[perfume]

I just ran an Sophos Anti-Rootkit scan and it showed up a report that there are three"hidden objects". All three are in the registry. When i left-clicked on the first value, this is what was shown:"Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-854245398-1993962763-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C446A68B-A797-18B0-8DED-A855C1233527}\jadkddiepgdbelfofdpa
Removable: No
Notes: (type 3, length 6) "baci "

The second value:"Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-854245398-1993962763-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C446A68B-A797-18B0-8DED-A855C1233527}\iadllbiknfajefmgbl
Removable: No
Notes: (type 3, length 24) "kaegomapkkhpmlidififld "

The third value:"Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-854245398-1993962763-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C446A68B-A797-18B0-8DED-A855C1233527}\hajkfbcnefmllkbo
Removable: No
Notes: (type 3, length 24) "kaegomapkkhpnlnflddflm "

Help! Thanks in advance.

[rainforest123]

p:
Did you run the tool because of a problem, or another reason? If a problem, please describe it.

There are a # of rootkit revealers; GMER, Sysinternals, AVG, Sophos, et al.

I have had varying success with each. Most recently, I had run gmer, which found nothing. MBAM found a hidden file, but was unable to dis-infect it. I booted to my Win XP CD, rec console, renamed filename.sys to filename.ysy . Then, MBAM could remove it. Before running MBAM, I submitted the file to http://virusscan.jotti.org , which identified it as malware in about 1/2 of the scanners.

RF123