root scan produced the entry above,but says it is not removable.There are two identical entries in that location,can someone explain what it is and is it a Trojan.My computer appears to be working fine and two virus scan produce not viruses present1 person needs an answerI do too

Do you have any Pinnacle software installed on your system? Can you provide the complete details from the log? What product did you use to scan your system - RootkitRevealer?

<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } --> Thks for your reply.yes I have pinnacle software installed studio 10+ , quickstart etc and direct dvd burning,below is the exact copy of the report from Sophos Anti-Rootkit scan Area: Windows registry Description: Hidden registry value Location: \HKEY_USERS\S-1-5-21-1062599761-3550838386-4268887907-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCF47160-A492-31E4-BBE2-E83C227A89E6}\oaplecelddpkkhefcndomcmboegdjp Removable: No Notes: (type 3, length 20) "iacbaeihaafhfbeoae "

Some registry values can be hidden by non-malicious software. Can you find the (hidden) values in regedit? If so their keys may give clue to their origin. Start- Run- Regedit Edit- Find- Paste in the full value that starts {BCF47160-A492-31E4-B... Seach If any matching values are found, their keys will be displayed in the right hand window these can indicate what this key relates to. Making changes to the registry can damage your operating system, so take care.

I have looked at the registry entry and it is as follows; (Default) REG_SZ (value not set) pajmoabhjnpieiaj REG_BINARY 69 61 64 62 70 64 6c 68 6a 68 6d 68 67 64 67 63 6d 6c 00 I hope this is of help and thanks again for all assistance Cornetsolo

The referenced entry is likely harmless, and probably related to the Pinnacle software. It may be involved in some sort of product activation or DRM function of the Pinnacle software. Sysinternals RegDelNull may be able to be used to find and remove the key with the embedded NULL, but it is most likely a false positive.

Thks again for your reply,at least it has put my mind at rest in that it is not a virus, i have to say that I have been to several forum sites on various questions and this is the onlt one that has been productive and prompt in replying.Once again many thanks cornetsolo