Windows Defender, previously known as Windows AntiSpyware, is a free program for Windows user to detect and remove known spyware from your computer. Windows Defender (Beta 2) helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it’s detected, and a new streamlined interface that minimizes interruptions and helps you stay productive. The software uses automatic definition updates provided by Microsoft analysts to help detect and remove new threats as the threats are identified.

Improvements in Windows Defender (Beta 2)

• Enhanced performance through a new scanning engine.
• Streamlined, simplified user interface and alerts.
• Improved control over programs on your computer using enhanced Software Explorer.
• Multiple language support with globalization and localization features.
• Protection technologies for all users, whether or not they have administrator rights on the computer.
• Support for assistive technology for individuals who have physical or cognitive difficulties, impairments, and disabilities.
• Support for Microsoft Windows XP Professional x64 Edition.
• Automatic cleaning according to your settings during regularly scheduled scans.

To download and install Windows Defender Beta 2, you will need to have an original legitimate Microsoft Windows. If you do not have it, there’s a way to bypass the validation that stops you from downloading and installing Windows Defender Beta 2.


1. Download and install Orca.
2. Download WindowsDefender.msi
3. Run Orca and load WindowsDefender.msi
4. In the left pane, select InstallExecuteSequence
5. Select the Action CHECK_WGA. Right-click it and select Drop Row. Click OK to confirm.

6. Save the MSI file and close Orca.
7. You can now install Windows Defender (beta 2) – and updates

Update 1-December-2006: Windows Defender Beta 2 is no longer available as it has become final version. To crack the final version of Windows Defender, follow the steps below.
1. Download and install Orca.
2. Download WindowsDefender.msi
3. Run Orca and load WindowsDefender.msi
4. In the left pane, select CustomAction
5. Select the Action CHECK_WGA. Right-click it and select Drop Row. Click OK to confirm.
6. Again in the left pane, select Dialog
7. Look for the dialog CheckWGA, change the Attribute from 2 to 0
6. Save the MSI file and close Orca.

I am stunned to find this method to bypass the Windows Defender Beta 2 validation because you are actually using Orca, which is a part of the Microsoft’s Platform SDK Components, to edit MSI file and bypass the validation! Microsoft created the validation, and they have their own tool to bypass it. WEIRD!

Font that is used on any websites can be identified using Firebug or Web Inspector. However that can be too complicated for some users. I have posted two Firefox plugins that is able to help you identify the font on a webpage but that restricts you to use Firefox and installing plugins. Here is WhatFont bookmarklet tool, created by Chengyin Liu, an undergraduate Computer Science student at University of Illinois Urbana-Champaign which will probably offer the easiest and cleanest way to help you easily identify fonts on webpages. All you need to do is reveal or show the bookmarks toolbar on your Firefox web browser as it is hidden by default and drag the bookmarklet to the bookmark toolbar to install.


When you are on any webpage and you want to know what font is being used on the text, simply click on the WhatFont bookmarklet that is on the Firefox bookmarks toolbar. After a few seconds, when you see a button showing “Exit WhatFont” at the top right of the browser, it means that you can now start inspecting the font by either moving your mouse cursor to the text which will only show the font being used, or left click on it to show more information such as font family, font size, line height, HTML color code and a sample of the font.

To disable WhatFont, simply click on the Exit WhatFont button which will also automatically close all the popups. WhatFont is free also works on Typekit and Google Font API. Do note that the bookmarklet is only for Firefox. If you want to use WhatFont on Chrome or Safari, it must be installed as extension.

Install WhatFont

The topic says it all! It’s not possible to run multiple Yahoo Messenger at a time right after installing the official version of Yahoo Messenger. You’ll need to apply a simple patch on Yahoo Messenger to enable this feature.


Y!Multi Messenger developed by John Kirchner is the ultimate Yahoo Messenger Polygamy patch to run multiple instances of Yahoo Messenger! Perfect for those who use several Yahoo ID’s. With this you can login to as many Yahoo ID’s that you have. This will work with 8.x versions of YM.

To patch your Yahoo Messenger with Y!Multi Messenger, just follow the simple steps below:
1. Download both Y!Multi Messenger and RaveButtons.ocx at the end of this post.

2. Extract both downloaded files and place YMulti Messenger.exe together with RaveButtons.ocx and run YMulti Messenger.exe

3. Click Enable YMulti button.

4. Give it a few seconds for it to search for your Yahoo Messenger. Once found, it will auto patch. You will get a confirmation message once it’s done.

It’s that simple!

[ Download Y!Multi Messenger ]

P/S: You will need the RaveButtons.ocx file to use this program. [ DOWNLOAD RaveButtons.ocx ]

Firefox recently got updated to version 6.0.2 and as usual after updating, Firefox automatically checks for any outdated incompatible extensions or add-ons. I have the Add-on Compatibility Reporter plugin installed which forces Firefox to continue using any incompatible extensions, if not, the incompatible extensions will be automatically disabled. I normally ignore the Extensions tab since I never had any incompatible problems, then one day I noticed that there are 4 Java Console listed in the extensions. I guess Java doesn’t do a good job in removing old Java files after installing an update.

Java Console extension is actually quite useless for normal users as it is mostly used by developers. As long as your Firefox browser has Java listed in the “Plugins” tab, then you won’t have problem opening websites that requires Java. Theoretically less is better because logically running less stuff takes up less resources. If it doesn’t make much different, at least the Extensions tab looks neater. Weirdly there are no Remove button for you to easily remove the Java Console extension. Here is how to manually clean up the old Java Console from Firefox web browser.


First you need to locate where Firefox is installed to and by default it should be in C:\Program Files\Mozilla Firefox\ or C:\Program Files (x86)\Mozilla Firefox\ for 64 bit Windows systems. If it’s not there, simply right click on the Mozilla Firefox shortcut icon and select Properties. Click on the Open File Location button to automatically open the Firefox location in Explorer. Access the Extensions folder and you should see a couple of long folders names with random letters and numbers.

There are two ways to determine if the folders belong to the Java Console:

1. Edit either chrome.manifest or install.rdf with a text editor such as Notepad. If you see Java Console in there, then that folder belongs to Java Console.

2. Access the inner folders until you find ffjcext folder or file. I believe ffjcext is short for Firefox Java Console Extension.

Before removing or deleting the folders, make sure you exit Firefox first. Once you have removed the folders from the Extensions folder, run Firefox and you will no longer see Java Console listed in the Extensions tab.

I have to admit that I am a person that NEEDS the status bar to be there at all times even though it can be disabled. When it comes to Windows operating system, one of the first configuration that I’ll do is to enable the Status bar by pressing pressing Alt+V in Explorer and click on the Status Bar to activate it. The same goes to web browsers such as Internet Explorer and Firefox. If you haven’t noticed, recently the Status bar feature is considered to be obsolete because it is taking up unnecessary space even though it’s only 25 pixels. The Status bar is not enabled by default in Windows 7 and even on the latest Internet Explorer 9. As for Windows 7, since the Details pane is enabled by default, there is no reason to have the status bar anymore.

In fact, you can’t even find a permanent status bar in Google Chrome and in the latest Firefox 4. The permanent status bar in Firefox 4 has been changed to show and hide when it is needed. For example when you move your mouse to a link, a temporary status bar shows the URL of the link that the mouse is hovered on, then hides away when you move your mouse away from the link. According to Firefox developers, the Status bar has been replaced with the Add-On bar which can be enabled from View > Toolbars > Add-On bar or press the hotkey Ctrl+/


When the Add-on bar is enabled, it shows the small icons of add-ons that you have installed in Firefox. However when you move the mouse cursor to a link, the URL temporarily shows up on top of the add-on bar, not inside the add-on bar.

I’ve received an email from Josh asking me if I know of a way to restore back the missing permanent status bar in Firefox 4. If you’re one of them like Josh, fortunately there is an easy way to do it without hacking the core of Firefox.

All you need to do is install the Add-on called Status-4-Evar which will bring back some of the old status bar items, giving you more control over the built-in Firefox features, and provide new alternatives.

1. In Firefox 4, simultaneously press Ctrl+Shift+A which will bring up the Add-ons Manager.
2. Type Status-4-Evar at the Search all add-ons bar at the top right and hit enter.
3. Click the Install button for Status-4-Evar and restart your Firefox 4 web browser.

Firefox 4 now shows the permanent status bar that you normally see in Firefox 3.

I have reviewed Kon Boot about a year ago and later on attempted to install it into USB flash drive using UNetbootin for convenience. During that time Kon Boot v1.0 was not made to support many types BIOS and also booting from USB which explains why it did not work for some of you.

Kon Boot has been recently updated to version 1.1 and it contains a lot of improvements over the version 1.0. It has been recoded from scratch to support booting from USB using the custom Kon Boot USB Loader Install Utility. It can now support both 32 and 64bit of Windows and also fixed bugs to work on the latest Windows 7. Kon Boot 1.1 internally still supports Linux, but it is not commercially supported due to the fact that there is way too many distros. If you have not heard of Kon Boot, basically it is a software which you boot up the computer with and allows you to log in to any user without knowing the password. Kon Boot works by hooking the BIOS and make changes to the Windows kernel temporarily to allow a user bypass the step of Windows authentication.


I personally don’t think that Kon Boot is an ultimate hacking tool that can be used to prank people or hack computers. Firstly, you have to be in-front of the computer and secondly, you must have access to BIOS to change the boot priority. There is no way to do it remotely. In my line of work, I had to deal with hundreds of computers everyday that are used by computer newbies. Many times I am faced with the annoyance of being asked to troubleshoot a computer but the user account is password protected. Kon Boot allows me to log in to the Windows computer and perform troubleshooting tasks without resetting or knowing the actual user account password.

Kon Boot is also capable of performing privilege escalation. For example, you can boot up the computer with Kon Boot, log in as Guest, copy cmd.exe to a different name and run it. You now have System privileges. You can then make use of “net user” command to add a new user, reset administrator password and etc FROM A GUEST ACCOUNT!

Unfortunately Kon Boot 1.1 is no longer free. The personal license cost $15.99 and it gives you free updates and support for a period of 6 months. You can still continue using Kon Boot 1.1 without restrictions even if you do not renew. As for Commercial license, it cost $75.99 for a year support and updates, allowing you to use on company or business environment. The commercial license can be transferred to any member in a registered business entity.

Kryptos Logic is very generous to offer 2 promotions to Raymond.cc readers and they are:

1: Everyone can get a 20% discount by using the following discount coupon:RAYCCREADER20

2. 30 Kon Boot personal license for free. Leave a comment and make sure you are a subscriber to be in the draw. Winners will be chosen and announced tomorrow.

I have been informed that a trial version of Kon Boot 1.1 will be made available in Kryptos Logic’s website. It will be a free 32bit version without Windows server support, essentially a much cleaner version of 1.0 but I couldn’t find the download link. I am not sure if Team Kryptos Logic has scrapped the idea of the trial version or there are some delays. Let’s wait for their response.

[ Visit Kryptos Logic ]

30 winners has been selected and will be receiving an email from me shortly on how to obtain the full Kon Boot v1.1.

For laptop users, one of the major things I’ve noticed extremely convenient is it’s portability, and even more so when a netbook is being used. But they aren’t without their flaws. Fragile and easy to break are the reasons why I know for a fact I’d never be able to go around with a Netbook, and it’s not hard to see that those would also carry over to a laptop as well. If you’re careful, sure the laptop lasts longer, but in the end, most times, it will always work out cheaper to buy a new laptop then to face and fix that old one. However, if you don’t have the money, often times, you’re out of luck and will need to stick to what you’ve got. I was looking at a netbook to replace this present laptop and with the cheapest one being around $350 for even half decent specs, I’ve forced to keep what I’ve got, with all it’s bugs.

And it’s actually one of these bugs that has annoyed me last night, the fact that I shut my computer lid and it didn’t go to sleep.
Instead, it remained on all last night, so when I came back to my computer after sleeping, I found that the battery had completely drained and I had a battery that was now dead. Considering that I was going to take this laptop with me when I went out to get it registered with the Canadian government (so when I come back from my trip, I don’t get charged for it), I now couldn’t do that.

So, instead, I looked for a way to restore sleep to my laptop if you close the laptop lid. The first thing I tried was resetting my power plans back to their defaults, but if you’ve had this problem before, you might have run into the same issue I did: it didn’t work. So I figured it was time to get inventive, and head into Device Manager.

Our old friend, Device Manager

At this point, I then proceeded to remove the Mobile Intel(R) 965 Express Chipset driver, and re-install it. Before rebooting, I also grabbed the BIOS update that was off Gateway’s official support site and ran it as well, before being forced to reboot once the update was completed. Once back into Windows 7, I was able to test and see if I was able to put it into sleep mode, with no problems whatsoever. So the quick and dry solution that I’ve worked out to work for this problem is as follows:

1. Remove graphic card driver though Device Manager
2. Reinstall the driver
3. Flash to updated BIOS if you can
4. Reboot

It took me about ten minutes to go though all of this, so if you’re pressed for time, this won’t take long at all to complete and you’ll be ready to go around with your laptop once more. However, take care in flashing your computer’s BIOS. This might cause problems down the road which is why most BIOS flashing applications will back up your BIOS before hand, but just make sure to keep it in mind.

How many people here still use Windows Explorer around their computer? Chances are good, that unless you have a desire for more power, you’re not going to replace your file manager. After all, the default’s fine enough for most people: it allows for renaming, copying, pasting, etc, what we’re all used to. I suppose I’m guilty of it too, especially seeing as many times I’m not lucky enough to carry a copy of Nexus File Portable. And as I’ve also found out recently, Nexus File seems to have a few bugs under the 64bit edition of Windows, such as being unable to fully access the right click menu. This isn’t so much their fault as it is User Account Control’s fault: as anyone who’s used Windows Vista or 7, it’s on by default and makes you a limited user by default. And if you turn UAC off, then there’s less security. So I left it for Total Commander, a program often recommended as a grade ‘A’ alternative to Explorer. However, personally, I’ve found it’s shortcuts cumbersome, such as having to right click to add to the selection, rather then getting the right click menu makes me a bit hesitant to call it a worthwhile investment myself.

So if Total Commander and Nexus File don’t work flawlessly under 64bit, or at least don’t work the way I want them to, there is really no other choice. Or is there?

Enter Directory Opus, a file manager I found recently and have been learning to love to use. To say the least, it puts Total Commander, Nexus File, heck, every other file manager I’ve ever used to shame. It remains lightweight and easy to use, offering an improved take over Total Commander’s workings, and offering much more. Some of the major things that make it different from Windows Explorer file manager:

• FTP Client, built in
• Image viewer, built in
• Built in audio clip viewer
• Built in compressed file support (On top of ZIP, it also supports RAR)
• Themes and tabbed browsing, on top of a interface that sorta mimics Total Commander
• Advanced Renaming that supports wildcard support
• Image converter
• And much much more supported by plug-ins

On first load, this is how it looks like. If you’ve used any file manager, you already feel at home with it.

Overall, since I’ve been trying out it’s features, I’ve fallen more and more in love with how amazing it is, how fully featured it is. Heck, I’m surprised that more people haven’t tried it. On their site, they offer a free 30 day trial which can be extended to 60 days if you register your email address with them. The only possible downside I’ve personally found in Directory Opus is it’s price tag, at $80 Australian, which is rather steep until you consider how much it actually gets you, including a free license for a laptop as well.

Testing out the FTP capabilities, it was able to connect fine to my local server.

I also emailed the developers about this amazing software and they’ve agreed to offer a 25% off offer for Raymond.cc readers only! Simply use the code

RAYMOND1110

during the checkout and it will take it off for you automatically. Or if you’d like, you can click this link which will automatically add the discount to your order.

Finally, the picture viewer is a beautiful addiction that rounds out the amazing software.

Overall, if you’ve got the money, Directory Opus manages to make every other file manager look like a toy to me. I’ve not seen anything on the market that comes even remotely close to their amount of features and functionality, and with the added plug ins, make it one software I’ve enjoyed ever since I started using it.

So far I’ve only seen tools that is able to check if a person is invisible in ICQ. Today I found out that there’s a tool which you can check if your friend in your ICQ contact list has placed you in ignore list. ICQ has a feature where you can ignore specific types of messages, alerts or specific users. When a person is in ICQ ignore list, any communication these users send you will be blocked.

Here’s a small and useful tool for you to check if you’re being ignored by your friends in your contact list. Other than that, you can also manually check an ICQ UIN by typing it yourself.


ICQ Ignore Checker is developed by murb.com from Germany. To check if you’ve been ignored by a person from your contact list, just enter your ICQ UIN and password and click the Login button. Once you’re logged in, your ICQ contact list will be loaded. To check all your contact, simple click on the “Check all contacts” button.

I’ve tested it and it works! Now I know who is ignoring me in ICQ! Since they don’t want me to bother them, I’ll just remove them from my contact list.

[ Download ICQ Ignore Checker ]

If you ask anyone that knows about encryption, they would say that TrueCrypt is one the best out there. I have an old friend who used to be in the “scene” that was involved in warez and he uses TrueCrypt to protect the sensitive data on his computer in case one day the authorities decides to bust in to his house. If one follows the guide on using a complex passphrase, even FBI hackers fail to crack TrueCrypt using the dictionary attack.

One good thing about TrueCrypt is the portability where I can use it to protect data by encrypting it and then save both the TrueCrypt Volume and the software to a CD or DVD. The data in the disc will be encrypted which can be easily decrypted to access the files any time by just running TrueCrypt and mounting the volume with the correct password. The decryption is done instantly (on the fly) so you can immediately access your files upon entering the correct password. There are some shareware such as CD-Lock and GiliSoft Secure Disc Creator that encrypts disc but I will show you how you can do that for free with TrueCrypt.


1. Download the latest version of TrueCrypt. Currently the latest version is 7.0a.

2. Run the TrueCrypt setup file (TrueCrypt Setup 7.0a.exe). Accept the license agreement and at the second wizard mode, select Extract.

3. Run TrueCrypt.exe and click on Create Volume button.

4. Select “Create an encrypted file container” and click Next.

5. You are asked to either select “Standard” or “Hidden” TrueCrypt volume. This feature is very interesting and I hope I am able to explain in an easier way to understand.

The Standard volume let’s you create just one encrypted space. Let’s say you’re being threatened to reveal the password or something bad is going to happen to you. Revealing the password will decrypt all the encrypted files and the person who threatened you get all the files.

As for Hidden volume, it creates another encrypted volume on the existing encrypted space with another password. So if you gave the first password, the hidden volume will still stay hidden and not be revealed. Only if you mount the volume using the hidden volume password, then only the hidden volume will be mounted.

As a simple test, we’ll select the “Standard TrueCrypt volume” and click Next.

6. Now you’re asked to specify where should the TrueCrypt volume be saved to. Click the Select File button and set a name for example, dummy, and click Next.

7. There are a bunch of encryption algorithms to choose. Let’s leave it as default and click Next.

8. A normal CD have 650-700MB in space and DVD is 4.7GB. If you’re going to create an encrypted CD, let’s create the volume size as 600MB and click Next.

9. Enter a password. Make sure you use a good password and remember it. If you lose the password, you are not going to get back the encrypted files.

10. Click the Format button to format the volume and wait for a few seconds. Click Exit when the volume is created.

11. Now you’re back at the TrueCrypt main interface. Click on any drive letter that is on the program, and click the Select File button. Select dummy file and then click the Mount button. Enter the password that you’ve specified in step 9.

12. Go to My Computer and you will see a new drive letter. Alternatively you can also double click on the drive that is mounted at TrueCrypt to directly open the drive. That is the encrypted volume (space) which is now decrypted. Copy the files that you want to encrypt to the drive.

13. Once you have finished copying the files to the mounted volume, to dismount, simply click on the drive at TrueCrypt to make sure that it’s highlight and then click the Dismount button. Click Exit to close TrueCrypt.

14. To put it on a CD, just burn the 4 TrueCrypt files (TrueCrypt.exe, TrueCrypt Format.exe, truecrypt.sys, truecrypt-x64.sys) and dummy file to the disc.

To access the encrypted files in future, insert the CD to your computer, run TrueCrypt.exe and follow step 11 to mount the TrueCrypt volume. The files will be read-only and cannot be modified since it is written on a disc.

Here is how TrueCrypt works in summary:

1. Create volume (make an encrypted space): Refer step 3 to 10
2. Mount volume (map the encrypted space to a drive letter) Refer step 11
3. Copy files to Volume (Move any files to the mapped drive that you want to encrypt) Refer step 12
4. Dismount Volume (unmap encrypted drive). Refer step 13

I just bought a 12.1″ Acer TravelMate 6293 laptop to replace my big and bulky 15.4″ Acer TravelMate 4100. Initially I planned to buy Sony Vaio but it after comparing the price and specifications, Acer gives a better deal although I know that the quality of Acer is much lower than Sony Vaio. The quality and finishing doesn’t really matter so much to me because I am always using an external keyboard and mouse to avoid strain injury. I am only looking forward on the portability as it weighs less than 2KG and also it is using the latest Centrino2 processor with 2GB DDR3 ram which claims to draw less power and provide better performance.

The salesman told me that Acer no longer provides Recovery Disc to restore the system back to factory default anymore. I had to create them myself from Acer eRecovery Management with 2 DVD discs. The funny part is the salesman told me that the recovery disc can only be created ONCE. I was frightened by what the salesman said and I started to do a lot of research on the laptop recovery system.


I read a lot of forum posts and found that my Acer’s laptop hidden partition is totally different from what other people are getting. For example, many people has been successful to unhide the hidden EISA partition using Symantec’s PowerQuest Partiton Table Editor PARTEDIT32 tool. I’ve disabled D2D in BIOS and tried to set the hidden partiton type to 07 (Installable File System NTFS ,HPFS) but everytime after a reboot, the PQSERVICE partition will automatically be reverted back to the default type. I tried booting in to Safe Mode, the type shows 07 but I couldn’t see the hidden partition.

Then, another different issue is regarding reverting the MBR back to the original Acer’s default MBR. Let’s say the Acer laptop is preinstalled with Windows Vista. You hate using Vista and formatted the hard drive to reinstall Windows XP. By doing that, you’re actually wiping off the MBR records and you can never use the Alt+F10 to launch the eRecovery Management to perform system recovery. Fortunately on older laptops, this can be easily fixed by extracting the rtmbr.bin and mbrwrdos.exe file from the hidden PQSERVICE partition to restore the MBR to the original state. Weirdly, my Acer TravelMate 6293 PQSERVICE hidden partition doesn’t contain mbrwrdos.exe and rtmbr.bin files 🙁

To me, the current recovery method implemented by Acer and many other laptop manufacturers are just CRAPPY. No doubt that it is easy to restore the system back to factory state for basic computer users, but for a slightly more advance user (but not too geeky) who knows how to format a hard drive or mess around with partition, they could wrongly delete the PQSERVICE partition causing them unable to perform a system recovery. I guess many people also knows how to install Windows XP and by doing that, they’re wiping off the MBR and won’t be able to use the ALT+F10 hotkey during bootup to launch the Acer eRecovery Management. So if you screw up, you’ll have to fork out money to get the manufacturer to restore back the hidden PQSERVICE partition and the default MBR.

After reading a lot on forums regarding the hidden partition and MBR, I think it is VERY important that these steps are taken IMMEDIATELY to prevent from spending unnecessary money in bringing back the laptop to manufacturer to have them restored.

1. Create Recovery Discs
– Usually laptops that doesn’t come with recovery discs has to be manually created. In Acer, it can be done from Acer eRecovery Management. Even if you’ve accidentally deleted the hidden partition, can you still restore the system back to default state using the recovery discs.

2. Backup Master Boot Record
– If you’ve removed Vista and installed another operating system such as XP, but would like to revert back to Vista, you can restore the original MBR and hit the Alt+F10 hotkey during startup to launch the recovery system from the hidden partition. Here are 5 free tools that you can used to backup and restore MBR (Master Boot Record)

3. Backup EISA hidden partition PQSERVICE
– I’d say that this step is the most important of all. Having the hidden partition is better than having the recovery discs. There are many third party partition tools that can handle hidden partition but I found that the free version Macrium Reflect is an excellent free tool that is able to easily detect, backup and restore the hidden PQSERVICE partition. It even automatically backs up the Master Boot Record whenever you create a backup.

To backup PQSERVICE hidden partition. Run Macrium Reflect, right click on PQSERVICE partition and select Create Image of ’1 – PQSERVICE’.

Select a backup destination, you can backup to your local hard disk, network shares or even CD/DVD discs. Should take less than 20 minutes to backup the 13GB hidden PQSERVICE partition. Next time when you want to restore the backed up PQSERVICE partiton, simply create a Macrium Reflect Rescue CD (preferably Linux), boot up the computer with the rescue cd and load the image.

To view the contents of the PQSERVICE hidden partition, just double click on the backed up image file that you created with Macrium Reflect and check on the checkbox. It will amount the backup image on new drive letter.

You can now view the PQSERVICE contents from My Computer by accessing the mounted drive letter.

Once you have done all the 3 steps above and store the backups in the proper place (external drives, DVD discs and etc), you can pretty much do whatever you want on the laptop without having any problems in restoring the laptop’s system back to the original state.

One of my client’s computer encountered a problem which is unable to run Windows Disk Defragmenter. Windows Disk Defragmenter is a computer program included in Microsoft Windows designed to increase access speed (and sometimes increase the amount of usable space) by rearranging files stored on a disk to occupy contiguous storage locations, or defragmenting. The purpose is to optimize the time it takes to read and write files to/from the disk by minimizing head travel time and maximizing the transfer rate.

The problem is whenever he tries to run the Disk Defragmenter shortcut from Start > Programs > Accessories > System Tools > Disk Defragmenter, only an error window “MMC cannot open the file C:\Windows\system32\dfrg.msc. This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.” appears.

Here are some suggestions on how to fix running disk defragmenter problem in Windows.


One of the methods below should be able to help you restore Windows Disk Defragmenter. Try the first solution and then run Disk Defragmenter. If it didn’t fix the problem, continue with the second one and etc.

Solution 1: Make sure you have rights to run Microsoft Management Console (MMC) and MSC file.

Solution 2: Go to Start > Run, type regsvr32 msxml3.dll and click OK.

Solution 3: Go to Start > Run, type regsvr32 dfrgsnap.dll and click OK. Then again go to Run, type regsvr32 dfrgui.dll and click OK.

Solution 4: Go to C:\Windows\Inf, right click at dfrg.inf file and select Install.

Solution 5: Go to Start > Run and type sfc /scannow. Make sure you have your Windows XP installation disc in the CD/DVD drive.

Solution 6: Download and apply .MSC association fix.

Solution 7: Download and apply Defrag SnapIn registry fix.

Solution 8: Download and install latest MMC 3.0 from Microsoft.

One of the methods above should be able to help you restore your disk defragmenter. But for my case, I’ve gone though all methods above and it still doesn’t restore Windows Disk Defragmenter. Every time I run defrag, I still get the error MMC Cannot Open the File C:\WINDOWS\system32\dfrg.msc. After days of trying, finally I just decided to rename the dfrg.msc file at C:\WINDOWS\system32\ to dfrg-renamed.msc. I ran dfrg-renamed.msc, and I was shocked to see that it was able to run! So I created a shortcut for dfrg-renamed.msc and place it at Start menu and desktop for my client.

Until today I still couldn’t figure out what is causing this weird behavior but this workaround allows me to run Disk Defragmenter without getting the MMC Cannot Open the File C:\WINDOWS\system32\dfrg.msc error. I’d appreciate if you can share with me what might be the cause of this problem and how to really fix it.

Few days ago I was trying to help a friend troubleshoot a computer problem using teamviewer. For some weird reasons when I gave him the direct link to download the Teamviewer QuickSupport module, Windows Live Messenger gave me an error “The following message could not be delivered to all recipients” message.

I thought that MSN blocked the link because there was an .EXE extension which can be unsafe so I tried uploading to MediaFire which the download link contains only random letters and numbers without the extension, but it still got blocked. I also remembered very clearly that I tried on Rapidshare but it was blocked too. Finally I had to ask him visit teamviewer.com and click on the “Join a Session” button to download the quick support module.

I googled and found some people also had the problem of MSN blocking Mediafire links. I really thought that this is the case but after doing more research, it appears to be different and MSN doesn’t hate or intentionally block MediaFire links.


I found out from MSN Protocol website that it is possible to use the GCF payload command to request a configuration file Shields.xml that controls blocking of security sensitive items like hyperlinks, Winks and Dynamic Display Pictures from the server. From Wikipedia I also found out that the latest MSNP is now 18 but the GCF link is on 11. Further research tells me that ever since MSNP13, they no longer pushes Shields.xml and the configuration files are now called policies.

Now I have some idea on how it works so I fired up oSpy and attach it to Windows Live Messenger to start sniffing the received data. I search for the word SHIELDS in the packets and found one received packet that has very interesting data. As you can see at the screenshot below, it has tons of base64 encoded strings for imtext value.

When I decoded one of the strings “cGhvdG8yMzRcLnppcA==” with an online Base64 decoder, it shows a filename “photo234\.zip” which I am pretty sure that’s the blacklisted word because there used to be MSN virus circulating around with similar filenames. I tried sending a test message with any URL together with that filename and BINGO! that message is blocked with the error “The following message could not be delivered to all recipients”.

Later I discovered that you don’t really need a packet sniffer to get the base64 encoded blocked because Windows Live Messenger has an option to enable connection logging. Open Windows Live Messenger, go to Tools > Options > Connection > Advanced Settings button > check Save a log of my server connections to help troubleshoot connection problems. Now sign in to your MSN account, and again go Tools > Options > Connection > Advanced Settings button > and click the View Log button. Search for the word SHIELDS and at the same line you will find a lot of encrypted imtext value such as aW1nNS0yMDA3XC56aXA=.

I’ve decoded all 91 strings from the current block list which contains censored words and URLs but I still couldn’t find why mediafire links are blocked. Further online research shows that the censored list gets updated, for example, older censored word list used to have “.pif” but now doesn’t and it is still being blocked. Try appending .pif with any links and the instant message surely can’t go through. Finally through online research, I found out that Mediafire links are blocked because “download.php” is in the URL and it is one of the older censored words.

For your convenience, I have compiled a list of blocked words by MSN. It may not be complete but it is currently the biggest list you can find on the Internet.

.pif
168.169.78.19
1717wan.cn
51kongqi.com
51pingguo.cn
66663.cn
930le.com
94nile.com/apple
995ba.com
acilastir.info
acisalavans.info
acisalcap
albrahem.com
album.zip
amazondakayboldum.info
amazonhalki.info
amigosparasempre.smtp.ru
amigosparasempro.smtp.ru
armazfiles.smtp.ru
baratinha.mypets.ws
belgravehelpdesk.com
bezgi.info
bireyci.info
block-checker.com
blockinrio
bobblak.com
bobyup
bobzop.com
boyamagucu
burasiseninyerin.info
bush-gracioso.exe
checkmessenger.net
chinacircle.com
chirstmas-2007.zip
clipdeeps.com
dansadimi.info
downgrdr.exe
download.php
dreamlife365.com/member/
e-afyonkarahisar.info
ekars.info
ekastamonu.info
emret.info
fantasma.zip
fmconsulting
foto.exe
foto722a6
fotos.zip
friendims.com
friendly-offer.com
funbuddyicons.com
funpic.de
g038_jpg.zip
get-messenger
goldwindos2000.com
happy_2008.exe
happy2008.exe
hetandunhasde.com
hornymatches.com
hoto234.zip
imag091307.zip
image031.zip
image206.jpg-www.photoshare[1].com
image25.zip
images.coolpage.biz/images.php
images.getenjoyment.net
images.idohost.com
images.zip
imageswitch.info
img-0012.zip
img021.zip
img-0950.zip
img1756.zip
img301.zip
img-3773.zip
img5-2007.zip
img-6434.zip
img-8197.zip
imp.exe
implay.com
impluse.exe
improfile.net
iwantu.com
life365.com
love33.zip
mainmsn.com
mainmsn.net
malbranche.goracer.de
members.lycos.co.uk/svy21/t/contact.php
memebers.lycos.co.uk/getmessenger
mensagemparavc.mail15.com
messaging-names
messangerstats.net
messengerdeletechecker
messenger-scan
messengertools.org
miralafoto/foto.exe
monclocher.com
monica.zip
moorsh.com
mprofiles.net/members.php?msn=
msnblockerlist.com
msnblocklist.com
msn-friend.com
msnliststatus.com
msnspy.eu
msnwebimages.com
myalbum2007.zip
mydipan.cn
mymsngallery
mypengyou.com
myphoto94.zip
mypictures.zip
mypictures-0108.zip
no-ip.org
noticiasdobrasil.com.sapo.pt/noticiaurgentebrasilnumero9821.com
nowpounds.com
p1377.pic-myspace.info
photo2007-12.zip
photo234.zip
photo656.jpg
photoalbum2007
photogbase.com/pictures.php?photo656.jpg
photos.zip
photos1-2008.zip
pic.zip
pic1273.zip
pics.zip
pics-at-the-party.com
picts-7053.zip
pictura002
portakallidavet.info
profile.php?
quienteadmite.com
reuty.info
secretimages56.zip
shusu.cn
sjegat.pics.skaq.info
sontarih.info
stuff.zip
stuffplug.com/temp/downgrdr.exe
sulandirma
summer2008
sweetpictures.myphotos.cc/katiesex.pif
t35.com
tanyababe.zip
tufoto
tuhafkimse
tunabaligi
tutuskanlik
unknowntools.com
uysallik.info
verti2/fantasma.zip
viotagallery.com
windowslivemessenger.biz/msn/msn.php
wowbam.com
xpimad.com
yorungesel

Remember, MSN does not block these words alone. They must be in hyperlink. You can test them by adding www or http:// infront of those words. There are two ways to bypass this annoying censor by MSN. If you’re trying to send a mediafire link with download.php in the middle, you can use TinyURL to mask the URL. And if you’re trying to send a link with no-ip.org, do not include www or http:// infront of the URL. I find it hard to believe that no-ip.org is blocked by MSN!