Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


w2k4eva

Member
  • Content Count

    59
  • Donations

    $0.00 
  • Joined

  • Last visited

Community Reputation

10 Good

About w2k4eva

Profile Information

  • OS
    none specified
  • Country

Recent Profile Visitors

1,155 profile views
  1. Well, the fixed IP address turned out to be the relevant clue. I changed this back to automatic assignment from the router's DHCP service, rebooted, and had no connection. Investigating this showed the XP DHCP client service had somehow gotten disabled. Resetting this to Automatic solved the issue. Apparently Comodo likes to see the DHCP handshake happening for whatever reason, even if it does not actually need the IP address - I can even go back to fixed IP address now without getting that 90 minute delay any more!
  2. For KB4494528 do the regsvr thing like Ed_Sln and others have said. I installed KB4493563 and do not see any problem, but I am using the US English version in case that matters. KB4501226 is a time zone update (these are usually neither critical to have, nor troublesome if you do use it) for Morocco and the Palestinian Authority. I installed it with no problems.
  3. Did you end up with a corrupt download? Or are you using a non-ENU version? I got this from the catalog on 18 Apr 2019 and it does indeed contain ntdll.dll version 5.1.2600.7682. I even re-downloaded it again a few minutes ago from the catalog and the file is identical to the April download. I do agree though that the English version of ntdll.dll has the last error message duplicated and the other message missing as you describe.
  4. Has nobody else ever seen this? I ran scans with MBAM, SuperAntiSpyware, and Avast boot time scan. As expected, no malware found. Also noted another odd thing. The 90 minute delay can be cut short by temporarily disabling the ethernet adapter; the GUI unlocks, and the tray icon works again. Re-enable it, and everything is good to go. FWIW, I found it was set up for a fixed IP address rather than the usual assignment from the router's DHCP server, so it wasn't even waiting for an IP address. Any debugging suggestions?
  5. Is anyone else here using an old version of Comodo? (3.14.130099.587 for me, or possibly some of the v5 series) I've had this version installed (just FW and Defense+, not the AV, for that I use Avast 6) on this machine and running perfectly for more than 4.5 years. But around 4/29 it started behaving oddly (on just this one system, I have it running perfectly on several others). That's when I noticed that the system tray icon allows calling up the GUI for a little while immediately after booting, but somewhere between 2 and 3 minutes post boot, the tray icon goes unresponsive. When this happens I also cannot call up the GUI from the start menu, nor from desktop shortcut. Then after roughly 90 minutes, suddenly the GUI that would not start earlier finally appears and thereafter works as if nothing were ever wrong. This delay seems pretty consistent as does the 2-3 minutes postboot, almost as if something has a timeout, though I don't know what it is waiting for. I checked in Task Manager during this time, and there are no unfamiliar processes listed. Both cmdagent.exe (the service portion) and cfp.exe (the GUI portion) are running as expected, but I can't switch to cfp.exe during this 90+ minutes. Trying to kill cfp.exe during this time simply hangs Task Manager. Leaving this sit for the 90+ minutes will let it suddenly unlock and everything goes back to normal. It isn't a normal sort of network issue, I can surf and check email just fine during this time, the only thing I cannot do is open the Comodo GUI. I tried looking with the process list tool in an old version of Spybot; this has the added bonus of showing what network connections a process has open, which I can't check in the Comodo UI since I can't get to that while it is hung. It seems to have one ephemeral port open, the port number changes every few seconds while the GUI is not responding, but these changing ports will suddenly stop and the open port vanishes when the GUI becomes available again. Checking system event logs gives no clues, likewise Comodo's own logs show nothing odd. I even tried setting a rule on Comodo to log its own traffic but there are no entries from that rule. Other rules do make log entries during this time so it isn't a logging issue. Searching the Comodo forums finds several posts with similar symptoms (all from version 3.x or 5.x, I didn't see any later) but all of the supposed cures end up not solving it even for the posters who initially thought they had found the answer. (Apart from "upgrade your OS, then update to latest version", generally something post-ver 5 - but then why did this version work perfectly for 4.5 years on this system and even longer on my other systems?) I have tried the uninstall-reboot twice-reinstall path a couple times with initial success, but the problem always returns after 2-3 reboots so it isn't really the solution. I plan to run more malware scans later today but so far have not found anything; since there are no other symptoms I'm not really expecting to find anything when they are finished. Assuming the scans come up clean, does anybody have a suggestion for how I might track down the cause of this odd behavior?
  6. I suspect they're the same thing, I downloaded the two files, and they are only 4 bytes different in size! The "payload" stuff is indeed the same. What is different is the catalog file, because it is signing the files branches.inf and update_SP3QFE.inf. These inf files contain slightly different timestamps between the versions. The other interesting difference is that the update_SP3QFE.inf file for the plain-XP version does not have the Prerequisite section that is present in the posready version; that section is what restricts the update from being applied to plain XP. Since that section is missing from the plain version, wouldn't those who did the reghack be able to use either version without modifications?
  7. I mostly just use the editor included inside Ghost Commander. It's pretty basic but serves my needs. Ghost Commander is ad-free, tracker-free and open source. It's also root-aware, though it will work for unrooted devices too for as much access as filesystem permissions allow. There's even older versions in case your android is very old, I use ver 1.54.1b2 on my old FroYo device (this old version is supposedly compatible all the way back to 1.6 Donut), current version is for 2.3.3 Gingerbread & up. Second this! If I can't find something open source, I do make sure to check the IzzyOnDroid app lists to see how snoop-y it is likely to be or if there are alternatives I haven't considered yet. He does list which problematic libraries are compiled into what apps and if trackers are (not) found in them (look for the gold star icon). For instance, Office Suites and Text Editors lists a lot of editors you might check into. Another bonus to open source apps is they are more likely to still be compatible with older devices. A great open source non-google app is Yalp Store. This is a must for androids too old to install the current play store app like my FroYo device (it supposedly works back to 2.0 Eclair), and has active development (a new version was released in response to a bug I posted last fall). For email there is either K9 (for newer androids) or Squeaky (for older androids), both open source from the same codebase. I love CSipSimple for VoIP calling/texting over WiFi, it used to be on both playstore and f-droid (see https://f-droid.org/wiki/page/com.csipsimple) but has gone missing since I found it there. One last location survives, http://web.archive.org/web/20180816022955/http://nightlies.csipsimple.com/stable/ which does have the last version. It's none of Google's business where I hike or drive, so Navit gives an alternative to the preinstalled GPS/map apps. You can pre-download whatever maps/databases you like from several sources (including OpenStreetMaps, or you can make your own) and there is no need for a map server/user tracking/ad serving/whatever. The version on f-droid is older than the playstore version. The UI is rather goofy and takes a bit of getting used to so reading the wiki is a big help. Despite this I found it well worth the time I spent figuring out how to use the app and even extend it a little to show my favorite locations (there are forum posts on how to do this). There is an android section on http://software.oldversion.com/android/ in case you want an older version that is no longer on the playstore, though this is not an open source repo.
  8. I don't have them myself but when OnePiece Alb created his various update packs and addons he collected these. Thankfully he posted them on box.com for public access.
  9. Same here. Even worse, this problem exists for ALL hotfixes, even ones I already downloaded. Even if you already know the actual DL link, in a form like http://hotfixv4.microsoft.com/Windows Server 2003/sp3/Fix200653/3790/free/315139_ENU_i386_zip.exe from having downloaded it before, the same thing happens. Seems that the DNS entry for hotfixv4.microsoft.com now has a new CNAME pointing to hotfixv4.trafficmanager.net, not sure when that happened.
  10. MS12-045 KB2698365 was for MDAC 2.8SP1, I seem to recall that for W2K builds this did not always integrate well with other MDAC updates, though I was not using nlite. I wouldn't be surprised if a similar issue exist with the XP version too. Are you able to integrate just this one by itself? If so perhaps close the nlite session, then start a second session for kb4489973? There may be a post by tomasz86 or bristols on the W2K and/or hotstream board about this...
  11. I had initially tried adjusting permissions on just those 4 files. It reduced, but did not completely eliminate the event log errors for my system. For me the problem did not completely resolve until I also adjusted the rest of the folders as indicated. YMMV.
  12. Do you connect your system to a domain controller? If so does the setting revert after you disconnect from the domain controller? I assume you have installed KB967715 and KB971029? Finding the relevant details in the pile of MS documentation can be problematic. But KB967715 has this to say: So you may need to change the key you are setting to be HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun 0xFF and I can't figure out why MS has so many articles describing use of the wrong key! There is also the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\HonorAutorunSetting 0x01 that is described later in the same article. You might need to repeat the steps in https://www.bleepingcomputer.com/forums/t/437944/how-to-disable-autorun/#entry2556075 for each USB stick you own, kinda tedious, and what about new sticks you do not yet own or haven't gotten around to adjusting settings for? So much for the MS way. A more interesting approach is at https://www.esecurityplanet.com/views/article.php/3848951/Two-Approaches-to-Securing-Autorun-and-AutoPlay-in-Windows.htm
  13. That original version is the only one I know of. FWIW, dencorso's linked KB article is still available from MS at http://support.microsoft.com/kb/926185 That USB drive, are you using it for backups from a backup type program, or is it something you use to make manual copies with? Do you write to it from both W7 and XP, or only from W7 and just do reads from XP? If XP usage is going to be read-only, you could try setting the volume mount for the USB drive in XP to be read-only rather than the default read-write mount. IIRC there was a regedit or something to make this change, I don't have it handy right now but maybe someone else remembers it? That might keep XP from destroying the W7 shadow copies there. You might want to change the settings for System Restore in both XP and W7 to not monitor that USB drive, maybe even delete the restore points stored on it (if any), at least that should avoid creating new ones that would corrupt the shadow copies. Another possibility is to tell W7 to store the shadow copies for the USB drive elsewhere, like maybe on the W7 system drive (hopefully XP will not have access to that so can't delete them). See https://ccm.net/faq/2679-how-to-turn-off-volume-shadow-copy#how-to-edit-the-disk-space-allocated-to-shadow-copy for instructions. Do you also use Previous Versions on XP? I think it did not come by default (at least on Home) but have seen some people claim it can be installed there, from https://www.microsoft.com/en-us/download/details.aspx?id=16220. While XP does have a copy of vssadmin.exe, it is older than the W7 version and I'm not clear if it is able to do the same thing and move its snapshots of the USB drive to the XP system drive (where hopefully W7 will not delete them), but if it is able you could try that too. I don't know whether installing the volume shadow service SDK on XP would help or not, but it is available at https://www.microsoft.com/en-us/download/details.aspx?id=23490 if you want to check that out. You probably don't want to disable the driver for volsnap.sys since it would be needed by the shadow copy service that runs by default. If you want to stop the service itself there are also instructions for that a bit earlier in the above ccm.net link, this should be the same for both XP and W7. In that case you might also want to turn off the Microsoft Software Shadow Copy Provider service, similar method but different name. Both of these services can be typically called by backup programs including MS Backup and also System Restore so if you use those this might not be a good idea. More info about these services is at http://www.blackviper.com/windows-services/volume-shadow-copy/ and http://www.blackviper.com/windows-services/microsoft-software-shadow-copy-provider/ . Back in 2006 https://blogs.technet.microsoft.com/filecab/2006/07/14/how-restore-points-and-other-recovery-features-in-windows-vista-are-affected-when-you-dual-boot-with-windows-xp said: Why this fix is not trivial for Windows XP: Backporting volsnap.sys to Windows XP would require significant development and testing time. The entire Volume Shadowcopy Service (VSS) subsystem in Windows Server 2003, Windows Vista, and Windows Server “Longhorn” would need to be backported to Windows XP and would likely break a number of third-party backup applications that rely on the current version of volsnap.sys in Windows XP. for whatever THAT may be worth.
  14. For the file itself, you could visit https://support.microsoft.com/en-us/help/975599/stop-error-when-you-put-a-computer-that-is-running-windows-7-or-window then look near the top of the page for the link text "Hotfix Download Available", click that; there will be a page where you can mark the checkbox for the version you want (x86), then give an email address. The site will then email you a download link to click. When you have the download you can use 7-zip or similar to extract the file. As for the custom installer, you would have to ask Dibya, you could try sending him a PM.
  15. I still haven't figured out where my files came from but turned up some possible MS sources for yours (apart from 3rd party stuff like cellphone packages, tablet packages, GPS packages, etc) . At https://ryanvm.net/forum/viewtopic.php?t=9200 there is some discussion and mention of KB971286. The KB article still exists and mentions the relevant files/versions but the package (WINUSB_UPDATE_XP-SRV03.exe) has been pulled from the update catalog, it is not on wayback, and apparently nobody posted it to thehotfixshare either. In the last post of the thread there are non-MS download links. It also gave me a lead to KB970159 which at one time was thought to be a prerequisite. Again the KB article still exists but the package (Microsoft Kernel-Mode Driver Framework Install-v1.9-Win2k-WinXP-Win2k3.exe) has been pulled from the update catalog. On https://msfn.org/board/topic/175487-standalone-winusb-installer-for-xp-kb971286/ cdob points out the android sdk which has a link to latest_usb_driver_windows.zip where he describes getting the winusb package out of the winusbcoinstaller2.dll. What he doesn't mention is that alongside this the zip also has wdfcoinstaller01009.dll, and packaged inside that is the kernel mode framework package that went missing from KB970159. Also in this thread blackwingcat mentioned kb975559 which MS intended for W7 but it contains a newer winusb.sys 6.1.7600.16421 and Dibya says he uses it in his custom installer. This too has the KB article still available but the package is not in the update catalog. At least for this one there is a hotfix download available, though it is intended for W7 so it might not install to XP from this package even if the file inside could work (this may be why Dibya did his custom installer for it).
×
×
  • Create New...