Unknown driver

Discussion in 'ESET Smart Security' started by Sacles, Nov 12, 2012.

Thread Status:
Not open for further replies.
  1. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Last edited: Nov 12, 2012
  2. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    Did you also selected that hidden devices are being shown in device manager?
    The hidden drivers are displayed under the category: non plug and play compatible drivers. Otherwise you will not see the hidden drivers.

    Regards,
    Niels
     
  3. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    Yes of course.

    Regards.
     
  4. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    Just to be sure, after you removed that driver, did you also create a new snapshot. If not it's absolutely normal that the driver is still present, because the snapshot was taken before the removal. The driver should be visible in the %systemdrive%/windows/system32/drivers/. Check also that location.
    The location in the registry is HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\efavdrv

    Regards,
    Niels
     
  5. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    Thanks.

    Yes.

    I do this:
    - I use again ESET Rogue Application Remove
    - After this use, efavdr is present in the device manager
    - From the device manager, I remove the driver.
    - I restart the PC
    - I make a new snapshot with Eset SysInpector
    - efavdr is always present in the report of Eset SysInspector.
    - I look if efavdrv is in the registry.

    Result: yes:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EFAVDRV\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EFAVDRV\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EFAVDRV\{CLÉ}

    Question: Can I delete all these keys?
     
  6. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    You can delete the remaining registry keys except/ excluding the first key.

    Regards,
    Niels
     
  7. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Erasing completed (except the 1st and the last three).
    New report of ESET SysInspector: no trace of efavdrv in the driver.

    The problem is solved. Thanks.
     
  8. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    No problem.

    Regards,
    Niels
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.