Aw dawg, this is just my whateva-whateva site.

If you are asked for a password when removing Trend Micro PC-Cillin, open regedit, browse to HKEY_LOCAL_MACHINE\Software\Trend Micro\PC-Cillin and either rename or remove the System sub-key. Then try the uninstaller again. It's just that stupideasy!

This doesn't work if you are already in the uninstaller being asked for the password and then remove you the key, so remove the key before starting the uninstall process.

Midas reports:

You can also use pcctool.exe for 2007 and older or tissprt.exe (or similar name) for 2008.

which will remove Trend Micro PC-Cillin without a password. You can find it in the installation directory.

This comment prompted me to download a program called Uniblue RegistryBooster. Kim Komando said it was good. _^Heh.

c|net has a quote blurb on the Uniblue website that says:

This easy-to-use tool lets you remove faulty Registry entries that slow down your computer.

Removing a kilobyte of cruft should net you what, a gain of 10 nanoseconds for every 15,000 value reads?*
_{*: Actual value may vary**
^{**: Variance not guaranteed}}

I also don't think removing registry keys is the start to solving your Windows problems, but I'm going to run it for science!

As soon as I launched it, it performed its whole system scan.

A total of 311 invalid Registry entries were found on your System. Click on "Repair Registry" to fix all entries.

On the Overview tab, it says my registry health is low. Uh oh, I should be seeing errors and crashing all of the time, then, right?

I don't know if it's a function of not being registered, but since the window cannot be resized (giant skinned window with Vista style minimize and close buttons) and there isn't a horizontal scrollbar in the results area, I can't read the full path to most of the keys so that I can verify the results. Well, you can read the log file though. It opens an HTML log from Uniblue's area of your user profile's Application Data folder in your default web browser and it contains all of the information you need, should you actually know what you're looking at.

It found quite a few missing ActiveX/COM+/DCOM/OLE objects, which is the largest group of "errors" any registry cleaner can find in your system. This is because ActiveX, COM, and OLE (which all store and retrieve information to/from HKEY_CLASSES_ROOT) are so frequently used and are so frequently damaged (in one way or another). This could happen if you move the file to another drive or folder or if a module crashed while trying to register or unregister itself. The majority of what Dial-a-fix does is register ActiveX/COM/OLE objects, such as the components that run Windows Update. (Dial-a-fix tells the modules to self-register, this way, Dial-a-fix does not have to know the exact registry keys and values needed to make a module work again.)

Almost all of the ActiveX/COM errors that registry cleaners find can be ignored. There are a few things registry cleaners can figure out that are harmful to the speed of your system, but they don't occur very frequently. If you had a file type registered to a program that exists on a mapped drive and that network share was down but still listed as a mapped drive, you might get slowdowns as Windows tries to figure out where the share is. Registry cleaners are also able to remove invalid OpenWith entries, which is a good thing to do just to tidy the list of broken icons and to save Windows from having to check for non-existent locations. A lot of keys chosen for removal just contain MRU (most recently used) paths to things I have accessed using whatever program the MRU list is for. Removing these keys isn't really going to "repair" your computer.

Still, for the average user, cleaning this cruft will probably not visibly impact performance to the point that such a program should scan your entire system every startup.

At least RegistryBooster isn't taking up a lot of memory.

Another problem with registry cleaners is that you're at the mercy of the database and program version you have. Compounding this is that each registry cleaner program is third-party, meaning they all can have potentially differing opinions on what constitutes an invalid entry. There is the potential to ruin your computer by removing things that need to stay — many a registry cleaner has had to come out with program fixes and registry patches for things erroneously removed. I would hate to be a tech support person for a registry cleaning program. I'm sure there a lot of irate people who:

• Have had things removed from their system that shouldn't be, and are having new problems because of it
• Have other problems such as hard drive and memory problems and will blame the company for problems with their computer because the last thing they remember using was the registry cleaner program
• Have other problems as mentioned above and corruption occurs after a registry clean because of interference from the faulty hardware
• Have problems that can't be solved by a registry clean (which is to say most problems) and are upset that this program has not improved the performance or stability of their machine

Here's an issue I've found already, and I'm not very far through my results log:
RegistryBooster wants to remove HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\DefaultRules\22 because it says "file:///c:\ " is a bad path. This isn't true – this is the format Windows Search uses for indexing rules. If I remove this stuff, I suspect Windows Search will forget how to search my system, and had I not read through the log, I would later wonder how it disappeared. I might not even connect its destruction with my use of a registry cleaner – another big problem. Obviously something has directed RegistryBooster to look here, yet it does not actually understand what it is seeing and recommending for removal.

When I chose to "repair" the registry entries, it told me I should make a backup, which is a good idea. The bad thing is that it is only going to delete all of the registry entries, not really "repair" them. What if the file can be found elsewhere on the drive? Should it scan my filesystem and put together the puzzle and point the key at the new location? It's probably difficult to decide when such a scan should be the answer, so instead of opts to delete every error that has been found rather than trying to fix it. Because of the endless possibilities, scanning for files and pointing erroneous keys to the findings is probably just as bad an idea as mass deletion.

I'm barely through the first few lines of the log and I have all of this to say – this should give you a clear indication of my opinion of registry cleaners. I'm giving this one a chance, but it seems like it's just like all the rest and has all of the same pitfalls as anything else.

I can give RegistryBooster one thing: it did find quite a lot of missing TypeLib entries that really are missing, although like I've said before, it's not really going to speed up my computer all that much. This is only a few kilobytes of text in my 35 megabyte registry.

I don't like that there isn't a "jump to value" context menu entry on each item in the results pane – it makes fact-checking take quite a bit longer.

I've also noticed that registry cleaners tend to find Explorer's "auto" file extension creation entries, and RegistryBooster is no exception. There's no point in removing auto entries as they will just come right back as soon as Explorer sees the file extension again.

It feels like it's very limited since I'm only testing the trial version, but I don't think I really need to see any more.

In the end, I can't really recommend this sort of program to anyone (no offense to Uniblue) and I did not end up removing any of the things it said I should. I can't really give it a 1-to-5 stars type rating, so I'll give it a rating of N/A.

There is one decent registry cleaner that I've found that generally does the same thing (finds COM junk and missing font entries, etc) and isn't too aggressive with its scans: CCleaner's Issues scanner. CCleaner's Issues scanner reminds me of one final point: registry cleaners don't take into account the things that they orphan from their first scan. After you remove 300 things from your registry, chances are that there is another 200 things that have become orphaned from the first sweep. If I ever wrote a registry cleaner (which I will not) I would have it check for "dependencies" and list them as sub-items of the main items, so that it basically says "if you choose to remove X, I'm removing Y also because it's orphaned by the removal of X".

*Anti-climactic cliffhanger ending*.

Perform a registry hive recovery using the information in my System Volume Information article for the hive mentioned after CONFIG\ (typically SYSTEM).

Sorry, Windows 2000 users, Microsoft hath cursed thee without an enabled-by-default automatic registry hive backup facility. Try ERUNT, though, and perform similar steps to roll back your failed SYSTEM hive when it inevitably fails.

I have put up the beginning of my data recovery article on my wiki. It focuses on using Linux and various free tools (ddrescue, smartctl, badblocks, testdisk) to recover data at the software level. It is not really complete, probably contains errors, and is highly opinionated.

If you are an intermediate end-user or a beginner technician, this is a good article for you.

If you see any problems in the article or have constructive criticisms, please email me using the link at the top of the data recovery article.

If you wish to link to my article, link to it using the words "data recovery" to give me some pagerank boost for that phrase :)

If you find it very helpful, send me a donation!

—

Now I'll work on Dial-a-fix again. Oh yeah – I can't do the C version right now, it's too much for me. But I will be giving the Delphi version some organ transplants and you should see a new version of old Dial-a-fix soon. After I get that patch out, I will get back to doing it in C. I will be leveraging the things I've learned about Win32 and C into the Delphi version though, so it hasn't been all for naught.

Also, I won't be writing new Dial-a-fix in C++; it will be written in C, which is more up my alley.

I was going to edit the previous post, but making a new post will bump everyone's RSS, etc, so I am just making this stub to paste the URLs for each hour:
* 06/15/07 – Hour 1
* 06/15/07 – Hour 2

Don't forget about FREE Dial-a-fix support at Lunarsoft.net! Even if I'm too busy to be around, the regulars there know Dial-a-fix better than anyone and can definitely lead you in the right direction. Also, they'll help you with general computer/tech support problems too, not just with Dial-a-fix.

If you missed the show, check out each of the two hours here:
* Hour 1 (19.2MB mp3)
* Hour 2 (19.2MB mp3)

It was a blast, and I'll be back for another two hours in the future!

(Note: this is an article for technicians, so common technical terminology and procedures will not be spelled out.)

Most technicians are familiar with the issue where optical drives disappear from My Computer, only to be found in Device Manager with an exclamation point on them, indicating a problem.

Most technicians also have no idea what filter drivers are, or how this can happen, so I'm here to explain this and show you the proper way to repair a driver whose filter chain is broken.

I've noticed that most people completely blast all of the filter drivers away until it works, and although that works, it's really not the best way to go about things, especially since the other filters might be working properly. Also, don't you want to know the why and the how? This problem can apply to more than just optical drives.

Background information

A filter driver intercepts requests/communication in order to extend or replace functionality in the driver or hardware that it is filtering. There are three types of filter that you should know about: bus filter drivers, upper filter drivers, and lower filter drivers.

A bus filter driver extends functionality (usually for proprietary features) on a bus driver, such as ACPI. An ACPI filter driver, for example, could add additional power management modes or communicate with proprietary modifications to ACPI (such as in laptops).

An upper filter driver filters data between the main driver and the application/operating system service. Microsoft's example: a keyboard filter driver could perform additional security checks before passing the data along to the application or OS/module that is receiving the data.

A lower filter driver filters data between the hardware itself and the main driver, providing extra security/stability or translating proprietary communication into a standard language for the main driver. A good example of this is when you press a button on a piece of hardware: you may have only pressed the button once, but internally, the button may have made electrical contact repeatedly within mere milliseconds, sending more than one signal when only one was intended. A filter driver can recognize that this isn't intended behavior, and can refine the data to expected specifications (it turns multiple contacts into the intended 1 contact). This way, the main driver receives a stream of cleaned/stable data, and from the end user's perspective, everything is OK. Since hardware is physical and anything can go wrong, filter drivers are quite necessary for operating system sanity.

There are two ways to install a filter driver in Windows: at the class level, and at the device level. If you install a keyboard class filter driver, EVERY keyboard you ever install will be filtered by it. If you only install it on the device level (which is done by unique device ID), then it will only filter the exact device that you put it on originally and all other devices, even in the same class, will be unaffected.

Troubleshooting

Here's the part everyone is really reading this for. How do you know when you have a filter driver problem, and how do you properly solve it?

If you go into Device Manager and see a device with an exclamation point on it (CD-ROM or not) you should not immediately try to remove and refresh it. Double-click the device so you can see the error code. If it's anything other than "the drivers aren't installed for this device", then you should click the Details tab.

Pull down the drop-down box on the Details tab and look at the following four items:

• Device Upper Filters
• Device Lower Filters
• Class Upper Filters
• Class Lower Filters

In each of these sections, there may be zero or more items. Note the name of each item in each section. They are all drivers, so they should be in %systemroot%\System32\Drivers with a .sys extension. If you investigate your CD-ROM drive's filter drivers and notice GEARAspiWDM (for example), then you should find a corresponding GEARAspiWDM.sys file in the %systemroot%\System32\Drivers folder. If you don't find a corresponding file, then you've found a broken driver chain. Your next course of action is to either find the .sys file and put it in System32\Drivers and reboot, or remove the registry entry and reboot. In most cases you'll just be removing the registry entry that is pointing to a non-existent driver.

How does this happen? If you uninstall iTunes (for instance) then it will remove the GEARAspiWDM.sys file and its filter driver entry from the registry. If you then System Restore to a date prior to this uninstallation, it may or may not put back the .sys file but it will definitely put back the registry entry, and thus the filter chain will be broken. This can happen with any device, as all are capable of hosting filter drivers above or below the main driver. Again, this is not exclusive to that well-known CD-ROM drive problem.

Removing the registry entry

If the missing file came from either of the two "Class" filter categories, drill-down in Regedit to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class. Hit CTRL+F and type the entry as you saw it in Device Manager (i.e., "GEARAspiWDM" — without the .sys part) and try to find it. It should quickly bring you directly to the Upper or Lower filters value that contains this driver's reference. Double click the value that it was found in (in the right-hand pane of Regedit), and remove just the line of the missing file, leaving everything else alone (specifically anything that DOES actually exist in %systemroot%\System32\Drivers). Make sure there's only one item per line and that there are no blank lines and that you are modifying the intended driver. The (Default) value of every class key should describe the class' name in English (i.e., "DVD/CD-ROM Drives")

If the missing file name came from either of the two "Device" filter categories, drill-down to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum. Hit CTRL+F and type the entry as you saw it in Device manager, etc, and remove the line in the same way as explained in the paragraph above this one. If more than one device is using this particular filter, then you will have to search again and remove it from each device.

After you've discovered and removed the offending filter driver entry from the registry, restart the computer. All should be well again at this point, if it was indeed just a filter driver problem. Try not to attempt to remove and reinstall the driver before at least rebooting first, as it should be fixed on the next system startup.

http://www.codinghorror.com/blog/archives/000778.html

It's too bad it doesn't tell you what file it is. This has happened twice in our shop for two different machines with two different classes of devices. One was a printer and the other was a wireless network adapter (both were USB devices, though). After the typical chkdsk /r, getting a new driver download, etc, we have come to find out that reinstalling DirectX 9 fixed the problem. Why? I don't know, but if the system cannot find the file specified, try reinstalling DirectX 9 just in case.

Hope this helps someone.

In Superfail, I described a problem afflicting Windows 2000 machines. I believe it has to do with one of the Windows Updates from June, but I can't be sure. It's still affecting people right now.

These are the steps I usually use to fix it:

(edit): 0) Make sure you're using the latest build of Dial-a-fix.
1) Reboot so you're starting with a clean slate.
2) Run all of DAF section #5 (Registration center).
3) Run DAF section #3 (WU/WUAU).
4) Start > Run > rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 132 %systemroot%\inf\au.inf
(Note: the above command is one huge line — it has been wrapped for easier reading)
5) Immediately merge this .reg file: win2ksvchost.reg
6) Reboot.
7) Try Windows Update again. If it fails, try clicking "Flush SoftwareDistribution" in Dial-a-fix (and answer No) and then try Windows Update again.

Some combinations of the above steps usually fix it. Each machine seems to freak out a bit differently, so your results may vary.