Legit software using rootkit like methods - look here for hits that are ok

[PepiMK]

This thread/topic is usedto collect information about results in RootAlyzer that are to be expected if you use legit software that uses a rootkit method to hide something, where the rootkit may be "not so nice", but not a threat.

Product: ATI Catalyst driver
Type: Unknown ADS
Details: ?:\Program Files\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4:$DATA

Again just a manufacturer who forgot that colons may not be used as part of a filename; this entry can be safely ignored in the results list.

Product: Baldur's Gate (Patch)
Type: Unknown ADS
Details: ...\Start Menu\Black Isle\Baldur's Gate\View Baldur's Gate: The Patch Readme.lnk:$DATA

This is a mistake where the author of the installer didn't acknowledge that colons are not allowed as part of filenames, where the alternate data stream name was actually intended to be part of the filename. The only result of this is that the link may not work; removing it through the standard start menu operation should be sufficient.

Product: Flash Disinfector
Type: Reserved filename
Details: ?:\autorun.inf\lpt3.This folder was created by Flash_Disinfector

Flash Disinfector seems to try to create this file to block other malware to write a malicious autorun.inf file.

Product: O&O Defrag
Type: Zero char in key
Details: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System\0

This key might get created by O&O Defrag to store licensing information. Removal is possible with RootAlyzer or our Total Commander plugin only, but not recommended for obvious reasons as long as you use O&O Defrag

Product: Pinnacle Studio
Type: ZEro char in key
Details: HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}
Details: HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}
Details: HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}
Details: HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}
Details: HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}
Details: HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}
Details: HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}
Details: HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}
Details: HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}
Details: HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}
Details: HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}
Details: HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}

This is Pinnacle Studio 9 hiding registration/licensing information there, according to for example Ben Fulton.

Product: Sun Java
Type: No admin in ACL
Details: ?:\WINDOWS\Temp\hsperfdata_SYSTEM\*

Seems to be related to Javas Hotspot (Performance?) Monitoring Tools, rated as harmless in a lot of discussions found on it. Would probably only appear when Java apps are running?