Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Strange folders in the registry

Jan 10, 2011 7:21AM PST

I have noticed that in HKEY_LOCAL_MACHINE/SOFTWARE there are two folders with names very similar to "Microsoft": Micorosft and Microsof.
The first contains some subfolders with all "default" values, the second contains a subfolder called TaRegLoc200 which apparently has to do with the "Giveaway of the day"....
Anyway, I was wondering if it is safe to delete at least the first one, as it doesn't seem to be connected to anything...

Thanks,
Bo

Discussion is locked

- Collapse -
It looks suspect
Jan 10, 2011 9:16PM PST

but personally I wouldn't do anything in the registry.

Much better would be to use trusted scanners to scan for viruses and other malware and let them deal with registry entries.

Your anti-virus is a good start, but for anti-malware I would get second opinions with the free utilities Malwarebytes' Anti-malware and SUPERAntiSpyware.

Download and install both, then each in turn open them, update them, then run full scans.

Even if your scanners do not remove those registry entries that doesn't really matter. They will be unused entries, (like a database entry), and will do no harm.

Mark

- Collapse -
I have done this
Jan 11, 2011 7:00AM PST

Thanks, I did a scan recently with Malwarebytes and Kaspersky (a complete scan) because I had to make a transaction online and they didn't find anything (I was almost surprised...Happy)
Somehow I am afraid of touching the registry too, like you said...

Maybe some programs create strange folders. As I said in my OP, some Internet browsing revealed that one folder was created by the installation of a Give Away of the Day product.

I wonder if the other was also created by one of their products and then I uninstalled it and this is why it looks like it doesn't have any significant entries?

It is a little bit tricky with RegEdit because it doesn't tell you when a folder was created, otherwise it would be easier to find out what is what...

- Collapse -
You're right
Jan 11, 2011 5:46PM PST

It's impossible to say from the registry when something was added or modified.

I think you're doing well. Both Kaspersky and MBAM come up clean and they will find most things.

There are threats that these utilities cannot find, but we can do our best to mitigate for these.

I did some research on "TaRegLoc200" in Google. I got a page full of foreign language sites and my browser security add-on, WOT, (Web of Trust), noted some of these as suspect. However, I did see one German web site that mentions this. I don't read German but Google has a great translate option so I used that and got this Google page.

I don't know if that link will work for you, but apparently this page is about Text Aloud, and it says;

"TextAloud Text to MP3 or WMA unique conversion can save your daily
reading to audio files to download to your portable player. reading to audio files to download to your portable player. Listen to email, Listen to email,
online news, or important documents while you exercise, work or commute. online news, or important documents while you exercise, work or commute.
TextAloud is easy to learn so you can put it to work for you right away. TextAloud is easy to learn so you can put it to work for you right away".

When I use my browser Find option on that web page, (CTRL + F), for TaRegLoc200 it shows up as;

"The necessary key to this is stored here (from Activate.exe):
HKEY_CURRENT_USER\Software\Microsof\TARegLoc200 HKEY_CURRENT_USER \ Software \ Microsoft \ TARegLoc200"

and this is exactly what you describe. The web site for that is this Google translation page. It looks like another German site.

That looks safe to me and perhaps you can say if there was any Text to Speech software pre-installed on your system, or if you installed any such software yourself.

I did do a quick search of my own registry for anything Micorosft or Microsof but they were inconclusive, (in fact the 2nd search started giving me Microsoft entries so I stopped that as there will be thousands, but the first found nothing).

What can you do now?

There are further steps you can take if you want to investigate further;

1] An online scan at Housecall, http://housecall.trendmicro.com/

2] Check your MSCONFIG. If you don't have a Run shortcut in your Start Menu, use the Start Menu's search for run. When it lists Run click on that and then type in msconfig and click OK. In the "System Configuration Editor" that appears, click the Startup tab and this will list all software that loads at Startup. You can use that to identify anything that may be suspicious and search in Google.

3] Look at your Processes in the Task Manager, (right click the Taskbar, select Task Manager, then Processes tab). Make sure you have all processes listed, (there's an option at the bottom), and then use a web resource like AnswersThatWork.com to check through each in the list. It will take time but you can take tour time with it.

I hope that helps.

Mark