Hello, EEST SysInpector reports that my PC has a driver that I do not see anywhere: - in the device manager: no trace ( I had deleted it a few weeks ago: https://www.wilderssecurity.com/showthread.php?t=331542). - in the file: no trace (I can see the hidden files) - in the registry: no trace The name of this driver is efavdrv: http://uppix.net/4/0/9/4744ca91711ff964fb27819a18953.png Why ESET SysInpector reported it this driver?
Hello Sacles, Did you also selected that hidden devices are being shown in device manager? The hidden drivers are displayed under the category: non plug and play compatible drivers. Otherwise you will not see the hidden drivers. Regards, Niels
Hello Sacles, Just to be sure, after you removed that driver, did you also create a new snapshot. If not it's absolutely normal that the driver is still present, because the snapshot was taken before the removal. The driver should be visible in the %systemdrive%/windows/system32/drivers/. Check also that location. The location in the registry is HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\efavdrv Regards, Niels
Hello, Thanks. Yes. I do this: - I use again ESET Rogue Application Remove - After this use, efavdr is present in the device manager - From the device manager, I remove the driver. - I restart the PC - I make a new snapshot with Eset SysInpector - efavdr is always present in the report of Eset SysInspector. - I look if efavdrv is in the registry. Result: yes: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\{CLÉ} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\DisplayName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\{CLÉ} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\DisplayName HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\{CLÉ} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\DisplayName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EFAVDRV\{CLÉ} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EFAVDRV\{CLÉ} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EFAVDRV\{CLÉ} Question: Can I delete all these keys?
Hello Sacles, You can delete the remaining registry keys except/ excluding the first key. Regards, Niels
Erasing completed (except the 1st and the last three). New report of ESET SysInspector: no trace of efavdrv in the driver. The problem is solved. Thanks.