Which Software Installed That Driver - And When?

Installing a software that includes a driver may leave your system in an inconsistent state. If the install fails, parts may remain on the system. And if the remaining part is a driver, I get nervous - drivers are not the kind of stuff I want to have lingering around my system’s memory. Here is a way of identifying when a driver actually got installed.

In my case, I installed, or rather tried to install, the Citrix Access Gateway (CAG) Plugin 4.6.2, a VPN client, on Windows 7 x64. That failed - the installer reported a timeout after a couple of minutes of showing a progress bar. I aborted the install, which worked, but when I rebooted the machine, it hung on shutting down. Not good.

After a reset I examined the system: nothing related to the CAG client, but in the properties of my network card I found something suspicious called “Deterministic Network Enhancer”:

Deterministic Network Enhancer - 1

But how to know whether it came from the (partly failed) install or from something entirely else? First thought: Check the timestamp of the driver file. By searching the registry, I found the driver’s entries:

Deterministic Network Enhancer - 2

To my disappointment the driver file’s dates (dne64x.sys) revealed nothing. I did not install anything in 2008 - I run Windows 7…

Deterministic Network Enhancer - 3

Then I had the idea of checking the registry. Each driver has a key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services. And each registry key has a timestamp that gets updated whenever the key itself or a direct sub-object of the key get changed. So I only had to get the timestamp of the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNE in order to know when that driver had been installed.

But… although I run the seventh incarnation of Windows its registry editor has not changed much for at least a decade. Regedit.exe has many shortcomings, one of them being that it does not show timestamps for registry keys. Luckily, other programmers are more than happy to fill the void. I found the interesting tool Registry Commander - one of its capabilities is to show registry key timestamps. It looks like this:

Deterministic Network Enhancer - 4

And that was the answer I sought. The DNE driver was indeed installed by the CAG client. Now I can safely disable or uninstall that driver.

What about you? Have you used any alternative registry editors? Do you prefer them over Regedit?

Date/TimeDriversFree ToolRegistrySetup

Comments

Related Posts

Registry Fun (Working With Hive Files)

Sometimes it is necessary to export/import data from or into the registry for some sort of additional processing. To this end, often regedit is used to create .REG files, which store a human-readable text interpretation of the registry content. .REG files can be edited easily with any capable text editor (even Notepad), and thus are a common way of making a collection of settings available to others. By the way, importing a .REG file’s data silently is done with the following command:
Windows Internals

Latest Posts

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration
After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.
Website