I like to play with post mortem debuggers to help troubleshoot issues with crashing or hanging application by doing some basic analysis of the dump files. Often times I change the Windows debugger between Dr Watson and WinDbg on my Windows Xp workstations. To make Windbg the default debugger you can go into the command shell and run the following command: Windbg –I. After doing this many times previously, I was surprised when I encountered the following error when trying to change the debugger on my Windows 7 workstation. “WinDbg was not successfully installed as the default postmortem debugger. This operaton requires administrative privileges.”
Read the rest of this entry »
Archive for October, 2010
The Case of the Failed Registry Edit
Posted by William Diaz on October 29, 2010
Posted in Troubleshooting | Tagged: Anti-Virus, Process Monitor | 2 Comments »
Inside Windows – How Windows Shuts Down
Posted by William Diaz on October 21, 2010
A good read on the Windows shutdown process along with some troubleshooting techniques: http://blogs.msdn.com/b/ntdebugging/archive/2007/06/09/how-windows-shuts-down.aspx
Posted in Inside Windows | Leave a Comment »
Recovering Windows Profiles Using the Registry
Posted by William Diaz on October 19, 2010
Sometimes a user has logged onto Windows and soon notice that the desktop is missing their personal icons, display settings, and other tidbits, resulting in a call to the help desk. Often times, the user will be presented with an error after logon but before the desktop loads indicating that roaming profile could not be loaded either because it could not be found, was corrupted, or due to insufficient security rights: “User Enviornment. Windows cannot load the locally stored profile…”
Read the rest of this entry »
Posted in Troubleshooting | 1 Comment »
Another Instance of Internet Explorer Crashing (or Update Your IE Add-Ons)
Posted by William Diaz on October 13, 2010
It doesn’t surprise me when Internet Explorer crashes. Instead, I remain calm and collected (most of the time). I don’t expect the average person to know why or how it happened and I expect them to take the opposite approach and be fed up with IE. But with everything that’s happening with the endless number of add-ons that it needs to support and the dynamic nature of web content, it’s amazing it works more often than not. So, here I was asked to explore the latest case of IE crashing. Our user has logged into an online document collaboration site. They need to open and print several dozen documents. About half the time, the client is interrupted by the following error before IE crashes: “Microsoft Visual C++ Runtime Library. Runtime Error!.. iexplore.exe. abnormal program termination”
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Crash, Dump, Internet Explorer, WinDbg | Leave a Comment »
Do You Want to GPF Today?
Posted by William Diaz on October 12, 2010
She called me one day. I had no idea who she was. She was in one of our local offices and someone told her I was the crack desktop support tech to speak to cause “he knows a lot.” This is true, no doubt, and I’m honored some people think this highly of me. Since then, she has called me over many an issue, and in particular turned me on to what has become a known bug between Internet Explorer, a 3rd party toolbar application we use for tracking time (LexisNexis for the benefit of search queries for this in my SharePoint blog), and shipper’s tracking website. This would happen while trying to print shipping labels via Internet Explorer. Yes or No would crash IE. The error would often present itself as the following: “Runtime error. Corrupt block/Unknown block type freed. This is probably caused by freeing a static variable or bad pointer. Do you want to GPF?” 
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Crash, Dr Watson, Internet Explorer | Leave a Comment »
The Case of the Failed PDF Print Jobs
Posted by William Diaz on October 11, 2010
I was asked to provide a second opinion to a case where a user was unable to print to PDF using the BullZip virtual printer. There were no errors of any sort but nothing happened anyway. The escalations team had already gone about deleting and reinstalling the software printer to no avail. The issue was also tested under different user accounts, where the printing also failed, which meant we were dealing with a system problem and not something isolated to the local user profile. i.e. the culprit likely resided in HKLM.
To start, our first clue revealed itself in the properties of the BullZip PDF printer:
Read the rest of this entry »
Posted in Troubleshooting | Tagged: PDF, Printing | Leave a Comment »
Manual Discovery and Removal of Malware
Posted by William Diaz on October 6, 2010
If you have not had a chance, set aside some time to watch Advanced Malware Cleaning, an excellent webcast by Mark Russinovich. I used some of the techniques from that presentation to identify and remove malware on systems I have come across.
In the case here, the user would open Internet Explorer but was not able to connect to the Internet. This would happen a couple times a day. The problem was tracked down to the Proxy field not populating with the office ISA address and the field remained grayed out so it could not be toggled on directly. The issue could be worked around temporarily by editing the registry to enable the proxy but at some point it was getting removed again. I was already suspicious that this was related to malware because each day the user logged on, the virus protectionsuite would catch the same Dlls’ attempting to downloaded to the system and being deleted.
I would be using Process Explorer and Autoruns as my tools. Here were the first things I noticed:
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Autoruns, IE, Malware, Process Explorer | Leave a Comment »
The Case of the Persistent IE Security Prompts
Posted by William Diaz on October 2, 2010
In an earlier post, I blogged about a request where the user no longer wanted to be annoyed by the IE’s security information prompt when visiting secure sites and the problem involved in trying to circumvent this setting in an environment where this is controlled via group policy. This time, I came across an issue where the user was being interrupted by the same prompt when visiting an internal resource that should not be displaying the IE “Security Information” prompt for secure sites.
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Autoruns, Internet Explorer, Malware | Leave a Comment »
Windows Explored 