Removing IE9 from Windows 7 (and keeping it off)

Update: This article covers removal, see the IE9 Blocker Toolkit from Microsoft to keep it from installing. If you’re looking for registry options, the important values are DoNotAllowIE90 and DoNotOfferIE90 in HKLM\SOFTWARE\Microsoft\Internet Explorer\Setup\9.0.

I’ve had to remove Internet Explorer 9 from a variety of new PCs lately because they’re connecting to online services (hospitals, medical labs, radiology services, etc.) that are not yet compatible with the new version, including issues in Compatibility mode. I’ve also needed to provide instructions (now reproduced here) for some physicians to do the same on home PCs so they can connect into those same systems.

Continue reading Removing IE9 from Windows 7 (and keeping it off)

Viewing DICOM (Medical) CDs on Windows 7

Some MRI & CT CDs don’t work on Win7 64-bit. Here are workarounds and a (short) list of alternative packages. […]

Slow Startup with Multiple 'Starting' Services After Malware

I had an interesting problem with a server (Windows 2003 Standard) at a small business (6 users total) the other day – a very long startup time. The server in question is a standalone domain controller/DC as well as a database/application server and file/print server. Terminal Services is installed & configured, but rarely used – mostly for access from outside the office. Database and domain services/authentication were available fairly quickly, as were console logins (via UltraVNC/uVNC) – probably 15-20 minutes to that stage, but more than an hour before terminal services/remote desktop was available.

Digging around on the console attempting to track down the source of the problems, I found multiple services listed as “Starting” – all of them malware-based, with the actual infection cleaned out. My suspicion is that these non-startable services were causing the startup of other services to be delayed, though in this case I’m not really planning on setting up a test system to verify that.

In the rest of this post I’ll give a bit more detail on the scenario, what I found, what was needed to clean it out, and a few more notes on what I suspect was happening.

Continue reading Slow Startup with Multiple ‘Starting’ Services After Malware

(Fix) 'Another Installation is Already In Progress' installing Office 2007 over Office 2000

Ran into an interesting problem this evening – I was helping someone who was having problems with installing Office 2007 on an XP system with Office 2000 (I believe Professional) installed. The problem was that when the actual installation process started, it would hang up because another installation was running.

The standard fix for that is restarting the system to let the in-progress installation do the processing that it needs a system restart for, but in this case that wasn’t the issue.

Continue reading (Fix) “Another Installation is Already In Progress’ installing Office 2007 over Office 2000′

Avoid VBScript for Web Apps

Earlier this week I spent some time troubleshooting a browser-based application that a client is using. The problem cropped up on a PC with a clean install of Windows XP SP3 after assorted system corruption that wasn’t worth the time to repair.

Continue reading Avoid VBScript for Web Apps

When DNS and ping Fail but nslookup Works (fix, Windows)

Spent some time recently with a Windows XP laptop that would see networks fine (although IP address acquisition via DHCP seemed slower than I’d expect), but which was unable to resolve names with DNS. This was affecting IE, Firefox,  ping, basically anything that used the built-in Winsock calls such as gethostbyname(). NSLookup, on the other hand, worked just fine.

The first thing to do when facing any computer problem is to figure out where the problem lies, so it was time for a bit of sleuthing.

Continue reading (Fix) When DNS and ping Fail but nslookup Works (Windows)

(Fix) r3953724.cn Malware/Adware Redirections

Quick Fix: have a program named procmon.exe running (copy of notepad.exe) to disable malware temporarily. This should let you run searches & download fixes. This is only temporary while you clean the system. Read this post for more details and please let me know in comments if this does or does not work for you.

Update/Fix:

The system did indeed have a corrupted atapi.sys file as noted in the comments, though I did not end up using ComboFix to clean it – I was able to replace the file with the identically-sized but binary-different one from the most recent service pack (C:\Windows\ServicePackFiles\i386\atapi.sys) and have not seen the same problem recurring.

In addition, if you need to prevent it from redirecting while you download fixes, you may be able to simply copy notepad.exe (or another common executable) to the name procmon.exe and run that. Last night while I still had the infection active it did not seem to redirect while procmon was running under that name, possibly as a measure to avoid detection.

At this point (several days after initial infection, more than a week after initial reports in the wild) I suspect that many of the tools linked below are updated with definitions that cover this malware so you can probably get by with simply running updated versions of those.

Continue reading (Fix) r3953724.cn Malware/Adware Redirections

Fix for Outlook 2007 Trying to Load InfoPath (Error 1605)

Just ran into this situation after a client uninstalled & reinstalled Office 2007 Pro. When Outlook was opened, it complained twice about being unable to open InfoPath because it wasn’t installed.

I found multiple other complaints about this, but no solutions (though some suggested removing and reinstalling Office). A bit of digging with SysInternals’ Process Monitor, turned up mention of not finding the somewhat promising value “DisableInfopathForms,” so I took a stab and created the value as a DWORD under the location ProcMon was reporting. Setting the value to 1 cleared the problem on Outlook startup.

Continue reading Fix for Outlook 2007 Trying to Load InfoPath (Error 1605)

Winlogon.exe at 50% or 100% CPU (Fix)

There are apparently a variety of things that can cause the winlogon.exe process on Windows PCs to consume all available CPU, but I’ve found few references to this cause – corruption in Offline Files, even when Offline Files is disabled on the PC, on the server and on the domain (via Group Policy). Depending on the age of the PC, this will consume either 50% of the CPU (on newer dual-core systems) or 100% of the CPU (on older systems). This is the only non-malware winlogon.exe problem that I recall personally encountering.

Update: The original title & article indicated that this applied to Windows PCs on domains only, but Offline Files is available to non-domain PCs as well as long as Fast User Switching is not turned on.

Continue reading Winlogon.exe at 50% or 100% CPU (Fix)