Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
General Security
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: Strange Key.

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
09-Aug-2009, 11:28 AM #1
Solved: Strange Key.
Does anyone know what software this represents:

HKEY_LOCAL_MACHINE\SOFTWARE\685D6D1C-D73A-4F37-B7E5E53660311DDB

It will not go away upon any type of removal and the only reference I can find to it are on two Chinese websites that need to be translated by Google and even then the translation is useless.
Cookiegal's Avatar
Administrator with 63,628 posts.
 
Join Date: Aug 2003
Location: Quebec, Canada
09-Aug-2009, 12:56 PM #2
If you highlight it in the registry, is there any information showing in the pane on the right side, such as a file name, etc.?

In the pane on the left side is there a + to the left of that entry? If so, please click on it and let me know what is listed below it.
__________________
Microsoft MVP - Consumer Security
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
12-Aug-2009, 02:18 PM #3
No. Just an empty key:

(Default) REG_SZ (value not set)
Cookiegal's Avatar
Administrator with 63,628 posts.
 
Join Date: Aug 2003
Location: Quebec, Canada
12-Aug-2009, 05:15 PM #4
Go to Start - Run and copy and paste the following:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\685D6D1C-D73A-4F37-B7E5E53660311DDB"

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.
__________________
Microsoft MVP - Consumer Security
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
14-Aug-2009, 05:44 PM #5
No results. I don't find a look.txt anywhere.
Cookiegal's Avatar
Administrator with 63,628 posts.
 
Join Date: Aug 2003
Location: Quebec, Canada
15-Aug-2009, 03:01 PM #6
Are you sure you copied and pasted it and didn't try typing it? Did you look in C: for the look.txt file?
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
16-Aug-2009, 09:37 AM #7
Yeah. Now I notice that the key in question is gone. That's why your suggestion didn't work is that now the key is missing.

I tried your suggestion on another key and it works just fine.

Is there a way to adjust the input so that the look.txt will still be created but contain a message saying the key was not found or some such thing?

Even though it is gone I still find it suspicious because it is empty but may have been cleaned out after it served its purpose and that I only find a reference to it in a search engine here on this site and on a Chinese website.

http://www.google.com/#hl=en&q=HKEY_...e34627c46f57f4

Even more suspicious is that I couldn't get rid of it by any known means but if I mention it publicly such as I have done then suddenly the key in question disappears without my intervention.

Very strange indeed.

Last edited by needafix : 16-Aug-2009 09:46 AM.
perfume's Avatar
perfume has a Photo Album
Computer Specs
Senior Member with 1,585 posts.
 
Join Date: Sep 2008
Location: An Alien,a misfit on Earth
Experience: Intermediate++
16-Aug-2009, 11:07 AM #8
What A-V and Firewall are you having? I keep getting these "Network Intrusion Attacks" from Chinese sites, but are always blocked by the Kaspersky internet Security Suite 2009, i have.Looks like the UDP attacks were virus attacks from sites which have a poor reputation!
Attached Thumbnails
Solved: Strange Key.-greenshot130.png  
Cookiegal's Avatar
Administrator with 63,628 posts.
 
Join Date: Aug 2003
Location: Quebec, Canada
16-Aug-2009, 11:17 AM #9
How did you first notice this key? Were you just looking in the registry or did some scanner detect it?
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
16-Aug-2009, 12:44 PM #10
Quote:
Originally Posted by Cookiegal View Post
How did you first notice this key? Were you just looking in the registry or did some scanner detect it?
I noticed it a week or two I suppose.

CCleaner 2.19 listed it as worth deleting under the registry cleaning function.

It was new on the list compared to things I see there regularly and I always check the new stuff to see what it is just in case.

Last edited by needafix : 16-Aug-2009 01:00 PM.
Cookiegal's Avatar
Administrator with 63,628 posts.
 
Join Date: Aug 2003
Location: Quebec, Canada
16-Aug-2009, 12:50 PM #11
Quote:
Originally Posted by needafix View Post
CCleaner 2.19 listed it as worth deleting under the registry cleaning function.

It was new on the list compared to things I see there regularly and I always check the new stuff to see what it is just in case.
Did you have CCleaner remove it? If not, if you run CCleaner again, does it still show up?

Last edited by Cookiegal : 16-Aug-2009 01:07 PM.
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
16-Aug-2009, 12:54 PM #12
Quote:
Originally Posted by perfume View Post
What A-V and Firewall are you having? I keep getting these "Network Intrusion Attacks" from Chinese sites, but are always blocked by the Kaspersky internet Security Suite 2009, i have.Looks like the UDP attacks were virus attacks from sites which have a poor reputation!
I have been using NIS 2009 but the firewall logs for it are pathetically lacking information.

I prefer Zone Alarm since it logs all blocks in detail.

I don't see that NIS 2009 has detailed in/out traffic control by the user when it could easily take 2 or more days to get Zone Alarm setting to what is approved to go in and out by the user.

I like the detail compared the the plug in and play protection.
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
16-Aug-2009, 01:02 PM #13
Quote:
Originally Posted by Cookiegal View Post
Did you have CClean remove it? If not, if you run CCleaner again, does it still show up?
It never did get rid of it though I tried many times. I suppose it may have gotten rid of it and it came back. I tried other cleaners too.

Now it's just plain gone as if it grew legs and walked away.

I know what I can do.

I can search all of my .reg backups for that key and in one of them may list what software was listed under that mysterious key.

Back in a bit.

Last edited by needafix : 16-Aug-2009 01:07 PM.
Cookiegal's Avatar
Administrator with 63,628 posts.
 
Join Date: Aug 2003
Location: Quebec, Canada
16-Aug-2009, 01:16 PM #14
Quote:
Originally Posted by needafix View Post
It never did get rid of it though I tried many times. I suppose it may have gotten rid of it and it came back. I tried other cleaners too.

Now it's just plain gone as if it grew legs and walked away.

I know what I can do.

I can search all of my .reg backups for that key and in one of them may list what software was listed under that mysterious key.

Back in a bit.
Yes, that would be indeed be helpful.
needafix's Avatar
needafix has a Photo Album
Senior Member with 970 posts.
 
Join Date: Mar 2005
Experience: Advanced
16-Aug-2009, 01:36 PM #15
It is listed in all of my .reg backups but no data is listed for that key like there is all the others but the key in question does go back as far as 04/29/2009.
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:04 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
Powered by Cermak Technologies, Inc.