Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×


  • Posts

  • Joined

  • Last visited

  • Donations


Everything posted by CharlotteTheHarlot

  1. More Windows 8.1 Update 1 features revealed, including jumplists for Modern apps ( NeoWin 2014-01-08 ) But we can't have that, can we? If they "start to look poorly"? If? The so-called haters who "never accept it" have been warning them for four frickin' years. Microsoft and you fanboys have chosen not to listen. Now you gotta #DealWithIt. Microsoft: 100,000 Windows 8 devices to be used by Miami's public school system ( NeoWin 2014-01-06 ) Ironic that our schools post signs nearby that state "Drug Free Zone" because within their very walls they are free to inject and addict kids to Apple and Microsoft products so the tots grow up to become healthier consumer sheeple. But it's worse than that. These are apparently Microsoft Tiles Playskool toys. So our already low expectations for public schooling just bottomed out. Fiscally speaking, I hope the dummies in Miami enjoy their upcoming school tax bills. Oh there will be the usual propaganda about wonderful discounts and deals, but everyone says that. Suckers. Microsoft posts 'Walking Dead' mid-season premiere on Xbox Live before it airs ( NeoWin 2014-01-08 ) And yet another royal screwup, one that could cost them dearly. If you were a plain old citizen, or an employee of AMC and leaked it or distributed it, there just might be a SWAT team showing up at your door.
  2. Short Takes: February 7, 2014 ( Thurrott 2014-01-07 ) One of his commenters disagrees ... Spoken like a MicroZealot completely oblivious to the facts and in a panic over a crazy world where Microsoft fails in its effort to "push" its way into search, and the living room. "Think for a second where MS would be on the tablet front without Surface." ? What? Don't you think that horse has left the barn already? Satya Nadella is 'a sheep, a follower' says ex-Microsoft exec. 'He can neither spell consumer nor device' says Joachim Kempin ( UK Register 2014-01-06 ) I think we can say the honeymoon is officially over, well at least for this ex-Softie.
  3. Thanks for the link. To quote Metallica, it's sad but true. EDIT: typo
  4. It's better to think of it as: ShellEx is read by Windows shell code, it follows the link to its class where a file is pointed to, and then runs whatever code is inside that file. It may or may not have icons, and may or may not have flyout submenus, that is up to that particular author. For example, those programs that I mentioned that customize the context menu by allowing custom entries and icons will have a main ShellEx container entry and then a flyout subcontainer that holds the user custom entries. I've even seen a single ShellEx spawn multiple consecutive top level entries with icons and each with sub-flyouts. The sky's the limit to what is contained in these shell extensions. Let's back up. It is best to envision the context menu as a Super-Object. It pulls together a variety of objects from various locations, and this has evolved a bit since the original Win95 shell. Indeed that is a pretty good description because it is very similar to the Start Menu itself, also a super-object that pulls together many different components. From what I have gathered ... NON-REGISTRY :: There is common core Windows shell code that is not seen in registry entries, like PASTE and SHORTCUT and RENAME and the main PROPERTIES items. These are present in the Shell DLL ( and possibly EXPLORER.EXE ) and these vary widely across Windows versions, especially in their use of icons. This category of context menu items is what is always present, even in a brand new fresh minimal install. What they do in there is up to the actual Windows shell programmers ( icons, flyouts, etc that you show in that screencap depend on Windows version, they have gotten much more visual and fancy with icons and things in recent versions ). This constitutes the absolute minimal context menu you will ever see, ( well not really, see the next one in the list ). This code is part of the shell mechanism - if you have a shell you will see base components in the menu. Modifying such context menu entries would mean modifying the Shell DLL and that is an unlikely scenario. Look for a complete replacement shell ( presumably with a new context menu system ) as a better idea. REGISTRY VISIBLE :: There is also Windows code that sits in some extra DLL's like the one mentioned above with DiskCopy, and Briefcase and SendTo and CopyTo and MoveTo. The DLLs are/were using names like DISKCOPY, SENDTO, SYNCUI, SHDOCXXX. I'm not sure anyone has ever endeavored to make a complete list. Whether they have icons or flyouts is naturally up to those programmers as well. When these files are registered they do appear in the various registry keys that the shell code acts upon. The manner of control we have here is the same as all registry entries, leaving them in or deleting them, or moving them up/down relative to one another. The Registry visible items is where it gets complicated. The ShellEx items are now co-mingled with the plain Shell context menu items, but in the past in Win9x that was not the case so they appeared separately in groups with divider lines between them. So within ShellEx, consecutive items as they appear in an actual registry export will maintain that relationship to each other in the context menu, but, with the added possibility that Shell items ( following the same rules ) might appear co-mingled. Each of these registry methods, ShellEx and Shell, in turn appear as subkeys off a variety of shell objects ( * or FOLDER or DRIVE, etc ). So the complexity of displaying this context menu super-object grows exponentially. ( Digression: I haven't really been able to get a handle on this co-mingling yet, but I am fairly certain that the shell code that reads the ShellEx keys has been strengthened in Windows XP and above, with the goal of providing a much more stable shell in general. Indeed, it is much harder to crash EXPLORER since XP and it has gotten even better since then. I believe they have added some kind of error checking that pulls out questionable items, and perhaps does even more than that. As mentioned in another thread, I used fake entries in Shell and ShellEx with some text to create a comment at the top and bottom of each section, and on Win9x the labels appear as expected, but on XP and above the Windows shell code removes the labels and co-mingles the entries. ) In your screencap you show a few core Windows items like NEW and SORT. Just like SENDTO, NEW are SORT are examples of Windows shell code, and up to Windows XP "SENDTO" was a DLL and "NEW" was core code. ( I haven't looked carefully in later versions ). SORT looks to me like a function pulled from EXPLORER.EXE and is used wherever named objects are grouped ( I am guessing that screencap was a right-click on the desktop? ). The important thing to realize is that whatever appears in context menu submenus really has nothing to do with the ShellEx mechanism, its job ended with displaying the SENDTO and icon and flyout. In its submenu are merely explorer folder views of files and objects. In the case of "NEW", in the old days it used to just show files from a folder called \ShellNew, but nowadays it is actually showing registry items demarked with a \ShellNew] subkey ( BTW this is a thing I always edit as I prefer very few things in that list, and the more that are flagged in the registry the longer it takes for that menu to appear, sometimes very long! ). In the case of SENDTO, it simply displays the shortcuts found in various \SendTo folders located on the physical disk ( no longer just in \Windows, but now scattered throughout user profiles all over the place ). Editing the contents of these SENDTO folders to have less items and removing broken links is a very good idea BTW. The important point being that talking about context menu icons really ends at the first level of the context menu. Anything appearing in submenus are completely divorced from ShellEx and all other context menu mechanisms. Finally, about those screencaps, each is missing the single most important detail ... what was right-clicked upon? ... It really is the starting point to understanding the context menu(s) in Windows and is critical to tracking down an entry to either kill it or move it. Was the right-click on a file, or a directory, or a pseudo-directory, a drive, a shell object construct like "My Computer", etc. This detail is the main clue to how what appears in a context menu actually got in there. In a link earlier I posted a fairly complete table of well-known shell objects which give us the main locations for registry items.
  5. Can you mention the program whose icon you are interested in? Or in what menus it appears? To track down its ShellEx key usually involves some sleuthing. For example, does the context menu entry with the icon only show up when you right-click files or folders? If it is one or the other then we have narrowed it down substantially. It really is a matter of locating the CLSID that the program has reserved for itself such as this ... [HKEY_LOCAL_MACHINE\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRar] @="{b41db860-8ee4-11d2-9906-e49fadc173ca}" Note that this is one of the more obvious ones since Eugene Roshal chose to use literally "WinRar" in that key name, but he didn't have to, it could be named "xxx" or anything else really. The Windows shell code simply enumerates everything under "*" and "Folder" and "Directory" ( and etc ) and follows the @=CLSID to get the shell extension and icon. The key names are irrelevant. However, they are enumerated in sequential order they appear in the registry ( I mean the way they really appear in an export, NOT necessarily how they appear in the REGEDIT GUI which allows sorting ). This bit of info is helpful when sleuthing because the entry above and below WinRar will appear that way in the context menu ( or DragDrop handlers, etc ). Anyone who tries to re-order WinZip and WinRar in the DragDrop popup needs to understand this ( the solution is to delete the first one and then re-import it which reverses their order ). Anyway, if you look at that WinRar key you see it is pointing to {b41db860-8ee4-11d2-9906-e49fadc173ca} which is a class that contains the icon handler ( usually a DLL reference ). So the trick is to now place {b41db860-8ee4-11d2-9906-e49fadc173ca} into the search field ( easiest way is to export the entire registry and search in a good text editor ) and find all the occurrences of that CLSID. Here's a few more places it pops up ... [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\Shellex\ContextMenuHandlers\WinRar] @="{b41db860-8ee4-11d2-9906-e49fadc173ca}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Shellex\ContextMenuHandlers\WinRar] @="{b41db860-8ee4-11d2-9906-e49fadc173ca}" ( I'm not sure if everyone has these same keys, I have a habit of customizing everything so they may be handmade ). Anyway, you see that it is set for * and Drive and Folder which covers most right-click objects. Now back to your case. If you know the context menu entry only appears on a folder but NOT on a file, then you can simply search under "Folder" or "Directory" where it will most likely be. And vice versa. It really is a matter of just locating one occurrence of it and then using that CLSID to find the others. And if they happen to use a unambiguous name it will be very easy. ( This is one reason I carefully log installs to have a searchable database of such things to refer back to. I usually can bypass any sleuthing. ). Here's an example of one that has no helpful clues in the name ... [HKEY_LOCAL_MACHINE\Software\Classes\Drive\ShellEx\ContextMenuHandlers\{59099400-57ff-11ce-bd94-0020af85b590}] @="" It is for a built-in Windows file called Diskcopy.dll that creates a "Disk Copy Extension" right-click entry for "Copy" ( pretty sure about that, it's the only one I see in the context menu ). Interestingly, it uses a lesser known method, where it does not post the @=CLSID pointer, instead it leaves it blank. In this case the shell simply picks up the CLSID right from the key name itself. As I mentioned above, you cannot control the icon from the registry, except to kill it or enable it. The code exists in the DLL file and the Windows shell handles that. But there are some utilities that add some control over these things ( one is mentioned in the 1st linked thread above ). I always have been wary of most of these utilities because they operate at the Shell level, being processed at each and every right-click. Buggy, broken or missing entries have been known to crash EXPLORER.EXE and worse. And the older the Windows version the more likely a BSOD or hard lockup ( albeit with some other variables in play like total RAM, core system settings ).
  6. RE: DNS Client I'm guessing it has something to do with his ISP or his cellular provider, maybe a requirement for some reason, but who knows. Glad you figured it out Click Beetle DX. : Still wondering why you are stuck with either of those for Internet access, are you way out in the sticks maybe?
  7. Thanks RacerBG : I saw the ShellEx context menu entries in the registry capture and totally forgot about them. When I right-clicked a folder its entry was way down past the scrolling part so I have been not even seeing the "Scan with Malewarebytes Anti-Malware" for quite sometime. Indeed that method works just fine! I'll update the top post. Thanks again.
  8. No problem. And I feel the same way about these programs. The more hostile AV programs ( including MSSE ) are burning up CPU and I/O protecting you from yourself and even have the temerity to intercept flashdrives, deleting tools and causing delays. MBAM has always ( in the non-realtime version ) been much more friendly. That report states there is no problem, so no worries. Under that key are a bunch of policies, the three that you show ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 ... should look like above to receive warnings. In that report MBAM is telling you that DWORD "0" is considered good and "1" is bad. It says that you have zeroes so it's fine and no action taken. Those values are using the patented and confusing Microsoft reverse logic ( just think the opposite of what it says ). In actuality it is a mistake according to MSKB949737 ...
  9. Comcast web mail servers hacked, all users at risk ( NeoWin 2014-02-06 ) And the hit parade continues. Glad that Comcast spent so much time and resources worrying about throttling bandwidth hogs rather than securing their network from the bad guys. Good job guys! GCHQ disrupts Anonymous using Denial of Service attack ( NeoWin 2014-02-06 ) Which is a peculiar way of saying they also impacted innocent bystanders, civilians if you will. This describes an indiscriminate bombing, like "targeted" strike on a building to kill the bad guy terrorist but taking out innocents in the process. Ironic too, since this whole spook saga hinges on the justification of preventing terrorism. Naturally the UK spooks have an explanation ... That answer was a non-sequitur and IMHO shows that our governments are operating under no oversight whatsoever. There is no law that sanctions stepping on or taking out innocents. All such incidents are pretend-investigated as accidents and then summarily "cleared" after much chest-thumping. No wonder our own spooks have made pets out of their UK counterparts, they have even less restraints than we pretend our own operate under. GCHQ warns UK government agencies on end of Windows XP support ( NeoWin 2014-02-06 ) I'm surprised they didn't just tell everyone to use Vista+, since the spooks were likely knee-deep in the development of those OS versions. So anyway, edit the registry to stop Office and WMP from opening files? WTF. If they wanted to really stop virus armageddon they would tell them to just not use Windows, right? That last bit is hysterical: "Installing and updating antivirus programs on Windows XP PCs " will continue to be beneficial"." What no recommendation, any AV program will suffice? Yes, these spooks sound very tech savvy indeed. EDIT: fixed quote tags
  10. Aero Glass can be enabled in the recently leaked build of Windows 8.1 Update 1, will it make a return? ( WinBeta 2014-02-06 ) Aero Glass can be turned on in the leaked build of Windows 8.1 update 1 ( NeoWin 2014-02-06 ) Well that just corresponds to a simple patch ... [KEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM] "HideBlur"=dword:00000001 However, as the video shows it really is an unimpressive title bar transparency and nothing more. A useful Aero requires the full theme found in Windows 7, including rounded corners, blur and color selection. It doesn't sound like the guy in the video at WinBeta knows what he is doing, he seems to think there is a switch that needs to be thrown. Why not try out the Windows 7 visual styles in this 8.1 update just for starters? Seriously though, isn't it silly for Microsoft to have to rebuild the thing from scratch now, rather than just re-inserting the original Windows 7 source code that they obviously killed. To Grow, Microsoft Must Deemphasize Windows ( Thurrott 2014-02-04 ) And naturally Paul mostly agrees, as would any good co-dependent enabler. By all means, throw more eggs into that cloud basket, a certifiable growth industry, well until more Snowden leaks hit. It's much like a house of cards just waiting for the final gust of air to bring the whole thing down. The other funny part about this is the sheer irony of enablers and fanboys pushing for Microsoft to get deeper into the cloud, sell consumer sheeple crap, and become a devices and services company. All of these things perfectly define those other companies that they literally HATE: Apple, Google and Amazon. One thing the MicroZealots all have in common is universal loathing for those firms ridiculing them as toy makers for iSheep and data and music services for dummies. But now the truth of this should be perfectly clear - they were actually dying with envy and jealousy all along. We wanna be sheep too! Here is an epic response at the Thurrot article ( among several ) ... February Xbox One update will add hard drive management ( NeoWin 2014-02-05 ) Can we now all agree that Xbox was released rushed and unfinished? Well most objective people can, not the fanboys though. BTW, check out the comments for post after post attacking the author of the article! His crime? Stating this: "Today, Microsoft does another 180 ...". I kid you not. Microsoft's Kinect is being used to guard the border between North and South Korea ( TechSpot 2014-02-04 ) Well with the Kinect in place we can finally say that for once the government spooks will be looking at a border crossing rather than spying internally on its own citizens. Not sure just how true this story is, but let's assume the South Korean decision makers are dumb enough to use consumer electronics for such a volatile flashpoint. I'm very doubtful that Microsoft would agree to this because the downside risk is substantial in the event of a failure. Any number of border incidents can occur that will reflect badly on them ( incursions, shootings, accidents, a Kinect BSOD that leads to a false alarm ) the list of possibilities is endless. No-one hears about uneventful day-to-day business-as-usual operations, but they do hear about the bad stuff. Good luck with this.
  11. Why is Bill Gates Back at Microsoft? ( Tom's Hardware 2014-02-04 ) All three Microsoft CEOs appear at company rally; lots of Lumias record the moment ( NeoWin 2014-02-04 ) Is Bill Gates' Return Good for Microsoft and Good for You? ( Tom's Hardware 2014-02-05 ) Satya Nadella gets verified on Twitter, sends first tweet as CEO ( NeoWin 2014-02-05 ) Microsoft to pay Satya Nadella $14.4-18 million annually for CEO gig ( NeoWin 2014-02-05 ) Lots of websites are already telling Satya Nadella how to do his job as Microsoft CEO ( NeoWin 2014-02-05 ) New Microsoft CEO Satya Nadella could earn up to $18 million annually ( TechSpot 2014-02-06 ) The bloviating continues with NeoWin leading the way of course. The big themes of the day are that Satya Nadella is underpaid compared to so many other CEO's ( so soon? ). That Bill Gates is the new "Technology Adviser" at Microsoft ( billg who does not allow Apple devices in his mansion even for his kids is somehow qualified to comment on trends without even seeing the enemy hardware? ). And that Wall Street is already giving them advice ... Awesome ideas, especially the cloud thingie. Throw the entire bankroll down on that number and roll the dice. After a few more Snowden leaks that all-in bet could sink the company. Lots of photos making the rounds today. Here's a few ... ( Satya, just how big is Steve Ballmer's head? Source: TechSpot ) ( Cleaned House? New Microsoft Chairman was a board member rubber stamping Ballmer and everything else. New CEO is also an insider, handpicked by Gates. Source: Microsoft Twitter ) ( Pssst Steve, you think he knows he was our last choice? Nah Bill, he doesn't have a clue. Source: Microsoft Twitter ) ( Forget those "I'm a Mac" commercials. Wait 'til they get a load of me! Source: NeoWin )
  12. Thanks! Survived another one. 10 inches in 12 hours, so AccuWeather called that one pretty close. 4 inches just two days ago also, and naturally nothing is melting ( 10 degrees F tonight, 3 degrees tomorrow, daytime below freezing ) so it is getting pretty darn high on the ground with no place to put the plowed new stuff. Ah well, I see some others got double that amount, so we're lucky I guess.
  13. Once again I bid farewell until this next storm passes. It's 5am here and the snow is just falling out of the sky like a giant front-end loader is parked above us. This will be another 12 inch 12 hour affair. Good luck all.
  14. I never did, it still plants itself on startup Vini, can you describe the startup thing, what is planted and where? Is it the RunOnce entry? Also have a look here where I just took a look at MBAM on Windows XP.
  15. As mentioned above ... Version conflicts Issue-3 : An existing DLL on this system became effectively back-leveled from the MBAM installer. Actually the file was in fact still just fine but a different one that came in alongside MBAM was self-registered which for all practical purposes swapped itself into use. This is very common in the Windows DCOM ( or whatever term they are using this year ) architecture, the sad legacy of the genius who invented self-registering files, "registering" means punching-in a slew of code into the the Registry whether or not anything was already registered there, even if the older stuff was better. This is a non-destructive kind of update however. The original file still exists just fine, it's just no longer pointed to by the necessary keys and data in the registry. It can be undone by re-registering the original file later. Old-timers will probably remember when this began to happen, IIRC around the MSVC4 days when OLE was all the rage. Famous cases I still recall vividly were MFC42.DLL. Anytime someone called me up and said their programs were suddenly in another language I knew there were three keys that MFC42.DLL would wreck when it got self-registered ( actually it would just change the file pointer to itself so any programs referencing one of those three registry keys would now import from that new MFC42.DLL located in some new program's folder ) and if the language was for example Spanish or Russian, any MSVC4 apps would with laughingly degrees of success attempt to display the new language in its dialogs. Anywho, it still happens today, most often when the author of an installer adds "self-register" flags to the part that copies files to the destination system. MBAM does this with the file called Ssubtmr6.dll, a 3rd party VB support library that is pretty popular. It is not a dealbreaker though and this particular case is as tame as can be. No language changes and I happen to know that the author of that library actually cares about backward compatibility, a lot! No harm no foul. But it leads to an interesting saga in the Windows universe - just how the heck can you be sure which of two DLL's are better? It's a great question. Let's find the answer step-by-step ... I had a Ssubtmr6.dll in Windows\System32 already registered and in use by programs that utilized it. MBAM has its own local copy that got self-registered ( again, this only replaces pointers in the registry to the first file, but leaves it physically alone ). Comparison ... My original on left, a different one from MBAM on right. Let's break down all the possible criteria for determination of "better" file. File Size. Never a good indicator, but the ORIGINAL is bigger.File Date. Modification sometimes has meaning ( e.g., Windows timestamps ) but rarely otherwise. MBAM is newer ( but instinct says older is better here )File Version. Clear win for the ORIGINAL, but be aware I've seen some real doozy mistakes made in here by authors, and even the compilers ( "10" comes after "9" )Description. This is a tie.Copyright. Somebody edited that field. ~sigh~ I hate when that happens. Vote for the ORIGINAL.Digital Signature. Okay, the MBAM file wins this one.Comment. Believe it or not, this is the most telling bit. The text of the ORIGINAL is unambiguously declaring itself a superset of the MBAM file. It wins.Strings. In the registry I see that in the CLSID Version there 1.1 for the ORIGINAL and 1.0 for the MBAM file. The ORIGINAL wins this one too.Internals. Where the rubber really meets the road. The exported functions match identically in name and ordinal. But a careful sort and compare of the IMPORTS show several functions missing from the MBAM version indicating updated MSVB6 code in the ORIGINAL. See details.So after checking a bunch of criteria, the votes simply must go to the ORIGINAL being the better file after all, even though the date is much older. Indeed, I checked out the author of the actual file, Steve McMahon (steve@vbaccelerator.com), and as luck would have it, he still has his site up and the latest available version of Ssubtmr6.dll ( get it here ) is the ORIGINAL I have, I downloaded and diffed it to be sure and they are identical. The author deserves a bunch of kudos by the way as one of those rare programmers that is conscientious and documents things well. : I mentioned that this also affected one other file, but just barely: Vbalsgrid6.ocx. Same author and website and that one was resolved in the same way. Finally, reverting these are very simple indeed ( in my case ) ... REGSVR32 C:\Windows\System32\Vbalsgrid6.ocx REGSVR32 C:\Windows\System32\Ssubtmr6.dll And now all the registry entries point to the better file and some other inconsequential bits in there are changed back. Version certainly conflicts lead to some strange digressions!
  16. Malwarebytes' Anti-Malware, is a slim, fast, stable and well-liked anti-malware application. I wanted to verify that MBAM is still working soundly on Windows XP and audited the process of install and execution. NOTE: ther have been no rumors or announcements or anything like that to worry about, and they still list Windows XP on their site, this is pure research spawned by discussions in other threads here. No worries. Cutting to the chase I'm happy to report that all is still fine. : There are a few very minor issues however for the new or casual user to be aware of, documented below. At the MBAM Website the latest version as of January 4, 2014 is v1.75.0.1300 ( file is literally: mbam-setup- ). First thing to note is that website has a few software offerings, and the top two selections on the page look like this ... Although they use separate two boxes, it is in fact the same file received from both. I assume this is for tracking purposes. Issue-1 : Website download selection. That will definitely be a little confusing for non-experts but they can be assured that pressing either Free Download or Free Trial will return the same exact file ( 10,285,040 bytes, verified as binary duplicates ). When executing the installer there are the usual agreement and description pages but the last one is most important ... The final installation dialog after I unchecked all the options. Issue-2 : Defaults to Trial-Mode. All of those options shown above were pre-selected by MBAM, including the first one which has consequences. So as always I unchecked them all preferring to install quickly without fuss and better control what happens next. Leaving that first one selected has the consequence of enabling the trial mode of the "Pro" component which is realtime monitoring of processes for suspicious activity. If you like that kind of thing fine, but I don't because I feel it is a burden on the CPU and I/O performance in general. Personally I prefer completely standalone, on-demand, as portable as possible, slim apps rather than the trendy uber-integrated always-running security package. MBAM doesn't fit either category exactly but is very close to the former case. So after de-selecting the options and clicking "Finish" the installer completes and disappears. Nothing further happens since I declined to launch MBAM and run the definitions updater. At this point I took my first look around at system changes. I had originally planned to detail the placement of files but having thought twice about it I am not going to discuss the core too much so as to avoid tipping off the bad guys. MBAM are the good guys and our mutual enemies are going to get no hints from me as to how to defeat security and security apps. The bulk of the program files are placed right in the specified directory ( I used C:\Program Files\MBAM ) and the remainders are sent to the common All Users structure. No surprises here. Issue-3 : One existing DLL I found effectively back-leveled ( okay, two), I will detail this interesting but very common annoyance below in the next comment. Issue-4 : The MBAM installer left an autorun entry here ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="C:\\Program Files\\MBAM\\Mbamgui.exe /install /silent" ... which may appear suspicious but I found the explanation here, explained thusly ... Yes it should run once and then disappear Mission Impossible style, but I suspect some folks find it persisting for one reason or another. It can definitely just be deleted ( as I did ) and its use is redundant anyway because the program itself certainly checks to see if it is registered. Frankly it is unnecessary that it would be set to run even once on a computer where the user de-selected "Enable Free Trial" ( as I did ). Perhaps they can fix this by simply skipping this step in the installer in the future. So at this point I ran the program and it worked properly. The prompt came up for the outdated definitions and I allowed it to update itself with the 7 MB of data ( as usual it is very fast, much MUCH faster than anything at Windows Update which I always get a kick out of. Even if you just get a display monitor driver from WU which is typically just a few KB in size it will take extraordinarily long! ). So definitions update complete I went through all the tabs and looked for anything else to change and I think I found one ... That checkmark should probably be cleared. ... I can't be absolutely sure, but it does feel like either a polling function, or at least a periodic task, which it would need to be in order to magically know that there is an update waiting for install ( because thankfully the Internet architecture is still largely "Pull" and not "Push" ). So I unchecked that box and moved on. I suspect the only thing it changes is that whenever the program is launched it skips phoning home with the current version and comparing to the latest. If I am correct, I'm not only doing myself a favor, but also the good people at MBAM by reducing their bandwidth and processing. Aside from that, everything is working exactly as expected. MBAM is a very thorough scanner, it is exactly what McAfee and Norton and all the others should be - it can be used ON-DEMAND - and more importantly - it is completely GONE when closed. That makes MBAM a great addition to the toolbox. It also does an excellent job with registry objects, typically finding more suspicious keys and data than any other tool that I use these days. Issue-5 : The last nitpick is a longtime annoyance ... Still no folder selection ... Since you can only select "Drives" you kinda are committed to a long duration scan these days. But there is at least few ways to work around this, either assign a drive letter to a Folder ( SUBST should work, or through the Disk Management GUI "mount" a folder ), or instead, use a small flashdrive holding your suspicious files ( insert it before running MBAM ). Hopefully they will get around to adding a folder option here for quick scans of targeted objects and downloads. UPDATE: as mentioned below by RacerBG the easiest solution is to right-click a folder and use the "Scan with Malewarebytes Anti-Malware" context menu entry!
  17. There is a post at NeoWin by owner Steven Parker, aka NeoBond ... How ICANN said ICANT ( NeoWin 2014-02-04 ) Read his story for lots more details about his non-working contact information and why it occurred, at least partially due to bureaucratic burden. I'm not sure why, but Steven is certainly being so charitable about something this serious. Registrars have but one mission in life and if they fail that you have to ask just WTF good they are. If Steven had any sense he would seek out some others that have had this happen and unite to press a suit for easily provable damages. If he accepts it, there will be no pain for the registrars and incidents will continue to occur. UPDATE-1: just before posting this comment NeoWin.net was back down again after being up for at last several hours. The browser status showed it hanging at Looking up hostname www.neowin.net ... and then the generic 'address not found' ( as seen in Opera ). UPDATE-2: now a few minutes later it is working okay. Something is still screwy at the DNS level, perhaps some name servers changed the URL and are now changing it back. It shows there are far reaching consequences for an issue like this.
  18. Footage released of Guardian editors destroying Snowden hard drives ( The Guardian 2014-01-31 ) Pure theater since we know the data was already distributed elsewhere. The theatrics were obviously demanded by USA spooks of their British pets, I mean partners. All the world's a stage. The Next Phase of the Internet: Licensing Content Makers ( John Dvorak PC Magazine 2014-01-29 ) Much more from John Dvorak in this timely column ( with only a couple of ZDNet trolls this time ). EU wants to give police the power to remotely disable any car ( TechSpot 2014-02-03 ) As I'm so fond of saying lately, 'what could possibly go wrong?' ... Ya think! Whenever the means for a scenario exists, you can bet that scenario will be visited. Yep, that too. Time is running short for the sheeple. Will they be herded into their pens quietly?
  19. Microsoft slams Chromebooks again in new Windows 8.1 ad ( NeoWin 2014-02-04 ) Someone's still acting out of fear. I wonder what they know about real sales that we don't know. We'll have to see if this trend of negative advetising continues under the new management. If it does, it will show beyond question that there are institutionalized defects at NuMicrosoft that cannot be exorcised by lopping off heads. Microsoft confirms ConnectED investments, including 12 million free copies of Office to schools ( NeoWin 2014-02-04 ) Love that math. It's just like those late-night commercials blathering about a $199 value all yours for the low price of $49. Anytime the word "savings" is used these days you should hide your wallet. Beware of Greeks bearing gifts? This is so disgusting to me. Really. They're not even hiding the fact that they're turning K-12 into vocational schools! There is only one possible outcome here, even dumber kids than ever before ( because normal studies are replaced by specialized vocational skillz ) who will be pre-trained sheeple perfectly equipped to become button pushing monkeys in the workforce. It is astonishing that parents welcome these gifts with open arms not realizing the indoctrination their little tots are undergoing. And this is from all the companies, but Apple and Microsoft are the biggest offenders. It is captive child abuse that they spend any time teaching corporate product consumption. I'd bet that more kids than ever couldn't find their home on a map ( even in Google ) or solve a simple math problem ( even in Excel ). We used to ( correctly IMHO ) ridicule reliance on calculators because it helped reduce the need for outlining detailed steps to solving a problem, then they allowed graphing calcs to kill even more skills, now I would be surprised if anything useful is being learned at all. Coming soon to SteamOS, Steam Music integrates your music with in-game overlay ( PC Gamer 2014-02-03 ) This is exactly what they need to do. Expand the feature set to include non-gaming tasks, eventually adding the hipster necessities of email, chat, Twitter, Facebook, and then put in the bigger ticket items. None of this is going to be good news for MicroZealots and MetroTards.
  20. As first mentioned by bpalone ... Meet Microsoft's new CEO: Satya Nadella ( TechSpot 2014-02-04 ) Microsoft Promotes Satya Nadella to CEO, Names Bill Gates a Technology Advisor ( Maximum PC 2014-02-04 ) Bill Gates Championed Satya Nadella as New Microsoft CEO ( Tom's Hardware 2014-02-04 ) Man With His Head in the Cloud is Exactly What Microsoft Needs ( Tom's Hardware 2014-02-04 ) Naturally NeoWin has already posted over half a dozen breathless stories ... Microsoft announces new CEO: Satya Nadella; Bill Gates becomes Technology Advisor ( NeoWin 2014-02-04 )Here is Satya Nadella's first email to Microsoft employees ( NeoWin 2014-02-04 )Bill Gates steps down as Chairman, now a technical advisor to Microsoft ( NeoWin 2014-02-04 )Here is Steve Ballmer's last email to Microsoft's employees ( NeoWin 2014-02-04 )Nadella, Gates tout importance of mobile devices, cloud computing for Microsoft going forward ( NeoWin 2014-02-04 )Microsoft's new CEO conducts his first interview ( NeoWin 2014-02-04 )Microsoft's new Chairman of the Board, John Thompson, comes into the spotlight ( NeoWin 2014-02-04 )And Atlas I mean Wall Street shrugged ... As first mentioned by Andre ... Net Applications Analytics Show Users Still Hanging On to Windows XP ( Maximum PC 2014-02-02 ) Windows XP use goes back up; Windows 8.1 barely moves in January's OS data ( NeoWin 2014-02-03 ) Too much FUD in the comments to even bother with. Here's the complete data for anyone interested ... We should remind our friends there is the issue of overlap manifesting itself by machine being counted twice in the same 30-day period. And none are more likely than Windows 8 computers being updated and also counted as Windows 8.1 unless they happened to actually update in the unlikely period of the last hour of a given month. Odds are very high that if they were to get counted by Net Applications as one version they would also get counted after the update. This may also hold true for XP to 7 as well, but there is reason to indicate that they are not really counting Windows XP using the same procedure as in previous times. The double counting is likely to explain the slowed growth of the combined Windows 8 totals because as time goes on the duplicates effectively get culled as fast or faster than new Windows 8 come online.
  21. Slightly different case successfully tested: Dell desktop using Windows 7 SP1 stuck with Windows 7 RTM setup files on the separate OEM reinstall partition. I extracted the SP1 ISO and overwrote the files and it ran flawlessly from within Windows ... Is it possible to Repair Install from a HDD? Yes it is. Note that I went back and tried to determine which ISO I used to no avail ( I don't have access to this computer anymore ). But it was a Dell desktop, that originally came with Vista and was then updated for free via Dell to Windows 7 RTM when it came out. I got the machine when it was Win7 SP1 but with RTM files on the OEM partition ( which skipping RTM was the whole purpose of that experiment ) . So I don't remember which ISO I used, but it did prompt for the activation key which would not be the case in a perfectly normal OEM situation. I guess the Dell free upgrade to Win7 was either a retail or system builder edition which prevented simply using the BIOS SLP. I have to assume I used the non-Dell Win7 SP1 in that case. Anyway, you should extract the official ISO of the *exact* version you have ( determinants: 32 or 64, RTM or SP1, OEM or Retail or VL ) to a separate partition. Then you run the SETUP.EXE from within Windows and read the prompts carefully.
  22. I should mention that Activation is normally not an issue on a laptop because it is usually a pre-activated OEM version that uses a number in the BIOS as proof of being the correct computer. This could be an issue however if someone manually changed their key to the one on the sticker for some reason, or if they re-installed Windows from a different source ( instead of the OEM version included on a partition ). Not suggesting this is the case, just mentioning them as possibilities that would disrupt business-as-usual.
  23. I hope you don't pay for that ISP dial-up. I know it's off-topic, and the ISP is not specified but can you explain why you don't get a physical line from them? I mean like Cable/FIOS? It is cheaper than most dial-up payments and there is no login or authentication to deal with. They supply a modem whose Internet "jack" is plain old TCP/IP. Now the problem I see is that when your computer showed "no Internet" after you signed in to the ISP on the dial-up modem, that is still ambiguous information for purposes of debugging, because the client software you used would need to open a TCP/IP connection that is using a visible "network adapter" that Windows and Windows programs ( like web browsers ) can "see" and utilize. As stated, we don't know what the ISP is and what it purports to provide once you "log in". I can imagine any number of proprietary arrangements that are only usable from the ISP client software window. Note, this is not how AOL or Earthlink worked, their clients installed a network adapter ( software ) that was generic TCP/IP and any Windows software that spoke TCP/IP used it just fine. RECOMMENDATION: ( I'm serious ) get a broadband line into the house, get a WI-FI router and plug that into the broadband modem, then use Ethernet cable or Wi-Fi for all devices. You will solve all your problems at once and add good security as well. Also, I'd pull that modem from the laptop, it is wasting power every time the computer is on, and money every time you dial-in ( if it is not removable, oh well ). And the same goes for tethering ( which is often not even legal and it wouldn't surprise me if the carrier times it out intentionally ). Please don't take this the wrong way, but neither of these ( Dial-up or Cellular ) appear to be good ideas for laptop Internet. Now about the Windows 7 vs Windows XP. I still see no mention of using administrator or standard account. All the symptoms so far do not rule out a permissions problem, perhaps a policy of some sort ( not allowed to install updates, or any number of restrictions ). I would say that you should now try to enable the built-in Administrator account and immediately test Windows Updates but again at your friend's house using the cable. But read on first ... Let me explain this in detail ( and you should attempt to relay this information to your friend because his understanding is BACKWARDS ) ... When you plug your laptop into his router with the Ethernet cable you are having the most minimal effect on his "network" that you possibly can. In fact you were doing him a huge favor. Here's why. If his Wi-Fi had a passphrase ( and he should have one or else he really knows nothing ) then he probably gave you that passphrase or typed it in directly in order for you to use the Wi-Fi. Ask him to guess where that passphrase now exists? Yes, on your laptop and it is trivial to recover. Also, if he happened to also use MAC whitelisting, then he also had to add your laptop MAC to his security "Allow" list. So his "whatever reason" to not use the wire was actually self-defeating because he modified his security posture rather than hand you an Ethernet cable. The only real risk he had from using a cable is if you were a sneaky blackhat who was silently running some Network tools to gather info of his other connected devices, and even this is not straightforward since most routers require peer to peer features to be positively enabled in the firmware. In truth, the only risk of using the Ethernet cable was to you, and only if his network was already compromised by external bad guys or if one of his devices was compromised and acting like a 'bot or itself scanning for new clients to affect. I suggest you politely let him know he needs to brush up on Router security and concepts. Now having said that, the problem is the extra layers of complexity that you are starting from in all these cases. Wi-Fi adds extra variables ( like Wheel of Fortune with 5 letters unknown versus 20 letters unknown ). The Wi-Fi introduces hardware and software and authentication to the usual networking and permissions issues. It is easier to debug one or two issues than a dozen of them. Anyway, if I had that laptop here, in less than a minute I would enable and login to the Administrator account, pop the Ethernet cable in, watch for network status, test WU or just type a URL in the START > SEARCH box and most likely see it work fine. Then I would wait like an hour ( touching nothing ) and keep trying. No timeout, no drop? I would proceed to create a new standard user account and repeat from there. That works okay? The the account you use was altered. BUT ... There is no way given the available info to do anything but really guess. But if I had to I would suggest that your account has been altered somehow compared to a standard or admin account. this might happen from an antivirus package or any number of "helpful" programs protecting you from the Internet. Once again, that is just a WAG at the moment. BTW, the main reason for that simple but precise test above is to rule out hardware issues, heating, drivers, and non-default software settings. If I see the connection survive uninterrupted in that virgin admin account with a simple cable then I rule them all out and then move to try to locate the guilty party ( comparing the event logs for the successful admin versus failed normal account ). Note that since Windows XP is said to work perfectly on this identical hardware, that appears to rule out hardware issues ( at least electronically, the laptop is physically sound ) but not necessarily heating, or especially power-saving bugs I mean features. Also, drivers remain a possibility, even if they say they're fine for Windows 7. It's way too soon to discuss it, but long before re-installing Windows comes simply re-installing the drivers. Just to recap, there are specific debugging steps I would do if I had that laptop. Most obviously using the admin account and then a new standard user account. However, the circumstances you are operating under with either dial-up or tethering introduce too many other variables, which will mask the clarity and purpose of those suggestions. Once again, please don't take offense at any of this, none is meant. Finally, are you sure that the Windows 7 copy is still genuine? IIRC, they had a timeout or something to do with Windows Updates that throttled copies that became de-activated. Are you by ancy chance running a trial version and are near the expiration or something? Just asking.

  • Create New...