Archive for the 'Computers & Technology' Category

Easy fix for error 80072ee2 on Vista when updating Windows

Published by Sean Et Cetera on October 29, 2008 in Computers & Technology. Comments

I was working on a students computer, and after a restart following the removal of McAfee Security Suite, Vista did not want to update.  The solution was rather simple, once I found it.  After some googling, I found this, and the solution was both simple and elegant.  The short version: uninstall the wired network connection and have it installed by the system again.  While a winsock fix of some kind might have done the job, this was just as easy to do.

  1. From the Start menu, select Control Panel.
  2. Select Hardware and Sound.
  3. Select Device Manager.  Click Continue when the User Account Control window appears.
  4. Under network adapters, remove the wired Ethernet controller/connection.
  5. If Windows does not re-detect the hardware, select Network adapters (or the name of the computer at the top of the item tree) and from the menu select Action > Scan for hardware changes.

Sweetcron announced

Published by Sean Et Cetera on August 8, 2008 in Computers & Technology. Comments

I’ve been waiting to hear some information regarding the release of Sweetcron, and it looks like it’ll released on 8/28/08.  Just as well, as by then I should have most issues from move in resolved.  Once it is released, I’ll be able to see how much work it would take to migrate over to it; I like the look and feel yongfook.com.

Bluetooth “Access Denied” issue and resolution

Published by Sean Et Cetera on August 1, 2008 in Computers & Technology. 27 Comments

You can read about what I did or you can just click here to go to the steps you need to take.

After using my bluetooth keyboard with my laptop while on vacation, I returned to the apartment and attempted to use it on the desktop.  For whatever reason, it stopped working.  It wasn’t the batteries, as I could connect and type the passkey, but it would lose the connection almost immediately.  The keyboard also connected to the laptop computer just fine.  One resolution to this issue was to make sure that the check box for “Drivers for keyboard, mice, etc (HID)” was selected in the bluetooth properties for the keyboard.  It wasn’t, but when I tried to check it an hit apply, I got a Bluetooth Service Error “Access is denied” messageI made sure the Bluetooth Support Service was running by checking services.msc, and it was supposedly was running just fine.  After reading this thread, I checked the Log On tab for the service, and found that it was running as This account:NT AUTHORITY\LocalService.  Once I stopped the service, changed it to Local System account, I was able to select the driver service listed above and my keyboard was able to type.

Sure, this means I cannot go get a Logitech G15 keyboard, but that’s just as well.  What really gets me is that there is no reason I could think of as to why that service would (1) no longer work the way it was or (2) when it would have changed to log on differently.  I used the keyboard on the desktop up until we left.

Edit 8/31/08: Paul lists the ordered list of what needs to be done, and I’ll move it up here so that those trying to get the issue resolved can find the info.  While Paul does list how I did got to Services, some might be wondering what do you do when the keyboard doesn’t work, as is the case here.  There are two methods, listed in step 1:

  1. Open Services:
    1. To still type things out, start the on-screen keyboard by going to Start > Programs > Accessories > Accessibility > On-Screen Keyboard.  From there, you can then do Start > Run and then type services.msc
    2. To directly access Services, do Start > Control Panel > Administrative Tools > Services
  2. Find & select the Bluetooth Support Service, right click and select Properties.
  3. Click the Stop button on the General tab.
  4. Select the Log On tab, and select the radio button next to Local System account, then click Apply.
  5. Go back to the General tab and click the Start button.
  6. Click OK to close the Properties dialog.
  7. Restart computer to make sure the change takes and things work.

Blogging a Lifestream

Published by Sean Et Cetera on April 23, 2008 in Computers & Technology. Comments

I’m going to be keeping an eye on Yongfook’s website, as I think the format of it could be something worth doing.  I like how it pulls the different services he uses together.  If you’re interested, take a look at his definition and use of the word lifestream to get a better feel for what he’s doing.  I think that if I go to something like this, I’ll need to change web hosts again, as my current host has limitations on what can and cannot be done by my website.  I also cannot argue his reasons for ditching Wordpress, and I agree with him; it gets the job done, but tries to do everything.

Initially, I wanted to host everything on my own site as well, but have found that it’ll take a lot of work.  As long as services like flickr, digg, del.icio.us, twitter and others become permanent and don’t develop a tendency to delete “old” information or restrict access to it, having a personal website like Yongfook’s would be enjoyable to use and read.

Resolving an issue with page faults in a nonpaged area

Published by Sean Et Cetera on April 15, 2008 in Computers & Technology. Comments

One of the computers I was working on as of late (a Dell Inspiron B130) appeared to have eleventy billion malware infections of one kind or another. The staff who had been out there before attempted to remove some of the malware, with varying levels of success. At some point, a chunk of malware was removed, but not all of it, and the hooks it had placed in the system caused a blue screen to appear with PAGE_FAULT_IN_NONPAGED_AREA (with a STOP message of 0×00000050, or just 0×50) when Windows XP loaded either in normal mode or safe mode with networking. I never tried to load with just regular safe mode (no networking), but I figured that it wouldn’t matter and I went straight to using the UBCD.

Let me say now: I <3 the UBCD. If I didn’t have this particular tool, my job would be a pain. Or I could work on less computers.

Anyway, I could tell immediately by examining CurrentVersion\Run keys and values that there were a number of issues on the computer. I manually took care of what I could, and used the EZ-PC-FIX on the UBCD to check other registry values/keys running at startup, in the control set, etc, and the files they were using. Eventually I was able to weed out enough malware (let’s say about 50+ registry and file deletions) to feel safe booting up into safe mode and running Spybot. How wrong I was. There was something in the malware that was causing a window to open saying shell.exe was not found and was preventing .exe files form being launched. I checked HKEY_CLASSES_ROOT .exe and exefile, and for one of those the malware and added a call to a program whenever a program was launched. Since that program was no longer around, nothing would load. Once I resolved that (again through the UBCD since regedit didn’t want to run), I was able to run Spybot in safe mode. After what seemed like an hour, Spybot found just over 220 malware items. It was able to resolve most of these, but would need to run at startup in normal mode to clean the few up that it couldn’t. Ok, so I should no be safe to load Windows normally. Or not.

I continued to get PAGE_FAULT_IN_NONPAGED_AREA when booting windows. While trying to recall the manner in which to try and restore save points in XP via the UBCD (never did find it; it may no longer be there), I was checking some of the information they had for resolving stop messages. One solution to the issue was for a Microsoft knowledge base article I hadn’t come across while searching Google for “page fault in nonpaged area”: KB894278. It referenced a particular rootkit that installs a kernel driver (or two). While these aren’t the files on the system in question, the following were present, and had the same creation date as a number of the malware files I had dealt with:

  • Flee46.sys
  • grande48.sys
  • Wek86.sys (This file may or may not be an issue.  It says it is part of the SCSI Class group, but nothing comes up with a Google of this file, so it may still be malware.)
  • ctfmon.exe (an .exe in with a bunch of .sys files?)
  • Vgkm39.sys

I had been watching flee46.sys load in safe mode, as it was the last file that was being called, and I had never seen it before. My curiosity was further piqued when I could not get a Google result for “flee46.sys”, which meant to me it was malware. Regardless, I appended “.malware.old” onto the end of all of those and rebooted. The blue screen was no where to be found, Windows XP was loading in normal mode, and Spybot was running. There are a couple minor items I need to take care of now, but the computer is probably 90% resolved of its malware issues. Huzzah!

UPDATE: The .sys files in question were related to what McAfee calls Srizbi.

Bad Behavior has blocked 302 access attempts in the last 7 days.