• Search for:

• Non-technical

  • ChrisEccleston.com
  • SteamyKitchen.com food blog

• Technical

  • BootZilla tech CD
  • Computer America
  • Digital Doctors
  • gur.in/j/ - PC help site
  • Lunarsoft.net
  • Simon’s PC Services
  • Symantec Sucks

• Categories

  Select Category Activism  (1) Apple  (1) Computer America  (6) Data recovery  (3) Delphi  (4) Dial-a-fix  (51) djlizard  (3) Fixes  (32) General  (49) Hack  (7) History  (1) Linux  (2) Mac  (1) Medical  (1) Microsoft  (9) Music  (4) Non-technical  (2) Ranting  (7) Security  (11) Software  (86) Stupid  (7) Technical  (50) Viruses  (5) Vista  (15) Windows 2000  (6) Windows Update  (2) XP  (9) Zealotry  (1)

• Archives

  Select Month August 2008  (1) July 2008  (1) June 2008  (2) December 2007  (4) October 2007  (18) September 2007  (3) August 2007  (7) July 2007  (1) June 2007  (2) May 2007  (3) April 2007  (3) March 2007  (3) February 2007  (6) January 2007  (2) December 2006  (2) November 2006  (6) October 2006  (12) September 2006  (8) August 2006  (4) July 2006  (1) June 2006  (16) May 2006  (5) April 2006  (4) March 2006  (9) February 2006  (7) January 2006  (8) December 2005  (7) November 2005  (14) October 2005  (1) September 2005  (5) August 2005  (10) July 2005  (14) June 2005  (15)

(Note: this is an article for technicians, so common technical terminology and procedures will not be spelled out.)

Most technicians are familiar with the issue where optical drives disappear from My Computer, only to be found in Device Manager with an exclamation point on them, indicating a problem.

Most technicians also have no idea what filter drivers are, or how this can happen, so I'm here to explain this and show you the proper way to repair a driver whose filter chain is broken.

I've noticed that most people completely blast all of the filter drivers away until it works, and although that works, it's really not the best way to go about things, especially since the other filters might be working properly. Also, don't you want to know the why and the how? This problem can apply to more than just optical drives.

Background information

A filter driver intercepts requests/communication in order to extend or replace functionality in the driver or hardware that it is filtering. There are three types of filter that you should know about: bus filter drivers, upper filter drivers, and lower filter drivers.

A bus filter driver extends functionality (usually for proprietary features) on a bus driver, such as ACPI. An ACPI filter driver, for example, could add additional power management modes or communicate with proprietary modifications to ACPI (such as in laptops).

An upper filter driver filters data between the main driver and the application/operating system service. Microsoft's example: a keyboard filter driver could perform additional security checks before passing the data along to the application or OS/module that is receiving the data.

A lower filter driver filters data between the hardware itself and the main driver, providing extra security/stability or translating proprietary communication into a standard language for the main driver. A good example of this is when you press a button on a piece of hardware: you may have only pressed the button once, but internally, the button may have made electrical contact repeatedly within mere milliseconds, sending more than one signal when only one was intended. A filter driver can recognize that this isn't intended behavior, and can refine the data to expected specifications (it turns multiple contacts into the intended 1 contact). This way, the main driver receives a stream of cleaned/stable data, and from the end user's perspective, everything is OK. Since hardware is physical and anything can go wrong, filter drivers are quite necessary for operating system sanity.

There are two ways to install a filter driver in Windows: at the class level, and at the device level. If you install a keyboard class filter driver, EVERY keyboard you ever install will be filtered by it. If you only install it on the device level (which is done by unique device ID), then it will only filter the exact device that you put it on originally and all other devices, even in the same class, will be unaffected.

Troubleshooting

Here's the part everyone is really reading this for. How do you know when you have a filter driver problem, and how do you properly solve it?

If you go into Device Manager and see a device with an exclamation point on it (CD-ROM or not) you should not immediately try to remove and refresh it. Double-click the device so you can see the error code. If it's anything other than "the drivers aren't installed for this device", then you should click the Details tab.

Pull down the drop-down box on the Details tab and look at the following four items:

• Device Upper Filters
• Device Lower Filters
• Class Upper Filters
• Class Lower Filters

In each of these sections, there may be zero or more items. Note the name of each item in each section. They are all drivers, so they should be in %systemroot%\System32\Drivers with a .sys extension. If you investigate your CD-ROM drive's filter drivers and notice GEARAspiWDM (for example), then you should find a corresponding GEARAspiWDM.sys file in the %systemroot%\System32\Drivers folder. If you don't find a corresponding file, then you've found a broken driver chain. Your next course of action is to either find the .sys file and put it in System32\Drivers and reboot, or remove the registry entry and reboot. In most cases you'll just be removing the registry entry that is pointing to a non-existent driver.

How does this happen? If you uninstall iTunes (for instance) then it will remove the GEARAspiWDM.sys file and its filter driver entry from the registry. If you then System Restore to a date prior to this uninstallation, it may or may not put back the .sys file but it will definitely put back the registry entry, and thus the filter chain will be broken. This can happen with any device, as all are capable of hosting filter drivers above or below the main driver. Again, this is not exclusive to that well-known CD-ROM drive problem.

Removing the registry entry

If the missing file came from either of the two "Class" filter categories, drill-down in Regedit to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class. Hit CTRL+F and type the entry as you saw it in Device Manager (i.e., "GEARAspiWDM" — without the .sys part) and try to find it. It should quickly bring you directly to the Upper or Lower filters value that contains this driver's reference. Double click the value that it was found in (in the right-hand pane of Regedit), and remove just the line of the missing file, leaving everything else alone (specifically anything that DOES actually exist in %systemroot%\System32\Drivers). Make sure there's only one item per line and that there are no blank lines and that you are modifying the intended driver. The (Default) value of every class key should describe the class' name in English (i.e., "DVD/CD-ROM Drives")

If the missing file name came from either of the two "Device" filter categories, drill-down to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum. Hit CTRL+F and type the entry as you saw it in Device manager, etc, and remove the line in the same way as explained in the paragraph above this one. If more than one device is using this particular filter, then you will have to search again and remove it from each device.

After you've discovered and removed the offending filter driver entry from the registry, restart the computer. All should be well again at this point, if it was indeed just a filter driver problem. Try not to attempt to remove and reinstall the driver before at least rebooting first, as it should be fixed on the next system startup.

I don't know why, but I'm getting flooded with this question all of the sudden. Is someone spreading unfounded rumors high up in the chain? I'm tired of being the bad guy for letting them use my free product. Guess what? If I continue to get harassed, I'm going to request that it be removed from the MRI. I don't need to be attacked for something that didn't even happen.

Anyway, Geek Squad/Best Buy did not pay me a fee to use Dial-a-fix.

Look on my wiki:

Dial-a-fix is 100% freeware to use and redistribute, as long as the file is unmodified [...md5 stuff...] and as long as no money is being charged for access to the file. [...misc stuff...] It is completely free for personal or corporate use, however, under no circumstances will I take any responsibility for your use or inability to use Dial-a-fix, and its results (or lack thereof).

Dial-a-fix will always be free to use.

Period.

It's free, even if you are Bill Gates, Steve Jobs, Satan, Jesus, Buddha, Homer Simpson, or Geek Squad.

Carey Holzman, the co-host of the longest-running, highly syndicated computer talk radio show Computer America has invited me onto the show on Monday, May 7th from 11PM to Midnight Eastern time to talk about Dial-a-fix (among other things).

You can stream the show over the web, find a local radio station (if you're in the U.S.), wait until I've uploaded the mp3, or subscribe to their podcast. You can find all of that information here: http://computeramerica.com/listen.htm

The show is live. If you have anything you'd like to ask me while I'm on, call 1-866-606-TALK. That's a toll-free number in the U.S.

He first heard about Dial-a-fix on the April 23rd show when the CEO of Rent-a-Geek mentioned how extensively they use it.

He gave me a call the other day and we talked for several hours. It was great and I am looking forward to working with him on future shows.

This whole thing pretty much means that:
1) I have to work even harder on the new Dial-a-fix so I can get it done quicker (because of the upcoming surge of demand that will be generated by the show) - though DAF won't by done by the time of the show's airing, probably not for at least another month after (yes it is being worked on right now)
2) I'm going to want to put up AdWords to take advantage of this

Yeah, that's greedy but what else can I do? I need the money pretty badly, and mentioning my site on national radio is going to generate quite a bit of hits. I hate those stupid ads and so does everyone else, and I promised myself I'd never put them back up, but this is an opportunity. I am to the point (again) where I just need some grocery money.

Anyway, they're in for a treat because I have quite differing opinions on Windows concepts, especially when it comes to concepts that originate from people who refer to Microsoft as "M$" or, my personal favorite, "MiKKKro$oft". Those types generally blame Microsoft for everything that isn't actually Microsoft's fault. I wouldn't even be mentioning this if they were blaming Microsoft for something that was their fault, and I tend to come off as an apologist or fanboy all of the time because I'm usually the only one who will defend Microsoft when these stupid statements are made. That's because I take the time to find out how things work internally. I don't really care if anyone thinks I'm a fanboy, because I'm not. Fanboys defend products even when they suck. If there's something that sucks about Windows, I'll tell you about it with no problem, but if everyone continues to blame Microsoft for problems that aren't even theirs, I'm going to have to say something about it.

My stance is, and always has been, leave Windows the hell alone. Using BlackViper's services lists and "tweaking" utilities goes against everything Dial-a-fix stands for: setting everything back to factory defaults so that it works again. I don't have any beef specifically with BlackViper, or any other tweaking guides or those that use them; there is a time and place for those things. If you choose to make those changes, you'd damn well better be ready for the result. If something doesn't work, you can't then complain "MiKKKro$oft is fucking us again!" when you were most likely the one who ruined your operating system or the application in question. I also have an issue with a lot of people who imply (through their advice) that they are more knowledgeable about the way Windows memory management and page files works than the kernel engineers (engineers who have properly earned such a title). What's great about that kind of tweaking advice is that it is just as flat as the default setting - a single value is typically given in these tweaks which is supposed to somehow be better than the flat value that is there by default. If a different value was better across the board, don't you think it would have been the default? Shouldn't each computer require a specifically tuned value for that computer alone? Oh well.

Don't screw with your computer yourself without being able to take full responsibility for your actions. Know that while there are edge cases where performance can be increased (typically marginally) over the default settings, Microsoft has specifically engineered the operating system to perform the best across all possible configurations, and only in specific cases can performance be enhanced by going against the defaults.

Anyway, I didn't mean to get into that rant. Carey and I are probably going to rant about this stuff enough as it is. Having said all of this, enjoy the show. I know I will!