Hi, Robert.
I don't know what else may be hidden in your Registry, but THAT key should
be benign. ;<)
I have the same entry exactly. My only question might be the values in the
final key. Here in the USA, I also have the key
HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
That "0409" at the end of the value is hex code for 1033, which is the
location code for the USA. In the UK, you might need a different code,
perhaps 0x0809. You might want to take a look around here:
United Kingdom Keyboard
http://msdn.microsoft.com/en-us/library/ee485827.aspx
FYI: Here is the full text of my entries in that Registry key, exported as
a .txt file:
<paste>
Windows Registry Editor Version 5.00
[HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409]
[HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}]
"Default"="{00000000-0000-0000-0000-000000000000}"
"Profile"="{00000000-0000-0000-0000-000000000000}"
"KeyboardLayout"=dword:04090409
</paste>
I know nothing about Sophos or rootkits, but you may be getting a false
positive here.
RC
--
R. C. White, CPA
San Marcos, TX
Microsoft Windows MVP
Windows Live Mail 2009 (14.0.8089.0726) in Win7 Ultimate x64
"Robert Brereton" <> wrote in message
news:nAVUm.12283$2...
> Hi All
> I have just run Sophos anti root kit scanner and it has popped up with
> this as a hidden registry item:
>
> Area: Windows registry
> Description: Hidden registry key
> Location:
> \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
> Removable: No
> Notes: (no more detail available)
>
> Does anyone know what it is? I suspect it is the US version of the
> keyboard, which is not used here (in UK) but am concerned it may actually
> be something nasty.
>
> Thanks in advance
>
> Bob
Similar Threads
