Just a question, I hope. I've run the System Internals RootKit Revealer on
3 of my systems.
The only response I get is 3-5 registry keys that can not be found/read
directly, yet.
They are all in HKLM\SECURITY\Policy\Secrets\*.
The odd part is none of the hits found are to be seen in the
registry(!) When I use regedit and go look at the HKLM\SECURITY\ sub-tree,
it is blank.............
so, .........
I can only guess that all the '\Policy\Secrets\*' is really kept someplace
else.......probably for good reason!
Am I close with this observation?
Thanks. Best,
Duncan
