Thursday, September 20, 2007

Discussing Avatar

I'm like Sokka - don't have superpowers, but a good analytical mind, also I'm kinda goofy-looking; I'm like Uncle Iroh, in that I am not wholly convinced that a good cup of tea may not be the most important thing in any given day. It's a controllable happiness. If you base your happiness upon conquering Ba Sing Se, or winning back the love of a father whose love is not worth the winning, misery is likely your lot. I am further like Iroh, in thinking kindness is the primary virtue: though he does a better job of living up to his ideals.
There you have it, apothegms to live by. Some of them may even be not entirely false. Your homework, should you choose to accept it: which parts are true ?

Those are the thoughts that remained after a five-mile run following a discussion with the kids. The other thoughts on the way were mostly sun, wind, and intimations of age. The wind and sun don't write down very well, the intimations are old news that does not improve with the re-telling.

Tuesday, September 11, 2007

down a muddy river

The map gives a flavour of the expedition - high dramatic redrock canyon walls, vast perspectives whenever the walls opened up. We put in near the ghost town of Cisco, UT, some thirty miles upstream of the map. Actually not wholly a ghost town, there is a general store, five miles off the interstate. The story goes some football player came from Cisco, made his pot, and retired back home with a gregarious wife, who opened the store in an attempt to get some company. Buying an icecream there after the trip is apparently hazardous, the chat will take an hour or more.

Blazing heat at the put-in, I labored for an hour or more packing the barge while H ran shuttle. The boys swam until their lips turned blue, sat in the sun until they were hot again, then swam some more. Mud pies filled in the vacant minutes between these activities. After the loading, tossed out a fishing line with some Powerbait (blood flavour, mmm) which attracted a 1lb catfish in about 30 seconds. More casts brought more fish, but all small. Off down river after a bit more than two hours' wait, with a flotilla of 9 boats. There were many years of paddling experience floating down the river, including Jerry Nolan who wrote the book - well, maybe not the book, but the web page at least - on this stretch of river. What this translates to is a loose assemblage of at least 9 eccentrics, the spouses or spousal equivalents who put up with them, and our two kids. Luckily since we all canoe, we're all eccentric in much the same ways, so within the group we appear perfectly normal to each other. This is occasionally quite comforting.

Fish Ford BLM campsite is very attractive, but is road-accessible. This means at any moment drunken rednecks in 4x4s may descend and render the site uninhabitable, so we skipped it, and went on down to another site. It too had a rough road in, so there was an old sofa above the river next to a 10 foot diameter fire ring mounded high with beer cans. Ah well. The hinterlands were clean, flat, and cottonwood-shaded, so we took it. As we were coming downriver, there was a incessant hum filling the air. At first I thought powerlines, but no. Next theory was the tamarisk beetles, specially imported to kill the alien tamarisks sucking the rivers dry, but this was mere speculation. Upon landing the true source was revealed: vast formations of mosquitoes wheeled and dove down upon our shrinking flesh. We can report that the Repel Lemon Eucalyptus (non-DEET) formulation does work well, but we didn't get 6 hours of protection, only about 3 or so.

More labor, unpacking boat to set up tent, kitchen, snacks, etcetera. Oy. I need an easier tent or a smaller family. Money can solve only one of these problems, so I guess it's retail therapy for me this fall, when I'd rather be camping I'll be tent shopping.

Shattered in mind and body, I went to bed early. The boys stayed up at the campfire, half an artificial log in the world's smallest firepan, while Jeff and Jean played guitar and everyone sang. We all lay on top of our sleeping bags sweating for an hour or two before it cooled enough to sleep. Poor C woke up a few hours later, retching. Poor H took care of him, the five times he woke to throw up. I think he had some bad river water from all that swimming. Of course all these excursions into the mosquito zone allowed the tent to fill up with ravenous bloodsuckers. In the morning the roof of the tent was covered in swollen bugs, too full of blood to fly. Ech. We left C to sleep in the tent while we staggered around packing up camp. This turned out to be a mistake. There were enough hungry mosq's left in the tent that he got devoured alive. On Tuesday at school, they refused to let him in without a doctor's certificate to prove that he did not have some infectious disease rash, obtaining which of course consumed all of H's Tuesday morning.

After cleaning up the puddles of sick on the sleeping bags, sleeping pads, tent floor, groundsheet and shoes, I was ready to start the packing of the dry bags preparatory to starting the packing of the boat. I couldn't see us finishing all this before the launch time, but we had so many helping hands, we were packed before some of the other boats, a first for me in family canoe camping. Thanks Jeff.

On down the river, C perfectly frisky and chirpy, H and I drooping rather. This is a good kid trip, when they get bored we just throw them overboard and let them swim for a bit. After this flat water stretch, there's a day of significant named rapids, which keeps everyone's attention for the most part: though the boys were chatting about Lego in the middle of Ida's Gulch while we had to stare doom in the face, a half-mile of rock spotting and dodging in the equivalent of a loaded 18-wheeler. The Old Town Penobscot 18'6" is a fine boat, but no-one would accuse it of nimbleness, particularly when loaded with 800-odd pounds of people and gear. Momentum, ah we have all the momentum we need to blast through anything, but a turn has to be put on the calendar well in advance, and co-ordinated between bow and stern. "I'm not yelling at you dear, I'm just communicating the turn" sometimes works to patch things up.

Flat water to Dewey Bridge, then a few miles to the first named rapid, Onion Creek: a two-stage rapid with an easy entrance of substantial waves lulling you into complacency, then a sudden boulder garden riddled with holes and pourovers. We took a poor line, I didn't see a rock in time, H was able to get her end of the canoe around it but my end of the barge bounced off. Luckily Ian knows enough to highside, plus that momentum took us past the rock before it could react and grab us (yes, rocks in whitewater have both animas and animus).

Campsites below Onion were almost filled with rafters, but we got the last good site with cottonwoods. Magnificent views across Professor Valley to the Fisher Towers, could not be better. Much too hot to do anything except drink beer in the shade and swim, so that's what we did. Children got bored and fought, a hazard of single-family trips, with not enough playmates to keep the interest up. I think they were also tired and ratty, late night Fri getting to the hotel (we are weenies, yes, but I'm not prepared to try and camp with kids and a 10:30pm arrival), followed by late night and broken sleep on Sat. They needed lots of attention, but we needed to cook dinner and make camp, so it all got a bit fractious. Eventually simmered down with kids fed and tent up. Someone's washing up at the river added a few spaghetti fragments to the mud load of the mighty Colorado, and brought several fat carp in to forage. I plopped a lump of blood-flavour Powerbait upstream of one of them, which charged in with its back showing to gobble it down. Ian pulled it in, about a 3-pounder leaping and flapping in the mud. A handsome fish, though carp get no respect in the USA.

Breathlessly hot again in the night. One tent was pitched in a fine-looking site, below a red cliff, under a cottonwood. That red cliff acted as a radiator, releasing the heat of the day gently throughout the night, and blocking the cooling breezes. We were camped in a much less attractive site, but the winds came through beautifully. Hah. H's ambition for the night was not to be thrown up upon, and have no-one peeing in her shoe. This was a low bar, but it was in fact achieved, hooray.

Next day a variety of rapids. Mostly the obvious route was the correct one, slightly L or R of center, ride out the big waves with a bit of back paddling. Ida's Gulch is on the USGS map as Rocky Rapids, and is the rapid I remember as White's. We ran this twice in the Old Town Discovery 158: the first time on our 1991 wanderjahr, quite alone on the river doing a day trip, filled up and tipped over in the recovery pool at the bottom; the second time in 1996 with Rich Ruehlen, boat loaded for camping, filled up again but did not tip.

The pictures above show C doing his 'see/hear no evil' imitation near the bottom of IG rapid (I never knew he was doing that, was looking somewhere else at the time ;-) When I asked him, he said he finds the bigger rapids scary, but he still enjoys canoeing, just not some rapids. Ian on the other hand laughs all the way down, the bigger the rapid the more laughs. The pictures are by Moab Action Shots. They have photographers camped out on the river, taking pictures of everything that passes. I didn’t know who the photogs under the umbrellas were at the time, but on the way into Moab to Kaleido-Scoops (ice cream shop) we passed their store, and I figured it had to be online. This suggests a new way of rating rapids - those with a photographer camped next to them, must be something significant. Class II rapid, or a Class Photo rapid, hm.

The real White's rapid wasn't anything much, some very big waves and one pour-over that really should be missed, but a straightforward line through it. We had lunch below the rapid, on the first actually sandy beach of the trip. All the other beaches looked like sand, but turned rapidly into a viscous grey mud below the waterline. I'd slipped in said mud and torn the toenail from RMNP (see earlier this month) half off. This was quite painful, plus the fine murky waters infected the wound. When I took the bandaid off on Tuesday night, I could see and smell rotting flesh below the nail, yech. How does a doctor remove a toenail ? with anesthetic, large forceps, and a burly nurse. How.. interesting.

Took off the river at Sandy Beach, yes it was. Unpacked boat, humped gear up the sandy hill to pack it into the car, to take it home and unpack it again (a pattern is emerging). Back to Moab for aforementioned ice cream, very nice, and trundle on home for six hours. The boys went to school on Tuesday without having had a bath since Thursday night. Luckily they'd swum a lot, and boys are supposed to be muddy, so it wasn't too noticeable.

Many thanks to Dave Allured, who put the whole trip together with his usual calm efficiency.

Wednesday, September 5, 2007

extirpating Think-Adz

The self-styled winantiviruspro2007 has a cute little install pop-up that says 'Click OK to cancel this install'. This fooled number-one-son into clicking 'Cancel', which of course double-negatives into actually installing the winantiviruspro2007. Removing this lying thieving bastard was straightforward, between Scotty and Clamwin, no troubles.

However it brings Think-Adz along with it. That has a cunning trick whereby it re-installs itself every thirty seconds or so. None of the usual helpmeets could touch this - Scotty disabled its startup tasks and marked the dll files for deletion at startup, but after startup, the pox just re-installs; Clamwin didn't find anything, Ad-Aware and Spyware Blaster failed too. I went through the registry and pulled each key out, but before I could restart, it had re-installed. Hm.

Google failed me too: lots of references to Think-Adz, but all the 'solutions' involved buying someone's dodgy-looking software, or helpful 'tips' like "use Add/Remove programs to uninstall". Of course Think-Adz does not list itself in Add/Remove, and if it did, I'm certain the Remove would install something else noxious, plus keep T-A itself.

When in disgrace with fortune and men's eyes, not to say Windows, I trouble not deaf heaven with my bootless cries, but instead go to Sysinternals. Process Explorer (PE) and Autoruns are the essential tools. The Sysinternals tools overlap with Scotty's functionality - Scotty is usually more readable, the tools have useful extras. Since I didn't find this anywhere else, here's a step-by-step for rooting out Think-Adz, and mutatis mutandis, similar infections.

Scotty will show the rogue processes, using tab 'active processes'. This step involves knowing what's usually running on the system, so the skellums can be identified. If the usually running processes are not known, unsigned processes (no Company Name or Version information) are a good place to start. Google the process names for more information, and read with a jaundiced eye. Often infections will give their processes the same names as real Windows executables, and install them in C:\WINNT\system32\, so they look legit. In this case, the rascals were owinpmdt.exe and dwdsrngt.exe, running indeed from \system32.

For this case, look in \system32 using Windows Explorer (WE) or similar, sort by 'Modified Date', and check the files that were installed at a similar time to the known rogues. In this case the files all had recent timestamps from the install, so they all sorted to the top of the heap. Apart from the .exes, there were also two dll files installed in system32, xxyaaxu.dll and awvtt.dll.

These dll's and .exe's can't be deleted from WE, since they are marked 'in use'. Scotty can delete the .exe files - rightclick on the process in Scotty, and select 'delete file on reboot'. The dll's can be removed similarly using another Sysinternals tool, PendMoves, but I prefer to first find out what's using the dll's, to make sure I didn't miss some process.

To do this, start the Process Explorer, then use Find to enter a dll name and see which processes are using it. This revealed the xxyaaxu and awvtt were used by the known rogues, but also by Winlogon.exe, which is a legitimate Windows process. The Winlogon turned out to be where the reinstalls were coming from. Killing Winlogon also terminates Windows very rudely, so there's no simple way to stop the reinstallations. Luckily PE has another option: rightclick on the process in PE and select 'Suspend'. Obviously some bits on Windows won't work right while this is suspended, so complete the T-A removal as a priority.

Now use Scotty and Autoruns to see what new horrors have been scheduled to run at startup. As for the processes, it's good to know what is legitimately started, so the rogues can be identified. If not known, proceed as before to check the signatures and Google the unknowns. As for processes, use Scotty to rightclick on the task and select 'delete file on reboot' for the known bad guys, and 'disable' for the suspected bad guys. Check with Autoruns that Scotty found everything.

I found
C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
in my setup. Neither of these looked legitimate, so deleted them both as well.

Reboot. After reboot, verify that the dlls and exes were deleted from their locations. In my case the dll's still existed, but weren't in use anymore, so that WE could delete them.

For completeness' sake, run a registry edit and search to look for other traces of the beast. If the process above doesn't get rid of it, this will be required. First re-do the steps of the above process up to but not including the reboot. Then, Start/Run or open a command prompt, and run regedit. Read the awful warnings from Microsoft about editing the registry, take a deep breath, and proceed. Backup the registry first if you are feeling timid, but I usually don't bother. Note that in XP and Vista, there will be automatic System Restore points created by Windows, which can be used to restore the registry if need be. If doing this, select a date before the system was infected ;-)

Select 'My Computer' in the left-hand pane of regedit, then use the Edit menu to find all mentions of the known bads, owinpmdt, dwdsrngt, xxyaaxu and awvtt. Delete all keys containing references to these, unless they belong to BillP Studios, which is Scotty. BillP Studios will have references to the bad 'uns, which allow Scotty to delete the files upon reboot. To delete the keys, note that the find will show the reference in the right-hand pane. It's not immediately obvious which key is involved, but look at the bottom of the window, which will list the full key name. Select this key in the left-hand tab, then rightclick and select 'Delete'.

Also search the registry for Think-Adz, and any related data. For example Google turned up ExploreUpdSched, BrowserUpdateSched, kwinkrex.exe, ljdsrngk.exe and twinkmdt.exe as being related to Think-Adz. I didn't see these on my infection, but check and make sure.

After a mere three to four hours' work, you'll be back to an undiseased state. Hooray. Maybe it's time to upgrade to Ubuntu Linux.

Tuesday, September 4, 2007


The traffic is busy under an uncomprehending sky of wide and varied clouds. In the open space between office blocks, the harvest is ready: green leaves below the straw-yellow stalks and grain. There's no-one who knows what the grains are, nor will the harvest happen. Our food comes more easily, from China or the other side of the world. Blackbirds in the sky do not care.

When I can't workout at lunch time, due to increasing frailty, I walk with a book. At the end of the walk some fragments collect at the bottom of my consciousness. Often the fragments are the same as last years', both the walk and the thoughts are out and back again.