• Search for:

• Non-technical

  • ChrisEccleston.com
  • SteamyKitchen.com food blog

• Technical

  • BootZilla tech CD
  • Computer America
  • gur.in/j/ – PC help site
  • Lunarsoft Forums
  • Lunarsoft.net
  • PC Tech MediX
  • Simon’s PC Services
  • Symantec Sucks

• Categories

  Select Category Activism  (1) American Idol  (1) Apple  (1) Computer America  (6) Data recovery  (4) Delphi  (4) Dial-a-fix  (54) djlizard  (11) Fixes  (34) General  (49) Hack  (7) Hardware  (1) Help  (1) History  (1) Internet Explorer 8  (1) Linux  (2) Mac  (1) Medical  (3) Microsoft  (11)    7  (1) Music  (12) Non-technical  (9) Ranting  (7) Sabrina  (2) Security  (11) Software  (86) Stupid  (10) Technical  (50) Viruses  (5) Vista  (16) Windows 2000  (6) Windows Update  (2) XP  (10) Zealotry  (1)

• Archives

  Select Month August 2010  (3) June 2010  (3) January 2010  (1) September 2009  (1) July 2009  (2) January 2009  (1) December 2008  (2) November 2008  (1) October 2008  (2) August 2008  (2) July 2008  (1) June 2008  (2) December 2007  (4) October 2007  (18) September 2007  (3) August 2007  (7) July 2007  (1) June 2007  (2) May 2007  (3) April 2007  (3) March 2007  (3) February 2007  (6) January 2007  (2) December 2006  (2) November 2006  (6) October 2006  (12) September 2006  (8) August 2006  (4) July 2006  (1) June 2006  (16) May 2006  (5) April 2006  (4) March 2006  (9) February 2006  (7) January 2006  (8) December 2005  (7) November 2005  (14) October 2005  (1) September 2005  (5) August 2005  (10) July 2005  (14) June 2005  (15)

Superfail part 1
Superfail part 2

Thanks to astute reader Nate Coffey and Dial-a-fix, we've found another DLL registration bug.

The current version of wuaueng.dll provided to Windows 2000 service pack 4 clients has a bug in its DllInstallServer.

In the first picture is a "before" screenshot that shows that all of the SvcHost key values are here. This is a freshly installed Windows 2000 machine that only has Service Pack 4:

In this second picture, I have visited Windows Update, gotten the latest Windows Update client, closed my browser, and then unregistered the DLL using regsvr32 /u:

In this third picture, I have re-registered the DLL using regsvr32 /i, but it caused an error (0×80070057) and only one key was put back. The netsvcs key is lost at this point. In order to fix this, merge this default SvcHost key .reg file.

The error code 0×80070057 is E_INVALIDARG, or invalid parameters/arguments.

The current version of Dial-a-fix will accidentally trigger this because of the malformed DllInstallServer in wuaueng.dll. Once a new, fixed version of the Windows Update client is pushed out, Dial-a-fix will be able to help you again. I'll be filing this as a bug with Microsoft – I hope they fix it.

Edit: be sure to read Superfail part 2 for the solution for afflicted machines.

Perform a registry hive recovery using the information in my System Volume Information article for the hive mentioned after CONFIG\ (typically SYSTEM).

Sorry, Windows 2000 users, Microsoft hath cursed thee without an enabled-by-default automatic registry hive backup facility. Try ERUNT, though, and perform similar steps to roll back your failed SYSTEM hive when it inevitably fails.

I've started Dial-a-fix over and here is what I have so far:

As you can see it's mostly empty (for now) but there are great plans.
Currently, the "Scan" button on the "Find issues" tab looks for over 40 separate problems relating to the registry, services/drivers, shell/Explorer.exe, and Internet Explorer. It also displays restrictive policies.

It's written in Delphi and coming along nicely. A few rules lists will be moved to outside of the program .exe for easier access (such as restrictive policies). It will support languages. It will support Vista, Server 2003, and XP Pro x64. It will still support Windows 98. You can even resize or maximize the window now.

I spent all weekend working on it, and I plan to spend all of next weekend working on it as well. I have a lot of work to do but I'll keep everyone posted.

In Superfail, I described a problem afflicting Windows 2000 machines. I believe it has to do with one of the Windows Updates from June, but I can't be sure. It's still affecting people right now.

These are the steps I usually use to fix it:

(edit): 0) Make sure you're using the latest build of Dial-a-fix.
1) Reboot so you're starting with a clean slate.
2) Run all of DAF section #5 (Registration center).
3) Run DAF section #3 (WU/WUAU).
4) Start > Run > rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 132 %systemroot%\inf\au.inf
(Note: the above command is one huge line — it has been wrapped for easier reading)
5) Immediately merge this .reg file: win2ksvchost.reg
6) Reboot.
7) Try Windows Update again. If it fails, try clicking "Flush SoftwareDistribution" in Dial-a-fix (and answer No) and then try Windows Update again.

Some combinations of the above steps usually fix it. Each machine seems to freak out a bit differently, so your results may vary.

Go here first for an update with more precise instructions, or read this article for the backstory.

I've had two Windows 2000 Professional machines in as many days that are unable to download updates. The usual Dial-a-fix Windows Update fix routines changed little about the situation. I found out that BITS couldn't start because SENS couldn't start because EventSystem couldn't start. On the second machine, EventSystem was starting, but then SENS was the final failure point. (NetMan and several other services that usually run under SvcHost were also failing with the Event 700x error listed below.)

The event log gets flooded with Event 7000 (SENS), Event 7001 (BITS), Event 4097 (EventSystem), and DCOM event 10005.

7000:

The System Event Notification service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

7001:

The Background Intelligent Transfer Service service depends on the System Event Notification service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

4097:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043B from line 42 of .\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

10005:

DCOM got error "The dependency service or group failed to start. " attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

The fix is to change the "netsvcs" REG_MULTI_SZ in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost. You can save the following block of text as a .reg file and double-click it to import it (it's for Windows 2000 only). Then restart the computer. All of the services that failed before should now work fine, and Windows Update should work again (and/or Dial-a-fix will finally be able to help).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,\
00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,54,00,61,00,70,00,69,00,73,00,72,\
00,76,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,57,00,5a,00,\
43,00,53,00,56,00,43,00,00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"wugroup"=hex(7):77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,00,00
"BITSgroup"=hex(7):42,00,49,00,54,00,53,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\BITSGroup]
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wugroup]
"CoInitializeSecurityParam"=dword:00000001

Here is a link to the .reg for right-click-save purposes. (If you single-click on it and it looks funny, that's because it's Unicode).

Also take a look at the update to this article.

Here I sit, for 20 minutes, with a drive connected via USB that contains sensitive data. Despite my best efforts, I am unable to "Safely Remove Hardware". It's not so much that there's probably a file handle locked that I can't possibly unlock (without writing my own software to do it) but that any time you remove a drive like this without properly dismounting it first, you are in for a stern talking-to. Windows gets angry with you if you just rip out the USB cable. Windows berates you for it. It's possible that forcing a drive dismounted could cause it to lose data (and I've seen it happen). This is still not the worst part. When I attempt to dismount the drive properly, Windows only says:
The device 'Generic volume' cannot be stopped right now. Try stopping the device again later.
Later? How soon is that? What kind of shit is this? "Try again later"? Why is Windows being so general and non-specific? Is Windows going to tell me when it's done using my drive so I can finally dismount it as it has yelled at me before to do?
No.
So here I sit, clicking safely remove over and over again, hoping Windows will finally finish doing what it is doing. Nope, it won't dismount. Now I *have* to rip the cord out (or restart the computer) if I want to get my work done. Special thanks to Windows for being a hypocritical asshole. I'm glad file locks get hung up so often, because I really hate it when I want to delete an empty folder and Windows actually lets me delete it.

// 08-09-05 (mm-dd-yy) —–
I forgot to mention: I usually use ForceDel.exe to unlock files and folders (it's a champ – just drag a file onto the .exe and presto, it's unlocked — unless it really *is* in use). It happens so frequently at work that ForceDel.exe is sitting right on my desktop, ready to have things dropped on it. (I'm lazy).

Edit (10-11-07): this is exactly as annoying in Vista as it is in XP and 2000. Ugh.