__Description:_Hidden registry value __Location:_\HKEY_USERS\S-1-5-21-1 062599761-3550838386-4268887907-10 05\Software\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved\{BCF47160-A492 -31E4-B
root scan produced the entry above,but says it is not removable.There are two identical entries in that location,can someone explain what it is and is it a Trojan.My computer appears to be working fine and two virus scan produce not viruses present1 person needs an answerI do too
April 12th, 2010 9:35pm
Do you have any Pinnacle software installed on your system? Can you provide the complete details from the log? What product did you use to scan your system - RootkitRevealer?
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2010 9:43pm
<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } -->
Thks for your reply.yes I have pinnacle software installed studio 10+ , quickstart etc and direct dvd burning,below is the exact copy of the report from Sophos Anti-Rootkit scan
Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-1062599761-3550838386-4268887907-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCF47160-A492-31E4-BBE2-E83C227A89E6}\oaplecelddpkkhefcndomcmboegdjp
Removable: No
Notes: (type 3, length 20) "iacbaeihaafhfbeoae "
April 12th, 2010 9:52pm
Some registry values can be hidden by non-malicious software.
Can you find the (hidden) values in regedit?
If so their keys may give clue to their origin.
Start- Run- Regedit
Edit- Find- Paste in the full value that starts {BCF47160-A492-31E4-B...
Seach
If any matching values are found, their keys will be displayed in the right hand window these can indicate what this key relates to.
Making changes to the registry can damage your operating system, so take care.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2010 10:12pm
I have looked at the registry entry and it is as follows;
(Default) REG_SZ (value not set)
pajmoabhjnpieiaj REG_BINARY 69 61 64 62 70 64 6c 68 6a 68 6d 68 67 64 67 63 6d 6c 00
I hope this is of help and thanks again for all assistance
Cornetsolo
April 12th, 2010 10:44pm
The referenced entry is likely harmless, and probably related to the Pinnacle software. It may be involved in some sort of product activation or DRM function of the Pinnacle software.
Sysinternals RegDelNull may be able to be used to find and remove the key with the embedded NULL, but it is most likely a false positive.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2010 11:08pm
Thks again for your reply,at least it has put my mind at rest in that it is not a virus, i have to say that I have been to several forum sites on various questions and this is the onlt one that has been productive and prompt in replying.Once again many thanks
cornetsolo
April 12th, 2010 11:21pm