[needafix]

Does anyone know what software this represents:

HKEY_LOCAL_MACHINE\SOFTWARE\685D6D1C-D73A-4F37-B7E5E53660311DDB

It will not go away upon any type of removal and the only reference I can find to it are on two Chinese websites that need to be translated by Google and even then the translation is useless.

[Cookiegal]

If you highlight it in the registry, is there any information showing in the pane on the right side, such as a file name, etc.?

In the pane on the left side is there a + to the left of that entry? If so, please click on it and let me know what is listed below it.

[needafix]

No. Just an empty key:

(Default) REG_SZ (value not set)

[Cookiegal]

Go to Start - Run and copy and paste the following:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\685D6D1C-D73A-4F37-B7E5E53660311DDB"

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.

[needafix]

No results. I don't find a look.txt anywhere.

[Cookiegal]

Are you sure you copied and pasted it and didn't try typing it? Did you look in C: for the look.txt file?

[needafix]

Yeah. Now I notice that the key in question is gone. That's why your suggestion didn't work is that now the key is missing.

I tried your suggestion on another key and it works just fine.

Is there a way to adjust the input so that the look.txt will still be created but contain a message saying the key was not found or some such thing?

Even though it is gone I still find it suspicious because it is empty but may have been cleaned out after it served its purpose and that I only find a reference to it in a search engine here on this site and on a Chinese website.

http://www.google.com/#hl=en&q=HKEY_...e34627c46f57f4

Even more suspicious is that I couldn't get rid of it by any known means but if I mention it publicly such as I have done then suddenly the key in question disappears without my intervention.

Very strange indeed.

[perfume]

What A-V and Firewall are you having? I keep getting these "Network Intrusion Attacks" from Chinese sites, but are always blocked by the Kaspersky internet Security Suite 2009, i have.Looks like the UDP attacks were virus attacks from sites which have a poor reputation!

[Cookiegal]

How did you first notice this key? Were you just looking in the registry or did some scanner detect it?

[needafix]

Quote:

Originally Posted by Cookiegal

How did you first notice this key? Were you just looking in the registry or did some scanner detect it?

I noticed it a week or two I suppose.

CCleaner 2.19 listed it as worth deleting under the registry cleaning function.

It was new on the list compared to things I see there regularly and I always check the new stuff to see what it is just in case.

[Cookiegal]

Quote:

Originally Posted by needafix

CCleaner 2.19 listed it as worth deleting under the registry cleaning function.

It was new on the list compared to things I see there regularly and I always check the new stuff to see what it is just in case.

Did you have CCleaner remove it? If not, if you run CCleaner again, does it still show up?

[needafix]

Quote:

Originally Posted by perfume

What A-V and Firewall are you having? I keep getting these "Network Intrusion Attacks" from Chinese sites, but are always blocked by the Kaspersky internet Security Suite 2009, i have.Looks like the UDP attacks were virus attacks from sites which have a poor reputation!

I have been using NIS 2009 but the firewall logs for it are pathetically lacking information.

I prefer Zone Alarm since it logs all blocks in detail.

I don't see that NIS 2009 has detailed in/out traffic control by the user when it could easily take 2 or more days to get Zone Alarm setting to what is approved to go in and out by the user.

I like the detail compared the the plug in and play protection.

[needafix]

Quote:

Originally Posted by Cookiegal

Did you have CClean remove it? If not, if you run CCleaner again, does it still show up?

It never did get rid of it though I tried many times. I suppose it may have gotten rid of it and it came back. I tried other cleaners too.

Now it's just plain gone as if it grew legs and walked away.

I know what I can do.

I can search all of my .reg backups for that key and in one of them may list what software was listed under that mysterious key.

Back in a bit.

[Cookiegal]

Quote:

Originally Posted by needafix

It never did get rid of it though I tried many times. I suppose it may have gotten rid of it and it came back. I tried other cleaners too.

Now it's just plain gone as if it grew legs and walked away.

I know what I can do.

I can search all of my .reg backups for that key and in one of them may list what software was listed under that mysterious key.

Back in a bit.

Yes, that would be indeed be helpful.

[needafix]

It is listed in all of my .reg backups but no data is listed for that key like there is all the others but the key in question does go back as far as 04/29/2009.