Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, August 31, 2011

XP32bit: Sonderdienst für Ossis

Quelle
COMPAQ PRESARIO B1011
Win XP Prof. SP2

Die von Compaq bzw. HP verbaute WLAN-Karte ist der letzte Müll (genauso wie das QSI DVD_RW-Laufwerk). Habe beides rausgeschmissen und durch andere ersetzt. Und siehe da, es klappt mit dem WLAN (große, stabile Reichweite) und dem Brenner.
Mit dem SP2 habe ich auch noch nicht so den Bogen raus. Kurioserweise bekam ich mein Notebook von HP nach einer Garantiereparatur (der Inverter hatte den Geist aufgegeben) mit einem neuinstallierten XP-Home mit SP2 zurück. Der anschließende Versuch, die Prof mit SP2 zu installieren ging wieder fürchterlich in die Hose, Rechner startet und bootet Windows hoch, nur mit der internen Grafikausgabe klappt es dann nicht mehr.

Fazit: Tauscht die WLAN-Karte aus und Ihr werdet mit dem WLAN ein echtes Erfolgserlebnis haben.
http://www.laptop-board.de/modules.php?name=Forums&file=viewtopic&t=13&sid= e71e0e7800d75b466b0886a496986868
also, im Downloadbereich die 420wphlash.exe sowie den DP75_10o.rom herunterladen.
Außerdem das MSFT Patch KB885626 deutsche Version herunterladen (bie MSFT)
Nun Euren B101x mit SP1a installieren!
Dann das Bios mit 420wphlash.exe mit DP75_10o.rom flashen.
Als nächstes das Patch KB885626 installieren!
Nun von HP-Compaq alle neusten Gerätetreiber (!!!außer natürlich den neusten BIOS File!!! ) herunterladen und installieren!
Jetzt die Büchse neu starten!
Nun SP2 installieren, dann sollte es funktionieren!!!

----------------------
Es gibt sicherlich immer noch Leute, die vergeblich versuchen auf dem B1011 XP-Prof. mit SP2 zu installieren.
Vorweg angemerkt, die Home Version mit SP2 lässt sich recht problemlos installieren.
Jetzt ertsmal generell zum Presario B1011:
1. HP hat was das DVD-RW angeht, den größten Schrott verbaut. QSI - Laufwerke sind bekannt für Ihr kurzes Laufwerksleben. Egal wie Umsichtig man mit dem LW umgeht, es streckt bei Zeiten sowieso die Flügel.....
2. Fast Jeder B1011 wird in seinem Computerleben einen neuen Inverter erhalten, weil bei der Produktion ein fehlerhaftes Modell verwendet wurde, welches erst nach einem Austausch zufriedenstellend bzw. langlebig seinen Dienst versehen wird.
3. Die WLAN-Karte zählt ebenfalls zu der Sorte "gewollt und nicht gekonnt". Reichweite unter aller Kritik, Stabiltät -> wusste der Hersteller wahrscheinlich noch nicht mal wie man das schreibt.....
4. Die Lüftersteuerung ist für den Eimer, der Film könnte heißen "Und ewig dröhnt der Lüfter"...
Zu diesem Problem habe ich aus zeitmangel noch keine Problemlösung gesucht, kommt aber in Kürze noch und werde ich hier posten.
5. Was die Energiesparoptionen angeht habe ich diese schon im Bios soweit möglich deaktiviert. Warum ? -> Mir ist bei verschiedenen Tests aufgefallen, das nach einer gewissen Zeit, wenn wieder volle Leistung gefordert wird, der B1011 nicht mehr so wirklich seine ganze Rechenpower zur Verfügung stellt, warum weiß der Teufel..... Habe es übrigens bei verschiedenen B1011 gestestet mit dem selben Ergebnis. Jetzt läuft er stabil mit Vollgas, natürlich hält der Akku in dem Falle nur noch max. 2 Stunden, je nach Anwendung auch weniger. Aber Steckdosen gibt es fast überall....
Fazit:


Möchte man einen stabilen und schnell arbeitenden B1011 haben, sollte man auf jedenfall den DVD-Brenner und die WLAN-Karte (am Besten direkt gegen eine 54MBit)austauschen. Sehr viel Sinn macht auch einen Speichertausch bzw.-aufrüstung gegen 2x 512MB gleich auf 1GB. Dann hat man einen stabil laufenden Presario B1011, der lange seinen Dienst versehen wird.
Als Gegenargument werden sicherlich einige die Kosten anbringen und dies einem neuen Notebook gegenüber stellen. Nur, wer einen B1011 schon sein Eigen nennt sollte nicht vergessen, das Gehäuse sowie die Displayschaniere sind sehr stabil und neuere Notebook-Modelle nach dem Prinzip "leichter und dünner" haben in diesem Bereich teilweise massive Problem. Also sollte man abwägen...
Presario B1011 mit Windows XP Prof und SP2
Kommen wir jetzt zu dem leidigen Thema SP2, welches in Wirklichkeit nicht so das Problem ist......wenn man weiß wie es geht.
Leider lässt es sich auf einem bestehenden System nicht reallisieren, d.h. Platte putzen....
Anleitung:
1.) Bevor man etwas anderes macht, bitte alle aktuellen Treiber sowie das akutellste Bios von der HP-Seite downloaden.
2.) sp1a und das SP2 für IT-Spezialisten von der Mircosoftseite downloaden
SP1a -> http://www.microsoft.com/downloads/details.aspx?FamilyID=83e4e879-fa3a-48bf-ade5-023443e29d78&DisplayLang=de
SP2 -> http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&DisplayLang=de
3.) Bios-Update CD und eine Treiber-CD mit den neuen Treibern und den Servicepacks erstellen.
4.) Rechner mit der Bios-CD neu booten und Bios aktualisieren
5.) Jetzt XP-Prof OHNE irgendein Servicepack isntallieren
6.) Nachdem Win XP-Prof ohne Serciepacks fertig installiert ist, SP1a installieren
7.) Jetzt erst ALLE aktuellsten Treiber installieren und neustarten
8.) So, jetzt der letzte Schritt, SP2 installieren, neustarten und Euer B1011 rennt mit XP-Prof-SP2.
9.) Damit es für die Zukunft leichter wird empfiehlt es sich an dieser Stelle angekommen ein Image von der Platte zu ziehen.

======000000000000000000=======Die Windows XP-Startdiskette ermöglicht die Neuinstallation des Betriebssystems auf Computern ohne startfähiges CD-ROM-Laufwerk.
Windows XP Service Pack 1a (SP1a) enthält Updates für die Sicherheit und Zuverlässigkeit für die Produktfamilie der Windows XP-Betriebssysteme. Wenn Sie Windows XP SP1 bereits installiert haben, ist die Installation von Windows XP SP1a nicht erforderlich.
Wenn der Computer nicht unter Windows XP SP1 ausgeführt wird, sollten Sie SP1a installieren, da es Updates für die Sicherheit und Zuverlässigkeit für die Produktfamilie der Windows XP-Betriebssysteme enthält.
www.zdnet.de/..windows-xp-service-pack-1a-deutsch
Wenn Sie bereits Windows XP SP1 ausführen, bringt die Installation von SP1a keine Vorteile mit sich. Microsoft rät von der Installation von SP1a ab, wenn Sie bereits SP1 ausführen.
Windows XP SP1a ist fast mit Windows XP SP1 identisch, mit der Ausnahme, dass die Microsoft Virtual Machine (VM) aus SP1a entfernt wurde.
Technische Änderungen: Windows XP SP1a umfasst nicht die Microsoft VM, die das Ausführen von Java-Applets unterstützt.
So ermitteln Sie, ob Windows XP SP1 ausgeführt wird Klicken Sie im Startmenü mit der rechten Maustaste auf Arbeitsplatz, und klicken Sie dann auf Eigenschaften. Wenn Service Pack 1 unter System angezeigt wird, führen Sie bereits Windows XP SP1 aus.
Anmerkung: Wenn Sie Windows XP oder Windows XP SP1 mit der Microsoft VM ausführen, können Sie die Microsoft VM mithilfe von Windows Update aktualisieren. Wenn Sie Windows XP ohne die Microsoft VM ausführen, müssen Sie keine Updates für die Microsoft VM installieren. Folglich werden Ihnen diese Updates auch nicht angeboten, wenn Sie die Windows Update-Website besuchen. Microsoft stellt künftig keinen Download der Microsoft VM für Computer bereit, auf denen die Microsoft VM nicht bereits installiert ist. Weitere Informationen finden Sie auf der folgenden Microsoft-Website: http://www.microsoft.com/java (englischsprachig). 
==============
Windows XP Service Pack 3 (SP3) ist ein wichtiges Update, das zuvor veröffentlichte Sicherheits-, Leistungs- und Stabilitätsupdates für Windows XP einschließt.
So erhalten Sie SP3
Das empfohlene (und einfachste) Verfahren zum Abrufen von SP3 besteht darin, automatische Updates zu aktivieren. Weitere Informationen erhalten Sie unter Einrichten der Automatischen Updates auf der Windows-Website.
Hierdurch wird SP3 automatisch heruntergeladen, sobald es für den Computer verfügbar ist. Nach nur wenigen Mausklicks kann die Installation gestartet werden; der weitere Prozess wird automatisch ausgeführt. Wenn automatische Updates nicht aktiviert sind, können Sie SP3 mithilfe von Windows Update auf der Windows-Website installieren.
Für die Installation von SP3 muss Windows XP Service Pack 1a (SP1a) oder Service Pack 2 (SP2) bereits installiert sein. Diese Service Packs sind ebenfalls verfügbar, wenn Sie die automatischen Updates aktiviert haben. Weitere Informationen zu diesen und anderen Windows Service Packs finden Sie im Service Pack Center.
HinweiseHinweise
Für die 64-Bit-Version von Windows XP ist kein SP3 verfügbar. Wenn auf Ihrem PC die 64-Bit-Version von Windows XP mit SP2 ausgeführt wird, verfügen Sie über das neueste Service Pack und können weiterhin bis zum 8. April 2014 Support anfordern und Updates herunterladen. Unter Wird auf meinem PC die 32-Bit- oder die 64-Bit-Version von Windows ausgeführt? können Sie herausfinden, welche Version auf Ihrem PC ausgeführt wird.
  • Um auf Ihrem PC die optimale Leitung zu erzielen, sollten Sie ein Upgrade auf Windows 7 durchführen. Weitere Informationen zu den in Ihrem Land oder Ihrer Region verfügbaren Möglichkeiten finden Sie auf der Webseite Shop.
So finden Sie heraus, ob Windows XP SP3 bereits installiert ist
  • Klicken Sie auf Start, klicken Sie mit der rechten Maustaste auf Arbeitsplatz, und klicken Sie dann auf Eigenschaften.
    Wird Service Pack 3 im Abschnitt System aufgeführt, ist SP3 bereits auf Ihrem Computer installiert. In diesem Fall können Sie die folgenden Anweisungen ignorieren.

Tuesday, August 30, 2011

HP printers and Jetdirect


HP LaserJets - Cold Reset Instructions
http://kb.iu.edu/data/aizz.html 
If you need to reset your HP JetDirect card, Hewlett-Packard recommends doing a cold reset (resetting the card to factory defaults). A cold reset will completely erase a JetDirect card's settings and allow you to reconfigure it. Before doing so, you should print out a configuration page for reference. For directions on how to print the configuration page and reset your JetDirect card, consult the manual or user guide for your printer. If you cannot locate these, download a new user guide from Hewlett-Packard:
  1. From HP Support & Drivers, search for your printer's full name
  2. From the self-help resources section, select manuals.
  3. Choose the appropriate user guide for your printer.
If you still can't find instructions for your particular printer and card model, take the following steps appropriate for your type of JetDirect card:
  • Internal cards: Turn off the printer, take out the JetDirect card and let it sit overnight. Then insert the card back into the printer.
  • External cards: Hold down the Test button and unplug the power cord from the box. Then reconnect the power cord.
 HP's Business Support Center
HP Support & Drivers
jetadmin embedded web server (http://192.168.1.104)
"Problem loading page" page
check if you can get the printer setup page (or just ping the
printer:
ping -c 3 192.168.1.104
 If network is good and printer is O.K., you should get a positive reply. 

 

»

Instalar y configurar documentos





»  HP Web Jetadmin 10.2 - Installation and Setup Guide   18 ago 2011




»  HP Web Jetadmin 10.2 - Smart Client Deployment   9ago 2011




»  HP Web Jetadmin 10.2 - Installing HP Web Jetadmin 10.2 from a Command Line or Script   8 ago 2011




»  Ver más...http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=es&cc=es&taskId=115&prodSeriesId=27905&prodTypeId=18972&objectID=c01901172 



Other Problems with sfc

Source
#1
Has the CD Drive's drive letter changed (perhaps by the addition of another hard drive, partition, or removable drive) since Windows XP was first installed? If so, simply edit the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup\SourcePath to reflect the changed drive letter.
After you restart the computer, WFP and sfc /scannow uses the new source path instead of prompting for the Windows XP installation CD-ROM
#2
Has the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup\SourcePath got an incorrect entry? The SourcePath entry does NOT include the path location till the I386 folder. It completes one folder ahead to reach the I386 folder.
Example:
If the I386 directory is at C:\I386, the SourcePath value would be C:\
#3
If the problem persists and you have the correct path for your I386 folder then the I386 folder is corrupted. To solve this problem copy I386 folder from the CD-ROM to your system restart the system and then
perform sfc /scannow again.
#4
You do not have an XP retail CD with an I386 folder on it. If you have a restore CD from your PC manufacturer then you may have to explore the CD to find the folder.
#5
You still keep being prompted for the XP CD yet you have done all in this article! There is another setting in the registry that may be causing the problem. Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath
Make sure the entry here is the same path to the I386 folder as used above.
#6
Systems administrators can enforce security policies that may include changes to the Windows File Protection settings. You will need to speak with your network administrator about this, but it is important to bear in mind when Windows starts up, the Windows File Protection service synchronizes (copies) the WFP settings from the following registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection
to the following registry key: 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Therefore, if any of the following values are present in the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection key, they will take precedence over the same values under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key.
This will not effect scannow sfc so much, but WILL make an impact if any of the other sfc.exe "switches" have been used! (More about these at the end of this article.)
#7
When you run scannow at logon you do not get a progress bar... This can easily be remedied by adding a new DWORD: SFCShowProgress to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
the values available are: 0 = disabled, 1 = enabled

Registry settings

SourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup

service WmiApRpl (WmiApRpl) failed

Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3011
Date: 8/21/2008
Time: 12:42:36 PM
User: N/A
Computer: SCOTTY
Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed.
The Error code is the first DWORD in Data section.
=======================
Loadperf Errors In Win Xp

sfc /purgecache  
sfc /scannow
Source
go to your (device manager)
now once there you will want to select from the toolbar of the window(veiw) then a drop down menu / from it you will select (show all hidden devices)
now if you see any (red or yellow) quotation marks , make a note of what they
now go to the (event veiwer) this is thru the (administrator tools) in the control panel
here you will find 3 to 4 subcatagories
you will want to check each of them for this is where windows keeps track of all errors
now you will want to make notes of the errors that have been recorded ( you do not have to make notes of double entries just of the dates of their happenings & how many there is)
you will get more information on the errors if you (right) click them / then select properties
also
do you have a Windows Xp cd, not the restore cd's that come with some systems, the cd will have the Windows logo & 3D hollowgram/image on it
if you do not maybe you can barrow one from a friend/family member/co-worker as long as it is the same version that is on your system
if you have (Windows XP Home Ed. sp2 ) then the cd will have to be that / if you have a cd with (Windows XP Home Ed. )you will have to slipstream (SP2 ) onto a disk that you create
this also applies to (Windows XP Professsional )
http://www.helpwithwindows.com/Windo...p2-bootcd.html
now if you do have the Windows XP cd with sp2 please follow these steps
-------------------------------------------
performing a (sfc) system file checker
It is a scan that checks the core files & dlls of the (os) operating system and replaces them if they are corrupt or missing with the correct original version
start
#1 then select (run) , then press enter
a window will open
#2 type in ( cmd ) then press enter
another window will open
#3 type in ( sfc )then press enter
another window will open
#4 type in (sfc  /purgecache) then enter / your pc will work like crazy / this helps in rebuiding the cache file
#5 type in (sfc  /scannow ) then press enter
now a scan will start , have your (Windows XP software disk ready ) your pc may ask for this disc when it starts or during the scan( so you must sit with the pc while this scan functions ) , if it does then incert the cd into one of your cd/rom/player's , your pc will then reconnize it and continue , you will then have to minimize the splash screen for the cd to see the scan , when the scan is finished you will need to close the cd and all open windows , then remove the cd
you will then need to do a ( Disk Cleanup ) , then empty the caches & temp files thru the (Internet Options) , then do a defrag
restart your pc
then do a defrag again after the reboot
===============================
How to Fix Windows Performance Registry Corruption
Well I'm still testing InstallShield installers today and thought I'd add another interesting and cryptic issue to the blog that I saw when an uninstaller removes performance counters (or fails to for that matter). The error described below is not InstallShield's fault, but instead corruption in the Performance Counter Registry that is encountered during an uninstall. However, since it occurs on uninstall it will certainly bubble up in you related installer logs. As I posted last night, the best way to troubleshoot InstallShield errors is to search the Internet; so I hope this post can help someone out.  Below is the complete description and fix that worked for me and a few others:

Error Event
Uninstall of application
Error Location
Multiple locations:
1. %temp% \InstallError.log
2. Event Viewer
Error Message
1. InstallError.Log details:
Error in Installer: System.ComponentModel.Win32Exception: The configuration registry key is invalid
at System.Diagnostics.PerformanceCounterLib.RegisterFiles(String machineName, String arg0, Boolean unregister) at System.Diagnostics.PerformanceCounterLib.UnregisterCategory(String machineName, String categoryName) at System.Diagnostics.PerformanceCounterCategory.DeleteCategory(String categoryName, String machineName) at System.Diagnostics.PerformanceCounterCategory.Delete(String categoryName) at Service.ConfigureService.RemovePerformanceCounters()
2. Event Viewer item 1 detail:
Unloading the performance counter strings for service appnamehere (app name here) failed. The Error code is the first DWORD in Data section.
Event Viewer item 2 detail:
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Issue
Corruption of the Windows Performance Registry, possibly due to Windows Server 2003 SP1. See the related thread:  

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=442741&SiteID=1
Fix
Run the following command to rebuild the Performance Registry Library:
C:\WINDOWS\system32> lodctr /R

Monday, August 29, 2011

Smsc.exe

Found 1 infected file!
----------------------
C:\WINDOWS\system32\smsc.exe --> Trojan.Generic.6343817
  --> HKLM\System\ControlSet001\services\PrtSmanm
Source
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP

High
High

Description:
To propagate, this worm exploits the Windows LSASS flaw, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
It also has backdoor capabilities. It acts as an IRC bot that connects to a certain IRC server, and joins a specific channel using a random nickname. It monitors and then responds to private messages, usually from a malicious user, by employing specific keyword triggers. It enables the remote user to do the following:
  • Get system information
  • Delete shared drives
  • Manipulate IRC privileges
  • Upload/download files
  • Scan open ports
  • Execute file
To ensure its survival, it terminates several antivirus processes from memory.
This worm also attempts to steal the CD keys of popular game applications.
Important: This FSG-compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP. However, it is unable to perform the exploit on Windows 95, 98, and ME systems since these platforms are not affected by the LSASS vulnerability.
 ------
Solution:

AUTOMATIC REMOVAL INSTRUCTIONS
To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Engine and Template.
MANUAL REMOVAL INSTRUCTIONS
Identifying the Malware Program
To remove this malware, first identify the malware program.

  1. Scan your system with your Trend Micro antivirus product.
  2. NOTE all files detected as WORM_SDBOT.FO.
Trend Micro customers need to download the latest pattern file before scanning their system. Other users can use Housecall, Trend Micros free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
  1. Open Windows Task Manager.
    On Windows 95, 98, and ME, press
    CTRL+ALT+DELETE
    On Windows NT, 2000, and XP, press
    CTRL+SHIFT+ESC, then click the Processes tab.
  2. In the list of running programs*, locate the malware file(s) detected earlier.
  3. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
  4. Do the same for all detected malware files in the list of running processes.
  5. To check if the malware process has been terminated, close Task Manager, and then open it again.
  6. Close Task Manager.

*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions. Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
  1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
  2. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
  3. In the right panel, locate and delete the entry:
    Win32 USB2 Driver="smsc.exe"
  4. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Runservices
  5. In the right panel, locate and delete the entry:
    Win32 USB2 Driver="smsc.exe"
  6. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Runonce
  7. In the right panel, locate and delete the entry:
    Win32 USB2 Driver="smsc.exe"
  8. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Run
  9. In the right panel, locate and delete the entry:
    Win32 USB2 Driver="smsc.exe"
  10. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Runservices
  11. In the right panel, locate and delete the entry:
    Win32 USB2 Driver="smsc.exe"
  12. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Runonce
  13. In the right panel, locate and delete the entry:
    Win32 USB2 Driver="smsc.exe"
  14. Close Registry Editor.

NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system. Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_SDBOT.FO. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micros free online virus scanner.
APPLYING PATCHES
Download the latest patches. Information on the vulnerability exploited by this malware and corresponding patch can be found at the following link:


=================
Source
1. End smsc.exe in your processes (DO this first because this worm will prevent you from using regedit.exe and msconfig.exe)
2. Delete smsc*.* from c:\windows\prefech
3. Delete smsc.exe from c:\windows\system32
4. Delete c:\windows\driver cache\i386\Drivers.cab (this file has been infected)
5. Use msconfig.exe to uncheck smsc.exe from startup.
This should do it. 
=================
Source
This program is associated with a virus or worm. If you do a Goggle search
you will come up with several links. Probably why you cannot access McAfee.
If you are a novice and cannot follow these steps:
1. End smsc.exe in your processes (DO this first because this worm will
prevent you from using regedit.exe and msconfig.exe)
2. Delete smsc*.* from c:\windows\prefech
3. Delete smsc.exe from c:\windows\system32
4. Delete c:\windows\driver cache\i386\Drivers.cab (this file has been
infected)
5. Use msconfig.exe to uncheck smsc.exe from startup.
Then you may want to post a hijack log at one of the forums for expert
advice
Download HijackThis > http://www.aumha.org/a/parasite.php#hjt
Forums - Experts to read your HJT Log
http://forum.aumha.org/viewforum.php?f=30
http://computercops.biz/forums.html
http://forums.techguy.org/
http://forums.net-integration.net/index.php

Follow through with preventative measures
Helpful Links:
http://mvps.org/winhelp2002/unwanted.htm
http://www3.telus.net/dandemar/index.htm
http://aumha.org/secure.htm

Sunday, August 28, 2011

BSoD and event errors

Driver Verifier can help find some BSOD issues :
Using Driver Verifier to identify issues with Windows drivers for advanced users
support.microsoft.com/kb/244617
How To Troubleshoot Driver Problems in Windows Vista or 7.
winvistaclub.com/t79.html
How to use Windows Driver Verifier Manager to Troubleshoot & Identify Driver Issues
How to use Windows Driver Verifier Manager to Troubleshoot & Identify Driver Issues
You can disable Driver Verifier
http://support.microsoft.com/kb/244617
Start - type in Search box -> verifier /reset      hit enter to disable
Use BlueScreenView to see if there is a driver specified in the error message. Also check with
MyEventViewer at the time of the BlueScreen.
=====================================================
This is my generic how to for proper driver updates :
This utility makes it easy to see which versions are loaded :
DriverView - Free utility displays the list of all device drivers currently loaded on your system.
For each driver in the list, additional useful information is displayed: load address of the driver,
description, version, product name, company that created the driver, and more.
nirsoft.net/utils/driverview.html
For Drivers check System Maker as fallbacks and Device Maker's which are the most current.
Control Panel - Device Manager - Display Adapter - write down the make and complete model
of your video adapter - double click - Driver's tab - write down the version info. Now click UPdate
Driver (this may not do anything as MS is far behind certifying drivers) - then Right Click -
Uninstall - REBOOT this will refresh the driver stack.
Repeat that for Network - Network Card (NIC), Wifi, Sound, Mouse and Keyboard if 3rd party
with their own software and drivers and any other major device drivers you have.
Now go to System Maker's site (Dell, HP, Toshiba as examples) (as rollback) and then Device
Maker's site (Realtek, Intel, Nvidia, ATI as examples) and get their latest versions. (Look for
BIOS, Chipset and software updates at System Maker's site while there.)
Download - SAVE - go to where you put them - Right Click - RUN AD ADMIN - REBOOT after
each installation.
Always check in Device Manager - Drivers tab to be sure the version you are installing actually
shows up. This is because some drivers rollback before the latest is installed (sound drivers
particularly do this) so install a driver - reboot - check to be sure it is installed and repeat as
needed.
Repeat at Device Makers - BTW at Device Makers DO NOT RUN THEIR SCANNER - check manually by model.
Manually look at manufacturer's sites for drivers - and Device Maker's sites.
pcsupport.about.com/od/driverssupport/ht/driverdlmfgr.htm
How to Install a Device Driver in Vista Device Manager
vistax64.com/tutorials/193584-device-manager-install-driver.html
If you update drivers manually then it is a good idea to disable Driver Installations in Windows
Updates, this leaves Windows Updates ON however it will not install drivers which will usually be
older and cause issues. If Updates suggests a new driver then HIDE it (Right Click on it) and then
go look for new ones manually if you wish.
How To Disable Automatic Driver Installation In Windows Vista - Drivers
addictivetips.com/windows-tips/how-to-disable-automatic-driver-installation-in-windows-vista/
technet.microsoft.com/en-us/library/cc730606(WS.10).aspx
==========================================
Memory issues are NOT the usual cause for this Bug_Check.
Memory tests do not catch all errors such as mismatched memory (possible even for sticks
that appear to be identical) and when faster memory is placed in system behind slower memory.
So it is best to also swap sticks in and out to check for those even if all memory tests fail to show
a problem.
To test RAM check here - let it run 4+ hours or so.  <-- best method
www.memtest.org
For the Vista Memory Diagnostic Tool
Start - type in Search box -  Memory - find Memory Diagnostics tool at top of list - Right Click -
RUN AS ADMIN follow the instructions
Windows Vista: How to Scan / Test your RAM or Memory with Windows Vista Memory Diagnostic Tool
shivaranjan.com/2007/11/01/windows-vista-how-to-scan-test-your-ram-or-memory-with-windows-vista-memory-diagnostic-tool/
Test Your Computer’s Memory Using Windows Vista Memory Diagnostic Tool
howtogeek.com/howto/windows-vista/test-your-computers-memory-using-windows-vista-memory-diagnostic-tool/

Windows updates

Quelle
Office Update Inventory Tool 2.2
02.11.07, Englisch Checkt die Installationen von Office 2000, XP und 2003 auf einzelnen oder mehreren Rechnern im LAN auf neue Update-Möglichkeiten; zeigt an, welche Updates beim Hersteller bereitstehen und auf welchen Rechnern Updates erforderlich sind; benötigt den aktuellen
Office Update Inventory Tool Catalog als Informationsbasis
SWUS offline update
At this site, the open source project formerly known as "c't offline update" or "DIY Service Pack" and published at "The H", will be continued by its original author, Torsten Wittrock.
Using "WSUS Offline Update", you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection.

c't Offline Update für Mac OS X 10.4 (OliU) 1.2

Quelle
 Download
c't Offline Update für Mac OS X 10.4 (OliU): Lädt Updates für Mac OS X 10.4 auf einen Rechner und macht sie als Update-Paket auf CD, DVD oder USB-Gerät verfügbar; so lassen sich auch Rechner ohne Internetanbindung aktualisieren (Installationsanleitung im Praxisartikel zum Offline-Update für Mac OS X 10.4 - kurz: OliU - in c't 10/2007, S. 192)

Saturday, August 27, 2011

AMD-ATI Radeon HD 5450 on Win2k3

Windows 2003: Extended Support leads to 2015!
Old problem
CATALYST does not include support for Server Operating Systems. ATI's server products are the RageXL and the RADEON 7000. Both of those products have drivers as part of the Operating System. Until there is a clear business requirement for 3D acceleration support for Server Operating Systems we dont plan on including Server2003 as part of CATALYST.
This is a 5,000 dollar Operating System right? If you bought that OS I assume you are running a server? If so the OEM of the server machine will also be able to provide you driver updates for your 2D card if you need them. 
------------------
The rendering farms i know nothing about in detail, that was from another forum where we were discussing JUST this same problem. Windows 2003 drivers. We were just trying to give some reason for ATI to listen to the groups of people that want some simple OS support. The problem mainly under Windows 2003 btw is SMARTGART. Well under 2003 its more like DumbGART - it turns off AGP for me and im not sure how to get around it... we need some certification, some proper support. NVIDIA have more support for Windows 2003 than ATI. Some of their cards are already certified for it.
I mean not supporting Server OS's with drivers that are made for 'gaming' i understand, 2000 Server and NT Server were basically the same OS with extra services/tools. But 2003 isnt and some support would be nice, for whatever reason they want. I had another brain storm of a use for 3d acceleration. You know those large promo's/displays? on 24/7 feeding presentations and 3d graphics to many monitors? Yeah well i bet they would be running Windows Server and not Windows XP Home Edition or anything
AMD Driver Autodetect 
We were unable to find your hardware and OS!  
=============
Source
ATI driver information for Microsoft Windows Server 2003

All drivers for Windows Server 2003 are maintained and deployed by Microsoft. This operating system currently provides drivers for RAGE XL products only.

While Windows Server 2003 display drivers are not available from ATI directly, you may obtain updates through Windows Update, or other deployment option from Microsoft.

Windows Server 2003 is positioned as a business and corporate enterprise server Operating System. It is not intended for home or personal use.

Please refer to Microsoft's website for detailed information.
http://www.microsoft.com/windowsserver2003/default.mspx
  ===========================


ati-radeon-drivers.com/download.php
support.amd.com/us/gpudownload/Legacy/  radeonaiw_xp
sites.amd.com/us/game/downloads
superuser.com/why-does-ati-5570-hd-video-card-driver-installation-cause-windows-7-to-blue-scree
Finally I've been able to install the ATI drivers. I got them from the ATI site, and launched the .exe that decompressed on C:\ATI\. The default install behaves as the included drivers: it launches the "ATI Catalyst Install Manager" that lets you update the install manager itself, and install .NET 2.0.
Going to device manager, selecting the VGA Graphics card, and choosing the "update driver" option, and pointing it to the "WXP" subdir that had drivers (C:\ATI\\Packages\Drivers\WXP), it recognizes the card and install as Radeon HD 5450. dxdiag show Graphics accel working (I had it enabled long time ago, to use my 2k3 as workstation): 
http://www.msfn.org/win2k3/hardwareacc.htm
Now if I can I'll try install the Catalyst Control Center, but that's 2nd priority.
---------------
ASUS EAH5450 Graphics Card (ATI Radeon HD5450 - 1 GB DDR3) on Windows 2003?
So cool. x64 XP drivers worked for me on 2003 Enterprise Server x64.
============
Source
Solution that worked for me follows:
I have a Sapphire ATI PCI Express 5570 as well and experienced the exact same 0x000000CA BSOD in Windows 7 when trying to install drivers for it. I tried the Catalyst driver on Sapphire's website as well as on ATI's website. I tried Catalyst version 10.4, 10.5, and 10.6 with the same issue. I also tried updating the Optiplex (755) BIOS to A17 and trying various BIOS settings to no avail. The BSOD always occurs when the Catalyst software tries to query the video card.
My work-around was to not let Catalyst query the card. I wish it was as easy as an installation option to avoid the query in the Catalyst install, but of course it can't be that straight-forward. Instead, I let the Catalyst software unzip itself to a location, located the driver .inf files in that location, and manually updated the video card driver (Device Manager->Update Driver->"Let me specify the best driver..."->specify location->etc). Two identically named ATI 5570 drivers presented themselves in the driver selection window, so I chose the first one.
Then I manually installed the Catalyst Control Center by locating just the CCC install files unzipped by the ATI package (I ran two setups, CCC-core I think and another name that resembled CCC-something-or-other. I am probably missing some minor components but the screen resolution, color depth, and CCC features all seem to work fine.
Basically everything works with the exception of some video card DLL warnings if I run the System Score test in Windows 7, though it does come back with what feels like an appropriate score of 5.9 for this card.

As a follow-up: after doing all of those steps the Catalyst Installer ran successfully. I did however end up having to delete the following files to make some lingering occasional errors go away:
c:\windows\system32\coinst.dll
c:\windows\system32\atiuxp64.dll 
c:\windows\syswow64\atiumdva.dll 
c:\windows\syswow64\atiumdva.cap
--------------------
Try these steps:
  1. Launch Windows in Safe Mode
  2. Uninstall previous driver
  3. Reboot
  4. Safe Mode Again
  5. Install ATI Drivers
  6. Reboot
  7. ???
  8. Profit
No seriously tho, safe-mode - manually uninstalling a previous driver go a long way for ATI.
To fix this:
  1. Uninstall any ATI drivers on your system.
  2. Run the CCC installer but I suggest canceling after it extracts the files.
  3. Navigate to: C:\ATI\Support\10-x_vista64_wi n7_64_dd_ccc_enu\Config
  4. EDIT InstallManager.cfg
  5. Change WorkaroundInstall=false to WorkaroundInstall=true
  6. Run Setup.exe and the CCC should install without a problem
    --------------------------------------------
    Pulled from AMD ForuM:
    http://forums.amd.com/game/messageview.cfm?catid=227&threadid=134238
    This works, I have done it two times very easily. Just a heads up. After you are done expanding and relocating the file. Go back to the c:\ATI\Support\10-4_xxxx, right click and delete. Run CCleaner. You don't need those remaining files on your PC.
    Thanks for the workaround.
    There is an easier way without having to uninstall 10.6 and install 10.4.
    1. Just run the 10.4 installer and it will extract the atioglxx.dl_ to c:\ATI\Support\10-4_xxxx\packages\drivers\xxxxxx, just use find to find it.
    2. Copy the atioglxx.dl_ file somewhere and start the commandline and goto that location and type "expand atioglxx.dl_ atioglxx.dll" and the compressed dll will be extracted.
    3. Copy the atioglxx.dll as stated above.
    Edit: Just noticed Step 3 is vague. Copy that expanded dll (atioglxx.dll) to the Call of Duty Directory. For 32bit systems it should be C:\Program Files\Call of Duty and for 64bit systems it should be C:\Program Files (x86)\Call of Duty. Good Luck
    -------------------
    Run the installer then quit it after it extracts the files to c:\ATI\Support\10-4_xxxx\packages\drivers\xxxxxx. Expand, then copy over to your COD directory just like before. Might work with the new card and O/S. Just trying to once again give you an idea to try out. Good luck man. By the way... After moving the .dll to the cod directory. Did you ever try dragging and dropping it over the CoDUOMP.exe file?
    If not, give that a go. The dll just simply might not be registering after you move it to the CoD directory. If the drag and drop over the CoDUOMP.exe doesn't work, then you might need to register the dll manually (http://windows7themes.net/how-to-register-dll-files-in-windows-7.html). Good luck when you get your new rig, although for some reason I think the "quick fix" method will work on Win 7. That is the O/S I successfully have done it two times on.
    p.s. I underlined the and O/S because this might be the make it or break it why this "quick fix" works for some but not others. Just a thought, though I could very well be wrong.
    p.s.s. the new CCC 11.6 is due June 15th (anywhere middle of the month). Hopefully it is fixed in this version. Although I highly doubt it.
    ============ ============
    ATI WDM
    Source
    Link
    Darunter zumindest "Full Catalyst Software Suite (Recommended)" und unter "Individual Drivers (Motherboard/Chipset)" die "South Bridge Driver" herunterladen und installieren.

    Hintergrundinfos zu den weiteren Downloads:
    • "South Bridge Driver" ist der Treiber für das Mainboard/Chipsatz (der "GART" Treiber ist nicht notwendig da nur für alte AGP-Grafikkarten)
    • "Display Driver" sind die eigentlichen Treiber für den Grafikchip, alle anderen Sachen sind optional.
    • "Catalyst Software Suite" enthält vor allem das "Catalyst Control Center" (CCC) ist die empfehlenswerte Oberfläche für Einstellugen.
    • "Complete Avivo Package", Video-Engine (Infos) enthält vor allem den "Universal Video Decoder" (UVD) der die CPU bei der BlueRay-Dekodierung stark entlastet.
    • "ATI Multimedia Software" enthällt wiederum das "Complete Avivo Package" und anderen Multimedia-Software
    • "Hydravision Package" für Mehrbildschirm-Tools, weitere Erklärung hier.
    • "ATI WDM Integrated Driver" nicht notwendig, da nur für Video-Ausgang und TV-Karten benötigt.

    Audio Link Korrektes Betriebssystem aus der Liste wählen, NICHT die "ATI HDMI Audio Device"

      error 0x00000044

      Problem signature:  
      Problem Event Name:    BlueScreen  
      OS Version:    6.0.6002.2.2.0.768.3  
      Locale ID:    1033 
      Additional information about the problem:  
      BCCode:    44
      Source
      BCCode: 44   0x00000044
      This is almost always a driver or something causing a driver failure or even an interaction
      of two drivers. Have you added new hardware lately or updated drivers - also check in
      Control Panel - Windows Updates to see if any drivers have been updated there.
      BCCode: 44   0x00000044
      Cause
      A driver has called IoCompleteRequest to ask that an IRP be completed, but the packet has already been completed.
      Resolving the Problem
      This is a tough bug to find because the simplest case — a driver that attempted to complete its own packet twice — is usually not the source of the problem. More likely, two separate drivers each believe that they own the packet, and each has attempted to complete it. The first request succeeds, and the second fails, resulting in this bug check.
      Tracking down which drivers in the system caused the error is difficult, because the trail of the first driver has been covered by the second. However, the driver stack for the current request can be found by examining the device object fields in each of the stack locations.
      BCCode: 44   0x00000044  <-- read this link
      http://www.faultwire.com/solutions-fatal_error/MULTIPLE-IRP-COMPLETE-REQUESTS-0x00000044-*1083.html?order=date
      ======================================
      Look in the Event Viewer to see if anything is reported about those.
      http://www.computerperformance.co.uk/vista/vista_event_viewer.htm
      MyEventViewer - Free - a simple alternative to the standard event viewer of
      Windows. TIP - Options - Advanced Filter allows you to see a time frame instead
      of the whole file.

      http://www.nirsoft.net/utils/my_event_viewer.html
      Here are some methods to possibly fix the blue screen issue. If you could give the Blue Screen
      info that would help. Such as the BCC and the other 4 entries on the lower left. And any other
      error information such as STOP codes and info such as IRQL_NOT_LESS_OR_EQUAL or PAGE_FAULT_IN_NONPAGED_AREA and similar messages.
      As examples :
      BCCode: 116
      BCP1: 87BC9510
      BCP2: 8C013D80
      BCP3: 00000000
      BCP4: 00000002
      or in this format :
      Stop: 0x00000000 (oxoooooooo oxoooooooo oxooooooooo oxoooooooo)
      tcpip.sys - Address 0x00000000 base at 0x000000000 DateStamp 0x000000000
      This is an excellent tool for posting Blue Screen Error Information
      BlueScreenView scans all your minidump files created during 'blue screen of
      death' crashes, and displays the information about all crashes in one table -
      Free
      http://www.nirsoft.net/utils/blue_screen_view.html
      Many BlueScreens are caused by old or corrupted drivers, especially video drivers
      however there are other causes.
      You can do these in Safe Mode if needed or from Command Prompt from Vista DVD or
      Recovery Options if your system has that installed by the maker.
      This tells you how to access the System Recovery Options and/or from a Vista DVD
      http://windowshelp.microsoft.com/Windows/en-US/Help/326b756b-1601-435e-99d0-1585439470351033.mspx
      You can try a System Restore back to a point before the problem started if there is one.
      How to Do a System Restore in Vista
      http://www.vistax64.com/tutorials/76905-system-restore-how.html
      ---------------------------------------
      Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -
      RUN AS ADMIN
      Enter this at the prompt - sfc /scannow
      How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe)
      program generates in Windows Vista cbs.log
      http://support.microsoft.com/kb/928228

      The log might give you the answer if there was a corrupted driver. (Does not
      tell all the possible driver issues).
      Also run CheckDisk so we can rule out corruption as much as possible.
      How to Run Check Disk at Startup in Vista
      http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
      ----------------------------------------
      Often updating drivers will help, usually Video, Sound, Network Card  (NIC), WiFi, 3rd party
      keyboard and mouse, as well as other major device drivers.
      Manually look at manufacturer's sites for drivers - and Device Maker's sites.
      http://pcsupport.about.com/od/driverssupport/ht/driverdlmfgr.htm
      How to Install a Device Driver in Vista Device Manager
      http://www.vistax64.com/tutorials/193584-device-manager-install-driver.html
      How To Disable Automatic Driver Installation In Windows Vista - Drivers
      http://www.addictivetips.com/windows-tips/how-to-disable-automatic-driver-installation-in-windows-vista/
      http://technet.microsoft.com/en-us/library/cc730606(WS.10).aspx
      ---------------------------------------
      How to fix BlueScreen (STOP) errors that cause Windows Vista to shut down or restart
      unexpectedly
      http://support.microsoft.com/kb/958233
      Troubleshooting Vista Blue Screen, STOP Errors
      http://www.chicagotech.net/vista/vistabluescreen.htm
      Understanding and Decoding BSOD (blue screen of death) Messages
      http://www.taranfx.com/blog/?p=692
      Windows - Troubleshooting Blue Screen Errors
      http://kb.wisc.edu/page.php?id=7033
      ----------------------------------------
      In some cases this might be required.
      StartUp Repair from Recovery Options or Vista disk
      How to do a Startup Repair
      http://www.vistax64.com/tutorials/91467-startup-repair.html
      This tells you how to access the System Recovery Options and/or from a Vista DVD
      http://windowshelp.microsoft.com/Windows/en-US/Help/326b756b-1601-435e-99d0-1585439470351033.mspx

      Thursday, August 25, 2011

      Core Temperature

      alcpu.com/CoreTemp/
      Core Temp is a compact, no fuss, small footprint, yet powerful program to monitor processor temperature and other vital information.
      What makes Core Temp unique is the way it works. It is capable of displaying a temperature of each individual core of every processor in your system!
      You can see temperature fluctuations in real time with varying workloads. Core Temp is also motherboard agnostic.
      All major processor manufacturers have implemented a "DTS" (Digital Thermal Sensor) in their products. The DTS provides more accurate and higher resolution temperature readings than conventional onboard thermal sensors. (How does it work?).
      This feature is supported by all recent x86 processors. Processors by Intel, AMD and VIA are supported. A complete list of supported processors is available.
      CoreTemp Add Ons

      Event ID 6008 is logged in the System log

      all windows event id
      support.microsoft.com/kb/950323/en-us
      Note This event indicates that the system was shut down unexpectedly. This event is incorrect because the system was successfully shut down.
      The Event Log service periodically updates the last alive time stamp that is stored in a registry entry. The Event Log service cleans the last alive time stamp during system shutdown. This time stamp is not cleaned after an unexpected shutdown (dirty shutdown). Then the next time that the system starts, the Event Log service raises an event to report the unexpected shutdown.
      However, a race condition may occur between the timer thread and the system shutdown thread. The last alive time stamp may be reupdated after it is cleaned during system shutdown. Therefore, an "unexpected shutdown" event is reported incorrectly.  
      Windows Server 2003 Random Shutdown with Event ID 6008
      Monitor the CPU temprature. 
      Consider to control the dissipation of the heat in the CPU and GPU
      Or the Power Supply Unit

      Registry troubleshooting

      Fuente
      This article describes how to troubleshoot registry corruption issues.
      If your computer does not restart, the registry hives may be corrupted. The error messages may vary. They can include any of the following:
      Windows could not start because the following file is missing or corrupt:\WINNT\SYSTEM32\CONFIG\SYSTEM.ced
      Windows could not start because the following file is missing or corrupt:\WINNT\SYSTEM32\CONFIG\SYSTEM
      Windows could not start because the following file is missing or corrupt:\WINNT\SYSTEM32\CONFIG\SOFTWARE
      System hive error
      Stop 0xc0000218 (0xe11a30e8, 0x00000000, 0x000000000, 0x00000000) UNKNOWN_HARD_ERROR
      Stop: 0xc0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\CorruptHive or its log or alternate. It is corrupt, absent, or not writable.

      MORE INFORMATION
       There are many reasons why a registry hive may be corrupted. Most likely, the corruption is introduced when the computer is shut down, and you cannot track the cause because the computer is unloading processes and drivers during shutdown. Sometimes, it is difficult to find the cause of registry corruption. The following sections describe three possible causes of the problem and provide steps to troubleshoot the problem.
      Power Failure
      A power failure or some other unexpected shutdown event may cause a corrupted registry hive. To determine whether this is the cause of the issue, look for event ID 6008 entries. Event ID 6008 entries indicate that there was an unexpected shutdown. In this case, some process may have been modifying part of the registry hive, and the computer lost power before that change could be completed. This leaves the registry hive in an inconsistent state. On restart, when the operating system tries to load the registry hive, it may find data in that registry hive that it cannot interpret, and you may receive one of the error messages that is included in the "Summary" section.
      File Corruption and Faulty Hardware 
      Other files may be corrupted. You must determine whether only the registry hives are corrupted or whether other files (system and data) are corrupted. If corruption is not limited to registry hives, the corruption may caused by faulty hardware. This hardware may include anything that is involved in writing to a disk, such as the following:
      • The random access memory (RAM)
      • The cache
      • The processor
      • The disk controller
      If you suspect faulty hardware, the hardware vendor must thoroughly investigate the condition of all computer components.
      The Registry Is Written to at Shutdown
       
      If one or two registry hives consistently become corrupted for no reason, the problem probably occurs at shutdown and is not discovered until you try to load the registry hive at the next restart. In this scenario, the registry hive is written to disk when you shut down the computer, and this process may stop the computer or a component in the computer before the writing is completed.

      Troubleshoot

      To troubleshoot this issue, follow these steps.
      1. Restore the computer to a previous state before registry corruption occurred. If you cannot start the computer, see the following Microsoft Knowledge Base article:
        307545  How to recover from a corrupted registry that prevents Windows XP from starting
        One tool that you can use to back up registry hives is Recovery Console. For more information about how to back up and restore the registry, click the following article numbers to view the articles in the Microsoft Knowledge Base:
        322756  How to back up and restore the registry in Windows XP and Windows Vista
        307654  How to install and use the Recovery Console in Windows XP
        216417  How to install the Windows Recovery Console
      2. Check the hardware, the disk, the firmware drivers, and the BIOS. To do this, follow these steps. These steps may require downtime for the computer.
        1. Make sure that the CPU is not being over-clocked.
        2. Make sure that system event logs do not contain event ID 9, event ID 11, or event ID 15 (or any combination of these events). These events may indicate hardware problems that must be addressed.
        3. Run the chkdsk command-line command together with the /r switch on the disk that contains the registry hive files. This command helps verify that the area of the disk that contains the registry hive files is not involved in the problem.
        4. Apply the latest firmware revisions to disk controllers, and use the matching driver versions. Make sure that the drivers are signed drivers and that you have the appropriate firmware revisions installed.
        5. Make sure that you apply the latest basic input/output system (BIOS) updates to the computer.
      3. After you complete step 2, you may not see any change in behavior. To prevent the corruption, try to close all running processes before you shut down the computer. You may be able to narrow the scope to a single process that is involved. Even if you determine the process, you may be unable to prevent a component from being unloaded before the registry hive is written to. However, if you make sure that you stop the process before shut down, you may be able to prevent registry hive corruption.
      4. After you complete step 3, if you do not see any change in behavior, compare the registry hives. Capture a non-corrupted registry hive and a corrupted registry hive and then compare the two by using comparison tools such as Windiff.exe.
      5. Determine which registry hive section is growing. If it seems that the problem in the registry hive is growing too large, you may be able to determine which section is growing and to trace this back to a process that is writing to the hive.

      timeout durch avgntflt.sys (event 18)

      Quelle

      1 Hast bzw. hattest Du den Guard so eingestellt, dass Archive durchsucht werden? (Konfiguration - "Expertenmodus" - "Guard" - "Suche" - "Archive durchsuchen")
      2 Könnstest Du bitte einmal eine "Eingabeaufforderung" als Administrator starten? ("Start" bzw. Windows-Logo anklicken, cmd.exe in das Eingabefeld eintippen und Strg+Shift+Enter drücken)

      Führe dort die beiden Kommandos
      fltmcundfltmc instances
      --------------------
      Wie gesagt, bei mir lag das Timeout-Problem aber eindeutig an den SATA-Treibern. Das Problem trat auch bei ganz frischer Installation ohne Antivir auf, hauptsächlich bei vielen kleinen Dateien (Bilder). Sogar der Explorer stockte beim Kopieren von 1000+ Dateien. Nach Installation der neuesten SATA-Treiber für mein AMD-Board war alles wie weggeblasen. SATA rennt jetzt.
      --------------------

      Zu 1): Ich frage deshalb, weil bei der Einstellung "Archive durchsuchen" der Guard möglicherweise erhöhtem 'Stress' ausgesetzt ist bei dem u.U. sehr viele kleine, temporäre Dateien im Spiel sind (nämlich dann, wenn gerade auf ein entsprechend umfangreiches/verschachteltes Archiv zugegriffen wird). Speziell wurde dies in der Vergangenheit beim Start von Java(-Applikationen) beobachtet/berichtet, bei dem u.U. viele JAR-Dateien dem Guard ordentlich 'einheizen'. Diese erhöhte Grundlast scheint in manchen Situationen Probleme mit dem Guard eher offensichtlich werden zu lassen, als das im 'Normalbetrieb' ohne "Archive durchsuchen" der Fall wäre. Auch wenn die Ursache bei Dir letztlich woanders lag, scheint diese generelle Aussage auch für Deine Timeout-Fehler / Event-ID 18 Ereignisse zuzutreffen...


      Zu 2): Die beiden Befehle listen die Treiber im System der "Dateifilter" von Windows auf (fltmc) und zeigen zugleich, für welche (logischen) Laufwerke sie gerade Verwendung finden (fltmc instances) - vgl. z.B. http://msdn.microsoft.com/en-us/library/ms793580.aspx. Ich war neugierig, ob sich bei Dir der SATA-Chipsatz/Treiber dort 'verewigt' hat - in dem Fall hätte ein sehr konkreter Verdacht für eine Wechselwirkung bzw. Unverträglichkeit zwischen dem SATA-"Minifilter" und der avgntflt.sys bestanden. Allerdings zeigt Deine Auflistung nur die üblichen Windows7-Komponenten. Der Anlass für meine Frage war, dass ich kürzlich in einem ähnlichen Fall an dieser Stelle tatsächlich Einträge für einen SiS-SATA-Chipsatz gesehen habe ("sifilter") - dieser Verdacht hat sich ja aber in Deinem Fall nicht bestätigt.
      --------------

      Hier die Infos zum SATA-Treiber (normaler AHCI, kein RAID, kein native IDE!):


      AMD SATA-Treiber: amdsata.sysAMD AHCI Treiber 1.2Version, die timeouts und Hänger produziert:Version 1.1.0.1 vom 22.04.2009 (Microsoft Zertifikat)Version, die funktioniert:Version 1.2.0.125 vom 28.04.2009 (Microsoft Zertifikat)Board: Gigabyte GA-MA770-UD3 (rev. 2.0)Prozessor: AMD Phenom II X4 955Windows 7 Ultimate 64bit8 Gigs RAMDer Treiber ist der passende Chipsatztreiber von der Gigabyte-Homepage für das Board.
      ====================

      Wie man ein avgntflt.sys Problem lösen kann
      Eine avgntflt.sys Fehlermeldung wird meist direkt vom Windows Betriebssystem ausgegeben. Beispiele für avgntflt.sys Fehler sind:

      • avgntflt.sys hat ein Problem festgestellt und muss beendet werden. (Windows XP)
      • AVIRA Minifilter Driver funktioniert nicht mehr - Es wird nach einer Lösung für das Problem gesucht... (Windows 7, Vista)
      • AVIRA Minifilter Driver funktioniert nicht mehr - Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. (Windows 7, Vista)
      • avgntflt.sys verursachte eine allgemeine Schutzverletzung in Modul einer Komponente.
      • avgntflt.sys ist keine gültige Win32-Anwendung.
      • avgntflt.sys - Fehler in Anwendung: Die Anweisung in "x" verweist auf Speicher in "x". Der Vorgang "read" konnte nicht auf dem Speicher durchgeführt werden.
      • avgntflt.sys - Kein Datenträger: Es befindet sich kein Datenträger im Laufwerk.
      Lösung:

      1. Nutzen Sie die TuneUp Utilities um die Ursache des Problems zu finden. Oft hilft das schon.
      2. Aktualisieren Sie AVIRA Minifilter Driver. Updates finden Sie auf der Webseite des Herstellers (siehe nächster Abschnitt).
      3. Informieren Sie sich in den folgenden Absätzen, was avgntflt.sys macht.

      =============

      Was ist die avgntflt.sys Datei?

      Die AVIRA Minifilter Driver Datei ist Teil der Software Avira AntiVir PersonalEdition oder Avira Premium Security Suite oder AntiVir Workstation. Der Hersteller der Software ist Avira GmbH.
      Hintergrund: avgntflt.sys befindet sich in einem Unterverzeichnis von "C:\Programme". Weitere Dateigrößen sind 48,448 Bytes (66% aller dieser Dateien), 52,032 Bytes.http://www.datei.info/was_ist/avgntflt_sys.html 
      Dieser Treiber kann in der Systemsteuerung/Verwaltung/Dienste gestartet und beendet werden. Er läuft unabhängig vom Benutzer und ist für Zugriffe der niedrigen Hardware-Ebene zuständig. Das Programm ist nicht sichtbar. Sie ist von Verisign digital signiert. Diese Datei ist von einer zentrale Signatur-Stelle signiert. Sie ist nicht Teil des Windows Betriebssystems. Deshalb halten wir die Datei zu 8% als verdächtig. Lesen Sie jedoch auch die folgenden Anwender Kommentare.
      Die Datei avgntflt.sys ist zu 8% verdächtig, wenn sie sich im Verzeichnis C:\Windows\System32\drivers befindet. Die Dateigröße ist hier 55,640 Bytes (75% aller dieser Dateien), 55,656 Bytes. Das Programm ist nicht sichtbar. Sie wurde von Verisign digital signiert und ist vertrauenswürdig. avgntflt.sys hat eine digitale Signatur. Sie ist nicht Teil des Windows Betriebssystems. avgntflt.sys könnte eine gepackte Datei sein.
      Oftmals benutzen Trojaner bekannte Dateinamen um im Task-Manager unverdächtig zu erscheinen. Diese verursachen dann Systemfehler aufgrund stümperhafter Programmierung. Mit Programmen wie den Security Task Manager stellen Sie fest, ob Ihre avgntflt.sys Datei die Original-Datei ist.