i have followed the procedure and here r the logs that were created. first its ewido followed by rdriv
EWIDO LOG:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "ewido" 7/5/2005 12:17:23 AM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ewido]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D9498B-CF93-414F-8984-8CE7FDE0D391}\InprocServer32]
@="C:\\Program Files\\ewido\\security suite\\shellhook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}\InprocServer32]
@="C:\\Program Files\\ewido\\security suite\\context.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ewido]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\ewido]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}\1.0\0\win32]
@="C:\\Program Files\\ewido\\security suite\\context.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}\1.0\HELPDIR]
@="C:\\Program Files\\ewido\\security suite\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8209D9F-D73B-49D5-BD13-055CA660B815}\1.0\0\win32]
@="C:\\Program Files\\ewido\\security suite\\shellhook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8209D9F-D73B-49D5-BD13-055CA660B815}\1.0\HELPDIR]
@="C:\\Program Files\\ewido\\security suite\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\nmqdcp]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\pslbyxiiwi]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\pslb{qiuh]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\rwigvikw]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\symdix~]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\config\vtnftcanhxohschlrx~~]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\guard]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\security suite]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\security suite]
"InstallDir"="C:\\Program Files\\ewido\\security suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\security suite]
"Start Menu Folder"="ewido"
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\update]
[HKEY_LOCAL_MACHINE\SOFTWARE\ewido\update]
"C:\\Program Files\\ewido\\security suite\\guard.sys"=hex:30,5f,54,41,47,47,45,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"DisplayName"="ewido security suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"UninstallString"="C:\\Program Files\\ewido\\security suite\\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"InstallLocation"="C:\\Program Files\\ewido\\security suite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"DisplayIcon"="C:\\Program Files\\ewido\\security suite\\SecuritySuite.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"Publisher"="ewido networks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidosecuritysuite]
"HelpLink"="http://www.ewido.net"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"Service"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"DeviceDesc"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]
"ActiveService"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
"DeviceDesc"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]
"ActiveService"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"Service"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"DeviceDesc"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control]
"DisplayName"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver]
"DisplayName"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite driver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard]
"DisplayName"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite guard\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_GUARD\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"Service"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"DeviceDesc"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
"DeviceDesc"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"Service"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"DeviceDesc"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite control]
"DisplayName"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite control\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver]
"DisplayName"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite driver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite guard]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite guard]
"DisplayName"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewido security suite guard\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"Service"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000]
"DeviceDesc"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\0000\Control]
"ActiveService"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000]
"DeviceDesc"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_DRIVER\0000\Control]
"ActiveService"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"Service"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWIDO_SECURITY_SUITE_GUARD\0000]
"DeviceDesc"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control]
"DisplayName"="ewido security suite control"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite control\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver]
"DisplayName"="ewido security suite driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite driver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard]
"DisplayName"="ewido security suite guard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewido security suite guard\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_GUARD\\0000"
[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ewido]
RDRIV LOG
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "rdriv" 7/5/2005 12:21:28 AM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPZ\Glue\HP Deskjet 3740 Series]
"CmdLine"="-v printerdriver=HP Deskjet 3740 Series -v product=3740 -v port=USB001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
"SPLUserModePrinterDriver"="HPZNTU10.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
"SPLUserModePrinterDriver"="HPZNTU10.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP Deskjet 3740 Series\PrinterDriverData]
"SPLUserModePrinterDriver"="HPZNTU10.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="rdriv"
[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"g"="C:\\Documents and Settings\\hawk\\Desktop\\rdriv.rtf"
[HKEY_USERS\S-1-5-21-842925246-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rtf]
"f"="C:\\Documents and Settings\\hawk\\Desktop\\rdriv.rtf"