Hi,

I have been stuyding in details the orwell WM6 rom as well as the pdaviet's.

All these roms come with the SQM module (Service Quality Monitoring) including the ceipui.exe (Customer Experience Improvement Program) executable.

So I rebuild my custom rom with SQM disabled (no files, no registry keys about it) and with ceipui.exe removed, only to relalize that they are two notifications in mxip_notify.vol for ceipui.exe:
1. Connecti to a network,
2. Data Synchronization finished.

So, here are my questions:
1. I could remove the notifications from the mxip_notify.vol once I had flashed the rom with dotFred's taks manager. Does any one know how to edit this file on a PC, PRIOR building the ROM???
2. Is anyone else looking a trimming WM6 from spyware and other unwanted parts (like SQM, Windows Update, Remote flashing, etc.)?

Regards,
eluth.

I posted the following message 3 weeks ago.

Since, I could study all WM6 ROMs for the Wizard that have leaked.

All of them, without exception keep the SQM module and ceipui.exe file that is trying to dial back to MS at the first connection to the network, as well as periodically afterwards....

If you don't believe me, look at mxip_notify.vol. You will see that ceipui.exe is notified at every network connection and every activeSync operation!!!!

So long....
eluth.

I don't think people really care, you're being a bit paranoid, Microsoft aren't going to install Spyware on devices like Sony did as they would have too much to lose from doing so.

He may be being paranoid, but anyone who seems to think that Microsoft arent into spyware should look at WGA.

If nothing else they are burning your bandwidth for which you are being charged ...

As for Activesync I suppose you can at least block it through the firewall....

Guys,

This is not about parnoia, but just about using a pre-released version of WM6 on a wide scale. Because this is what it is all about.

The SQM module and the ceipui.exe (Customer Experience Improvement Program UI, part of the shell module) are REAL. They are even more real, as they are part of the Orwell 1984 ROM and all ROMs build on that I've seen out there.

Now, where this becomes interesting: none, I repeat, NONE, of the WM5 roms I got my hands on is equiped with a Service Quality Monitoring function capable of phoning home!!!

The SQM module is made of the following files:
76bd787c-86b5-4b63-a1d8-1a910f86c8e1.dsm
76bd787c-86b5-4b63-a1d8-1a910f86c8e1.rgu
custsat.dll
sqmce.dll
sqmconn.dll
sqmdata.dll
sqmevent.exe
sqmsvc.dll
uptime.dll
uptimesqm.exe

I've attached the .RGU file here if someone wants to have a look.

The site it's connecting too is sqm.microsoft.com (look into sqmconn.dll), which is well known on the net. Just google it!

I'm just stating facts based on observation here.
This is NOT paranoïa.

Regards,
eluth.

I've tried to remove all of this SQM things. Besides all the above modules found in the dumped ROM, there is another reg key in HKLM\INIT which says "Launch100"="uptimesqm.exe". I think this will initially bring up the SQM Service and thus create those notifications.
I removed them all (rebuild ROM, of course). Works fine. No more SQM service, surely no notification of CEI.
But, it's the ceipui.exe module I can't remove, else it will keep bringing up error message windows saying that ceipui.exe can't be openned.
another thing I can't remove is the Customer Feedback Icon in control pannel, I search and find that it is cplmain.cpl containing it.
So, everything is fine, leave ceipui.exe module alone in ROM, remove other SQM things, let Customer Feedback just be an icon.

Just for reference. No more.

Hello huangyz,

I did that too.
First I removed the SQM module. As you might have notice the "reg key in HKLM\INIT which says "Launch100"="uptimesqm.exe" " is actually set by the 76bd787c-86b5-4b63-a1d8-1a910f86c8e1.rgu file.
So if you re-cook the ROM with pkg2dmp.exe (recreating default.hv and user.hv from boot.hv and applying all .rgu files), that key is not present in the re-generated registry hive.

As far as the "Customer Feedback" icon in control panel, I added the following keys in 1f1aca24-d942-464a-9281-10567741499c.rgu (this is the RGU of the Shell module):
[HKEY_LOCAL_MACHINE\ControlPanel\Customer Feedback]
;"Redirect"="ceipui.exe"
"Group"=dword:1
"Hide"=dword:1

As you noticed, the icon is hard coded into the control panel, however the previous changes hide the icon and prevent it from been operational.

Last, but not least, I deleted the ceipui.exe (which is a file part of the Shell module).

I'm left with a mxip_notify.vol which has initially two notification related to ceipui.exe. These values are not created at boot time but part of the default values of the file (you can do a hex dump of mxip_notify.vol)

And now, I'm back to my original question: I need to get these two ceipui related notifications removed from mxip_notify.vol... if possible at the time I'm building the ROM (right now I do it manually with dotFred's TaskManger, after the facts).

I also notice those notify events. when wm6 is running the file mxipnotify.vol can't be copied out or else we can replace with a clean one while rebuilding rom. can we use the safe mode of spb pocket plus?one more thing, i am wandering how the ceipui.exe be removed from what you call ''shell module'', could i get some hints pls? thnx!

Just an idea. Would it be possible to build some sort of firewall (or such things already available) on the PPC that controls what process or address signals can be sent?

I also notice those notify events. when wm6 is running the file mxipnotify.vol can't be copied out or else we can replace with a clean one while rebuilding rom. can we use the safe mode of spb pocket plus?one more thing, i am wandering how the ceipui.exe be removed from what you call ''shell module'', could i get some hints pls? thnx!


Sorry huangyz,

I should have written Shell package and not module.
When you extract the files of the ROM (with imgfs tools), you can then run dmp2pkg (found in the Scoter Kitchen and other kitchen). I will re-create the different packages under the SYS and OEM directories.

Under SYS you have all the OS packages, and among them one called Shell.

More info about the Scoter kitchen on: http://buzzdev.net/

--eluth.

thanks, eluth
i see you in buzzdev.net :-)

it seems that pkgtool should be used under VisualStudio which not installed on my pc.

so, just imagine i can do that...:lol:

thanks again for your hints.

I've "fixed" it.
I replace the mxip_notify.vol in the WM6 dumped ROM with another one from TMO2.26 WWE shipped ROM, no more ceipui again. :lol:
now what I've removed from the WM6 ROM are:
1, catalog module (marketplace) and all its reg keys
2, sqm related modules and all its reg keys, include one in HKLM\INIT
3, ceipui.exe module and the notifications originated by mxip_notify.vol
It seems CLEAN and my device runs smooth enough now :-)

the mxip_notify.vol from TMO WM5 ROM is put here for convenient reference.
after extract, don't forget to rename it to mxip_notify.vol when cooking ur own ROM. :D

thanks, eluth
i see you in buzzdev.net :-)

it seems that pkgtool should be used under VisualStudio which not installed on my pc.

so, just imagine i can do that...:lol:

thanks again for your hints.

edit:
just patch XP with .net framework 2.0 redistributable pack and the pkgtool runs fine.

the mxip_notify.vol from TMO WM5 ROM is put here for convenient reference.
after extract, don't forget to rename it to mxip_notify.vol when cooking ur own ROM. :D

Thanks huangyz,

I did the same. It works quite well.
I think this closes this thread.
--eluth.

Great research Let's hope the .vol holds out on a touch.

I'm crossing my finger using this mxip_notify on my touch gehehehe, let's see if it breaks something.

so, for removing sqm:
1. edit Shell\mxip_notify.vol (del ceipui references)
2. delete Shell\ceipui.exe
3. delete sqm\* except custstat.dll .dsm .rgu

and may pack