After running HHD Software's USB Monitor for the first time, it creates the
following registry key:

HKLM\Software\Microsoft\Shared Tools\??

Of course, the ?? could be anything. No matter what I do, I can't erase
this subkey. Regedit won't do it, Regedt32 won't do it, I've tried
programmatically with a short program in Visual Studio and it won't do it,
reg.exe won't do it. I've also tried deleting the entire parent key (Shared
Tools) which works for all the subkeys except this one.

In Sysinternals' Registry Monitor, I can see the program accessing this set
of keys at startup. I don't know what it's doing, but I just want to stop.
How can I get rid of it?

Get yourself a copy of RegSeeker here:

http://www.hoverdesk.net/freeware.htm

It's freeware and it works quite well. It backs up everything it
determines to be a rogue entry, so if it should happen to delete
something it shouldn't have, you can restore it. From personal
experience, however, that has never happened.

"(E-Mail Removed)" wrote:

> Get yourself a copy of RegSeeker here:
>
> It's freeware and it works quite well. It backs up everything it
> determines to be a rogue entry, so if it should happen to delete
> something it shouldn't have, you can restore it. From personal
> experience, however, that has never happened.

This program was also not able to delete the key. It was able to delete
everything else in Shared Tools, though, just like regedit.

Interesting, never seen it fail... Well, how familiar are you with
NTFS permissions? If you know what those keys are and can get to them,
take ownership of them (Security tab, Advanced button, Owner tab), then
apply the change. Go back out to the Security tab and explicitly
define your account to have Full Control over the objec, and apply the
change. Go back under the Advanced button, check the box that says,
"Replace permission entires on all child with entries shown here that
apply to all child objects" and hit apply. Now you should be able to
delete the keys no problem.

If you're still unable to axe those keys, that can mean one thing and
one thing only -- you have a virus or spyware on your box that is
actively running, preventing those keys from being tampered with. If
my first paragraph doesn't work, look through all of your running
processes and determine what, if anything, is the problem -- and also
keep in mind that it is possible to completely hide processes from Task
Manager.