Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

Archive for July 18th, 2010

Advanced Malware Cleaning

Posted by William Diaz on July 18, 2010

This is an excellent webcast by Mark Russinovich on how to use various tools (mainly those from SysInternals) to detect and clean malware. You can find it here:

Posted in Troubleshooting, Troubleshooting Tools | Tagged: | Leave a Comment »

Using the Debug Diagnostic 1.1 Tool to Troubleshoot Application Crashes

Posted by William Diaz on July 18, 2010

In cases where the post-mortem default debugger, e.g. Dr Watson in XP, fails to capture a user mode dump of a crashing process or service, you need to be a bit proactive and attach to the crashing application. You can do this a number of ways, such as using ADPlus or WinDbg from the Windows Debugging Tools, but this may not be practical on a user’s workstation (big foot print, invasive, process does not run transparently). Also, the crash may be too random to recreate quickly or at will.

In these circumstances, Debug Diagnostics comes in very useful. It has a small foot print, runs as a Windows service, can be quickly setup via rules, and the GUI can then be closed and left to wait for the target process to crash. Afterwards, a dump can be retrieved from the system remotely, and impact on the user remains minimal. Additionally, Debug Diagnostics can also analyze the dump created and find a solution on-line.

Outlined is a basic setup, attaching Debug Diagnostics to crashing instances of Internet Explorer. In the example here, I am creating a crash rule for a specific process:


Posted in Troubleshooting, Troubleshooting Tools | Tagged: , , | 1 Comment »

“My Computer” Taking Too Long to Open

Posted by William Diaz on July 18, 2010

I have run into this a couple times on different workstation and thought I would share with you how the culprit was identified and resolved. The problem manifested itself as the “My Computer” the window getting hung after opening. The delay would range anywhere from 30 seconds to a couple minutes. The same would also happen for “Printers and Faxes” and “Scanners and Cameras”.

I started by connecting to the workstation Event Viewer remotely and saw a few instances of a WIA error: “The Windows Image Acquisition (WIA) service terminated unexpectedly…” I checked WIA service and saw it was stopped. Since the service does not necessarily need to be running if the devices are not in use, it didn’t really raise any eyebrows. However, an attempt was made to start the service, but it failed. Some quick research pointed to the possibility that the Windows Image Acquisition service was failing due to a driver issue with a connected image device.  I eventually came across this Microsoft KB article: Enable Logging of Wiadebug.log in Windows XP.

The information describes a method to enable WIA trace logging. The article points out that this can be used by developers for troubleshooting drivers during development, but I figured why not use it to troubleshoot the WIA service itself. Read the rest of this entry »

Posted in Troubleshooting | Tagged: , | Leave a Comment »