In Device Manager under Non-Plug and Play Drivers I am showing an entry for "08DA89C5597EC8DE". without quotations of course. I try to keep a pretty close eye on this so I can completely uninstall all instances of any software I may trial. I do not recall seeing this entry prior to installing the the current vers. of RKU. Can someone please confirm one way or the other if it belongs\or not to RKU? Win 2k SP4 PC. BTW, a Google turns up 0. Thanks in advance.

That's probably it.
Have a Look with Process explorer: RkU driver not hidden

Uninstall RkU: it will be gone.

Hello,
When testing RkU, it kicks off with a random name. The running process is also random-named. RKR does the same thing. Why? I guess the developer could pipe in, I guess to disguise itself from signature-based detection by malware.
Mrk

-{ Quote: "That's probably it.
Have a Look with Process explorer: RkU driver not hidden

Uninstall RkU: it will be gone." }-


Thanks for the info. Uninstalling RkU is no guarantee that it will be gone though. Have had many a piece of software leave it`s hidden driver behind.
Will probably load up Process Explorer later and track it down just to play it safe though.

-{ Quote: "Hello,
When testing RkU, it kicks off with a random name. The running process is also random-named. RKR does the same thing. Why? I guess the developer could pipe in, I guess to disguise itself from signature-based detection by malware.
Mrk" }-


In theory a very good idea. Hoping as well the developer will confirm. Seems though after reading another thread here that he may have his hands full right now.

More headaches thanks to $M. Would been beneficial for users if some identifying measure was put into place, beit highlighted color text or icon, or something to alert regular users of newly added program payloads; drivers,files, and all now wouldn't it.

As to RKUnhooker is proven safe and effective but any program can leave behind what A2 calls "traces" and a lot of times they can be found Listed in the registry, yours might be no exception there. Try to search the registry for that entry and see if a match shows up. Plenty of places to check but i would venture to that first.

You may consider in the future in investing in a small Registry Program that i've used for years. It searches the registry extremely fast and helps list items with ease. Registry Crawler by 4developers (http://www.4developers.com/regc/index.htm)

-{ Quote: "Try to search the registry for that entry and see if a match shows up. Plenty of places to check but i would venture to that first.

You may consider in the future in investing in a small Registry Program that i've used for years. It searches the registry extremely fast and helps list items with ease. Registry Crawler by 4developers (http://www.4developers.com/regc/index.htm)" }-

Found these instances.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_08DA89C5597EC8DE

then in a sub-folder 0000 as a DeviceDesc & a Service REG_SZ

Also in ControlSet2 and CurrentControlSet same as above.

Going to have a look at Registry Crawler as well.
Thank you EASTER.2010

as per Easter: M$ issues with reg entries :ouch:

The randomly named driver will/should be gone with uninstall.
Interesting tool eh.

The same/similar regentries are obviously harmless and can be removed.

You can track the install with InCtrl5 if you want.
http://www.pcmag.com/article2/0,4149,9882,00.asp
This is a great read as to how Inctrl works. Useful tool
Small fee for Dl of latest from PCMag.

-cough- Inctrl maybe available for free elswhere if you want.

-{ Quote: "-cough- Inctrl maybe available for free elswhere if you want." }-

:o ;D ;) thanks