ComboFix 12-10-02.02 - JT 10/02/2012 18:30:20.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.403 [GMT -4:00]
Running from: c:\users\JT\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\67911317.pad
c:\programdata\lsass.exe
c:\users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\$NtUninstallKB60445$\1365526880
c:\windows\$NtUninstallKB60445$\2306827618\@
c:\windows\$NtUninstallKB60445$\2306827618\Desktop.ini
c:\windows\$NtUninstallKB60445$\2306827618\L\00000004.@
c:\windows\$NtUninstallKB60445$\2306827618\L\201d3dde
c:\windows\$NtUninstallKB60445$\2306827618\L\xadqgnnk
c:\windows\$NtUninstallKB60445$\2306827618\U\00000004.@
c:\windows\$NtUninstallKB60445$\2306827618\U\00000008.@
c:\windows\$NtUninstallKB60445$\2306827618\U\000000cb.@
c:\windows\$NtUninstallKB60445$\2306827618\U\80000000.@
c:\windows\$NtUninstallKB60445$\2306827618\U\80000032.@
c:\windows\system32\sysprep\CRYPTBASE.dll_
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 22:46 . 2012-10-02 22:48 -------- d-----w- c:\users\JT\AppData\Local\temp
2012-10-02 22:46 . 2012-10-02 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 22:35 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24E5933C-1489-4EE1-A383-1F301E523904}\mpengine.dll
2012-10-02 22:26 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-30 15:04 . 2012-09-30 15:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-22 10:20 . 2012-09-22 10:20 -------- d-----w- c:\program files\Common Files\Skype
2012-09-22 10:20 . 2012-09-22 10:20 -------- d-----r- c:\program files\Skype
2012-09-12 10:59 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-07 23:56 . 2012-09-07 23:56 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 22:52 . 2012-07-31 18:06 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-22 22:52 . 2012-07-31 18:06 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 17:10 . 2012-08-15 14:15 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:31 . 2012-08-16 14:39 393216 ----a-w- c:\windows\system32\drivers\bthport.sys