Content Type
Profiles
Forums
Events
Posts posted by mraeryceos
-
-
dont use codec packs, I prefer to avoid them, I usually only use FFDShow and VLC and that suits me fine for everything.
As you can imagine, without stating WHY, everyone will question your motivations
because it makes life much simpler.
vlc can play just about anything.
Ok, I'll try it next time. In the past I was always coming across videos I couldn't play, until I got a codec pack. I've been using k-lite's basic pack, which did it for me. Maybe things have changed.
0 -
dont use codec packs, I prefer to avoid them, I usually only use FFDShow and VLC and that suits me fine for everything.
As you can imagine, without stating WHY, everyone will question your motivations
0 -
Thanks for the links!
0 -
I was talking about ONLY for the tweaks section. Not any component removal. I have my own list of reg tweaks, and I'll never have to dig through that section again the next time I revise my XP distro, because I can separate them out (they seem to all be in nLite.inf). Do you recommend a source for a list of registry tweaks, that have detailed descriptions about each one?No you cannot simply replace the modified ones with untouched ones.I do the same with modified files (keep them separate). I overwrite the ones in i386 with my own.
Wow, thanks for the really deep advice! I should be so worthy!If you truly are this paranoid the maybe nLite is not the app for you.
What are you smoking? I need to get some.nLite removes the dead space and reorganizes the dosnet, txtsetup files and so-on to speed up the installation. (Granted its not much of a speed-up but all the same a couple of minutes is faster to me.)0 -
Mirosoft could use it to take statistics on who is using nLite (during windows update, if you do that sort of thing). You'll have to excuse me... I don't have any trust in MS. But nonetheless, it does create an "I used nLite" identifier on your system, so one could tell by taking an MD5 on a certain section of the file, or looking for a particular string pattern within the file.
0 -
I ran only the tweaks section on nLite, made my changes, and analyzed the changes. I found nLite only added what is shown below (makes sense too). Wierd thing, is that it completely scrambled some files it didn't even need to touch. I think the content of those files stayed the same, but why scramble the files (as compared with the originals from the XP CD)??? What I mean by scrambling, is adding spaces, removing or adding lines, reordering lines, etc, without actually changing any functionality.
; ----- dosnet.inf completely scrambled... I believe may be the same
; ----- txtsetup.sif completely scrambled... I believe may be the same
; ----- defltwk.inf scrambled, but the same
; ----- hivesft.inf scrambled, but the same
; ----- hivedef.inf somewhat scrambled, but:
[AddReg]
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams","Settings",0x00000001,08,00,00,00,04,00,00,00,01,00,00,00,00,77,7e,13,73,35,cf,11,ae,69,08,00,2b,2e,12,62,
04,00,00,00,01,00,00,00,43,00,00,00
HKCU,"Control Panel\Accessibility\HighContrast","Flags",0x00000000,"122"
HKCU,"Control Panel\Accessibility\Keyboard Response","Flags",0x00000000,"122"
HKCU,"Control Panel\Accessibility\MouseKeys","Flags",0x00000000,"58"
HKCU,"Control Panel\Accessibility\StickyKeys","Flags",0x00000000,"506"
HKCU,"Control Panel\Accessibility\ToggleKeys","Flags",0x00000000,"58"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer","NoFileFolderConnection",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons","SmallIcons",0x00000000,"yes"
HKCU,"SOFTWARE\Microsoft\Internet Explorer\Main","NotifyDownloadComplete",0x00000000,"no"
HKCU,"SOFTWARE\Microsoft\Internet Explorer\New Windows","PlaySound",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Internet Explorer\SearchUrl\g","",0x00000000,"http://www.google.com/search?q=%s"
HKCU,"Software\Microsoft\Internet Explorer\URLSearchHooks","{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",0x00000000,""
HKCU,"SOFTWARE\Microsoft\Internet Explorer\Main","Start Page",0x00000000,"http://www.google.com/"
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","MaxConnectionsPer1_0Server",0x00010001,10
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","MaxConnectionsPerServer",0x00010001,10
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","NoNetCrawling",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","FolderContentsInfoTip",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","ShowInfoTip",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoResolveTrack",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","LinkResolveIgnoreLinkInfo",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoResolveSearch",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoLowDiskSpaceChecks",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","DisableThumbnailCache",0x00010001,1
HKCU,"Control Panel\PowerCfg","CurrentPowerPolicy",0x00000000,4
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\WebView","DefaultApplied",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","WebView",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","ClearRecentDocsOnExit",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSMConfigurePrograms",0x00010001,1
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation","DefaultApplied",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow","DefaultApplied",0x00010001,0
HKCU,"Control Panel\Mouse","MouseTrails",0x00000000,"0"
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade","DefaultApplied",0x00010001,0
HKCU,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade","DefaultValue",0x00010001,0
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","AcceptedPrivacyStatement",0x00010001,1
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","FirstRun",0x00010001,0
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","LaunchIndex",0x00010001,1
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","AcceptedPrivacyStatement",0x00010001,1
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","AutoAddMusicToLibrary",0x00010001,0
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","MetadataRetrieval",0x00010001,0
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","StartInMediaGuide",0x00010001,0
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","StretchToFit",0x00010001,1
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","SnapToVideo",0x00010001,0
HKCU,"SOFTWARE\Microsoft\MediaPlayer\Preferences","StretchToFit",0x00010001,1
; ----- sysoc.inf somewhat scrambled, but:
[Components]
nLite = ocgen.dll,OcEntry,nLite.inf,HIDE,7The contents of nLite.inf included all the changes above (just from hivedef.inf, since the only one changed), in a section called [CT]. There are also other sections, like [T] for mostly HKLM entries, and [P] which had the entry. So in conclusion, you can save your changes just by saving the nLite.inf file and making it your own (specifically for the tweaks section).
Since nLite.inf is the only one you need, the other files are basically the same but scrambled. This could be a privacy implication!
ps. I have a bunch more changes I make to the registry, but I keep those in my own reg files.
ps2. nLite included ClearRecentDocsOnExit=1, which was not my choice!???
0 -
This would be very nice also:
http://www.freepatentsonline.com/6473789.html
Heck, you could even move your solid state drive to your phone, and have your phone use the same scalable operating system. Ok, that's a bit of a stretch...A computer coupling device is provided for coupling together two computer systems, such as a notebook computer and a desktop computer, to allow each computer to share the system resources of the other computer and to allow the two computer systems to perform dual-CPU parallel processing. When the notebook computer wants to gain access to the system resources of the desktop computer, the computer coupling device connects the host bus and the PCI bus of the notebook computer respectively to the host bus and the PCI bus of the desktop computer. Alternatively, when parallel processing is required, the computer coupling device connects the CPU of the notebook computer to the CPU of the desktop computer to allow the two CPUs to exchange data during dual-CPU parallel processing.0 -
I only want to have one system. How many of you have multiple computers, but find that you end up using one computer as the "main" computer. If you like to take your computer with you, then the main computer is probably a laptop.
You would like to use your more powerful desktop. You may have tried synchronizing, but you find having to install software, change settings, etc, on two different machines to be too much of a headache, right? Even after finding tons of ways to streamline this, you throw your hands up in the air, and follow the path of least resistance: just use the laptop. I'm looking for a better way.
Is Windows capable of picking the right drivers to use (for example, introducing a special docking mode), if you were to move your laptop's hard drive to your desktop when you got home? You boot up your desktop from your laptop's hard drive (adapters exist). You are using the same operating system, your same program files, your same documents.
How to accomplish this? My experience is that booting the desktop from the laptop drive, things don't go so well. Suggestions?
0 -
The differences between windows folders on the same machine are:
Windows\system32\WPA.DBL
one moved 01 within Windows\bootstat.dat
*.PNF files in Windows\inf\*.* (u can delete these i think they get recreated)
Windows\Registration\*.*
Windows\repair\*.*
Windows\security\Database\secedit.sdb
Windows\security\templates\setup security.inf (small difference)
Windows\system32\CatRoot\{number}\TimeStamp (2 files)
Windows\system32\CatRoot2\{number}\catdb (2 files)
Windows\system32\CatRoot2\{number}\TimeStamp (2 files)
Windows\config\*.*
Please double check for me as I'm not completely sure! On different machines, there are probably more files.
0 -
bug still there
0 -
Would this take care of all "Attachment Execution Services" that was added in XP SP2?
0 -
Would it be possible to remove the AES (Attachment Execution Services) component?
Edit:
Could this be it?
http://www.msfn.org/board/Solution-Steam-F...hl=xpsp2res.dll
What is AES? Answer:
http://google.com/images?q=%22Attachment%2...n%20Services%22
0 -
Which codec pack would you choose?
Edit:
Sorry, but I added some choices to make it more complete. Some of the three existing "other" votes may have been for Vista Codec Pack.
0 -
Is there a webpage someone could recommend for finding out how to do what nLite does manually? I really liked JDEBOECK's guide for XP SP1 and would like something similar for SP2.
0 -
Do all files have digital signatures? Even driver files? Because even if all Windows XP SP2 files are the same, the driver files will be different for every computer, and the virus may have put itself in as a driver.Malware, such as rootkits, can patch actual Windows binaries so they cannot be detected by API calls. You would have to verify the digital signatures, probably mounted offline, on the files to ensure they are authentic.1. Overwrite all standard WinXP SP2 files with originals
2. Rename all extraneous files
3. What to do about driver files???
Can a standard set of driver files be used, that will allow the system to boot, so that you could reinstall drivers to non-infected versions?
You know... if you delete the boot.ini file and other root files, then rename the windows, "program files", and "documents and settings" folders, you can do a blank install of windows. This would ensure all the files that are needed for the computer are there...
Most people that have a virus would prefer there computers to be "fixed". They don't want a fresh install of windows, because it means having to reinstall everything, import everything, change settings on everything... I am looking for a way to avoid this.
0 -
FishBowl, I follow a similar backup strategy. I also have separate data and system partitions :-) My challenge is for systems you get that haven't had that preparation.
Does anyone know which files are present on every installation of Win XP SP2? I may test if I find time. Instead I keep hoping someone has already done it!
0 -
OK! Thanks!Bear in mind that Malware can have a module named the same as a good file in a different folder that will still cause damage (or whatever) becuse it gets executed before the good one (ref. the execution PATH).I don't have an infected computer at the moment. I'm a tech. I usually just get data off and reinstall windows.
Too much work. Also, running an antivirus scan is likely going to be ineffective in cleaning malware.Best bet is use all recommended Malware Cleaners / Scanners, check the registry (HijackThis is a good one), then maybe (if necessary) do an "over the top reinstall". There will more than likely be lots of stray Malware hiding if you don't "clean" the system.Reference http://av-test.org papers titled:
testing for rootkit detection and removal
Also of interest:
getting rid of malware from infected pcs
I was looking for a quicker method. For example, overwriting Windows files with a copy of files always existing on a standard Windows installation. Then perhaps rename or delete all files NOT on a standard Windows installation (can be automated). I like this method better than doing an "over the top" installation of windows, because, you don't know what the F*&& the "installation" does.
So I still have the question:
Does anyone know which files are present on every installation of Win XP SP2?
0 -
I am not interested so much in what it does, but how to get rid of it. I can rewrite the boot sector, if that is what you mean by "deeper". What do you mean by deeper? Yes, exactly what do you mean by deeper?
0 -
Thanks FishBowl! Now the real reason I brought this up.
(1) On an infected machine, if you replace the files that occur in every installation of Windows XP SP2, no matter what the hardware, will this eradicate the malware that may have leached onto legit system files?
(2) Well, the registry would always be different, so you coudln't replace that. The registry may call out to drivers, dll's, etc that are malicious, and aren't part of the core system files in (1). But you can use your favorite boot cd to load up the registry and remove the offending startup entries. I can't remember if possible to use Sysinternals Autoruns to load the remote registry on the hard drive, while booting off a CD or USB device. Anyway, this is something you could do.
Does anyone know which files are present on every installation of Win XP SP2? What I'm getting at, is that this would be a quick fix without having to reinstall windows, and everything else. Boot off a cd, overwrite files, remove startup reg entries, and you are good to go. You may still have some malware left on the machine, but it won't be active (and I assume harmless unless someone double clicks on a malware executable).
Does anyone know which files are present on every installation of Win XP SP2? I've made some rough attempts at overwriting with the originals, but Windows would blue screen after I did it. Oops... killed the patient.
AHA! I should have been reading Wikipedia!
http://en.wikipedia.org/wiki/Rootkit#Removal
While most Administrators prefer a clean reinstall, a skilled Administrator using a PE can often delete and clean a rooted system if a reinstall is not a viable option.0 -
No one wants to talk about this?
0 -
shilyro: vLite? I thought this topic was just for nLite.
Although related, Vlite should have its own "What not to remove for some programs" topic.
0 -
I like it! To be more useful, I would prefer a reg file editor. Right click on reg file and choose edit, and instead of notepad, you get crahak's reg file editor. There you get to see everything in your native language, and if you want, click on a toggle button to show the original file. When you type in or copy/paste new registry values in your language, saving the file converts this to: 64,00,3a,00,5c,00,25,00,75,... or whatever it needs to be.
0 -
Could someone tell me if upon infection, Windows files get replaced with infected versions, such that deleting or renaming the infected file would make Windows unable to boot or function properly?
Edit Aug 30th:
Most users that have malware would prefer their computers be "fixed". They don't want a fresh install of windows, because it means having to reinstall everything, import everything, change settings on everything... I am looking for a way to avoid this. The following conversation attempts to find a better way.
0 -
Does anyone know of any problems that the average home user may encounter by "disabling storage of authentication credentials and .NET passwords on the local system"? What are those things used for? Also what are "system certificates" used for?
Edit...
From http://www.passcape.com/network_credentials_screenshots.htm
The recovery of passwords stored in Windows Credentials Manager. Those inude passwords for accessing other computers within your LAN, Exchange server's e-mail passwords, .NET Passport accounts in MSN Messenger, Internet Explorer 7 Wininet credentials, etc. Physically all of these passwords are stored in the file C:\Documents and Settings\%USER%\Application Data\Microsoft\Credentials\%SID%\Credentials and decrypted using DPAPI.0
Slimming Windows 7 by 7 Embedded
in Unattended Windows 7/Server 2008R2
Posted · Edited by mraeryceos
I was wondering if perhaps 7 Embedded is not that much different (if at all) than Windows 7. It could be used to create a "7Lited" or slimmed down version of Windows 7? Or perhaps it would be a good starting point from which to remove even more components by expanding the capabilities of 7 Embedded. Here is a list of removable components in Windows 7 Embedded.