Sophos anti rootkit finds the following

its a fresh install so how can this be?

Area:    Windows registry
Description:    Hidden registry value
Location:    \HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SharedDefs\APP_ID_SCANNER5
Removable:    No
Notes:    (type 1, length 220) "C : \ P r o g r a m D a t a \ N o r t o n \ { 0 C 5 5 C 0 9 6 - 0 F 1 D " ... "0 0 9   "

It is apparently a false positive.  Antivirus software has to be deep into the operating system and as a result, other scanners may react to it.

I use Sophos Anti-Rootkit scanner all the time. It will always find two hidden files within Norton related directories. They begin with CLT... as I recall.

Do not delete these files! They contain registration data related to your Norton product.

As far as hidden registry entries, Sophos has never found anything related to Norton on my PC. I Use NIS 2011.

Hi TT66,

Rootkit scanners detect hidden files.  Not all hidden files are malicious, and security software typically has some components that mimic rootkit behavior.  Most rootkit scanners will pick up some security program-related files and registry entries.  You need to carefully look at all detections before acting on them.

it wasnt there for a while and now its back

does the fact its a registry key mean anything bad?

I used trend micro and it told me I had registry key and allsorts of service hooks and now malware anti bytes freezes on me

If you have Trend Micro and Norton on the same machine, you will have a few problems.  You should not have two real time products on the same machine.