HKLM\SECURITY\Policy\Secrets\SAC*	1/18/2012 8:48 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*	1/18/2012 8:48 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell	1/28/2012 3:33 PM	0 bytes	Security mismatch.
HKLM\SOFTWARE\Pure Networks\Platform\PlatformLastOnline	9/7/2012 11:20 AM	8 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg	7/15/2012 2:08 PM	0 bytes	Access is denied.
C:\$AttrDef	1/18/2012 12:17 PM	2.50 KB	Hidden from Windows API.
C:\$BadClus	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\$BadClus:$Bad	1/18/2012 12:17 PM	74.50 GB	Hidden from Windows API.
C:\$Bitmap	1/18/2012 12:17 PM	2.33 MB	Hidden from Windows API.
C:\$Boot	1/18/2012 12:17 PM	8.00 KB	Hidden from Windows API.
C:\$Extend	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\$Extend\$ObjId	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\$Extend\$Quota	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\$Extend\$Reparse	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata	6/25/2012 10:54 AM	0 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata\$Repair	6/25/2012 10:54 AM	0 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata\$Repair:$Config	6/25/2012 10:54 AM	8 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata\$Txf	6/25/2012 10:54 AM	0 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog	6/25/2012 10:54 AM	0 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$Tops	6/25/2012 10:54 AM	100 bytes	Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$Tops:$T	6/25/2012 10:54 AM	1.00 MB	Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf	6/25/2012 10:54 AM	64.00 KB	Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001	6/25/2012 10:54 AM	10.00 MB	Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002	6/25/2012 10:54 AM	10.00 MB	Hidden from Windows API.
C:\$Extend\$UsnJrnl	1/20/2012 3:45 PM	0 bytes	Hidden from Windows API.
C:\$Extend\$UsnJrnl:$Max	1/20/2012 3:45 PM	32 bytes	Hidden from Windows API.
C:\$LogFile	1/18/2012 12:17 PM	64.00 MB	Hidden from Windows API.
C:\$MFT	1/18/2012 12:17 PM	132.17 MB	Hidden from Windows API.
C:\$MFTMirr	1/18/2012 12:17 PM	4.00 KB	Hidden from Windows API.
C:\$Secure	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\$UpCase	1/18/2012 12:17 PM	128.00 KB	Hidden from Windows API.
C:\$Volume	1/18/2012 12:17 PM	0 bytes	Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Pure Networks\Platform\networklib.xml	9/7/2012 11:25 AM	736.51 KB	Visible in Windows API, directory index, but not in MFT.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\addons.sqlite-journal	9/7/2012 10:20 AM	192.55 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\bookmarkbackups\bookmarks-2012-09-07.json	9/7/2012 11:25 AM	397.62 KB	Hidden from Windows API.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\cookies.sqlite-shm	9/7/2012 10:18 AM	32.00 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\cookies.sqlite-wal	9/7/2012 7:16 AM	608.48 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\places.sqlite-shm	9/7/2012 10:17 AM	32.00 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\places.sqlite-wal	9/7/2012 10:07 AM	288.24 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\sessionstore.bak	9/7/2012 10:05 AM	30.65 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\sessionstore.js	9/7/2012 11:20 AM	19.34 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\etilqs_f9a6Y5nXhS5ybh8	9/7/2012 10:17 AM	32.51 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\etilqs_iPfwj93u2hz5I6i	9/7/2012 10:17 AM	32.00 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\plugtmp-1	9/7/2012 10:31 AM	0 bytes	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\rootkits_draft.pdf	9/7/2012 10:22 AM	427.84 KB	Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\$NtUninstallKB15872$:SummaryInformation	1/28/2012 5:16 PM	0 bytes	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304	3/7/2012 8:23 AM	0 bytes	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\@	3/7/2012 8:12 AM	2.00 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\cfg.ini	3/7/2012 10:10 AM	170 bytes	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\Desktop.ini	3/7/2012 10:10 AM	4.50 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\L	3/7/2012 8:12 AM	0 bytes	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\L\immubzpp	3/7/2012 8:12 AM	445.63 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U	3/7/2012 8:13 AM	0 bytes	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\00000001.@	3/7/2012 8:13 AM	2.00 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\00000002.@	3/7/2012 8:13 AM	219.50 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\00000004.@	3/7/2012 8:13 AM	1.00 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\80000000.@	3/7/2012 8:13 AM	65.00 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\80000004.@	3/7/2012 8:13 AM	12.50 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\80000032.@	3/7/2012 8:13 AM	71.50 KB	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\version	3/7/2012 10:10 AM	858 bytes	Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3608810465	3/7/2012 8:12 AM	0 bytes	Hidden from Windows API.
D:\$AttrDef	12/25/2011 9:43 PM	2.50 KB	Hidden from Windows API.
D:\$BadClus	12/25/2011 9:43 PM	0 bytes	Hidden from Windows API.
D:\$BadClus:$Bad	12/25/2011 9:43 PM	465.76 GB	Hidden from Windows API.
D:\$Bitmap	12/25/2011 9:43 PM	14.56 MB	Hidden from Windows API.
D:\$Boot	12/25/2011 9:43 PM	8.00 KB	Hidden from Windows API.
D:\$Extend	12/25/2011 9:43 PM	0 bytes	Hidden from Windows API.
D:\$Extend\$ObjId	12/25/2011 9:44 PM	0 bytes	Hidden from Windows API.
D:\$Extend\$Quota	12/25/2011 9:44 PM	0 bytes	Hidden from Windows API.
D:\$Extend\$Reparse	12/25/2011 9:44 PM	0 bytes	Hidden from Windows API.
D:\$Extend\$RmMetadata	6/25/2012 4:36 PM	0 bytes	Hidden from Windows API.
D:\$Extend\$RmMetadata\$Repair	6/25/2012 4:36 PM	0 bytes	Hidden from Windows API.
D:\$Extend\$RmMetadata\$Repair:$Config	6/25/2012 4:36 PM	8 bytes	Hidden fr