Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rdriv installation


  • This topic is locked This topic is locked

#31
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
thankz.
i have followed the procedure and here r the logs that were created. first its ewido followed by rdriv


EWIDO LOG:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "ewido" 7/5/2005 12:17:23 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ewido]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D9498B-CF93-414F-8984-8CE7FDE0D391}\InprocServer32]
@="C:\\Program Files\\ewido\\security suite\\shellhook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}\InprocServer32]
@="C:\\Program Files\\ewido\\security suite\\context.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ewido]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\ewido]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}\1.0\0\win32]
@="C:\\Program Files\\ewido\\security suite\\context.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}\1.0\HELPDIR]
@="C:\\Program Files\\ewido\\security suite\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8209D9F-D73B-49D5-BD13-055CA660B815}\1.0\0\win32]
@="C:\\Program Files\\ewido\\security suite\\shellhook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8209D9F-D73B-49D5-BD13-055CA660B815}\1.0\HELPDIR]
@="C:\\Program Files\\ewido\\security suite\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\nmqdcp]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\pslbyxiiwi]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\pslb{qiuh]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\rwigvikw]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\symdix~]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\vtnftcanhxohschlrx~~]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\guard]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\security suite]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\security suite]
"InstallDir"="C:\\Program Files\\ewido\\security suite"

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\security suite]
"Start Menu Folder"="ewido"

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\update]

[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\update]
"C:\\Program Files\\ewido\\security suite\\guard.sys"=hex:30,5f,54,41,47,47,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"DisplayName"="ewido security suite"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"UninstallString"="C:\\Program Files\\ewido\\security suite\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"InstallLocation"="C:\\Program Files\\ewido\\security suite"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"DisplayIcon"="C:\\Program Files\\ewido\\security suite\\SecuritySuite.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"Publisher"="ewido networks"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"HelpLink"="http://www.ewido.net"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"Service"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"DeviceDesc"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]
"ActiveService"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
"DeviceDesc"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]
"ActiveService"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"Service"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"DeviceDesc"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control]
"DisplayName"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver]
"DisplayName"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard]
"DisplayName"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_GUARD\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"Service"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"DeviceDesc"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
"DeviceDesc"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"Service"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"DeviceDesc"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite control]
"DisplayName"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite control\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver]
"DisplayName"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite guard]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite guard]
"DisplayName"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite guard\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"Service"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"DeviceDesc"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]
"ActiveService"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
"DeviceDesc"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]
"ActiveService"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"Service"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"DeviceDesc"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control]
"DisplayName"="ewido security suite control"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver]
"DisplayName"="ewido security suite driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard]
"DisplayName"="ewido security suite guard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_GUARD\\0000"

[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ewido]








RDRIV LOG


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "rdriv" 7/5/2005 12:21:28 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPZ\Glue\HP Deskjet 3740 Series]
"CmdLine"="-v printerdriver=HP Deskjet 3740 Series -v product=3740 -v port=USB001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
"SPLUserModePrinterDriver"="HPZNTU10.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
"SPLUserModePrinterDriver"="HPZNTU10.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
"SPLUserModePrinterDriver"="HPZNTU10.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001

[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="rdriv"

[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"g"="C:\\Documents and Settings\\hawk\\Desktop\\rdriv.rtf"

[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rtf]
"f"="C:\\Documents and Settings\\hawk\\Desktop\\rdriv.rtf"
  • 0

Advertisements


#32
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Thanks kanishka, you are doing great sofar.

Are you logged in as HAWK?
The user account HAWK, is that an account with all rights or is it a restricted account?
  • 0

#33
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
hawk is the user name that i gave while xp installation. when it asks the name of the user.its not a restricted account.
  • 0

#34
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
:tazz: there has been no reply from ur side . my processing of comp is also very slow now. what to do plz tell me something how to get rid of it. is there any solution or i'll have to format my comp. ;)
  • 0

#35
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]

Copy the text from the box to a notepad file.

Save it as geeks.reg

Save it to your desktop

Make sure type is changed to 'all types'.

Then close notepad.

Doubleklik the file and grant permission to add it to the Registry.

Edited by g2i2r4, 09 July 2005 - 08:49 AM.

  • 0

#36
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
RIGHT-CLICK HERE and Save As (in Internet Explorer, it's "Save Target As") in order to download the fixrdriv.reg file. Save it to your deskop.

Locate fixrdriv.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

Reboot and let me know how things are now.

Edited by g2i2r4, 09 July 2005 - 03:56 AM.

  • 0

#37
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
hello . well the code that u gave i copied it in the notepad and followed exactly as u said.but there was a error when i tried to merge it with the regestry here is wat it said


cannot import c:\DOCUME~1\hawk\Desktop\geeks.reg: the specified file is not a registry script.
you can only import binary registry files from within the registry editor.


so due to this i havent followed the next step what shall i do.
  • 0

#38
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
You have the file on your desktop. Does it look like a square with bricks falling?
  • 0

#39
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
yes it is in the form of bricks falling
  • 0

#40
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please make a change

Open the file with Notepad, the first line in the document should be:
REGEDIT4
No empty line in front of it.

***

Please RIGHT-CLICK: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Edited by g2i2r4, 09 July 2005 - 08:48 AM.

  • 0

Advertisements


#41
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
ya i did all the things u said. i merged all the registries that is,smitfraud,fixrdriv and geeks. and then restarted my computer. the bad news is that the installation window is still comming. now what shall i do.
  • 0

#42
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I'll consult my collegues on this one. I'll be back.
  • 0

#43
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
We'd like you to follow this next advise in one run.

Please follow all instructions exactly as specified. I would advise printing them out so you're sure to follow all instructions.

Copy the below instructions (until you get to the purple text). Paste them into notepad and save it for use while in Safe Mode. This is important because it has to be done exactly in order for this to work

I need you to reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. use your up arrow key to highlight Safe Mode, then hit enter.

After getting into Safe Mode, Go to Start > Run type in:

cmd

Click OK.

A black window will open up.

Copy the below line, exactly, and paste it into the black window:

attrib -h -r -s C:\WINDOWS\system32\rdriv.sys

Hit Enter.

When it goes to the next line, copy the below line, exactly, and paste it into the black window:

del C:\WINDOWS\system32\rdriv.sys

Hit Enter.

Then type exit

[END OF INSTRUCTIONS TO COPY FOR SAFE MODE]

Reboot into normal mode.

RIGHT-CLICK HERE and Save As (in Internet Explorer, it's "Save Target As") in order to download the fixrdriv.reg file. Save it to your deskop.

Locate fixrdriv.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

After the "merged successfully" prompt, please do the following:

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\system32\rdriv.sys
C:\WINDOWS\ItunesMusic.exe
C:\WINDOWS\wkssvc.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at the "PendingRenameOperation" prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
  • Double-click the Ewido Security Suite icon to run the program.
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot into normal mode.

Run BOTH of these online virus scans (NOT at the same time!):
ActiveScan
TrendMicro's HouseCall - check "Auto Clean"
Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic.

Edited by g2i2r4, 10 July 2005 - 02:39 AM.

  • 0

#44
kanishka

kanishka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
hello. i have something to tell u . when i go in safe mode i have two options to get in one is administrator and the other is hawk. since the file on the desktop do not appear when going in administrator, so i went in to hawk . i started the cmd window and then i entered

attrib -h -r -s C:\WINDOWS\system32\rdriv.sys

so in the next line a error came saying there is no file in existense.

and i also wanted to tell u that those installation windows r also comming when botting in safe mode.

waiting for ur reply.
  • 0

#45
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you move on with the 'normal mode' part?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP