Hi there. I would be eternally grateful for any help. I'm a bit of a technophobe but have managed to run Farbar . Here is the log from its initial run:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 24-08-2012 13:18:32
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe" [3342336 2009-09-23] (Sentelic Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\alipark\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [x]
HKU\alipark\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup [x]
HKU\alipark\...\Run: [Google Update] "C:\Users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-07] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\alipark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\daviepark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
================================ Services (Whitelisted) ==================
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
========================== Drivers (Whitelisted) =============
0 DasBoot; C:\Windows\system32\drivers\DasBoot.SYS [20744 2012-01-17] ()
0 DasBootF; C:\Windows\system32\drivers\DasBootF.SYS [59272 2012-01-17] ()
3 fspad_wlh32; C:\Windows\System32\DRIVERS\fspad_wlh32.sys [41984 2009-09-22] (Sentelic Corporation)
3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [113432 2011-03-28] (ZTE Incorporated)
3 massfilter_hs; \??\C:\windows\system32\drivers\massfilter_hs.sys [15896 2011-07-07] (HandSet Incorporated)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-24 11:51 - 2012-08-24 11:52 - 00000000 ____D C:\FRST
2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
2012-08-24 03:52 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\New folder
2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
2012-08-20 16:56 - 2012-08-20 16:57 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
2012-08-20 15:59 - 2012-08-24 04:09 - 00001288 ____A C:\Windows\setupact.log
2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-18 04:39 - 2012-08-18 04:49 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-08-18 04:36 - 2012-08-24 04:13 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
2012-08-18 04:35 - 2012-08-24 03:57 - 00000000 ____D C:\Windows\System32\DBBK
2012-08-18 04:35 - 2012-08-18 04:50 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
2012-08-18 04:35 - 2012-03-22 08:17 - 00225664 ____A C:\Windows\System32\Drivers\DasBootS.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00059272 ____A C:\Windows\System32\Drivers\DasBootF.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00027528 ____A C:\Windows\System32\Drivers\DasBootK.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00020744 ____A C:\Windows\System32\Drivers\DasBoot.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootI.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootE.SYS
2012-08-18 04:35 - 2010-05-03 17:37 - 00003072 ____A C:\Windows\System32\Drivers\DasBootD.SYS
2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
2012-08-18 02:37 - 2012-08-18 02:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
2012-08-17 18:30 - 2012-08-17 18:30 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-17 18:24 - 2012-08-18 04:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
2012-08-12 11:32 - 2012-08-12 11:32 - 00000000 ____D C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer_files
2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
2012-08-11 16:22 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\Dalmellington
2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
2012-08-07 15:55 - 2012-08-14 18:13 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
2012-08-07 15:53 - 2012-08-18 04:04 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
2012-08-07 15:53 - 2012-08-17 16:04 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Deployment
2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Apps\2.0
2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
2012-08-05 15:22 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\clothes
2012-08-05 15:18 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\work
============ 3 Months Modified Files ========================
2012-08-24 04:13 - 2012-08-18 04:36 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
2012-08-24 04:09 - 2012-08-20 15:59 - 00001288 ____A C:\Windows\setupact.log
2012-08-24 04:09 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
2012-08-20 16:57 - 2012-08-20 16:56 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-18 04:50 - 2012-08-18 04:35 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
2012-08-18 04:49 - 2012-08-18 04:39 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
2012-08-18 04:08 - 2012-08-17 18:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-18 04:04 - 2012-08-07 15:53 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
2012-08-18 03:55 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-18 02:38 - 2011-01-28 15:07 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-18 02:38 - 2010-01-18 05:19 - 00722628 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
2012-08-18 02:08 - 2012-04-27 16:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-18 02:08 - 2011-07-22 15:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-17 16:04 - 2012-08-07 15:53 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
2012-08-14 18:13 - 2012-08-07 15:55 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
2012-08-14 16:00 - 2010-12-04 03:54 - 00010547 ____A C:\Users\daviepark\Documents\Untitled 1.odt
2012-08-14 15:50 - 2012-06-01 17:02 - 00000240 ____A C:\Users\daviepark\Desktop\Royal Babylon Part 1 - Video Dailymotion.url
2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
2012-07-05 10:59 - 2012-07-05 10:59 - 00000232 ____A C:\Users\daviepark\Desktop\100 Grip Seal Bags 6 x 9 Inch 200g Strong Reusable Zip Lock Amazon.co.uk Kitchen & Home.url
2012-07-03 16:00 - 2012-07-03 16:00 - 00000064 ____A C:\Windows\GPlrLanc.dat
2012-07-03 15:59 - 2012-07-03 15:58 - 00481296 ____A (Clasys Ltd.) C:\Users\daviepark\Desktop\WS_CI221_V25.exe
2012-07-01 15:45 - 2012-07-01 15:45 - 00000133 ____A C:\Users\daviepark\Desktop\Mail Order sunset song, cloud howe dvds.url
2012-06-30 15:24 - 2012-06-30 15:24 - 00000224 ____A C:\Users\alipark\Desktop\Amazon.com Stargate Universe [HD] Season 1, Episode 11 Space [HD] Amazon Instant Video.url
2012-06-30 14:34 - 2012-06-30 14:34 - 00000222 ____A C:\Users\daviepark\Desktop\Self help try positive action, not positive thinking Science The Observer.url
2012-06-23 01:09 - 2012-06-23 01:09 - 00000195 ____A C:\Users\alipark\Desktop\Welcome to Facebook — Log in, sign up or learn more.url
2012-06-20 07:27 - 2012-06-20 03:49 - 00000213 ____A C:\Users\daviepark\Desktop\Edinburgh.url
2012-06-20 03:49 - 2012-06-20 03:49 - 00000418 ____A C:\Users\daviepark\Desktop\accommodation edinburgh castle edinburgh city centre - Google Maps.url
2012-06-20 03:27 - 2012-06-20 03:27 - 00000138 ____A C:\Users\daviepark\Desktop\Home.url
2012-06-18 15:35 - 2012-06-18 15:35 - 00001318 ____A C:\Users\daviepark\Desktop\suburbaniteshand00thor.pdf - Shortcut.lnk
2012-06-18 00:59 - 2012-06-18 00:59 - 00000140 ____A C:\Users\daviepark\Desktop\Kippford Holidays - Luxury two bedroom caravan overlooking Kippford and Solway Coast near Dalbeattie, Dumfries and Galloway.url
2012-06-17 16:08 - 2012-06-17 16:08 - 00000370 ____A C:\Users\daviepark\Desktop\Hoseasons - Holiday Availability Listing.url
2012-06-08 03:40 - 2010-08-22 10:53 - 00000708 ____A C:\Users\daviepark\AppData\Roaming\wklnhst.dat
2012-06-02 14:19 - 2012-06-19 00:27 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 00:27 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 00:27 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 00:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 00:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 00:27 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 00:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-19 00:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-19 00:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 07:10 - 2012-06-01 07:10 - 00000725 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-01 07:09 - 2012-06-01 07:08 - 49744959 ____A C:\Users\daviepark\Downloads\ONE British Lord responsible for Pearl Harbor - the traitor Lord Sempill (1 of 4) [SaveYouTube.com].mp4
2012-06-01 06:45 - 2010-10-11 01:40 - 00880496 ____A (BitTorrent, Inc.) C:\Users\daviepark\Downloads\utorrent.exe
ZeroAccess:
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\@
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\n
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\U
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\00000004.@
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\201d3dde
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 36%
Total physical RAM: 1013.38 MB
Available physical RAM: 638.64 MB
Total Pagefile: 1013.38 MB
Available Pagefile: 644.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.38 MB
======================= Partitions =========================
1 Drive c: (Windows7) (Fixed) (Total:108.07 GB) (Free:50.04 GB) NTFS
2 Drive e: (New Volume) (Fixed) (Total:117.19 GB) (Free:117.1 GB) NTFS
3 Drive f: () (Removable) (Total:1.89 GB) (Free:0.78 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (WinRe) (Fixed) (Total:7.63 GB) (Free:3.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1935 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7813 MB 1024 KB
Partition 2 Primary 108 GB 7814 MB
Partition 3 Primary 117 GB 115 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y WinRe NTFS Partition 7813 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows7 NTFS Partition 108 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 117 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1935 MB Healthy
==================================================================================
Last Boot: 2012-08-16 15:10
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 24-08-2012 13:18:32
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe" [3342336 2009-09-23] (Sentelic Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\alipark\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [x]
HKU\alipark\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup [x]
HKU\alipark\...\Run: [Google Update] "C:\Users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-07] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\alipark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\daviepark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
================================ Services (Whitelisted) ==================
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
========================== Drivers (Whitelisted) =============
0 DasBoot; C:\Windows\system32\drivers\DasBoot.SYS [20744 2012-01-17] ()
0 DasBootF; C:\Windows\system32\drivers\DasBootF.SYS [59272 2012-01-17] ()
3 fspad_wlh32; C:\Windows\System32\DRIVERS\fspad_wlh32.sys [41984 2009-09-22] (Sentelic Corporation)
3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [113432 2011-03-28] (ZTE Incorporated)
3 massfilter_hs; \??\C:\windows\system32\drivers\massfilter_hs.sys [15896 2011-07-07] (HandSet Incorporated)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-24 11:51 - 2012-08-24 11:52 - 00000000 ____D C:\FRST
2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
2012-08-24 03:52 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\New folder
2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
2012-08-20 16:56 - 2012-08-20 16:57 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
2012-08-20 15:59 - 2012-08-24 04:09 - 00001288 ____A C:\Windows\setupact.log
2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-18 04:39 - 2012-08-18 04:49 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-08-18 04:36 - 2012-08-24 04:13 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
2012-08-18 04:35 - 2012-08-24 03:57 - 00000000 ____D C:\Windows\System32\DBBK
2012-08-18 04:35 - 2012-08-18 04:50 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
2012-08-18 04:35 - 2012-03-22 08:17 - 00225664 ____A C:\Windows\System32\Drivers\DasBootS.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00059272 ____A C:\Windows\System32\Drivers\DasBootF.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00027528 ____A C:\Windows\System32\Drivers\DasBootK.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00020744 ____A C:\Windows\System32\Drivers\DasBoot.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootI.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootE.SYS
2012-08-18 04:35 - 2010-05-03 17:37 - 00003072 ____A C:\Windows\System32\Drivers\DasBootD.SYS
2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
2012-08-18 02:37 - 2012-08-18 02:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
2012-08-17 18:30 - 2012-08-17 18:30 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-17 18:24 - 2012-08-18 04:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
2012-08-12 11:32 - 2012-08-12 11:32 - 00000000 ____D C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer_files
2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
2012-08-11 16:22 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\Dalmellington
2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
2012-08-07 15:55 - 2012-08-14 18:13 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
2012-08-07 15:53 - 2012-08-18 04:04 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
2012-08-07 15:53 - 2012-08-17 16:04 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Deployment
2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Apps\2.0
2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
2012-08-05 15:22 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\clothes
2012-08-05 15:18 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\work
============ 3 Months Modified Files ========================
2012-08-24 04:13 - 2012-08-18 04:36 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
2012-08-24 04:09 - 2012-08-20 15:59 - 00001288 ____A C:\Windows\setupact.log
2012-08-24 04:09 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
2012-08-20 16:57 - 2012-08-20 16:56 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-18 04:50 - 2012-08-18 04:35 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
2012-08-18 04:49 - 2012-08-18 04:39 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
2012-08-18 04:08 - 2012-08-17 18:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-18 04:04 - 2012-08-07 15:53 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
2012-08-18 03:55 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-18 02:38 - 2011-01-28 15:07 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-18 02:38 - 2010-01-18 05:19 - 00722628 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
2012-08-18 02:08 - 2012-04-27 16:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-18 02:08 - 2011-07-22 15:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-17 16:04 - 2012-08-07 15:53 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
2012-08-14 18:13 - 2012-08-07 15:55 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
2012-08-14 16:00 - 2010-12-04 03:54 - 00010547 ____A C:\Users\daviepark\Documents\Untitled 1.odt
2012-08-14 15:50 - 2012-06-01 17:02 - 00000240 ____A C:\Users\daviepark\Desktop\Royal Babylon Part 1 - Video Dailymotion.url
2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
2012-07-05 10:59 - 2012-07-05 10:59 - 00000232 ____A C:\Users\daviepark\Desktop\100 Grip Seal Bags 6 x 9 Inch 200g Strong Reusable Zip Lock Amazon.co.uk Kitchen & Home.url
2012-07-03 16:00 - 2012-07-03 16:00 - 00000064 ____A C:\Windows\GPlrLanc.dat
2012-07-03 15:59 - 2012-07-03 15:58 - 00481296 ____A (Clasys Ltd.) C:\Users\daviepark\Desktop\WS_CI221_V25.exe
2012-07-01 15:45 - 2012-07-01 15:45 - 00000133 ____A C:\Users\daviepark\Desktop\Mail Order sunset song, cloud howe dvds.url
2012-06-30 15:24 - 2012-06-30 15:24 - 00000224 ____A C:\Users\alipark\Desktop\Amazon.com Stargate Universe [HD] Season 1, Episode 11 Space [HD] Amazon Instant Video.url
2012-06-30 14:34 - 2012-06-30 14:34 - 00000222 ____A C:\Users\daviepark\Desktop\Self help try positive action, not positive thinking Science The Observer.url
2012-06-23 01:09 - 2012-06-23 01:09 - 00000195 ____A C:\Users\alipark\Desktop\Welcome to Facebook — Log in, sign up or learn more.url
2012-06-20 07:27 - 2012-06-20 03:49 - 00000213 ____A C:\Users\daviepark\Desktop\Edinburgh.url
2012-06-20 03:49 - 2012-06-20 03:49 - 00000418 ____A C:\Users\daviepark\Desktop\accommodation edinburgh castle edinburgh city centre - Google Maps.url
2012-06-20 03:27 - 2012-06-20 03:27 - 00000138 ____A C:\Users\daviepark\Desktop\Home.url
2012-06-18 15:35 - 2012-06-18 15:35 - 00001318 ____A C:\Users\daviepark\Desktop\suburbaniteshand00thor.pdf - Shortcut.lnk
2012-06-18 00:59 - 2012-06-18 00:59 - 00000140 ____A C:\Users\daviepark\Desktop\Kippford Holidays - Luxury two bedroom caravan overlooking Kippford and Solway Coast near Dalbeattie, Dumfries and Galloway.url
2012-06-17 16:08 - 2012-06-17 16:08 - 00000370 ____A C:\Users\daviepark\Desktop\Hoseasons - Holiday Availability Listing.url
2012-06-08 03:40 - 2010-08-22 10:53 - 00000708 ____A C:\Users\daviepark\AppData\Roaming\wklnhst.dat
2012-06-02 14:19 - 2012-06-19 00:27 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 00:27 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 00:27 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 00:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 00:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 00:27 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 00:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-19 00:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-19 00:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 07:10 - 2012-06-01 07:10 - 00000725 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-01 07:09 - 2012-06-01 07:08 - 49744959 ____A C:\Users\daviepark\Downloads\ONE British Lord responsible for Pearl Harbor - the traitor Lord Sempill (1 of 4) [SaveYouTube.com].mp4
2012-06-01 06:45 - 2010-10-11 01:40 - 00880496 ____A (BitTorrent, Inc.) C:\Users\daviepark\Downloads\utorrent.exe
ZeroAccess:
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\@
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\n
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\U
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\00000004.@
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\201d3dde
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 36%
Total physical RAM: 1013.38 MB
Available physical RAM: 638.64 MB
Total Pagefile: 1013.38 MB
Available Pagefile: 644.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.38 MB
======================= Partitions =========================
1 Drive c: (Windows7) (Fixed) (Total:108.07 GB) (Free:50.04 GB) NTFS
2 Drive e: (New Volume) (Fixed) (Total:117.19 GB) (Free:117.1 GB) NTFS
3 Drive f: () (Removable) (Total:1.89 GB) (Free:0.78 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (WinRe) (Fixed) (Total:7.63 GB) (Free:3.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1935 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7813 MB 1024 KB
Partition 2 Primary 108 GB 7814 MB
Partition 3 Primary 117 GB 115 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y WinRe NTFS Partition 7813 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows7 NTFS Partition 108 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 117 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1935 MB Healthy
==================================================================================
Last Boot: 2012-08-16 15:10
======================= End Of Log ==========================