This issue is the biggest headache I deal with currently.
I have a VB6 application that receives an external data feed that I inherited a couple years ago from it's original developer. It runs on a remote server and will run fine for a month or so and then suddenly crash every time it starts up. When this happens, I look in the Event Viewer and see that the oleaut32.dll has "faulted". The fix I have discovered is to re-register the dll. The application then starts up and runs without issue. But then, inevitably, the whole issue will rise up again after a few months.
The research I have done indicates a number of issues that could cause this (malware, patches, etc.) but getting called at home every few months when this application fails again is getting old and tiresome.
Any ideas out there on how to alleviate a problem like this?
I would love to re-write the application in a higher level language, but that is not feasible right now for a number of business reasons.
VB6 is a higher level language. A lot of people ask us Basic people for help, yet slag our language while doing so.
In Task Scheduler set a task to run when that event message is generated.
so in a batch file
regsvr32 oleaut32
"c:\some folder\your vb6 program.exe"
But always include the full error message. It might mean something to me.
I would also test that server for hardware faults.
To See if a Fix is Available
In Control Panel (and select Classic view in the left hand pane) choose Problem Reports and Solutions (type problem in Start's search box), go to Problem History, right click your error and choose Check For Solution. You may also right click and choose Details for more info. Post those details here.
To See if a Recent System Change Caused It
In Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then choose Reliability and Performance Monitor and choose Monitoring Tools then Reliability Monitor (type Reliability in search on Start) . This list is a chart of software installs, uninstalls, Windows updates, and crashes by date (scroll left to see earlier dates). See if your crashes started happening after you installed or uninstalled something.
Standard Hardware Troubleshooting
First lets test what hardware we can. Hardware faults can appear as many software faults, therefore we need to test hardware first..
Please do the following in order. Memory faults can cause disk corruption, disk faults can cause disk corruption. Disk corruption causes corrupted files (which SFC may be able to fix). If you get an hardware error stop and post back. Do not run chkdsk with faulty memory.
Memory Diagnostic
If you haven't run a memory diagnostic then please do so. Click Start - Control Panel - choose Classic View in left hand pane - choose Administrative Tools - then Memory Diagnostics Tool.
S.M.A.R.T
Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
Disk drives in Windows monitor themselves for impending failure. The feature is called S.M.A.R.T. It will detect impending failure 30% of the time. In an elevated command prompt type (it's one line)
wmic /namespace:\\root\wmi PATH MSStorageDriver_FailurePredictStatus get active,predictfailure,reason /format:List
If it's on Active will be true, if not on turn it on in the computer's BIOS.
Predict Failure should be False if everything's ok. There are two reasons.
0 Unknown
255 Test - Not a failure
In Vista and later if SMART predicts failure Windows prompts the user to run Backup.
Run Chkdsk
In Computer right click all your drives and choose Properties, then Tools tab, then click Check Now. Tick BOTH checkboxes then Start. Reboot. This will take overnight.
SFC
Check for file corruption by clicking Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
sfc /scannow
Heat
Heat can cause problems like this and also sudden reboots without crashing. Ensure your fans are not clogged with dust.
Processor (CPU)
Intel has a utility to check processors.
32 Bit Windows
https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=19791
64Bit Bit Windows
https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=19792
For Memory Diagnostic Results
Click Start - Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then Event Viewer then look at Event Viewer (Local) - Applications and Services - Microsoft - Windows - MemoryDiagnostic-Results for entries.
Look for EventID is 1201 or 1101 and Source is MemoryDiagnostic-Results
Double click the entry for details on that entry.
For Chkdsk Results
Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
edit c:\bootex.log
Does this file exist with something in it?
The following commands query the event logs.
For boot time checking using source name for any Windows version (as it varies).
wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='Autocheck' or sourcename='Winlogon' or sourcename='WinInit') get /format:HForm
For running chkdsk within Windows.
wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='Chkdsk') get /format:HForm
For warnings about disk problems detected during normal operations and automatic repairs made by Windows at the time the problems were discovered.
wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='NTFS' or Sourcename='Disk') get /format:HForm
Then to view the file created.
start "" "%userprofile%\desktop\DiskEvents.html"
Click Start - Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then Event Viewer then look at both the Application and System logs (under Windows Logs) for entries.
Look for EventID is 7 and Source is Disk
Look for EventID is 11 and Source is Disk
Look for EventID is 50 and Source is Disk
Look for EventID is 51 and Source is Disk
Look for EventID is 52 and Source is Disk
Look for EventID is 55 and Source is NTFS
Look for EventID is 130 and Source is NTFS
Look for EventID is 134 and Source is NTFS
Look for EventID is 137 and Source is NTFS
Look for EventID is 1001 and Source is Autochk
Look for EventID is 1001 and Source is Winlogon
Look for EventID is 1001 and Source is WinInit
Look for EventID is 1001 and Source is Chkdsk
Look for EventID is 26212 and Source is Chkdsk
Look for EventID is 26213 and Source is Chkdsk
Look for EventID is 26214 and Source is Chkdsk
Double click the entry for details on that entry.
P.S. 7 and 55 are the auto repair codes where windows repairs disk errors silently on the fly. 52 is the SMART warning.
If the results don't get transferred to the event logs from a boot time chkdsk then the results are probably in the following file c:\Bootex.log. This file gets deleted when the results are moved into the event logs.
For SFC Results
Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
findstr /c:"[SR] Cannot" %windir%\logs\cbs\cbs.log|more
This will see which files are corrupted.
To see if it did anything
findstr /c:"[SR] Repairing" %windir%\logs\cbs\cbs.log|more
There are frequent false positives for small text files Windows uses such as desktop.ini and settings.ini. Also due to an update .mof files starting with wd may also be flagged. Ignore these.
Related
I installed windows 10 on my computer.
Every time I restart my computer, my all new files disappear
and my desktop is empty!!!
Is it a bug or setting issues?
How can I restore my files back
Thanks in advance!
You somehow corrupted your explorer.exe or changed a registry setting :
If you corrupted explorer.exe, best bet is to do a repair or system restore.
To check if explorer.exe is set to your shell:
Ctrl+Alt+Del to bring up task manager. Click File>Run new Task.
Type REGEDIT, click ok.
Click the plus sign (navigate through) entries:
-HKEY_LOCAL_MACHINE
-SOFTWARE
-MICROSOFT
-WINDOWS NT
-CurrentVersion
Click the folder WINLOGON
in the box to your right, find the entry Shell.
If the data correspondig to it is not Explorer.exe, double click Shell and modify it to Explorer.exe.
Close the registry,
Ctrl+Alt+Del to bring up Task Manager.
File>New Task. Type explorer,
click ok.
I think something is gone wrong by the installation. You can look for the files in C:/users/"you username"/desktop if they arent show there you can try other users in the /user/ directory. Maybe you have a bit of luck and the files are stored by the wrong user by some weird reason.
In the most cases the best solution is to reinstal Windows 10. I think it is faster than looking for an solution. (when you havent install a lot of software)
How you can restore your windows (clean instal) it is explained in this video:
https://www.youtube.com/watch?v=qzTNjs8k15Q
Make sure you have an backup from your data ;-)
(sorry for bad english, iam from holland ;-) )
yes it looks like the installation process has not been taken place properly without any interruptions.
The most convenient solution in my experience is:-
1.search locally 'recovery options'through windows 10 search icon on the left bottom corner
2.click "get started" button under "reset my pc".
3.select the option "keep my files".
then once you are safely back in windows 7, again start the process of updating to windows 10 in a fresh manner WITH the pc plugged in to power and with a stable internet connection.
I am trying to list all of the programs currently on my Windows 8.1 machine. I believe recently installed software is preventing windows from booting up. I have access to the command line and I have been trying to use the wmic product GET Name to see what I can uninstall from the command line. I read that you have to enable the WMI support tools in Management & Monitoring Tools, but I don't have access to that. Does anyone know if I can enable that from the command line so I can figure out why I am ultimately getting a EDIT:0x000021a error on start up.
Try
This is not a full list (wmic). This is only products installed with Windows Installer. There is no feature for everything.
However as I said in my previous post nearly everything is listed in the registry.
So to see it in a command prompt
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s
Also your error code seems invalid. There is no 27a windows error or 0xc000027a NT Status code. It seems wrong for a COM containing NTSTatus 0xd000027a or COM with Windows error 0x8007027a.
Clean Booting
Each of the three steps turns of programs, services, and drivers in increasing amounts. Thus narrowing down the possible culprits.
Clean Boot
Click Start - All Programs - Accessories - Run and type
msconfig
Then go to the Startup tab. Untick everything. Then go to the Services tab. Tick Hide All Microsoft Services and untick everything that's left.
Reboot. If this solves your problem reenable ½ of the services/startup items until you find which one.
Advanced Clean Boot
If the above doesn't help.
Download Autoruns from http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Start the program by right clicking and choosing Run As Administrator and click Options menu - Filter Options and tick Hide Microsoft entries and clear Include Empty Locations. Untick everything left.
Reboot. If this solves your problem reenable ½ of the items until you find which one.
Safe Mode
If the above doesn't help.
Use Safe Mode with Networking if you need internet access.
Click Start - All Programs - Accessories - Run and type
msconfig
Then go to the Boot tab and click Safe Boot (also tick Network if needed). Reboot. Come back here and untick Safe Boot to return to normal mode.
or
If your computer has a single operating system installed, repeatedly press the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again. [From Start - Help and Support]
Startup Repair
If your computer has a single operating system installed, repeatedly press the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again. [From Start - Help and Support].
On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press ENTER.
Select Startup Repair.
Startup repair makes a log file. See C:\Windows\System32\LogFiles\Srt\SrtTrail.txt.
To access if Windows won't start, on the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press ENTER.
Select Command Prompt.
Type
type C:\Windows\System32\LogFiles\Srt\SrtTrail.txt |more
Also type explorer in your command prompt and see what happens.
My Explorer fixes listsways of using windows without the graphical shell.
To See if a Fix is Available
In Control Panel (and select Classic view in the left hand pane) choose Problem Reports and Solutions (type problem in Start's search box), go to Problem History, right click your error and choose Check For Solution.
You may also right click and choose Details for more info. Post those details here. The Fault Module Name is the important information.
If the problem affects Control Panel press Winkey + R and type wercon (or type it in a command prompt).
Close Explorer and Start a Command Prompt
Close any Explorer windows
Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator.
Click Start. Ctrl + Shift + Right click a blank spot (just above the power buttons is one place) then Exit Explorer.
Press Ctrl + Alt + Delete then Task Manager.
Check all explorer processes are closed. On the Process tab select explorer and right click and choose End Process, repeat if more than one explorer in the list.
Then to restart explorer after trying each of the following
Press Ctrl + Alt + Delete and choose Task Manager
In Task Manager click the File menu then New Task (Run) and type explorer
If You Can't Start Explorer at All
Press Ctrl + Alt + Delete and choose Task Manager
On the Process tab click Show Processes From All Users to elevate to Administrator
In Task Manager click the File menu then New Task (Run) and type cmd
Other things you can try typing
Explorer
Explorer c:\
Explorer /e,c:\
wercon
control
iexplore
rstrui
If you can't start a folder window use the Browse button in the New Task dialog. Remember you need to right click and choose Open rather than double clicking.
I came across this link : https://vmxp.wordpress.com/2014/10/29/stress-testing-an-esxi-host-with-windows-server-vms/
.Since I am not so good in powershell i turned the whole thing to a simple batch script:
:loop
start testlimit64 -d
timeout /t 15
taskkill /f /im "testlimit64.exe"
timeout /t 9
goto loop
Note that I got into SYSTEM ACCOUNT before doing that using PsExec. The system I am using is a VM under ESXi. But nothing is happening, even the vm is not crashing. My aim is to crash whole esxi server.
I have two VMs under the ESXi and I ran the above scripts in both of them.
Still no luck. Am I missing something?
Windows 2000 Feature Allows a Memory.dmp File to Be Generated with Keyboard
Q244139
The information in this article applies to:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.
SUMMARY
Microsoft Windows 2000 includes a feature that enables you to have the system stop responding and generate a Memory.dmp file (if configured to do so). The "Stop" screen that generates contains the following parameters:
*** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)
The end-user manually generated the crashdump.
MORE INFORMATION
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).
This feature is disabled by default. To enable this feature, you must edit the registry as indicated below and restart the computer. After restarting the computer, you can generate a system to stop responding by holding down the right CTRL key and pressing the SCROLL LOCK key twice. Pressing left CTRL key does not generate the system to stop responding.
Please note that the steps below will not work on Legacy Free computers, i.e., those that use a USB keyboard. For those, you must attach a debugger.
Start Registry Editor (Regedt32.exe).
Locate the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
On the Edit menu, click Add Value, and then add the following registry value:
Value Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
Quit Registry Editor.
Additional query words: blue screen force dump bluescreen crash memory.dmp
For USB keyboards a USB one was added in a later OS. This sets Left Ctrl + Space, Spece for both USB (kbdhid) and PS/2 (i8042) keyboards.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\crashdump]
"Dump1Keys"=dword:00000020
"Dump2Key"=dword:0000003D
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\crashdump]
"Dump1Keys"=dword:00000020
"Dump2Key"=dword:0000003D
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"CrashOnCtrlScroll"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters]
"CrashOnCtrlScroll"=-
I am fighting a bug which does not reproduce on my machine, but repeats every time on my client's machine. I've tried everything, and now I am looking for any debug data (or whatever) that IE8 leaves after a crash. Google and Microsoft searches gave me nothing. Where does Internet Explorer 8 store its crash dumps? It definetely sends something to Microsoft after a crash, how can I see it?
There is a post here that will show you how to generate a mini dump
http://www.vistax64.com/windows-updates/227276-mshtml-dll-internet-explorer-8-crash-3.html
To generate a minidump:
Download and install the "Debugging Tools" package
From the folder where you installed it, run WinDBG.exe as admin (right-click, "run as admin...").
Press F6, sort "by executable", find IEXPLORE.EXE, select, OK. (It's easier if you have only one instance of IEXPLORE running at this time.)
It'll spew out a whole bunch of numbers and eventually dump you on a prompt at the bottom of the page. Just type G and press enter. This attaches the debugger to the IEXPLORE process but then lets it "Go" and continue to do its thang.
Do whatever you need to do to repro the crash.
This time, a crash condition will cause the debugger to "break into" the IEXPLORE process and suspend all its actions. In other words, instead of seeing the same crash message you'll see the debugger take over and IEXPLORE will look like it's frozen.
Ignore all the spew again and wait for the prompt at the bottom of the WinDBG window, then type this:
.dump /m IE1.dmp
If you don't give it a full path, the IE1.dmp file will be created in the same folder where you installed the debugger package. If you zip up that minidump and upload it here, I or someone else may be able to dig more info out of it.
I'm using codeblocks to as my IDE for C++ and every 10mins or so I get the following
error message:
"Reload File? File c:...node.cpp is modified outside the IDE. Do you want to reload
it? (you will lose andy unsaved work)" Yes/No/All/Cancel
If I click yes by mistake sometimes I lose the last couple of minutes of work. If I
click no then everything remains ok.
So I downloaded "Process Monitor" to find out what program was accessing my cpp file
and it tells me that SVCHost may be the culprit.
As far as I'm aware SVCHost is responsible for all sorts of things. Does anyone have any idea what I can do to stop receiving this error message?
N.B. This error message didn't appear for the first month or so that I used codeblocks,
but I have no idea what I've done that might have caused the problem.
[Screenshot][http://i44.tinypic.com/sgk3sx.jpg]
I came across the same problem and I resolved it by removing a tick in front of "check for externally modified files" in
Settings -> Environment -> General settings
You're right in that svchost is a generic process name that is used by a multitude of different services. I think the reason was to prevent a lot of processes for every tiny little service that might want to do something - a group of them will share a single svchost process.
Process Explorer from Sysinternals can be used to figure out what services are being performed by a specific svchost process by finding the process ID (1296 in your JPEG file) and double-clicking on the entry.
Then, in the properties dialog that appears, choose the services tab and it will show you the particular services using that process.
If you don't want to (or can't) install Process Explorer, you can use the command-line:
tasklist /svc /fi "imagename eg svchost.exe"
to get a list of all the services in each process.