Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Friday, May 25, 2012

Troubleshooting software


For monitoring CPU temps but it overclocks too, stay away from overclocking untill your system is rock solid stock. 
[Download AMD OverDrive™ 3.2.1]
Use Speedfan to interrogate the motherboard sensors. Check the temperatures and clean out all your fans. There is also voltage sensors which will tell you if there is a power supply fault
install HWMonitor
Stell mal unter WIN "Energiesparmodus" auf "Höchstleistung"
evtl. im BIOS C & Q auf disabled -
 Auf dem NT stehen die Amperewerte (A) vom NT für die +12V-Leitung(en)
Wechsel das Datenkabel der Festplatte / LW
run  "dxdiag"
SATA-Port der Festplatte kontrollieren ( AHCI-Modus ?)
"C1E" Support im BIOS auf disabled ?
ASUS Core Unlocker = disabled ?
Ist ein "HUB" angeschlossen - wenn JA, ziehe den mal ab -
"CPU Load Line Calibration" = disabled 

Seatools  a diagnostic tool by Seagate. Download Seatools for DOS and run it from a bootable CD.
And there is a Windows version of Seatools. Try it!
DPC Latency Checker ( , if you are running Nvidia Forceware those can cause a latency issue and mess up the audio.

Don't frorget (as administrator) you should install:
Microsoft Visual C++ 2005 Redistributable Package (x64)
Microsoft Visual C++ 2008 Redistributable Package (x64)

AMD series 8xx driver not found

Windows 7 X64 SP1
Asus M5A88-M
RAID drivers not found!
IDE drivers not found? What The FUCK??
Asustek MoBo with AMD chipset has not (certified) drivers?
Using Acronis TI 2011 with Universal Restore to image to the different MoBo (Asus M5A88-M) and as simple ide installation (no RAID in BIOS)
IDE or AHCI Is useless
At the end of the restore:
Device driver 'PCI\VEN_1002&DEV_4390&SUBSYS_84431043&REV_40' for Windows 7 cannot be found.

error 10138: Driver not found during restore
Anyway -Restart and then BSoD 0x00000007b
Acronis Universal Restore instructions 
Windows can not repair that 
error =0x490
I t seems tht a basic IDE driver is not embedded for the SB chipset 880 or 850
This is from the HWID text file:
    Name: Standard Dual Channel PCI IDE Controller
That's IDE emulation mode at BIOS.
A plain XP Installation CD does support this. No need to add drivers

Cebaehren' solution possibilities
eventually unpack the exe files with Universal Extractor v 1.6 and use the adecuate cat - inf - sys files to install thedrivers for graphic and SATA (RAID or AHCI)
Don't forget the changes in BIOS! 
or try:
after OK.. use OverDrive 

Stop 0x0000000e

If you get error "0xc00000e : Can't run WINLOAD.EXE" after restoring a Windows7 image. with clonezilla
  1. Boot with the Windows7 DVD
  2. Choose the Repair option
  3. Reboot the repaired Windows7  ??WTF??
  4. Remove all entries in the Registry HKLM\System\MountedDevices\ except Default
  5. Reboot with CloneZilla to make a new image
  6. Restore the new image: You should now be able to boot Windows7

Thursday, May 24, 2012

Sync v2.0

UNIX provides a standard utility called Sync, which can be used to direct the operating system to flush all file system data to disk in order to insure that it is stable and won't be lost in case of a system failure. Otherwise, any modified data present in the cache would be lost. Here is an equivalent that I wrote, called Sync, that works on all versions of Windows. Use it whenever you want to know that modified file data is safely stored on your hard drives. Unfortunately, Sync requires administrative privileges to run. This version also lets you flush removable drives such as ZIP drives.
Using Sync
Usage: sync [-r] [-e] [drive letter list]
-rFlush removable drives.
-eEjects removable drives.
Specifying specific drives (e.g. "c e") will result in Sync only flushing those drives.

Download Sync(40 KB)

Wednesday, May 23, 2012

System reserved partition in NT6.x

The 100mb of repair tools quite useful lately when the host drive's installation ran into a problem where Windows would stall at the logo screen. The automatic startup repair tool came to life on it's own plus the option to restore a system image created.
Note when originally partitioning the drive using GParted the separate 100mb section was never created. Instead the repair tools were somehow packed into the solid C primary. When partitioning the drive using the Windows drive tools during the installation however you see the 100mb section created.
Apparently using a 3rd party partitioning program is another option if you do not want the 100mb section created from the start. The image here shows hows the host drive looks in the DM without the 100mb being seen.
Having the repair tools already on the drive however can eliminate the need for the Seven dvd when a problem comes up. Just something to pass along here.
Attached Thumbnails
System Reserved Partition - Delete-host-hd-no-100mb.jpg  

When you are first installing 7 on a new drive or one previously wiped no longer seeing a primary you would be using the MS drive tools options found on the dvd there. You will also note the 1-8mb of unallocated drive space for changing between the Basic type of volume used mainly on desktops or the Dynamic for server geared.
The MS drive tools also prepare the 100mb reserved as part of the installation for 7 to include the repair tools. When the drive is already seeing an active primary as you are pointing to the installer still places the repair tools tucked away at the beginning of the existing primary eliminating the need for the separate 100mb section.
I had initially been wondering if the repair tools wouldn't be available until seeing the startup repair come up while trying to debug a sudden hardware or lack of hardware detection problem. Suddenly no internet, no tuner card available, and the sound went out?
When interrupting a restore point the startup repair tool suddenly stepped in showing that the Windows installer still sucessfully placed them on the drive without the need for the 100mb taken away. The concern when removing the 100mb section when not having a 7 dvd would be the need to burn a repair cd with 7 fortunately now seeing that option included!
The 3 cards were simply removed and reseated to suddenly hear ping, ping, ping "you must restart to see the changes put into effect"! when the system was started afterwards. Windows 7 again solved it's own dilemna with the fresh detection as well as seeing the repair tools onhand having used a 3rd party drive tool.
For those who want to reclaim the 100mb of drive space be sure to burn a repair cd to have onhand since that can also save on handling the 7 dvd itself as well as for those not having one in the case of 7 being preinstalled. For those about to install 7 on a bare drive and want to avoid the 100mb being taken then the use of a 3rd party drive tool is something to consider as well.  --Night Hawk
System Reserved Partition - Delete
1. Boot from your installation or repair disc.

2. When you get to the language screen, press Shift+F10.
System Reserved Partition - Delete-capture1.png
3. Enter  
list disk
(after diskpart is loaded)
System Reserved Partition - Delete-capture2.png
4. Enter
select disk
{Windows disk number}

System Reserved Partition - Delete-capture3.png
5. Enter 
list partition
select partition {100MB partition number}
System Reserved Partition - Delete-capture4.png
6. Enter
delete partition override

7. Enter  

select partition {Windows partition from step 5}
System Reserved Partition - Delete-capture5.png
8. Close the command prompt.
We have deleted the partition, and Windows will be unable to boot at this point. Now it is time to write a new boot loader and BCD to the Windows partition.
-----------------------------------Q. But wouldn't
bootrec /fixmbr as step 7A write out a new boot record and eliminate the need for step 9?
A. Possibly, but that wouldn't rebuild the BCD.
Of course, you could also run
bootrec /rebuildbcd
but I trust startup repair more.
Bootrec command is the fastest way to get rid of GRUB's multiple boot menu when you want to unload Ubuntu - just rebuilt the MBR and then went in under Windows 7 and deleted the partitions.
9. Follow the instructions in Brink's tutorial for  
Running a startup repair.
1. Boot to the System Recovery Options screen using your retail Windows 7 installation disk or system repair disc.

2. Select the Startup Repair option. (See screenshot below)
Startup Repair-repair.jpg
3. Startup Repair will now scan your computer to attempt to find and fix any startup problems. (See screenshot below)
NOTE: Startup Repair might prompt you to make choices as it tries to fix the problem, and if necessary, it might restart your computer as it makes repairs. If repairs are not successful, you'll see a summary of the problem and links to contact information for support. Your computer manufacturer might include additional assistance information.
Startup Repair-startup_repair-1.jpg
4. If problems cannot be found, then click on Next. (See screenshot below)
NOTE: You can click on the View diagnostic and repair details link to see a detailed summary of what Startup Repair has done.
Startup Repair-startup_repair-2.jpg

A) Click on the Restart button to return to the Windows 7 log on screen. (See screenshot below step 2)
Tip   Tip
Sometimes it may take running a startup repair a few (3) times before it fully fixes the startup issue.
You will need to extend your C partition to include that space. The Windows Disk Management tool cannot extend space to the left of the volume, so you'll need to use a third-party tool. I recommend Partition Wizard Free Edition:
Magic Server Partition Manager Software - Resize partition for Windows Server 2003, 2008 and 2000.
Using Partition Wizard, right-click on the C partition, and select Move/resize. Then drag the edge of the box to the left, to include that unallocated space.
When you're done, be sure to select Apply actions.
I thought the 1MB indicated a dynamic disk. If unfortunately your disk is dynamic.
It should be made "Basic" again.
See this tutorial
Convert a Dynamic Disk to a Basic Disk
Using free Partition Wizard 4.2 (NOT free 5.2) is the easiest way to convert and retain your data.
Note: Back everything up. Anticipate the worst when you do any partition operation.
PW 4.2 link courtesy JK.

RAID -AMD 8/9 series chipset and Seven x64

O. Saucedo's hardware:
Asus M5A88-M
AMD FX1600 X6
2 Maxtor 500GB SATA as RAID1
1 Seagate 500 GB SATA as provisional DATA drive
1 DVD SATA drive
64bit AMD RAID drivers not recognised
The Win7 RC x64 ("clean") install setup process does recognise all drivers offered via diskette, USB-stick or CD-ROM if you un-tick the box "search for signed drivers only" on the 3rd-party driver installation selection page.
After that, it displays and loads the drivers of your choice - eg Vista x64 AHCI/RAID (AMD) drivers and resumes the installation process. However, at 1st reboot in AHCI mode it stops with an error message indicatng that it couldn't load "unsigned drivers" .
This happens with the latest ASUS and AMD/ATI x64 drivers - they're obviously "unsigend" to Win7 x64, but work flawlessly with Vista x86 and x64.
In due course, the only way to go is to install Win7 RC x64 in IDE mode - no AHCI, no RAID. 
There might be a slim chance to get AHCI / RAID up and running by activating Microsoft's generic Msahci driver subsequently (after IDE install) via registry tweak and then boot in AHCI mode, but I haven't tried this yet.  
My hardware:
ASUS M3A 78 Pro
AMD Phenom x4 8850 BE 3.0 GHz
4 GB RAM (DDR-2 800 MHz CL5)
4 SATA HDD's (single drives, no RAID)
2 SATA optical drives (DVD ROM/RAM)
ASUS/ATI EAH3450 Graphics
Onboard Graphics enabled with "Hybrid Crossfire"

It is a pity that there are not even Win7 OEM mobo maker drivers available yet for the AMD SB/NB chipset integrated storage controllers. That's very basic / essential stuff!  
I didn't expect to run into any such show-stoppers with Win7 RC x64, decided to use it from now on and then buy the "Ultimate" version immediately upon availability, but under said prohibitive circumstances this isn't a good idea. 
I might give it another try during the next two weeks - if there's no driver support improvement by then I'll stick with Vista x86 and wait another year until there are more mature / versatile LINUX versions available out there.
thanks for this info. You're lucky to have Gigabyte XP x64 chipset drivers which are OK for Win7 RC. Unfortunately, the equivalent ASUS XP x64 drivers are not - they're exactly the same as the Vista x64 drivers (!), 100% identical and "unsigend", and there are no Win7-compatible AMD/ATI "generic" chipset (AHCI/RAID) drivers available yet.
Definitely not Microsoft's fault but a grieveous nuisance anyway.   
The SB950 chipset was released in 2011, so is unlikey to be included in the core win7 release
AHCI chipset drivers were released far earlier
You might get further adivce re the SB950 chipset / raid driver and the apparent 'unsigned issue' if you were to post to MSDN Technet
Personally I wouldnt recommend using either AHCI raid or the motherboard chipset AMD RAID drivers, from experience I have seen to many problems caused when using software raid, from raid going out of sync, to in the worst case loss of data. I've seen this happen with various motherboards.
If you want to use raid buy a dedicated hardware RAID card, a decent one will cost some $350

When Windows is asking for driver, just click Cancel. You will be brought back to the welcome screen. At the welcome screen, remove your USB drive, insert it back to DIFFERENT USB PORT. Click Install Now again. The installation process will be like usual.
This problem happened to all new version of updated Windows 7 installer. I think, it is due to failure of Windows installer to remain its detection to the USB drive. It lost the connection, and became confused, don't know where to find the USB drive it used to read before.
When we re-insert the USB drive, Windows installer will detect the USB drive back, and continue like usual.
Windows 7 cannot install 64 bit AMD RAID driver
Some skill is necessary since it is a bit complicated. The component to make this work is an extra harddrive not essential to setting up the RAID array. I assume that you have a bootable Windows 7 x64 install, if not, do a fresh install to a single harddrive and follow these instructions:

1. Install the Windows 7 x64 RAID driver for your motherboard and re-boot.
2. Install the harddrives to be used for the RAID array.
3. Set the desired RAID array (0/1/5/10) up in your BIOS.
4. Boot into Windows 7 x64, making sure the RAID array is recognised.
5. Clone the bootable Windows 7 x64 harddrive to the RAID array.
6. Re-boot making sure you select the RAID array as boot device.
7. You now should have a bootable Windows 7 x64 RAID (0/1/5/10) array.
8. Add the original hard-drive to the RAID array if desired.
9. Enjoy

The problem with doing a fresh install of Windows 7 x64 to a RAID array is the driver signing required by Microsoft for the x64 RAID driver install. This is not present for the x86 RAID driver install, which can be done with ease. The Windows 7 x64 driver can be installed without a problem once Windows 7 x64 have been installed to a single hard-drive. Now you just have to clone this bootable hard-drive to the RAID array! Hope this helps.
On boot windows complains that the Bchtsq64.sys file does not have a valid driver signiture (although it was the one on the disk) and the only way i could install and boot into Windows 7, is to hit F8 and dissable the driver signiture on boot option, i have scanned the forums and found that this seems to be a common problem with MS 64bit OS and AMD boxes, most of the forums suggested a bios update, which i have done or downloading a newer version of that file and replacing it, whic hbrings me on to the other annoying issue, i know where that file is stored and where to copy it to, but for some reason, not even the local administrator has access to the folders under system32, which stops me replacing the file and seeing if the box will boot, i know there is a repair function on boot, but that does not detect my SATA disk controller and i need to use drivers off a usb stick before i can see my disk.
I belive the
MB you mentioned is M4A78T-E. The latest RAID Controller driver of this MB is released on 2009/07/22.
Try to download install this RAID Controller driver for windows 7 64bit  from the Asus website:

 1.  Open the following link:
2. On left panel,   type in “Download” section, then click Search Info button.M4A78T-E
3. Click , select  your operating system.M4A78T-E
4. Click “Others”, download “AMD AHCI Compatible RAID Controller Driver” and then save it into USB stick.
5. When installing windows 7, please locate this driver to install RAID Controller Driver.
The facts:
Motherboard: Asus M3A78-EM; BIOS rev. 2701
On Board RAID Controller: ATI SB700
System: Windows 7 Ultimate 64bits
Disk0: 500 GB System disk
Disk1: 1 TB data1
Disk2: 1 TB data2
Disk1 and Disk2 are hardware identical
All disks are connected through the SATA interface ('SATA Operation Mode' is set to 'SATA' in BIOS).
System is running perfectly...
What I wanted tot do:
Contunue to use W7 on my system disk (so no new W7 install)  and make Disk1 and Disk2 a RAID1 Logical Disk and use this under W7 as secure data-storage.
What I did:
I change in BIOS the 'SATA Operation Mode' from 'SATA' to 'RAID'; restart te system; use the 'AMD Onboard RAID FastBuid Utility' to configure Disk1 and Disk2 in RAID1 Logical Disk and reboot the system.
 Then Windows 7 fails to boot; is stops during the display of the 'Windows Logo'. Rebooting with a W7 Repair disk works (the system boots up from the DVD) but installing RAID drivers won't work (after a minute of starting the install function an error message is displayed "driver install failed")
Maybe I'm looking at the wrong drivers or maybe there is something else I've missed...

Monday, May 21, 2012

Low transfer rate for USB 2.0 disk

If you use a AsRock MoBo, look for the XfastUSB.exe utility and install it --cebaehreen
Howto: Fix Slow USB 2.0 file transfer on Windows XP
USB storage devices can be optimized for either quick removal or performance.  If optimized for quick removal, data transfer can potentially be reduced to a crawl. 
To optimize your USB drive for performance: 
  1. Right click on the USB drive and select properties
  2. Select the Hardware tab
  3. Under All Disk Drives, highlight your USB drive and select Properties
  4. Select the Policies tab and select Optimize for performance.
  5. Press OK twice, and your transfer speeds should increase dramatically
Note that when your drive is optimized for performance you’ll need to use the Safely Remove Hardware icon in the taskbar to eject the drive – otherwise you’ll risk corrupting your data by just removing the drive from the port.
Windows 7 Easy Transfer (for windows XP 32b)
Windows 7 Easy Transfer (Windows x64) 

What is USB 2.0?
Finalized in 2001, Universial Serial Bus (USB) 2.0 is a complete overhaul of the Universal Serial Bus input/output bus protocol which allows much higher speeds than the older USB 1.1 standard did. The goal of the new serial bus is to broaden the range of external peripherals that can be used on a computer. A hard drive can easily hit the USB 1.1 bottleneck whereas it now becomes more 'usable' under USB 2.0 conditions.
For those people who found us via search engines, USB 2.0 should neither be called 'USB2' nor 'USB 2'.
What happened to USB 1.1?
USB 1.1 allowed a maximum transfer rate of 12Mbits/second. It is now obsolete, but both of its speeds (1.5Mbps & 12Mbps) are being adopted into USB 2.0, and they are now called Original USB officially. Though some manufacturers label their products Full-Speed USB. Note that this seems a bit deceptive as it's easy to mistake Full-Speed for Hi-Speed. You won't be fooled from now on as you now aware that Full Speed USB is only 12Mbits/second where Hi-Speed USB mode is capable of a much faster 480Mbits/second.
Traditionally, USB mice and keyboards only need 1.5Mbps to function; exceptions are gaming mice and keyboards that require 12Mbps. These higher-end gaming products send way more location feeds thru USB; hence, more bandwidth is required. Generally, the performance levels (1.5Mbps & 12Mbps) are grouped under 'Original USB' by the USB Promoter Group.
The logo shown on the right is authorized by the same organization to the vendors for use on their products should they passed the compliance tests.
How do I know if my PC has USB 2.0?
You can identify whether your PC has Hi-Speed USB or not relatively easy. Open Device Manager and expand the Universal Serial Bus section. There should be an "Enhanced" USB host controller present.

Windows 98 systems may use a different name, because Hi-Speed USB drivers in these operating systems are not provided directly from Microsoft (Windows ME, 2000 and XP get their drivers through Windows Update). These drivers are provided by the manufacturer, and may carry the maker's name (i.e. ADS, Belkin, IOGear, Siig, etc.). There should also be two "standard" version USB host controllers present as well. They are embedded in the USB chip which routes the differing USB speeds accordingly without user intervention.
There are currently 7 manufacturers of the Hi-Speed USB host silicon themselves:
  • ALi (Acer Labs)
  • Intel
  • NEC
  • SiS
  • VIA
  • nVidia (shows as "Standard" controller)
  • Philips
Any other brand name that appears in Device Manager would likely be an add-in Hi-Speed USB PCI card. The makers above do not make add-in cards, but they do make the chips that are used in them. Q: Do you need USB 2.0?
Q: How do I know I plug in a Hi-Speed USB device?
Q: How does USB 2.0 handle today's applications?
Q: How does USB 2.0 and 1.1 work together?
Q: How does a USB hub slow down devices?
A USB hub has to re-calculate the time left before the next sof (end of the uframe); the small extra delay added by the hardware hub could make the transaction not handled as fast as a device directly connected to the host. If several devices are connected on the USB hub and working in parallel (for example, a webcam + a USB flash drive + a mouse), then the USB bandwidth is shared among the devices usage.

 Howto: Fix Slow USB 2.0 file transfer on Windows XP
Windows Easy Transfer for Windows XP

MyStart by IncrediBar
How Did I Get Infected With MyStart by IncrediBar ?
MyStart by IncrediBar and badware just like it commonly end up on your computer due to the following causes. You will need to uninstall MyStart by IncrediBar if you think you’re infected:
  • Freeware or shareware: Many times freeware or shareware is secretly bundled with spyware. It is how the developers earn money for the time they spent. It’s a sneaky, but it’s fairly common.
  • Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for mistakenly downloading an infected file, including software like MyStart by IncrediBar .
  • Questionable websites: Malicious or questionable websites can install programs such as MyStart by IncrediBar through security holes and automatic downloads, such as video codecs. If you feel your browser is unsafe, consider using the newest version of Mozilla Firefox, Google Chrome, or Internet Explorer.
What are Common Signs of MyStart by IncrediBar Infection?
  • Slow Computer Performance
  • Annoying Pop-Ups
  • Taskbar Warnings
  • Strange new icons and desktop backgrounds
  • Internet Browsing Re-directs and Hijacks
  • System Crashes
  • High Pressure Marketing Tactics to "Purchase Full Version" of software
  • You will receive phony alerts such as "Spyware Alert! Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of MyStart by IncrediBar and remove spyware threats from your PC."
How Do I Remove MyStart by IncrediBar ?
How to remove MyStart by IncrediBar : There are two methods. The manual way and the automatic way. First – if you want to try and remove it manually (and I only recommend this to IT Professionals!) you must disable all related system processes, adjust all related system DLL files and registry files in the LOCAL_HKEY_USER folder, block all related websites, and delete all program files with the MyStart by IncrediBar name.
MyStart by IncrediBar Manual Removal Instructions:
Remove MyStart by IncrediBar Registry Keys:
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 “C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll” HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} “[trojan name] Toolbar” HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID “[trojan name]IEHelper.UrlHelper” HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID “[trojan name]IEHelper.UrlHelper.1″ HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class” HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCLSID HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1 HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar “[trojan name] Toolbar” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} “[trojan name] Toolbar”
Remove MyStart by IncrediBar Files and Folders:
%AppData%[trojan name]toolbarcouponscategories.xml %AppData%[trojan name]toolbarcouponsmerchants.xml %AppData%[trojan name]toolbarcouponsmerchants2.xml %AppData%[trojan name]toolbardtx.ini %AppData%[trojan name]toolbarguid.dat %AppData%[trojan name]toolbarlog.txt %AppData%[trojan name]toolbarpreferences.dat %AppData%[trojan name]toolbarstat.log %AppData%[trojan name]toolbarstats.dat %AppData%[trojan name]toolbaruninstallIE.dat %AppData%[trojan name]toolbaruninstallStatIE.dat %AppData%[trojan name]toolbarversion.xml %Temp%[trojan name]toolbar-manifest.xml
Note: In any MyStart by IncrediBar files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual MyStart by IncrediBar removal, go ahead and leave a comment.
How to delete MyStart by IncrediBar files in Windows XP and Vista:
  1. Click your Windows Start menu, and then click “Search.”
  2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
  3. Type a MyStart by IncrediBar file in the search box, and select “Local Hard Drives.”
  4. Click “Search.” Once the file is found, delete it.
How to stop MyStart by IncrediBar processes:
  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find MyStart by IncrediBar processes.
  4. Once you’ve found the MyStart by IncrediBar processes, right-click them and select “End Process” to kill MyStart by IncrediBar .
How to remove MyStart by IncrediBar registry keys:
warningWarning! Your registry is a vital key to your Windows system. If you plan on making any edits to your registry, you absolutely must backup your registry first in case anything goes wrong. Be forewarnd that a mistake when editing your registry can result in a computer that no longer boots up. These instructions are designed for IT Professionals and PC Experts.
  1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
  2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
  3. To find a registry key, such as any MyStart by IncrediBar registry keys, select “Edit,” then select “Find,” and in the search bar type any of MyStart by IncrediBar ’s registry keys.
  4. As soon as MyStart by IncrediBar registry key appears, you can delete the MyStart by IncrediBar registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete MyStart by IncrediBar DLL files:
  1. First locate MyStart by IncrediBar DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
  2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the MyStart by IncrediBar DLL file is located. If you’re not sure if the MyStart by IncrediBar DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
  3. When you’ve located the MyStart by IncrediBar DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
If you wish to restore any MyStart by IncrediBar DLL file you deleted, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and hit the “Enter” key.
Did MyStart by IncrediBar change your homepage?
  1. Click Windows Start menu > Control Panel > Internet Options.
  2. Under Home Page, select the General > Use Default.
  3. Type in the URL you want as your home page (e.g., “”).
  4. Select Apply > OK.

MyStart by IncrediBar Removal in 10 Minutes:

Sunday, May 20, 2012


Before you try to run your old RAID 0 on a new chipset ... I'd make a preemptive backup of everything your hoping to keep. 
Its possible that Linux dmraid could support your raid on a non compatible motherboard with the drives in non raid mode.
Use a live CD / DVD (OpenSuSE, ubuntu or gparted)
Raid Data Recovery Software Raid To Raid
raid_data_recoveryProblems with a raid are often very hard to fix for inexperienced users. There are quite a few things that can go wrong when operating raids which include hard disk failures or having to replace the raid controller because of a dead motherboard or new computer system. Raid To Raid is a very versatile software program that can be used for raid data recovery and more. Its main purpose is to get the raid operational again after switching to another raid controller.
The raid software can mount a raid even if the motherboard chipset or raid controller has changed. It is even possible to accommodate existing raids on computer systems that do not offer a hardware based raid controller.
The raid data recovery software supports raid arrays of the following types: Raid 0 (JBod, Stripe), Raid 1 (Mirror), Raid 5 (data recovery mode if single disk is missing or corrupt), Raid 10 (Raid 0+1) plus software based raids and Windows dynamic discs (simple, span, strip, mirror and raid 5). The raid software supports the fat, ntfs, ext2 file systems plus classic and gpt partition styles introduced in Windows Server 2008.

NVIDIA-based Motherboard Family for AMD

nVidia doesn't make chipsets anymore. I wonder if there are any newer motherboards that are compatible with the old nForce chipsets.
Not easily; the metadata format stored in last sector on each HDD is incompatible between brands. You should get the data off first and backup it somewhere safe, then create a new array and copy it back.
If you made a RAID1 you can simply break the array and connect one of the disks to a non-raid controller.
If your motherboard broke or you don't want to connect to your old motherboard, then you can access/read/recover the RAID using Ubuntu Linux livecd. If you want to try that, simply download Ubuntu and boot it up, having your disks connected to a non-RAID controller (i.e. set controller type to AHCI or IDE not RAID in the system BIOS). Let me know if you require more help on this. 
This is one of the disadvantages of onboard RAID. If the board breaks you have to get another board with that chipset to read the data.
Try to find an old board with NV RAID or read and find out if any of the newer Nvidia chipset ones are backwards compatible.
- For the Nforce4 array: Nvidia offical tech support said that all new NVIDIA RAID controllers (both NFORCE/GEFORCE) are backwards-compatible with legacy controllers like the NFORCE4 Ultra, so in theory, a new one should "understand" the RAID array coinfiguration metadata stored on the disks, and no information would be lost. This is as long as the RAID BIOS version of both old and new MB is 9.xx...

The problem with hardware RAID (Redundant Array of Inexpensive Disks) is that a particular set of drives is intrinsically tied to the controller that operates them. This means that when switching from one hardware controller to another, you'll have to copy all of the data onto another storage device, disconnect the drives from the old controller, plug them into the new one and build an entirely new blank array on the new controller. This is a lot of work, and it requires an amount of extra storage equal to what the original array contained, as well as reinstalling the operating system to support the new hardware.


  1. Backing up the Old Array

    • 1Connect the external storage device(s) to the computer.
    • 2Copy the contents of the old array onto the external storage. This will probably take several hours, depending on the size and the amount of data stored on the array.
    • 3Turn off the computer once the file copy has been completed.
    • 4Disconnect the RAID drives.
    • 5Remove the old motherboard.

    Creating the Blank Array

    • 6Install the new motherboard into the machine. Make sure that all the necessary power and data connections have been attached.
    • 7Connect the hard drives to the ports for the RAID controller. Consult the motherboard manual for specifics, as these will look like the same as any normal, non-RAID Serial ATA ports that the motherboard may possess.
    • 8Consult the motherboard for the key combination that will start the RAID configuration BIOS program. Alt-F12 is a common one, but this varies widely.
    • 9Boot the computer, and when the RAID boot screen appears, press the key combination.
    • 10Configure the RAID array.

    Installing the Operating System and Restoring the Old Data

    • 11Install the operating system in the typical manner.
    • 12Install the drivers for the RAID controller that came with the motherboard.
    • 13Attach the external storage device(s).
    • 14Copy the data onto the new array.

Tips & Warnings

  • If your RAID controller is not integrated onto the motherboard (i.e, it is an add-on card), it may be possible to simply move the original array intact to the new motherboard.
  • If your RAID array is a simple mirror (RAID 1), it may be possible just to move one of the old hard drives onto the new array and re-mirror it as appropriate.
  • Any data on the old array that is not backed up will be permanently lost when you configure the new array, so make sure that everything has been backed up.

Saturday, May 19, 2012

Asus M5A88-M

M5A88-M  and Kingston RAM

Kingston ValueRam 4GB 240-pin DIMM Kit (1x 4GB)
Kingston datasheet (PDF) available

Part #: KVR1333D3N9/4G • DDR3-1333 / PC3-10600 • CL9 • 1.5V • more info
Brand: Kingston more info about Kingston brand memory
Kingston datasheet (PDF) available
Speed: DDR3-1333 / PC3-10600 more info
Technology: DDR3 SDRAM
CAS Latency: CL9
Voltage: 1.5V
Form Factor: 240-pin DIMM
Series: ValueRam
Warranty: Lifetime†
RamCity guarantee the above Kingston 4GB ValueRam 240-pin DIMM is fully compatible with your ASUS/ASmobile M Series Motherboard M5A88-M.
This is a genuine Kingston component, and is backed by a Lifetime† replacement warranty against defects.
Many other memory module companies use a generic module for a variety of systems, and may encourage you to purchase a cheaper module for your system. Kingston takes design to a higher level and manufactures system specific memory.
This means the design is customized to meet the strict memory specifications that ASUS/ASmobile insist upon. The design is fine-tuned to match the timing of the M Series Motherboard M5A88-M model, to reduce noise and heat, and allow for the most efficient communication between the memory and the CPU. Kingston also tests the module in the system using popular applications, operating systems and the original equipment manufacturer's diagnostic program.

Wednesday, May 16, 2012

Port knocking

Formatos compatibles con Mac Os X

MacOs Plus, Este formato es compatible con todas las características avanzadas que necesita el MacOs X como son los nombres de archivo Unicode, los permisos Posix, los metadatos enriquecidos,…

MacOs Plus (con registro): Es el formato por defecto del Mac Os X. Deriva del anterior pero además añade el registro de sistema de archivos avanzado para mantener la integridad de la estructura de los volúmenes, de modo que si ocurre un corte del suministro eléctrico o un problema grave en el sistema, se podrá verificar la integridad del volumen gracias a ese registro creado.

MacOs Plus (mayúsculas/minúsculas): El sistema diferencia entre mayúsculas y minúsculas. Básicamente significa que reconocerá “Archivo” y “archivo” como el mismo archivo y no como diferentes, que es lo que ocurría antes. Sin embargo, esta opción es más conveniente para volúmenes muy grandes al estilo de los utilizados para MacOs Server.

Sistema de archivo UNIX (UFS): Este tipo de formato ha dejado de ser compatible como volumen de arranque con las versiones de Mac Os X 10.5

FAT32: Viene heredado de Windows y es utilizado en muchos periféricos. Hay que avisar que MacOs X no puede iniciarse desde un volumen con este formato, aunque la aplicación BootCamp es compatible con la ejecución de Windows XP desde este tipo de volúmenes. También es reseñable que este formato no permite manejar con comodidad archivos mayores a 4 GB de tamaño.

NTFS: formato nativo de Windows XP y Vista. Como ocurre con el FAT32, MacOs no puede arrancar desde él y la Utilidad de Discos no es compatible con la creación de estos volúmenes. Bootcamp sin embargo es perfectamente compatible para ejecutar las anteriores versiones de Windows reseñadas.

Monday, May 14, 2012

Unable to Remote Desktop to Windows 2003 Server

Do a remote shutdown "shutdown /r /t 10 /m \\computername"
I have seen this problem after patching here recently. and either I have to reboot the machine at the console or I have to do the remote shutdown indicated previously.
Do this:
- ping the RD host by its IP address to ensure that it is correct.
- ping the RD host by its name to ensure that it can be resolved.
- run telnet to check if the RD port is open, e.g.
telnet MyServer 3389  

How to Enable Remote Desktop Connection

You are running wireshark on the 2003 server, yes? That will tell you that
the tcp packets are arriving on the interface you selected destined for port
3389 and their content, nothing more.
  On the client it says unable to connect to RDP.
This indicates that RDP is either not running on the server, not listening
on tcp port 3389, not configured to accept connections from the client, or
that a firewall is blocking. You state that firewall is disabled, so that
narrows it to 3 potential causes.
Short of rebuilding the server are there any options or troubleshooting steps i should take?
If it's listening on port 3389 then you know that it's just not allowing
access to that client. If it's listening on a different port then you know
that piece of information as well. I use the following free application to
get familiar with my machine:
  fport /p
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
Pid Process Port Proto Path
428 svchost - 135 TCP C:\WINNT\system32\svchost.exe
8 System - 139 TCP
8 System - 445 TCP
588 MSTask - 1025 TCP C:\WINNT\system32\MSTask.exe
8 System - 1027 TCP
624 svchost - 3002 TCP C:\WINNT\System32\svchost.exe
624 svchost - 3003 TCP C:\WINNT\System32\svchost.exe
624 svchost - 3004 TCP C:\WINNT\System32\svchost.exe
14004 putty - 3227 TCP D:\security\putty.exe
7044 MailWasher - 3535 TCP
14848 firefox - 3646 TCP D:\Mozilla\Firefox 3.0\firefox.exe
14848 firefox - 3647 TCP D:\Mozilla\Firefox 3.0\firefox.exe
14848 firefox - 3648 TCP D:\Mozilla\Firefox 3.0\firefox.exe
14848 firefox - 3649 TCP D:\Mozilla\Firefox 3.0\firefox.exe
10764 putty - 3705 TCP D:\security\putty.exe
13672 ePrompter - 4494 TCP D:\ePrompter\ePrompter.exe
8312 terminal - 4571 TCP
1408 jusched - 4754 TCP C:\Program
1408 jusched - 4755 TCP C:\Program
1008 WinVNC - 5900 TCP
1432 Proxomitron - 8080 TCP D:\security\proxomitron\Proxomitron.exe
624 svchost - 53 UDP C:\WINNT\System32\svchost.exe
8 System - 137 UDP
8 System - 138 UDP
8 System - 445 UDP
264 lsass - 500 UDP C:\WINNT\system32\lsass.exe
624 svchost - 520 UDP C:\WINNT\System32\svchost.exe
624 svchost - 3001 UDP C:\WINNT\System32\svchost.exe
496 blackd - 3738 UDP C:\Program
264 lsass - 4500 UDP C:\WINNT\system32\lsass.exe


SFTP (SSH File Transfer Protocol)
Despite SSH in its name, it is designed to work over any reliable data stream, but WinSCP supports only operation over SSH, which is also by far its most common usage.
Being operated over SSH, it is secure protocol. In its basic functionality it is similar to old FTP, while having better designed advanced functionality. Unfortunately not all SFTP server implementations take advantage of the advanced features, yet.
Especially in its later versions (from 4 upwards), it is more platform independent, compared to both FTP and SCP.
Unlike SCP, for connection with an SFTP server you do not need access to shell (although some implementations may still require that) WinSCP is an open source free SFTP client, SCP client, FTPS client and FTP client for Windows. Its main function is file transfer between a local and a remote computer. Beyond this, WinSCP offers scripting and basic file manager functionality.


Developer(s) Simon Tatham
Stable release 0.62 / December 10, 2011; 5 months ago
Written in C
Operating system Cross-platform
Type Terminal emulator
License MIT license
PuTTY is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client. The name "PuTTY" has no definitive meaning,[1] though "tty" is the name for a terminal in the Unix tradition, usually held to be short for Teletype.
PuTTY was written and is maintained primarily by Simon Tatham and is currently beta software.
Some features of PuTTY are:
  • The storing of hosts and preferences for later use.
  • Control over the SSH encryption key and protocol version.
  • Command-line SCP and SFTP clients, called "pscp" and "psftp" respectively.
  • Control over port forwarding with SSH (local, remote or dynamic port forwarding), including built-in handling of X11 forwarding.
  • Emulates most xterm, VT102 control sequences, as well as much of ECMA-48 terminal emulation.
  • IPv6 support.
  • Supports 3DES, AES, Arcfour, Blowfish, DES.
  • Public-key authentication support (no certificate support).
  • Support for local serial port connections.
  • Self-contained executable requires no installation.
  • Supports the delayed compression scheme (As of r9120 2011-03-05).

Friday, May 11, 2012

delete printers from printers list

You can remove print drivers that are not associated with a local printer or connection using the printui.exe tool
in an admin elevated command prompt type
printui /s /t2
OK, I have found the solution to this problem... the info above is correct as far as it goes, but in my case there was (a) no option to clear the print queue on two 'ghost' printers because they were disconnected and unavailable, so no option for the print queue was displayed, and (b) one was shared on the network and had a TCP/IP printer port assigned to it.
Here's how I did it, step-by-step:
1. right-click on desktop, create a new shortcut with target as 'cmd.exe'.
2. right-click on the shortcut, "Run as Administrator"
3. Run the printui tool: printui /s /t2
4. Try deleting the printers.
 If that doesn't work...
5. CLick Start > Run > Services.msc
6. Locate the Print Spooler service, and right-click > Properties > stop service.
7. Open My Computer and browse to c:\Windows\System32\spool\Printers
(you will need to say "oK" to get access to the folder).
8. DELETE the contents of that folder.
9. Restart the Print Spooler service.
10. Go back into the printui utillity (might need to restart it using same method as above) and try removing printers again. This time it should work. If necessary, check the "Ports" tab and remove any TCP/IP ports that are associated with the old printer.
11. Last but not least, I checked other computers on my home network to see if any of those had mapped to the old printer, and I removed those mappings, as the date of spooled documents suggested it was printed to long after it was physically removed.
A stuck print job in the queue will prevent the printer from being removed. Try runningDelete Print Jobs to remove the stuck print job.

Disconnect the printer.
Uninstall the printer.
Restart your computer. Make sure the printer is removed. Manual Printer Driver Removal
Check if there are any listed under the print queue. If no documents are listed in the print queue for that printer, stop the print spooler service, delete the printer, restart the print spooler service.
To do this, open an elevated cmd prompt:
1. Start Orb>Search box>type: cmd when cmd appears above, right-click it and choose "run as Administrator".
2. At the command prompt:
net stop spooler [enter]
3. Go to the printers applet in Control Panel and delete the printer.
Then back in the command prompt, do:
net start spooler [enter].
If this is a network printer, if you have any drivers installed for this printer, try to uninstall the drivers from the device Manager and try to delete the printer.
To delete a device with Device Manager:
1. Launch Device Manager Start, type devicemanager.msc.
2. In Device Manager's left panel, open the node that represents the type of device that you want to uninstall and then right-click the device entry (locate the key board).
3. On the shortcut menu, click Uninstall.
4. On the Confirm Device Removal dialog box, click OK to start the uninstall process.
5. When the uninstall process is complete, unplug the device.
6. under the actions, click on ‘Scan for Hardware Changes’ and reboot the computer.
Try this and let us know the results.