Jason’s Blog

My dad was having a problem with his Canon Pixma IP3000 so i thought I’d take a look at it. I don’t usually do printers but it’s my dad’s and I’d be embarrassed if he took it in and the problem was something obvious.

The message was something in a the effect of 5C00, which has something to do with the purge unit. That made sense at the time because the printer had been warning him that his waste ink absorber was almost full, on more than one occasion. I disassembled the printer and removed the ink pads at the bottom of the printer. I soaked them in some methylated spirits, ran them under a tap and left them to dry. I’m not sure if that’s what I should have done, but they look almost new.

Alas the cleaning will not fool the printer. You need to reset the waste ink absorber levels stored inside the printers EEPROM memory. I had tried the fix before in the past when the message came up, but I failed. I failed because the sites that I visited left out one important step about how to put the printer into service mode. Then I found this website http://pixma.ulmb.com/.

If you for there make sure you read the 5 easy steps before you do anything. If you want to print on Cd’s from Nero cover designer and your discs aren’t printing correctly they have instructions for setting up a profile for your tray. It won’t be necessary though if your printer uses tray B or C, as the settings are the same as the Canon Pixma IP3000 which already has a profile in Nero Cover Designer.

After I put my printer into service mode, using the Damn printer instruction, I reset the waste ink absorber levels. Then I put the printer back into service mode and printed out EEPROM Info and a Service Mode report. Absolutely amazing stuff. The printer seems fine now. The service mode instructions work on my Pixma IP4200 as well.

In short the procedures for entering service mode on the Canon Pixma are:

1. Turn off the printer
2. Press and hold the resume button. While holding the resume button press and hold the power button.
3. After 5 seconds release the resume but not the power button.
4. While still holding in the power button, press resume (the resume light goes orange). Press resume again and the resume light goes green. Now release the power button. The print heads should move.
5. To print a EEprom page press resume and then power.
6. To print a Service Mode printout press resume twice, and then power.
7. To clear the waste ink tank absorber level press resume 4 times (the resume light will change colour with each press). Then press power. Wait a few seconds and then press power again to turn of the printer and exit service mode.

I was stunned at the simplicity of the method the kid used. I don’t actually know the kid but he posted a question on yahoo answers about the method he used to gain admin privileges on his mom’s computer.

His method relies on the two things. The person who wants to gain admin privileges from a limited account firstly needs a limited account on the pc in question (duh) and needs you to leave your workstation for 2 minutes while you are still logged into your administrative account. The administrative account also needs to have privileges on the at.exe file in the windows\system32 folder, which they do by default.

The kid opened a command prompt window. At the command prompt he typed in “at.exe 00:30 /interactive cmd.exe” and closed the command prompt. At is a command you can use to schedule programs to run at a certain time.  Just before 00:30, when his mother was sleeping, he came back to the pc and logged into his limited account. At 00:30 a command prompt window pops up. He then presses control+alt+delete and then ends the explorer.exe process. In the command prompt window he types in explorer.exe and explorer starts up using the SYSTEM account which has full administrative privileges. He navigates to Control panel and opens up User accounts. Once in there he just clicks on his limited account and selects to change the account type to computer administrator. He then logs off and logs on with his previously limited account.

Where are these kids learning this stuff?

Always lock your workstation (assuming you have a password set, if you don’t, whats the point) before you leave it, even if it’s only for 30 seconds. You can lock your workstation by pressing the windows key and L at the same time. Better yet always use a limited account on your system and only logon to your administrative account when you really need to do administrative tasks. You can also use the Run As feature but most of the security guides I’ve read tell you to disable this feature due to it’s insecurity.

About a month ago I needed a program to do something for me. It’s something that I could do by hand but the computer could do it faster. It was this need that led me to take up VB.Net as a hobby, again ( I wasn’t good at it the first and second time).

Over the last two days that hobby has turned to an obsession. I needed another program that does my evil bidding and I’ve been working very hard on it. I feel guilty because I’ve lost site of my study goals for Network+, but this is also mostly because I’ve had a lot of private work repairing pc and troubleshooting Adsl connection problems. The private work really helps my bank balance, which hasn’t seen a salary in three months.

Please note that the gallery page mention below is fictitious i.e. it does not exist, it’s only an example.

So the first program I needed had to create a text file with links in. Some web pages will have one dynamic page, which will send process it’s code in a certain way based on a variable it receives. Once it’s processed the code it will send html code to your browser. A dynamic page may have an address similar to this example. http://www.mrfloppysa.com/gallery.php?page=1

The variable here is the text after the ?. The variable name is ‘page”. The variables’ value is 1. gallery.php is the name of the page that contains the dynamic source code (in this case php code) which will be processed and sent as html code to your browser. A url can contain more than one variable but thats a discussion for another time.

When I visit the site, I can see the first variable which denotes page has a value of 1, and I notice there are 12 pages. Lets say on each page there are 12 links, each link points to a full sized background image you can click on and then save to your hard drive. These backgrounds are available under an creative commons license which gives me permission to download and freely distribute them. So I tell my program the url is http://www. mrfloppysa.com/gallery.php?page= and then I tell it that one is the start value (the first page) and 12 is the end value (last page) and it goes and creates a text file with 12 links in it.

Next I use winhttrack to mirror the pages, I specify the list that was just saved as a url list and I tell it to mirror 0 pages deep. It will then process these 12 dynamic links (visit the page each link refers to) and save the web page it visited as a static html page on my hard drive. If I set mirror depth above 0, it will follow the links on each page and download a lot of stuff I don’t want. When I say static html, I am referring to the html source code that your internet browser would see if it visited the link and not the php code you would see if downloaded gallery.php with a download manager.

My next program is very user unfriendly, but it works. It will open each one of these static html pages and process the html code line by line. Every time it finds an ‘a href’ tag in a line, it will start to create a string of characters one by until it finds the end of the ‘a href’ tag. Once it has the link it then runs it through a filter, that searches for an extension that’s know to be a graphics format, for example jpeg, jpg, png. If the link meets the criteria, it is saved to the file; if it doesn’t it’s just discarded. This second app only wants link to images, not the source of the thumbnail or links. Other links could be links to the home page, contact page or disclaimer etc. It would also be quite easy to change the code to look for “mailto” tags and save email addresses from the page, but I am not going to. I have also realized that I can make some optimizations to the code, using some of the new dot net functions I read about today. Some of the code I wrote actually does what the built in functions can already do. I have a function of 30 lines which does exactly what the Split function does. Using the built in function will make future code revision and maintenance much easier.

Now my second app has created a list of 12 pages * 12 images per page or 144 links to image files. I could now take this list and use any download manager to download the images without having to look at each and everyone online. I just use Winhttrack to process this list.

Two days ago I started program number 3. It’s also the first time I’ve used threading in anything I’ve written. Threading is something I always wanted to learn, and use and now I have. It’s not actually threading in a hardcore programmer sense but the simpler, more convenient alternative which in VB.Net is to use the BackgroundWorker class which handles most of the dirty work. Threading with the BackgroundWorker also has certain requirements which I need to find workarounds for to make the program more user friendly. Sadly I’ll be leaving it for another day as I want to be prepared to write the Network+ exam next month. Once this third application is done I’m going to put it on my website.

The program is called “Copy Interesting Stuff”. It searches a source I specify, usually a directory on a friend’s harddrive, for files of a certain type.. If I check movies and audio, it will search for all files with the extensions I set in the software as audio and video, in the source folder and its subdirectories. Each time it finds a file it adds it to a list. Once it’s done, I can set the destination folder and it will copy all files in the list to the set destination, reporting how many files and bytes are left to copy. It just copies everything to the same directory for now, but later when I have time I’ll change it to create directories for each type and also create a text file that corresponds to each of the files in the destination, which will store information about what the label of the harddrive was where the file was found, the original location etc.

Thanks for reading this long post, I’m off to do some studying and get some sleep.

UPDATE: Read this before installing Service pack 3.

I finished downloading service pack 3 about three weeks ago and waited another week to install. When I finally tried to install it, I got an ACCESS IS DENIED, Service Pack 3 installation did not complete error message. I wasn’t too bothered until yesterday when I decided to try again and failed again.

On the next try I ran an older version of process monitor in the background just before the error occurred, and ended the capture as soon as the error occurred. I then filtered the output according to process name (update.exe) and result (access denied). It made mention of some temp files with the name set***.tmp in windows\system32 that it was unable to access. I deleted these files. It also mentioned 4 registry keys in the HKCR\.rtf. I opened regedit and set the permissions for system and administrators for the .rtf tree to full access. I tried to install service pack 3 again and again access was denied. I then done it again using my process monitor method. This yielded no results.

Next I turned to the internet and found this fix at microsoft’s website. http://support.microsoft.com/kb/949377

I followed step number 3 after disconnecting my machine from the network and disabling my Anti-malware software. I downloaded Subinacl.MSI, installed it, created the reset.cmd file and executed it. It mentioned 6 failures and after about 5 minutes I got a bluescreen (I’ve set my pc not to automatically restart on system failure, automatic restarts on system failure makes troubleshooting difficult) mentioning REGISTRY ERROR some text and then Stop Error 0×53 (I left out a few zeros between the ‘x’ and the 53). Lovely. I tried the fix a second time. BSOD again.

I then downloaded Rootkit revealer as I suspected a root kit might be the cause. It found quite a few inconsistencies in the registry including 6 null-embedded keys in HKLM\Security\Policy\. I downloaded regdelnull.exe and scanned as follows (based on output from Rootkit revealer).

RegDelNull.exe -s hklm\security\policy\secrets

It deleted these 6 keys for me.

HKLM\SECURITY\POLICY\SECRETS\SAC*

HKLM\SECURITY\POLICY\SECRETS\SAI*

HKLM\SECURITY\POLICY\SECRETS\SCM:{6C736D4F-CBD1-11D0-B3A2-00A0C91E29FE}*

HKLM\SECURITY\POLICY\SECRETS\SCM:{C36729C6-65AB-4A6F-8B96-53FF94E3A8D2}*

HKLM\SECURITY\POLICY\SECRETS\SCM:{D0362CF9-9DAC-4898-8D1A-CC11034B1B68}*

HKLM\SECURITY\POLICY\SECRETS\SCM:{D1362CF9-9DAC-4898-8D1A-CC11034B1B68}*

I tried the Microsoft fix again, it mentioned no failures but I got the REGISTRY ERROR BSOD again, but this time Stop error 0×51.

I tried to install service pack 3 on my other hardly ever used machine this time. Access is denied. I tried the SP3 fix. It ran through without faulting. I rebooted and sure enough service pack 3 installed without any error.

I’m back to my machine again. I downloaded the Microsoft Malicious Software Removal Tool for May 2008 (version 1.41) and done a complete scan (my AV was up to date but I wanted another opinion). After four hours and 17 minutes, It found one file which contained W32/Trojan:Win32/Virtumonde.gen in C:\WINDOWS\Help\nvcpl\fontbas.dll. If the trojan was active on my system I would have know as I didn’t experience any of the symptoms that comes with this trojan. I ran the SP3 subinacl fix again and dammit I got the blue screen again.

Since the computer was blue screening while running subinacl on HKLM I decided to omit the HKEY_LOCAL_MACHINE line (second from the top) from reset.cmd and saved it as reset2.cmd. It should look something like this (Word press formating breaks each line into two lines in the display but copying and pasting from the page into notepad should work).

cd /d “%ProgramFiles%\Windows Resource Kits\Tools”

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Great stuff. The fix ran right to the very last line. I restarted, crossed my fingers and started the windows XP SP3 install again. Service pack 3 installed completely without displaying any on screen errors (there are a few in the log but they don’t seem serious).

Just by the way. While getting the necessary links for this blog article I took note of the heading at the MS page and took a look at my C:\WINDOWS\svcpack.log . Why didn’t I look at this file right in the beginning? Well, I didn’t know it existed and I didn’t do any planning before installing SP3 (I have NO critical unbacked up data, that’s planning enough). The idea behind installing SP3 was to check it out before I start recommending it to family, friends and enemies.

It seems 3 log files are modified/created in C:\WINDOWS during the update to service pack 3

· spupdsvc.log (Service Pack Update Service, I presume)

· spuninst.log (SP Uninstall, only when the SP3 update fails, I guess by looking at it’s content)

· svcpack.log (the actual log of what went on during the install)

Here is an extract from my svcpack.log file for the access denied part of the install (edited):

792.328: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0×2

792.328: Num Ticks for Copying files : 320438

796.937: DoRegistryUpdates:UpdSpInstallFromInfSection Failed for ProductInstall.GlobalRegistryChanges.Install error: 0×5

796.937: INF_REGISTRY Failed

796.937: DoInstallation:DoRegistryUpdates failed

805.609: Unregistration of sprecovr successful

805.625: Access is denied.

808.625: Message displayed to the user: Access is denied.

808.625: User Input: OK

808.625: Service Pack 3 installation did not complete.

Windows XP has been partially updated and may not work properly.

1249.203: Message displayed to the user: Service Pack 3 installation did not complete.

1249.203: Update.exe extended error code = 0×5

1249.203: Update.exe return code was masked to 0×643 for MSI custom action compliance.

Shutdown Initiated in Self Extractor

Yes, It took a long time to get it done but I did not want to format my system.

I was at a friends house the other day to remove malware which caused a huge amount of porno pop ups. I was able to identify and disable the process causing the problem quite quickly.

Once the offending software was disabled, I opened automatic updates and selected to install internet explorer 7. After rebooting the computer for the first time a very odd thing happened. Windows ran a disk check. After no errors were found it rebooted and went into windows. Windows greeted me with a excessive number of error messages: one was something about a temporary swap file being created and a balloon in the system tray mentioning that C:\$mft is corrupt. I decided to run a thorough (5 phase) disk check.

After 50 minutes no errors were found and I was greeted with the same errors as before and it was virtually impossible to get anything done on the system. After many failed attempts trying to set virtual memory, my friend told me to take the PC home. By default XP does not require a restart to make the page file larger but in this case windows kept asking me to restart and each time the computer restarted it would run a 3 phase disk check, reboot and no swap file would be created i.e. pagefile.sys was missing.

I read through some forums on the net and the majority of them listed certain updates that were causing the problem. My friend had neither of these updates installed. Some suggested removing IE7 and then reinstalling it and Microsoft’s support site make no mention of this error. Another fix was to disable indexing on the drive. I did not try this, I’ll tell you why later.

Before I started researching the error on the net I removed my friends’ hard drive and inserted it into PC. I tried to create a swap file on it while it was in my computer. This did not work. So if that doesn’t work in my PC, how can updates in windows be causing the problem? It has to be the drive I thought.

I checked the drive in my system using alternative to windows check disk. No errors found just as before. Next I scanned the disk with Nortons Antivirus 2007 because I knew it would find the remainder of the malware files I had not removed. Nortons found a large amount of malware (including remnants of the dialer I removed) and removed it. It became very clear to me that AVG 7.5 really does only the very basics. My last action was to defrag the drive using Tune UP drive defrag which does a much better job than windows defrag in my opinion. It took just over 3 hours. My friend admitted that he had never ever defragmented the drive. I could hear the disk thrashing long before we even started removing the dialer from his PC.

I put the drive back into his machine and started the computer up. My next step would have been to disable indexing on the drive while it was in his machine. This was not necessary as the machine booted without any errors. Windows created the swap file at the sizes I had set the last time I tried. The computer is running IE 7 with out any problems. My only question now is what fixed the problem? My money’s on the defrag but some other posters at various forums said the problem went away on it’s own so maybe the defrag had nothing to do with it. I’ll file this under X until i encounter the problem again .

UPDATE: If none of the above resolves your problem and If disabling indexing on the drive doesn’t work, your best bet is to do a repair install (inplace upgrade) of windows XP. http://support.microsoft.com/kb/315341/en-us