SOLUTION? “Class not registered” when trying to open Chrome in Windows 8.1/10

Recently I have been seeing an increased incidence of this particular issue on newer Windows 8/8.1/10 machines.  It occurs when the user attempts to launch Chrome via any shortcut on the Desktop, taskbar, or elsewhere, or when opening any file or protocol (URL, etc.) associated with Chrome.  The only permanent “solution” is to create a direct shortcut to the Chrome.exe executable in the %PROGRAMFILES(x86)%\Google\Chrome\Application directory and then launch it from there.  However, this doesn’t fix the problems with trying to open .HTML files and URL links from other applications, which still trigger the error.

Lots of suggestions abound across the internet regarding ways to temporarily correct this problem.  Most of them center on the deletion of the Chrome Classes registry keys affiliated with the file/protocol associations, but these are only temporary; the problem resurfaces each and every time Chrome updates itself, which happens a lot.

Instead, there seems to be a much easier solution.  Bear in mind that I have only thus far tried this on one machine, but it worked immediately, and it jives with other research I’ve done on related subjects.  Please let me know in the comments if this solution also works for you.

The fix?

  1. Uninstall Java (all versions).
  2. Uninstall Chrome.
  3. Reboot.
  4. Reinstall Chrome.

This corrected the problem completely on my user’s machine.  It may or may not work for you; if it doesn’t, try one of these other solutions:

  1. Open regedit.
  2. Delete (if present) the following registry keys:
    1. HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}
    2. HKLM\Software\Classes\Chrome
    3. HKLM\Software\Classes\ChromeHTML\open\command\DelegateExecute
  3. Reboot.


  1. Open Default Programs and set a different browser temporarily to default (for example, IE).
  2. Open Chrome and choose to set it as default when automatically prompted.

Hopefully this helps someone else struggling with this problem.

ASUS Q502LA Official Driver Downloads

Looking for drivers for your ASUS Q502LA notebook? Good luck, because entering the model number at the ASUS website won’t get you to the right page.  Wondering why that is?  So was I, so I eventually located the correct page and have made the link available for you here:

That’s it.  Because you need a support post to find drivers on ASUS’ fundamentally broken website.

By the way: if you’re having trouble with sleep/resume (you see a black screen) after upgrading to Windows 10 on this machine, you’ll want to ensure you have the latest ASUS system software installed (ATK, FlipLock, etc.) as well as the latest BIOS version.

SOLUTION: Cannot Uninstall Microsoft Security Essentials from Windows 10

Recently, I encountered two different workstations that had upgraded to Windows 10 from Windows 7 on which Microsoft Security Essentials inexplicably was not uninstalled during the upgrade process by Windows Setup.  This is baffling, because MSSE isn’t designed to work with Windows 10 (it doesn’t work), and plus, it precludes the use of Windows Defender, which is essentially the Windows 10 upgraded equivalent of MSSE.

If you’re in the same situation, you’ll also discover that it is impossible to remove Microsoft Security Essentials from Programs and Features; when attempting to do so, you simply receive a generic message which states “You don’t need to install Microsoft Security Essentials.”  That’s great, Microsoft, because we don’t want to install it, we want to uninstall it.

Anyway, the solution to this problem is actually quite simple:

  1. Press Windows Key + R to open the Run dialog.
  2. In the Open: field, type:
    • explorer “%PROGRAMFILES%\Microsoft Security Client\”
      and press ENTER.
  3. Highlight the file Setup.exe, right-click it, and choose Properties.
  4. Choose Compatibility.
  5. Click Change settings for all users.
  6. Check the box next to Run this program in compatibility mode for: and choose Windows 7 from the drop-down box.
  7. Click OK on all dialogue boxes to exit all windows.
  8. In the search box at the bottom of the screen, type cmd. At the top of the pop-up window, underneath the heading Best matchright-click Command Prompt and choose Run as administrator.
  9. In the Command Prompt window that opens, type the following command:
    • “%PROGRAMFILES%\Microsoft Security Client\setup.exe” /x /disableoslimit
  10. Follow the instructions to uninstall.

That’s it!

Special thanks to corrado_boy_g60 at the Microsoft Community for information leading to this solution.

SOLUTION: Mouse cursor freezes after typing in Windows 10

Recently, a client came to me with a problem where his mouse cursor would freeze for a few seconds after pressing any key on the keyboard in Windows 10.  The delay was driving him nuts, and I empathized with him after using the computer for a short time.

In retrospect, the problem appears to be mostly limited to Synaptics drivers, and only on systems where such drivers are installed and active within Windows 10 (which also features its own “precision” touchpad driver settings).

Fortunately, the solution — while elusive — was simple:

  • Search Mouse in the searchbox at the bottom of the screen; Choose Mouse & touchpad settings from the results
  • Choose Additional mouse options
  • Click the ClickPad tab, then click Settings…
  • Click the Advanced tab
  • Set the Filter Activation Time slider all the way to 0.

touchpad(Note the slider just below the touchpad diagram)

That’s it!

SOLUTION: Windows 10 Start Menu text is unreadable / too dark

This problem seems to affect primarily Haswell-based notebooks with Intel HD Graphics drivers in use.  I have not yet seen it affect Broadwell chipsets, but it may.

The issue is that the Start Menu text is too dark — and in fact, it becomes gradually darker — and illegible, fading into the background of the Start Menu.  While it seems likely that a Windows 10 setting (or theme) should be to blame, it actually is neither.

The problem is the Intel Graphics driver, which includes a setting that purports to implement application-specific fixes.  To correct the problem, all you have to do is disable the setting and reboot the PC:

  1. Right-click the Desktop and choose Graphics Properties…
  2. Choose 3D.
  3. Under Application Optimal Mode, click Disable.
  4. Reboot the PC.

The problem is solved!

It’s likely in the future that Intel will correct their driver optimization presets for the Windows 10 desktop windows manager / Explorer.exe, but until that day, this is the correct workaround.

SOLUTION: Windows Update cannot currently check for updates, because the service is not running.

A common problem following the replacement of a hard drive (or other low-level storage-related change, such as a storage driver or interface change) is a broken Windows Update.  I’ve been seeing this more and more frequently, in fact, on Windows 7 machines after performing drive recoveries and installing a new drive.

The exact message is:

Windows Update cannot currently check for updates, because the service is not running.  You may need to restart your computer.

While lots of solutions are offered across the internet for this problem, ultimately, it’s actually relatively simple: the storage driver is frequently to blame.  Specifically, the Intel storage driver (generally iaStor.sys), which comes as a part of the Intel Matrix Storage Manager package (renamed to Intel Rapid Storage Technology on later versions of Windows).

It’s been documented in other places as well that this is in fact the root of the problem.

Problem is, there are different versions of the Intel Matrix Storage Manager for each manufacturer — so it isn’t always possible to simply download the latest version directly from Intel and install it.

The HP version of that driver is listed above, and it will indeed work for many systems in question.  For other manufacturers, it’s best to search for the driver manually and download it directly from the PC manufacturer’s web site.  You can use search terms such as:

intel rapid storage technology driver ich10r vista 32-bit

To locate a suitable version for your particular situation.

If this still does not correct your issue, you may need to follow up the driver upgrade with a reset of the Windows Update repository:

  1. Open an elevated Command Prompt (Run as Administrator).
  2. Type the following commands (pressing ENTER after each one):
    1. net stop wuauserv
    2. net stop bits
  3. Open a Windows Explorer window and navigate to %WINDIR% (e.g., normally C:\Windows).
  4. Rename SoftwareDistribution to SoftwareDistribution.old.
  5. Return to the elevated Command Prompt and type these commands:
    1. net start wuauserv
    2. net start bits

This procedure has corrected the problem on all of the PCs where I’ve encountered it thus far.

SOLUTION: Malware extensions continually reload within Chrome even after reinstallation

Greetings again random internet-surfing technology enthusiasts,

Today, I’d like to tackle a puzzling issue that many techs encounter with regard to disinfecting Chrome and problematic extensions that manifest within it.  Of course, anyone with any technical expertise is aware of the fact that browser extensions are currently one of the hottest attack vectors for unsuspecting users’ machines, but removing and keeping such extensions from reloading is another matter entirely.  Some of examples of these include:

  • AdBlocker (not the legitimate and excellent AdBlock)
  • Vosteran Search
  • WebProtector
  • and many, many others

Most techs use some degree of automatic scanning and removal tools, and that’s fine, provided they don’t rely on them exclusively (as it doesn’t work… something I’ve covered countless times in the past).  However, even those who dabble in manual or assisted-manual disinfection procedures have probably found that Chrome is one of the most problematic items to permanently clean on a user’s PC.  This is ironic because Chrome also happens to be the browser I recommend to my clients for safety and speed currently (and it has been for quite some time).  Does that mean that we should move on to a different browser choice instead?

Fortunately, nope.  There is indeed a pretty universal solution to this problem, and today I’ll reveal it to you.  For purposes of illustration, we’ll choose the third example extension I listed above for today’s explanation (WebProtector).

Each Chrome extension is affiliated with a unique identifier to help users locate and install the extension from the Chrome Web Store.  WebProtector’s, for instance, happens to be kfecnpmgnlnbmipaogfhoacoioifjgko.  The Web Store does indeed host this extension in spite of its fraudulence; and Google, for all their great work in producing a relatively safe browser in Chrome, have done a pretty terrible job of keeping the store cleaned of such filth.  The problem with WebProtector (and many of these other extensions) is that even after they’re cleaned from the computer and all other malware is removed, the users may find that they reload themselves regardless later on with little or no warning.  You might think that completely uninstalling Chrome, removing all directories on the system relating to Chrome, and cleaning/resetting the user’s Chrome Data profile (as I described in another post recently) should logically solve the problem.  But it doesn’t.  The extension yet again reloads itself upon future reinstallations.

The answer to the puzzle is Policies in the Windows registry.  Chrome stores its policies in the following two keys:

  • HKCU\Software\Policies\Google
  • HKLM\Software\Policies\Google

Under these keys you will find a subkey called Extensions; it is from this key that Chrome is instructed to load the infected extensions upon each reinstallation and subsequently thereafter at regular intervals.  Simply deleting these keys (provided the user is not reliant on any policies in Chrome for administrative purposes) will prevent the behavior.  At an elevated command prompt, try typing these commands:

REG DELETE “HKCU\Software\Policies\Google” /f
REG DELETE “HKLM\Software\Policies\Google” /f

Specifically, the autoinstall keys that are likely being used are:



However I like to remove the entire Policies key on most machines as other suspect keys are also often used, such as whitelisting of bad extensions and even blacklisting of good ones.

It also goes without saying that the extension itself must first be removed for this to work.  That includes killing the keys relating to it in the following locations:

  • HKLM\SOFTWARE\Google\Chrome\Extensions\
  • HKCU\SOFTWARE\Google\Chrome\Extensions\

As well as the associated files within the user’s Chrome User Data directory.  If you’re really just looking to clean sweep the entire program, you can follow my previous instructions to backup the user’s Bookmarks and other personal items and then simply wipe out all related keys and files after uninstalling Chrome.  This will finally solve the problem!

SOLUTION: CPU Throttling on Dell Latitude Ultrabooks (E7440, E7240) after power exceptions

Recently I have seen multiple instances (fairly rarely, but nevertheless) of the newer Dell Latitude Ultrabooks (circa 2013/2014 models, E7440 and E7240 specifically) throttling CPU frequencies under exceptional power conditions (such as possibly a misbehaving AC adapter or extremely low battery condition while under load).  I haven’t confirmed the exact circumstances which lead to this behavior, but I do know of a solution.

I first noticed this when a client recently reported sluggish operation of his brand-new E7440 Ultrabook… which, of course, made little sense considering the blazingly-fast parts (SSD included) that we purchased for him.  I checked the software briefly and saw no issues which would suggest configuration problems.  However, upon opening Task Manager, under the Performance tab, the CPU frequencies were reportedly below 400 MHz permanently–which, of course, is incredibly low considering the max Turbo Boost frequency of the i5 Haswell CPU he had of 2.8 GHz.  Fortunately, I had seen this problem once before.

My theory is that it is likely related to power disruption conditions, as I have only thus far seen it happen in circumstances where an AC adapter was not providing proper voltage or where the machine was in a very low battery state while sustaining heavy CPU loads for some reason (Windows Updates, etc.).  The machine responds by throttling CPU clock rates to protect itself from possible damage, but the problem is that it never reverts from this throttled state until it is powered off and the battery is removed.

Fortunately, the solution is easy, if not a bit difficult to discover.  All that is required is a BIOS update to the latest firmware available from Dell (, search for your particular model).  In my most recent client’s case, an upgrade from A05 to A15 immediately corrected the problem.  It remains to be seen whether it recurs, but I do not expect it to given the last instance I saw, where we did just the same thing and the problem was permanently corrected.

Poweliks: Widespread malware without a filesystem object

Preliminary note:  This process will normally remove Poweliks from a system.  However, Poweliks is merely a tiny fraction of what is usually also alongside it on an infected system; after all, it is a downloader.  So if you’re trying DIY disinfection, just be advised that there is a very good chance that your system is still infected even after this process by multiple other malware families.  I would advise hiring a professional in your local area to assist with the job instead of risking your personal information and data!

I’ve long been preaching that scanners just don’t do the trick as a universal, one-size-fits-all solution to malware, and that’s precisely because they can’t possibly catch everything.  The latest zero-day threats will always find a way to evade even the best antimalware tools in some capacity, and because of that, a complete reliance on scanners for either proactive blocking of threats or removal of existing embedded threats is misguided and will always run into trouble.

This latest threat, which has now been circulating for a few months, is a perfect example of this.  It’s called Poweliks, and it’s unique for one very specific reason: it infects the system without the use of a filesystem component at all.  Now, it’s not like this is the first threat to accomplish such things; before it, we had such interesting specimens as the TDL4 rootkit, which created a hidden, encrypted partition at the end of the drive containing the rootkit’s code, which was loaded at each boot before the Windows partition.  Eventually, however, this rootkit was identifiable (at least, somewhat) via the presence of a conspicuous (and suspicious) 10 MB or so empty space (RAW) at the end of a drive.  And it was easy to kill: simply delete that partition from offline and set the proper Windows partition as active.

Poweliks uses a totally different approach: it embeds itself in the system’s registry in an encrypted key that actually contains the body of the malware as opposed to mere settings and program data (as is intended for the Windows registry to contain).  The identity of the key has changed across variants, but the most recent one I’ve seen is:


What about symptoms?  Well, they’re not all that clear-cut.  The machine will certainly be slower than normal.  Apart from that, it may simply be generally infected, as that’s what Poweliks is all about: downloading other infections.  The problem is that you cannot search for a particular process in memory or even a file on the hard drive, as no file exists and the process is always a completely legitimate one.

However, at least as of currently, it is not random.  The most recent process which has been associated with Poweliks infections is dllhost.exe.  It’s a totally normal process, so seeing it running by no means indicates infection.  However, seeing it running persistently and for long periods of time is a bit more suspicious if you’re having other symptoms.  And if you close dllhost.exe using Task Manager and it repeatedly reappears in multiple instances, it’s a really suspicious scenario.  You’ll also likely see tons of other random (normally legitimate) processes running which should not need to be running.  These can’t be specified here as they are random.

For further diagnosis, however, you can download Process Explorer to inspect the genealogy of the processes that are currently running.  It’s a dead giveaway: if dllhost.exe is launching dozens of other processes, you know it’s Poweliks.


This isn’t so bad at all if you know how to tackle it!

The easiest way to handle it is to prepare with a tool that can handle removal first.  In this case, I recommend RogueKiller.

NOTE:  This tool isn’t to be used lightly, especially by those who aren’t thoroughly familiar with computer repair.  By design, it is heavy on false positives, so take care when agreeing to remove what it flags as suspicious.

Try the following approach:

  1. Open RogueKiller; allow the prescan to finish.  Run a scan.
  2. Once the scan completes, look for its detection of Poweliks on the Registry tab.  Be sure it is selected for removal.
  3. Open Process Explorer.  Pause all dllhost.exe processes.  Kill all processes below any dllhost.exe process once the processes have been paused.
  4. Click Delete on the RogueKiller window and immediately reboot the system.

With any luck, upon reboot, the malware will be gone.  By pausing the process with Process Explorer, you essentially negate the malware’s ability to detect its neutralization via watchdog processes that relaunch the dllhost parent process after it’s killed.  That enables disinfection to take place before the malware is relaunched and the registry key is reinfected.

Of course, to repeat myself, keep in mind that Poweliks is merely a tiny fraction of what is usually also alongside it on an infected system; after all, it is a downloader.  So if you’re trying DIY disinfection, just be advised that there is a very good chance that your system is still infected even after this process by multiple other malware families.  I would advise hiring a professional in your local area to assist with the job instead of risking your personal information and data!

Guide: Western Digital WD5000F032 External Hard Drive Disassembly

Everyone who does any sort of data recovery knows that Western Digital external hard drives can be a real pain to break into if they fail.  While I’ve found plenty of extremely helpful visual guides to disassembly of these models in the past, the model I received today for repair wasn’t among them.  It’s a WD5000F032 (also WD5000C032, and perhaps other similar model numbers as well), and the method to disassemble it is completely different.

So I took it upon myself to create a guide of my own.  Hope this helps you!

Western Digital WD5000F032 external hard drive Disassembly

Western Digital WD5000F032 external hard drive Disassembly

Step 1 - Remove the rubber liner

Step 1 – Remove the rubber liner

Step 2a - Press the plastic tabs on top...

Step 2a – Press the plastic tabs on top…

Step 2b - ...and bottom

Step 2b – …and bottom

Step 3 - Slide the contents out of the shell casing

Step 3 – Slide the contents out of the shell casing

Step 4 - Remove screws

Step 4 – Remove screws

Step 5 - Remove more screws

Step 5 Step 5 – Remove more screws

Step 6 - Remove the final screw

Step 6 – Remove the final screw

Step 7 - (Optional) remove the drive from the bracket

Step 7 – (Optional) remove the drive from the bracket