said by BlaZe X :

Avira finds two hidden registry objects. Can they be possible rootkits? i tried a google search i haven't found anything on them. I also posted in the avira forums, I didn't really get much input about what it can be. They mentioned a software called studio 9 uses hidden registry entries but I never installed this software. What else could it be?

Heres what it finds:

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EB763CD6-EB61-CF33-466E-3849D06F
1F61}\InProcServer32\oaklgcffoomoodagbbadblbhlbffjc
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EB763CD6-EB61-CF33-466E-3849D06F
1F61}\InProcServer32\naklmdmgnchnoppccdacnndjgjek
[INFO] The registry entry is invisible.
'315899' objects were checked, '2' hidden objects were found.

said by bcastner :

Open Regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EB763CD6-EB61-CF33-466E-3849D06F1F61}

What DLL or other program is referenced there?

The key is this value: {EB763CD6-EB61-CF33-466E-3849D06F1F61} I do not have a Google hit on it, but that is not definitive of anything.

Look with regedit under the root key above and see if you can find a reference to something that is searchable.

said by Trel :

Do you use Daemon tools?

said by BlaZe X :

There are no references to this when go to this key. Also trying to open InProcServer32 folder gives me an error - "cannot open InProcServer32: Error while opening key"

I do use daemon tools and i know it uses a type of rootkit technology but can they be related to these key? I have used sophos anti-rootkit scanner before and it leads to this key.: \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 which I know is related to daemon tools.

said by bcastner :

Since there is no reference to a PE type of file, the entry is harmless.

It looks to me to be a lookup table. For example, I might use the registry as a scratchpad to hold configuration settings.

It most assuredly is not a rootkit reference, and most assuredly is not an active threat. There is not there, there. The fact that it is hidden is the only interesting thing about it; but there is nothing particularly interesting about that either. If I was using the registry to record, say GUI settings, I likely would hide it so that all those who love to run registry cleaners did not zap the parameter lookup table storage area.

Without a PE reference, there is no harm and no foul.

Take the CLSID: {EB763CD6-EB61-CF33-466E-3849D06F1F61}
And use that value to search HKLM and HKCU to see if there are additional entries that lead to something intelligible.