I just installed fresh Windows 7 Professional from DigitalRiver iso. Then did full Windows Update. Run all the lines in OP post but only finds 1 update was installed: KB 3075851 Does this seem correct? All others say "update not installed on this computer"
Here is a problem: I noticed that all of the updates I've hidden are no longer hidden and I've not ran any software that does that.
I dont think uninstalling those updates helps with something. I installed untouched november 2014 Windows 8.1 image with no updates and i found this: ht*p://i.imgur.com/DPNPHTQ.png
just clicked on the crap remove everything stuff button.. whatahell? how can I roll back all the changes made by this f$cking tool?
Don't bother hax0ring dnsapi.dll, replacing the URLs with zero's. It doesn't stop callouts. I have had both dll files modified for a day, and Wireshark is still showing callouts. Mind you, this install of Windows has yet to perform a single update, not even the update for Windows Update; not one!
There is also a command in dnsapi.dll that tells it to bypass the hosts file. Which is why I went for Net Ranges in one single W7FwAS rule, and will use PeerBlock to provide me with info on which IPs I need to unblock to load up certain MS sites... ...and now my Wireshark capture is MS free, so there is no real need to use Acrylic or even DNSCrypt (unless you aren't on a VPN).
So far from what I have seen, only the dns.msftncsi.com reference pops up, but that is normal. Code: 23.96.0.0-23.103.255.255,64.4.0.0-64.4.63.255,65.52.0.0-65.55.255.255,94.245.64.0-94.245.127.255,111.221.29.0-111.221.29.255,111.221.64.0-111.221.127.255,131.107.0.0-131.107.255.255,131.253.12.0-131.253.18.255,131.253.21.0-131.253.47.255,131.253.61.0-131.253.255.255,134.170.0.0-134.170.255.255,137.116.0.0-137.117.255.255,157.54.0.0-157.60.255.255,168.61.0.0-168.63.255.255,191.232.0.0-191.239.255.255,193.221.113.0-193.221.113.255,204.79.195.0-204.79.197.255,207.46.0.0-207.46.255.255,207.68.128.0-207.68.191.255,208.76.44.0-208.76.47.255,208.84.0.0-208.84.7.255 I dumped the above into an outbound block rule, location (all 3 - domain, private, public), any protocol, any port, any local address, remote address (insert code snippet), any service, any interface. For those who make use of IPv6, I came across the following IPv6 addresses when checking host/domain names in NirSoft tools: Code: 2620:0:30::53,2620:0:32::53,2620:0:34::53,2620:0:37::53,2a01:111:f303:1791::b01,2a01:111:200b:2::bcc1,2a01:111:f335:1792::a01,2001:502:4612::c4,2610:a1:1014::c4,2610:a1:1015::c4,2001:502:f3ff::c4,2606:2800:10c:249:f81:1c8d:1178:1364,2a01:111:2005:5::5,2a01:111:2006:c::5,2a01:111:2020:3::5,2a01:111:2032:1::5,fd3e:4f5a:5b81::1,2600:1413:1::6011:4810,2a01:111:f004:b0::102,2a03:2880:2130:cf04:face:b00c:0:1,2a01:111:f004:20::102,2a01:111:f004:20::101,2a01:111:f004:b0::101,2600:1417:3f:28c::aa4,2600:1417:3f:28a::aa4,2a01:111:f30e:1790::f001:dcc1 Here is some proof that I didn't just come up willy nilly with the ranges. Lucky I had beer, or else I would've gone Ice Cube on my street... just a text file showing host/domain names along with corresponding ranges. I filled more in as NirSoft apps spat more out. View attachment proof.txt
SQM = CEIP = customer experience improvement program it's there since Vista you can turn it off: Action Center > Change Action Center Settings > customer experience improvement program settings btw, november 2014 image already contain a version of kb2976978
All this step is no use, the code is close source, even after all this tweaking there could be hidden code to steal your data. You can never be certain. All it takes is 1 window of opportunity for your windows to dump your junk to Microsoft, to track you for life. The only safe solution is move to linux.
YEP...It´s true! Micro$oft restore all updates YEP its true. Micro$oft restore all updates i´d just uninstall... Code: wusa /uninstall /kb:2952664 /quiet /norestart wusa /uninstall /kb:2976978 /quiet /norestart wusa /uninstall /kb:2977759 /quiet /norestart wusa /uninstall /kb:2990214 /quiet /norestart wusa /uninstall /kb:3021917 /quiet /norestart wusa /uninstall /kb:3022345 /quiet /norestart wusa /uninstall /kb:3035583 /quiet /norestart wusa /uninstall /kb:3044374 /quiet /norestart wusa /uninstall /kb:3050265 /quiet /norestart wusa /uninstall /kb:3065987 /quiet /norestart wusa /uninstall /kb:3068708 /quiet /norestart wusa /uninstall /kb:3072318 /quiet /norestart wusa /uninstall /kb:3075249 /quiet /norestart wusa /uninstall /kb:3075851 /quiet /norestart wusa /uninstall /kb:3075853 /quiet /norestart wusa /uninstall /kb:3080149 /quiet /norestart wusa /uninstall /kb:3083324 /quiet /norestart wusa /uninstall /kb:3083325 /quiet /norestart wusa /uninstall /kb:971033 /quiet /norestart PROOF h**p://imgbox.com/WzlYn40s
Uninstalling any of WU client updates (3083324, 3075851, 3050265, 2990214) wipe WU database along with any hidden updates do not set WU as auto then complain because it will install future WU clients, then you uninstall it and the database is wiped again, then you complain the hidden updates are auto-installed and so on....