, if you look at syssetup.inf you won't find sr.inf. This doesn't mean system restore won't work in server 2003, it just means they didn't install it.

So first what we're going to need to do is right click on sr.inf and select 'install', to install it on server 2003. If you have xp installed on another computer/partition you can just right click on it. If you don't, then extract \i386\sr.in_ from the XP cd to your desktop, then right click on it and select 'install'. It'll prompt you where the files are, point it to the XP CD. Once done, it'll prompt to restart, say yes.

That was easy, the next part is the tricky part. After restarting you'll get an error saying the service couldn't start. Specifically the error is error 1068. I searched google and found this link -

The error basically means it cannot run under the service it's on. In system restore's case, it runs under the network service. I know this because in services.msc, for path to executable, it says this: C:\WINDOWS\system32\svchost.exe -k netsvcs. This got me thinking so i opened up sr.inf, and found this line:

HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SvcHost","SRGroup"

I opened up regedit, and this registry key didn't exist. So it seems the sr.inf doesn't register system restore to run under the network services group. Using the above registry key as an example, i opened regedit and went to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost

On the right hand side i saw netsvcs. I double clicked on it, but saw SRService no where (SRService is the name for system restore). On a hunch, at the bottom i added SRService, rebooted, and this time got no error on startup. I opened up rstrui.exe, and system restore opened fine. I also had a System restore tab in system properties now too. I was able to make a restore point fine, then restore the computer to it without any problems. So in the above key, you want to double click on netsvcs, and at the bottom of the list, you want to type in SRService (probably case sensitive).

If you're not good with the registry you can save the following as a whatever.reg file and import it, but because it's binary i can't say if it'll work. I recommend manually adding SRService to the netsvcs key.

copy below to whatever.reg then double click on it

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]

copy above

That's it! Remember to restart both times.