Unknown driver

Discussion in 'ESET Smart Security' started by Sacles, Nov 12, 2012.

Thread Status:
Not open for further replies.
  1. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Last edited: Nov 12, 2012
  2. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    Did you also selected that hidden devices are being shown in device manager?
    The hidden drivers are displayed under the category: non plug and play compatible drivers. Otherwise you will not see the hidden drivers.

    Regards,
    Niels
     
  3. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    Yes of course.

    Regards.
     
  4. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    Just to be sure, after you removed that driver, did you also create a new snapshot. If not it's absolutely normal that the driver is still present, because the snapshot was taken before the removal. The driver should be visible in the %systemdrive%/windows/system32/drivers/. Check also that location.
    The location in the registry is HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\efavdrv

    Regards,
    Niels
     
  5. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    Thanks.

    Yes.

    I do this:
    - I use again ESET Rogue Application Remove
    - After this use, efavdr is present in the device manager
    - From the device manager, I remove the driver.
    - I restart the PC
    - I make a new snapshot with Eset SysInpector
    - efavdr is always present in the report of Eset SysInspector.
    - I look if efavdrv is in the registry.

    Result: yes:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\efavdrv\DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\ImagePath
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\efavdrv\DisplayName
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EFAVDRV\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EFAVDRV\{CLÉ}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EFAVDRV\{CLÉ}

    Question: Can I delete all these keys?
     
  6. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    You can delete the remaining registry keys except/ excluding the first key.

    Regards,
    Niels
     
  7. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Erasing completed (except the 1st and the last three).
    New report of ESET SysInspector: no trace of efavdrv in the driver.

    The problem is solved. Thanks.
     
  8. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello Sacles,

    No problem.

    Regards,
    Niels
     
Thread Status:
Not open for further replies.