Installation Report: Rootkit Unhooker Public version Generated by InCtrl5, version 1.0.0.0 Install program: C:\Documents and Settings\vampirefo\Desktop\RKU\RKU2022\RkUnhooker.exe 8/28/2006 9:11 PM ------------------------------------------------------------ Registry ******** Keys ignored: 0 --------------- * (none) Keys added: 17 -------------- HKEY_LOCAL_MACHINE\SOFTWARE\RKU HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}\ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ELBYCDIO\0000\ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\SCSI\ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\7 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\t HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\$ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10\Enum Keys deleted: 37 ---------------- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}\N HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ELBYCDIO\0000\¸ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\SCSI\L HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\C HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\S HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400\LogConf HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400H Values added: 34 ---------------- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\Documents and Settings\vampirefo\Desktop\RKU\RKU2022\RkUnhooker.exe" Type: REG_SZ Data: Rootkit Unhooker Public version HKEY_LOCAL_MACHINE\SOFTWARE\RKU "Settings" Type: REG_BINARY Data: 00, 00, 00, 00, 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10 "NextInstance" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 "Class" Type: REG_SZ Data: LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 "ClassGUID" Type: REG_SZ Data: {8ECC055D-047F-11D1-A537-0000F8753ED1} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 "DeviceDesc" Type: REG_SZ Data: RootKit Unhooker Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 "Legacy" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000 "Service" Type: REG_SZ Data: rkhdrv10 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000\Control "*NewlyCreated*" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RKHDRV10\0000\Control "ActiveService" Type: REG_SZ Data: rkhdrv10 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10 "DisplayName" Type: REG_SZ Data: RootKit Unhooker Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10 "ErrorControl" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10 "Start" Type: REG_DWORD Data: 03, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10 "Type" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10\Enum "0" Type: REG_SZ Data: Root\LEGACY_RKHDRV10\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10\Enum "Count" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhdrv10\Enum "NextInstance" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10 "NextInstance" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 "Class" Type: REG_SZ Data: LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 "ClassGUID" Type: REG_SZ Data: {8ECC055D-047F-11D1-A537-0000F8753ED1} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 "DeviceDesc" Type: REG_SZ Data: RootKit Unhooker Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 "Legacy" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000 "Service" Type: REG_SZ Data: rkhdrv10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000\Control "*NewlyCreated*" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RKHDRV10\0000\Control "ActiveService" Type: REG_SZ Data: rkhdrv10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10 "DisplayName" Type: REG_SZ Data: RootKit Unhooker Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10 "ErrorControl" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10 "Start" Type: REG_DWORD Data: 03, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10 "Type" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10\Enum "0" Type: REG_SZ Data: Root\LEGACY_RKHDRV10\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10\Enum "Count" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhdrv10\Enum "NextInstance" Type: REG_DWORD Data: 01, 00, 00, 00 Values deleted: 121 ------------------- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0005 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature1001DACOffset7E00Length1FFFD58C00 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0008 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0008 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0008 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature160B160AOffset7E00Length2542978200 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0004 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length1030B28E00 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "Capabilities" Type: REG_DWORD Data: A0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0011 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A14B8200 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0003 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0003 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0003 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature386A3869Offset7E00Length12A1C90400 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0009 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length2543150400 "ParentIdPrefix" Type: REG_SZ Data: 2&358cac8b&0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "Capabilities" Type: REG_DWORD Data: A0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0015 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length315531600 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0013 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&Signature78F83F0Offset7E00Length641B18800 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureAD45AD45Offset7E00Length129FD2FC00 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureC6F7D5E4Offset7E00Length129FD2FC00 "Mfg" Type: REG_SZ Data: Microsoft HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "Capabilities" Type: REG_DWORD Data: E0, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "Class" Type: REG_SZ Data: Volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "ClassGUID" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "ConfigFlags" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "DeviceDesc" Type: REG_SZ Data: Generic volume HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "Driver" Type: REG_SZ Data: {71A27CDD-812A-11D0-BEC7-08002BE2092F}\0002 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "HardwareID" Type: REG_MULTI_SZ Data: 53, 54, 4F, 52, 41, 47, 45, 5C, 56, 6F, 6C, 75, 6D, 65, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORAGE\Volume\\\1&30a96598&0&SignatureECD8ECD8Offset7E00Length12A1C90400 "Mfg" Type: REG_SZ Data: Microsoft Values changed: 3 ----------------- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders "Cache" Old type: REG_SZ New type: REG_SZ Old data: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files New data: C:\Documents and Settings\vampirefo\Local Settings\Temporary Internet Files HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders "Cookies" Old type: REG_SZ New type: REG_SZ Old data: C:\Documents and Settings\LocalService\Cookies New data: C:\Documents and Settings\vampirefo\Cookies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed" Old type: REG_BINARY New type: REG_BINARY Old data: 9C, 5A, 51, 01, 1F, 5F, 42, 25, 59, 77, 1E, B2, D1, 77, EF, 40, D5, D8, 23, 4E, 08, E3, A5, 69, 8E, D1, 4A, 02, D9, 1B, 09, 67, 18, 23, B6, D5, DA, 46, 23, 8C, 64, 92, 7A, 93, A4, 54, 31, 1D, B5, 5C, A5, 1F, E1, 11, E9, F3, 06, 29, 2F, C9, A8, 0E, 8A, 3E, 71, 7B, F0, 50, 67, D2, 3F, F1, 58, FE, A2, 12, 0E, C0, E4, 9B New data: 98, 8A, 7F, 2A, 84, B3, 9E, 24, 30, D6, 59, 58, 24, 7D, 1C, A4, EA, B2, 7E, C9, 03, B4, 8C, 1D, E6, AE, 1E, 49, E2, CF, 6F, 9F, 1C, 6F, B7, 31, 0B, 1C, 69, CD, FA, 6C, E8, 07, 72, 84, 51, 2E, 0F, 89, 4B, B6, 07, 95, F6, 6A, F1, 4F, E5, 1C, 0A, 94, 9D, 59, 47, E4, 74, E1, 37, 3E, 69, 83, 7D, DB, 0D, 04, 25, 6E, 63, 3C ------------------------------------------------------------ Disk contents ************* Drives tracked: 3 ----------------- * c:\ * f:\ * g:\ Files added: 2 -------------- c:\WINDOWS\Prefetch\RKUNHOOKER.EXE-22B7C020.pf Date: 8/28/2006 9:10 PM Size: 19,686 bytes c:\WINDOWS\system32\drivers\rkhdrv10.sys Date: 8/28/2006 9:10 PM Size: 14,976 bytes Files changed: 3 ---------------- c:\Documents and Settings\vampirefo\NTUSER.DAT.LOG Old date: 8/28/2006 9:08 PM New date: 8/28/2006 9:10 PM Old size: 1,024 bytes New size: 1,024 bytes c:\WINDOWS\system32\config\software.LOG Old date: 8/28/2006 9:08 PM New date: 8/28/2006 9:10 PM Old size: 1,024 bytes New size: 1,024 bytes c:\WINDOWS\system32\config\system.LOG Old date: 8/28/2006 9:08 PM New date: 8/28/2006 9:10 PM Old size: 1,024 bytes New size: 1,024 bytes ------------------------------------------------------------ INI file ******** Ini files tracked: 4 -------------------- * C:\boot.ini * c:\windows\control.ini * c:\windows\system.ini * c:\windows\win.ini ------------------------------------------------------------ Text file ********* Text files tracked: 2 --------------------- * c:\windows\system32\autoexec.nt * c:\windows\system32\config.nt ------------------------------------------------------------ InCtrl5, Copyright © 2000 by Ziff Davis Media, Inc. Written by Neil J. Rubenking First published in PC Magazine, December 5, 2000.