Anyone use this? I have a machine that has hidden registry keys
according to SAR, but not BlackIce. The log is below. The problem
is that SAR says the items are "non-removable." Anyone know how to
edit hidden items in the registry? BartPE with some utility perhaps?
Sophos Anti-Rootkit Version 1.0 (c) 2006 Sophos Plc
Started logging on 10/31/2006 at 16:10:04 PM
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\ErrorGuard
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Fun Web Products
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Hotbar
Hidden: registry item
\HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Hidden: registry item
\HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\{946B3E9E-E21A-49c8-9F63-900533FAFE14}
Hidden: registry item
\HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\{946B3E9E-E21A-49c8-9F63-900533FAFE15}
Hidden: registry item
\HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Toolbar\ShellBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
Hidden: registry item
\HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\MyWebSearch
Stopped logging on 10/31/2006 at 16:16:00 PM
T
