Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =24b2af75eb6332db26b4139e00622e5b

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
24b2af75eb6332db26b4139e00622e5b	a21213ee65d36861c3955f793ac4219bd4102b1a	8951cf7d7a4a3412cf84d5a43ac2e990bff7942e2c662657ce7912d3690b6068	98304:rfniroN7nTLK6BCJbCSGZ4bAZ+8xWmjRFGCjt2dDDdUXbuz:LniroN7n3b0CBCbi+vOGi2RdUL	4211712

File Results

File Name
LSS%5Fxp.exe

SNORT Results

Snort Class	Snort Alert	Count
A Network Trojan was Detected	ET USER_AGENTS Suspicious User Agent (TALWinInetHTTPClient)	1
A Network Trojan was Detected	ET TROJAN FAKE AV HTTP CnC Post	1
Misc Attack	ET RBN Known Russian Business Network IP TCP (135)	1

AV Results

AV Alert	AV Vendor

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/WINDOWS/system32/drivers	disdn_
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/WINDOWS/system32/drivers	etc_
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/WINDOWS/system32/Macromed	Common_
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/WINDOWS/system32	dhcp_
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft	Windows Media_
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows Media_	9.0
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Application Data	Adobe_
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Adobe_	Acrobat
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Adobe_/Acrobat	8.0
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Adobe_/Acrobat/8.0	Updater
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft	Internet Explorer_
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages
c:/Documents and Settings/All Users/Start Menu/Programs	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data	Live Security Suite
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	db
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft	Internet Explorer_
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	Live Security Suite
c:/Program Files/Live Security Suite	db
c:/Program Files/Live Security Suite	languages

Files (Added) - ICC Results

Path	File Name
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	ofout.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	OUTAND.EXE-23658734.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32	pb.sys
c:/WINDOWS/system32	wlsrbdffhl.dll
c:/WINDOWS/system32	wughclwicp.dll
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	ofatby.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	ANDOUTFORON.EXE-01AE8BBC.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32/drivers/disdn	andoutforon.exe
c:/WINDOWS/system32	anavumlwk.dll
c:/WINDOWS/system32	nvgglec.dll
c:/WINDOWS/system32	pb.sys
c:	netstat_post.txt
c:	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	theofin.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	OROF.EXE-35DF9575.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32/drivers/etc	orof.exe
c:/WINDOWS/system32/drivers/etc_	hosts
c:/WINDOWS/system32/drivers/etc_	lmhosts.sam
c:/WINDOWS/system32/drivers/etc_	networks
c:/WINDOWS/system32/drivers/etc_	protocol
c:/WINDOWS/system32/drivers/etc_	services
c:/WINDOWS/system32	pb.sys
c:/WINDOWS/system32	riswtlur.dll
c:/WINDOWS/system32	tfsqfihfjl.dll
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	outonby.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CYGRUNSRV.EXE-01BF82AE.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/Prefetch	THEAT.EXE-18B483D6.pf
c:/WINDOWS/system32/Macromed/Common	theat.exe
c:/WINDOWS/system32/Macromed/Common_	SwSupport.dll
c:/WINDOWS/system32	blletbjqaw.dll
c:/WINDOWS/system32	pb.sys
c:/WINDOWS/system32	wcjsmehh.dll
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	FORATTHE.EXE-022E9EFA.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	aqurcise.dll
c:/WINDOWS/system32	ewgihvkumk.dll
c:/WINDOWS/system32	pb.sys
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	ofbyof.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	ANDBYANDAT.EXE-01618C1C.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32/dhcp	andbyandat.exe
c:/WINDOWS/system32	dnruefwkko.dll
c:/WINDOWS/system32	pb.sys
c:/WINDOWS/system32	titnwqjqot.dll
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	orand.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows Media	foron.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows Media_/9.0	WMSDKNS.DTD
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows Media_/9.0	WMSDKNS.XML
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	FORON.EXE-18A2C406.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32	eeetfqdfs.dll
c:/WINDOWS/system32	erhiltpp.dll
c:/WINDOWS/system32	pb.sys
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Adobe	ator.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	onbyand.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Adobe_/Acrobat/8.0/Updater	updater.log
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	ATOR.EXE-24669C0B.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32	csvlovcag.dll
c:/WINDOWS/system32	ftpuitavwp.dll
c:/WINDOWS/system32	pb.sys
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	byfororand.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	forby.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	MSIMGSIZ.DAT
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	BYFORORAND.EXE-1D953ACD.pf
c:/WINDOWS/Prefetch	CYGRUNSRV.EXE-01BF82AE.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32	bgwbuphd.dll
c:/WINDOWS/system32	pb.sys
c:/WINDOWS/system32	vgtetfvt.dll
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite Home Page.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Live Security Suite.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Live Security Suite	Purchase License.lnk
c:/Documents and Settings/dmc73144/Application Data/Microsoft/Internet Explorer/Quick Launch	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	config.cfg
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	pb.dll
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Timeout.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite/db	Urls.inf
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	HTUninstaller.exe
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	settings.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	uill.ini
c:/Documents and Settings/dmc73144/Application Data/Live Security Suite	Uninstall Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Desktop	Live Security Suite.lnk
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer	andonthe.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	andofonby.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	pguard.ini
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Windows	services.exe
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	iGSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	iMSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	iPSh.png
c:/Documents and Settings/dmc73144/Local Settings/Application Data/Microsoft/Internet Explorer_	MSIMGSIZ.DAT
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Timeout.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~Urls.inf.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	install[1].htm
c:/Program Files/Live Security Suite	activate.ico
c:/Program Files/Live Security Suite/db	DBInfo.ver
c:/Program Files/Live Security Suite/db	ga090122.db
c:/Program Files/Live Security Suite/db	Infected.wav
c:/Program Files/Live Security Suite/db	lists.ini
c:/Program Files/Live Security Suite	explorer.ico
c:/Program Files/Live Security Suite/Languages	LSSEs.lng
c:/Program Files/Live Security Suite/Languages	LSSFr.lng
c:/Program Files/Live Security Suite/Languages	LSSGer.lng
c:/Program Files/Live Security Suite/Languages	LSSIt.lng
c:/Program Files/Live Security Suite	LiveSS.exe
c:/Program Files/Live Security Suite	reg.ico
c:/Program Files/Live Security Suite	uninstall.ico
c:/Program Files/Live Security Suite	working.log
c:/Program Files/Live Security Suite	~LiveSS.tmp
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	ANDONTHE.EXE-09758669.pf
c:/WINDOWS/Prefetch	LIVESS.EXE-2474900A.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	PING.EXE-31216D26.pf
c:/WINDOWS/system32	eooshej.dll
c:/WINDOWS/system32	ofkojdh.dll
c:/WINDOWS/system32	pb.sys
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.BTR
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.DATA
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	D6 DC 6A 05 32 6B C1 B9 FC FC 86 C0 5B B1 71 91 8A EC A1 BA 9A CE 61 92 91 F2 09	F3 D9 68 E0 CC 64 0B 46 AD 34 58 21 E6 24 69 4B 58 4C 03 82 18 2B C1 6A 18 97 C
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	2B D1 1D F5 99 88 2A 37 68 F5 5C 73 8C B5 5F 16 45 70 CE 2E C9 C4 E0 09 49 5B C1	FA EC 82 28 9E 6E DB EE 91 58 20 FB 19 29 C8 31 DB 1D A7 69 64 6E 35 E7 D3 17 8
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	07 A8 FD ED 3A 48 B7 8D E0 0C 86 BE 48 A0 3A 4D C6 AF 9C 67 54 1B 42 3F DF D0 62	E1 D8 8D 9C A9 83 99 36 A5 F5 3A BD 3B D0 AA 11 4D AF AE 3D 75 25 B3 CD 51 E5 7
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	8C 4A FB 2A 30 2E DC 4C A8 5C 82 16 57 B5 A5 8E 3C B6 05 EE F9 3D 50 A3 61 AC 70	AF AB F7 34 F5 EF 8E 98 EC 3A F2 15 8E 58 93 CB 8C 93 D6 5B 43 43 7B 3F 4A 8A C
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	E8 D4 29 D4 D8 C1 2E 3D E2 A3 52 53 4B 76 AD 7D 2D C9 AC 07 41 BC AA BE 7D C2 95	5F 95 18 1A 32 B1 5F 00 2D 19 BA 3A 27 A4 23 DC 22 34 0F FE B0 17 86 D9 7A 01 6
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	76 09 3A 48 7C 27 33 FB 7C 9A C2 F1 D4 58 57 5A F5 23 F0 82 E8 CF 71 27 AB 7E 53	CA B0 80 C8 06 64 9B D7 90 BD D2 F6 FD 09 3B 8B 39 E8 01 A6 38 85 C3 52 9B 3E 6
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	79 B0 19 09 31 EF 12 1E 73 72 5C 9D 59 6B 08 B2 DB 22 80 0E 34 10 88 9D B6 96 F5	E1 74 A6 3C EA 13 45 F8 80 6B 00 01 44 5F 98 9F 1E AD 23 D2 24 1C A4 33 15 ED 9
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	3B F6 8D C3 F5 59 76 53 3A 7D CA D3 79 A9 E3 87 B0 CE E7 55 4F A2 6A C4 13 52 EB	AF 73 24 E4 E9 A1 50 AB 28 59 3F DF 48 E4 55 57 1C 4C E3 B3 0C F1 5B 4C 41 9F F
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	CE 06 91 85 EB E7 10 3D 61 74 C7 FE CF A3 54 2C 2A 46 56 23 DD 4B 63 89 E1 F1 42	A0 E7 6E FD FA 7D 81 83 8E AA 8C 37 35 C1 B3 18 8C 97 5C 29 AE 5F 50 73 FE 72 B
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	C1 FE 1E 31 FC D0 02 C5 31 63 49 13 52 45 68 07 F1 61 92 54 DE ED 4A 50 CB EB 58	16 5A 2B B7 05 ED B9 65 55 50 0B 56 65 06 56 54 25 7D E4 0B 78 14 AF 9A 03 07 C
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirstRunDisabled	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	AntiVirusDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	FirewallDisableNotify	0x00000001	0x00000000
modified	HKLM/SOFTWARE/Microsoft/Security Center	UpdatesDisableNotify	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	77 91 40 3A DA 18 80 33 88 70 4E 8B 91 A1 7E 9D 2B 76 80 BE 7C C9 1D DD 19 97 5C	E5 66 83 97 98 3D E0 7A 7E 88 29 B5 0D C4 CC D5 94 79 C3 03 43 60 38 A0 E9 D5 E
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001

DNS Results

DNS	DNS Response
live.com	Standard query response A 65.55.206.154
microsoft.com	Standard query response A 207.46.232.182 A 207.46.197.32
www.google.com	Standard query response A 8.15.228.161 A 69.25.212.57
livesgenpayment.com	Standard query response A 208.73.210.29
xoomer.alice.it	Standard query response A 62.211.68.12
livesecsuite.com	Standard query response A 62.122.73.76
www.livesecsuite.com	Standard query response A 62.122.73.76
www.google.com	Standard query response A 69.25.212.57 A 8.15.228.161
microsoft.com	Standard query response A 207.46.197.32 A 207.46.232.182

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
65.55.206.154	live.com	/install	Mozilla/3.0 (compatible; TALWinInetHTTPClient)	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	41	29	2825	2033
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	29	20	2099	1487
443	6	12	9	726	546
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
00:46:42	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	558	80	6	364
00:46:42	2010-10-11	6	10.10.10.7	8.15.228.161	->	e	559	80	7	424
00:46:42	2010-10-11	6	10.10.10.7	208.73.210.29	->	e	561	443	7	424
00:47:02	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	601	80	9	1162
05:31:14	2010-10-11	6	10.10.10.7	208.73.210.29	->	e	557	443	7	424
05:31:15	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	558	80	7	424
05:31:15	2010-10-11	6	10.10.10.7	208.73.210.29	->	e	559	443	7	424
05:31:16	2010-10-11	6	10.10.10.7	62.122.73.76	->	e	562	80	7	424
05:31:17	2010-10-11	6	10.10.10.7	207.46.232.182	->	e	556	80	7	424
05:31:35	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	563	80	10	1222
00:51:39	2010-10-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
05:36:17	2010-10-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
16:04:33	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	238	80	6	364
16:04:33	2010-10-11	6	10.10.10.7	62.211.68.12	->	e	268	80	7	424
16:04:33	2010-10-11	6	10.10.10.7	208.73.210.29	->	e	393	443	7	424
16:04:34	2010-10-11	6	10.10.10.7	62.122.73.76	->	e	444	80	7	424
16:04:53	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	38	80	9	1162
23:00:36	2010-10-11	6	10.10.10.7	62.211.68.12	->	e	526	80	7	424
23:00:36	2010-10-11	6	10.10.10.7	208.73.210.29	->	e	527	443	7	424
23:00:37	2010-10-11	6	10.10.10.7	62.122.73.76	->	e	531	80	7	424
23:00:39	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	402	80	7	424
23:00:55	2010-10-11	6	10.10.10.7	65.55.206.154	->	e	571	80	9	1162
16:09:41	2010-10-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
23:05:57	2010-10-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
18:09:41	2010-10-12	6	10.10.10.7	65.55.206.154	->	e	557	80	7	424
18:09:41	2010-10-12	6	10.10.10.7	208.73.210.29	->	e	558	443	7	424
18:09:42	2010-10-12	6	10.10.10.7	62.122.73.76	->	e	563	80	7	424
18:10:01	2010-10-12	6	10.10.10.7	65.55.206.154	->	e	570	80	9	1162
08:04:10	2010-10-13	6	10.10.10.7	207.46.197.32	->	e	289	80	7	424
08:04:10	2010-10-13	6	10.10.10.7	208.73.210.29	->	e	538	443	7	424
08:04:11	2010-10-13	6	10.10.10.7	62.211.68.12	->	e	541	80	7	424
08:04:31	2010-10-13	6	10.10.10.7	65.55.206.154	->	e	580	80	9	1162
18:14:42	2010-10-12	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
08:09:10	2010-10-13	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
15:26:46	2010-10-13	6	10.10.10.7	207.46.232.182	->	e	549	80	7	424
15:26:46	2010-10-13	6	10.10.10.7	208.73.210.29	->	e	550	443	7	424
15:26:46	2010-10-13	6	10.10.10.7	65.55.206.154	->	e	553	80	6	364
15:27:04	2010-10-13	6	10.10.10.7	65.55.206.154	->	e	557	80	9	1162
01:36:09	2010-10-14	6	10.10.10.7	207.46.232.182	->	e	556	80	7	424
01:36:09	2010-10-14	6	10.10.10.7	208.73.210.29	->	e	564	443	7	424
01:36:31	2010-10-14	6	10.10.10.7	65.55.206.154	->	e	256	80	9	1162
15:31:53	2010-10-13	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
01:41:08	2010-10-14	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
13:57:01	2010-10-14	6	10.10.10.7	65.55.206.154	->	e	344	80	7	424
13:57:01	2010-10-14	6	10.10.10.7	8.15.228.161	->	e	346	80	6	364
13:57:01	2010-10-14	6	10.10.10.7	208.73.210.29	->	e	347	443	7	424
13:57:02	2010-10-14	6	10.10.10.7	62.122.73.76	->	e	522	80	7	424
13:57:20	2010-10-14	6	10.10.10.7	65.55.206.154	->	e	561	80	10	1222
14:02:24	2010-10-14	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
20:18:38	2010-10-14	6	10.10.10.7	207.46.197.32	->	e	554	80	6	364
20:18:38	2010-10-14	6	10.10.10.7	62.122.73.76	->	e	555	80	7	424
20:18:38	2010-10-14	6	10.10.10.7	208.73.210.29	->	e	557	443	6	364
20:18:38	2010-10-14	6	10.10.10.7	208.73.210.29	->	e	559	443	7	424
20:18:57	2010-10-14	6	10.10.10.7	65.55.206.154	->	e	565	80	9	1162
20:23:43	2010-10-14	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location