Below is the log from FRST.exe
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013
Ran by SYSTEM at 15-03-2013 08:31:24
Running from G:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10025576 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [115560 2010-10-29] (Symantec Corporation)
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax" [x]
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [316864 2010-04-09] (Cyber Power Systems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1016464 2011-09-08] (Carbonite, Inc.)
HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [376 2013-03-13] ()
HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\administrator\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-27] (Google Inc.)
HKU\administrator\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\administrator\...\Run: [Google Update] "C:\Users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-28] (Google Inc.)
HKU\administrator\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\drgewirtz\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-27] (Google Inc.)
HKU\drgewirtz\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\drgewirtz\...\Run: [Google Update] "C:\Users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-28] (Google Inc.)
HKU\drgewirtz\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\drgewirtz\...\Run: [{08A203E4-B50A-AD7F-CD83-AF89D6D58C94}] C:\Users\drgewirtz\AppData\Roaming\Noisi\cuyx.exe [352768 2010-11-02] (?????????? ??????????)
HKU\drgewirtz\...\Run: [nixpezoxwigu] C:\Users\drgewirtz\nixpezoxwigu.exe [43984 2013-03-07] ()
HKU\Office\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-27] (Google Inc.)
HKU\Office\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Office\...\Run: [Google Update] "C:\Users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-28] (Google Inc.)
HKU\Office\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
Tcpip\..\Interfaces\{42E0AB8B-0713-409B-8232-95614B27EFCB}: [NameServer]192.168.111.16,192.168.111.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ===================
2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [284160 2010-12-28] (Advanced Micro Devices, Inc.)
2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [140224 2010-06-17] (Advanced Micro Devices)
2 AMD_RAIDXpert; "C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-03-15] (AMD)
2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [110592 2009-07-10] (Broadcom Corporation)
3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [3908752 2011-09-08] (Carbonite, Inc. (
www.carbonite.com))
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-10-29] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-10-29] (Symantec Corporation)
3 DMService; C:\Windows\DOWNLO~1\DMService.exe [468368 2011-03-16] (Microsoft ® Corporation)
2 Hp.Skyroom.Windows.Service; "C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe" -startService [124984 2009-11-20] (Hewlett-Packard)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-02-17] (Symantec Corporation)
2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [635416 2009-06-18] (PDF Complete Inc)
2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
2 ppped; "C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe" [918976 2010-04-16] (Cyber Power Systems, Inc.)
2 QBVSS; "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-08-19] (Intuit Inc.)
2 SmcService; "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" [1881368 2010-10-29] (Symantec Corporation)
4 SNAC; "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" [349512 2010-10-29] (Symantec Corporation)
2 Symantec AntiVirus; "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1831024 2010-10-29] (Symantec Corporation)
2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [149904 2009-12-14] (Microsoft ® Corporation)
2 rgsender; "c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe" -l logSetup [x]
==================== Drivers (Whitelisted) ====================
0 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [185912 2009-10-20] (Advanced Micro Devices, Inc)
3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-02-14] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-02-14] (Symantec Corporation)
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130311.004\NAVENG.SYS [93296 2013-02-14] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130311.004\NAVEX15.SYS [1603824 2013-02-14] (Symantec Corporation)
3 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-10-29] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-10-29] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-10-29] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-10-29] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2013-03-11] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2010-10-29] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2010-10-29] (Symantec Corporation)
4 LMIRfsClientNP; [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-03-15 08:31 - 2013-03-15 08:31 - 00000000 ____D C:\FRST
2013-03-13 08:16 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-13 08:16 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-13 08:16 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-13 08:16 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-13 08:16 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-13 08:16 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-13 08:16 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-13 08:16 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-13 08:16 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-13 08:16 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-13 08:16 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-13 08:16 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-13 08:16 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-13 08:16 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-13 08:16 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-13 08:16 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-13 07:03 - 2013-03-13 07:03 - 13230080 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 13,2013 11 02 AM).QBB
2013-03-12 14:23 - 2013-03-12 14:23 - 15859416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-03-08 18:34 - 2013-03-08 18:34 - 00002566 ____A C:\Users\Public\Documents\encryptdoc.pfx
2013-03-08 09:36 - 2013-03-08 09:36 - 13172736 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 08,2013 12 36 PM).QBB
2013-03-07 07:31 - 2013-03-07 07:31 - 00043984 ____A C:\Users\drgewirtz\nixpezoxwigu.exe
2013-03-06 10:32 - 2013-03-06 10:32 - 00000000 ____A C:\Users\drgewirtz\Documents\Nuance Image Printer Writer Port
2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\MSDOS.SYS
2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\IO.SYS
2013-02-26 15:13 - 2013-02-26 15:13 - 12996608 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Feb 26,2013 06 12 PM).QBB
2013-02-21 09:17 - 2013-02-21 09:17 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-21 09:16 - 2013-02-21 09:17 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-21 09:16 - 2013-02-21 09:17 - 00000000 ____D C:\Program Files\iTunes
2013-02-21 09:16 - 2013-02-21 09:16 - 00000000 ____D C:\Program Files\iPod
2013-02-21 08:36 - 2013-02-21 08:36 - 00000000 ____A C:\t15o.2
2013-02-13 07:12 - 2013-01-03 19:00 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 07:11 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-02-13 07:11 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 07:11 - 2013-01-03 20:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 07:11 - 2013-01-02 21:05 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 07:11 - 2013-01-02 21:04 - 00187752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders ========
2013-03-14 11:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-03-13 12:10 - 2010-10-25 12:51 - 01499510 ____A C:\Windows\WindowsUpdate.log
2013-03-13 12:05 - 2010-10-29 08:28 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2013-03-13 12:01 - 2011-01-27 11:06 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-13 11:54 - 2011-08-22 07:02 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000UA.job
2013-03-13 11:23 - 2012-04-02 07:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-13 11:16 - 2010-10-29 20:41 - 00000000 ____D C:\Users\drgewirtz\AppData\Local\PDFC
2013-03-13 10:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-03-13 09:16 - 2010-10-29 21:31 - 00002008 ____A C:\Users\drgewirtz\Documents\Default.rdp
2013-03-13 08:48 - 2010-11-01 18:10 - 00000000 ____D C:\Users\drgewirtz\AppData\Local\Deployment
2013-03-13 08:47 - 2011-08-24 12:17 - 00000000 ___RD C:\Users\drgewirtz\Dropbox
2013-03-13 08:47 - 2011-08-24 12:13 - 00000000 ____D C:\Users\drgewirtz\AppData\Roaming\Dropbox
2013-03-13 08:47 - 2011-01-27 11:06 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-13 08:40 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-13 08:40 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-13 08:38 - 2009-07-25 04:54 - 00782838 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-13 08:32 - 2011-08-30 06:47 - 00000000 ____D C:\Program Files\CyberPower PowerPanel Personal Edition
2013-03-13 08:32 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-13 08:32 - 2009-07-13 20:39 - 00059403 ____A C:\Windows\setupact.log
2013-03-13 08:31 - 2011-07-11 13:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-13 08:31 - 2010-10-25 10:38 - 00055346 ____A C:\Windows\PFRO.log
2013-03-13 08:21 - 2010-11-04 10:45 - 00000000 ____D C:\ProgramData\LogMeIn
2013-03-13 08:21 - 2010-10-25 09:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-13 08:18 - 2010-11-02 20:11 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-13 07:03 - 2013-03-13 07:03 - 13230080 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 13,2013 11 02 AM).QBB
2013-03-13 03:54 - 2011-08-22 07:02 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000Core.job
2013-03-12 14:23 - 2013-03-12 14:23 - 15859416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-03-12 14:23 - 2012-04-02 07:07 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-12 14:23 - 2011-05-16 05:00 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-12 13:33 - 2010-11-03 16:55 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-03-12 10:26 - 2012-12-07 08:26 - 00000000 ____D C:\Users\drgewirtz\Documents\pathology project
2013-03-11 20:29 - 2010-10-25 09:58 - 00000000 ____D C:\ProgramData\PDFC
2013-03-11 11:51 - 2010-10-29 07:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-03-11 11:14 - 2010-10-29 07:22 - 00124976 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-03-11 11:14 - 2010-10-29 07:22 - 00007456 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-03-11 11:14 - 2010-10-25 12:55 - 00000000 ____D C:\Program Files\Symantec
2013-03-09 08:47 - 2013-03-09 08:47 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-09 08:47 - 2013-03-09 08:47 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-03-09 08:47 - 2012-06-07 11:53 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-03-09 08:47 - 2010-11-15 11:48 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-03-09 08:44 - 2010-10-29 20:39 - 00000000 ___AD C:\users\drgewirtz
2013-03-08 18:34 - 2013-03-08 18:34 - 00002566 ____A C:\Users\Public\Documents\encryptdoc.pfx
2013-03-08 09:36 - 2013-03-08 09:36 - 13172736 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 08,2013 12 36 PM).QBB
2013-03-08 06:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-03-07 08:47 - 2010-11-02 10:59 - 00000000 ____D C:\Users\drgewirtz\AppData\Roaming\Noisi
2013-03-07 07:31 - 2013-03-07 07:31 - 00043984 ____A C:\Users\drgewirtz\nixpezoxwigu.exe
2013-03-06 10:32 - 2013-03-06 10:32 - 00000000 ____A C:\Users\drgewirtz\Documents\Nuance Image Printer Writer Port
2013-03-05 13:06 - 2010-12-02 11:52 - 00000000 ____D C:\Users\drgewirtz\Documents\Outlook Files
2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\MSDOS.SYS
2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\IO.SYS
2013-03-04 21:56 - 2011-08-22 07:03 - 00002352 ____A C:\Users\drgewirtz\Desktop\Google Chrome.lnk
2013-03-01 07:07 - 2011-07-13 09:31 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleFordrgewirtz.job
2013-02-28 12:47 - 2012-11-13 06:04 - 00000426 ____A C:\Windows\BRWMARK.INI
2013-02-28 10:34 - 2012-12-12 15:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-28 10:34 - 2012-06-01 04:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-28 10:30 - 2011-09-26 05:38 - 00000000 ____D C:\Users\drgewirtz\Documents\Personal
2013-02-26 15:13 - 2013-02-26 15:13 - 12996608 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Feb 26,2013 06 12 PM).QBB
2013-02-25 12:55 - 2013-02-08 07:52 - 00000000 ____D C:\Users\drgewirtz\Documents\credentialling
2013-02-21 15:32 - 2009-07-13 18:04 - 00000522 ____A C:\Windows\win.ini
2013-02-21 09:17 - 2013-02-21 09:17 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-21 09:17 - 2013-02-21 09:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-21 09:17 - 2013-02-21 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-02-21 09:16 - 2013-02-21 09:16 - 00000000 ____D C:\Program Files\iPod
2013-02-21 09:16 - 2011-08-18 12:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-02-21 09:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-02-21 08:36 - 2013-02-21 08:36 - 00000000 ____A C:\t15o.2
2013-02-14 09:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-14 07:07 - 2009-07-13 20:33 - 00484976 ____A C:\Windows\System32\FNTCACHE.DAT
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3583.39 MB
Available physical RAM: 3044.86 MB
Total Pagefile: 3581.68 MB
Available Pagefile: 3086.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.68 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:139.85 GB) (Free:69.35 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:7.19 GB) (Free:0.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (GSP1RMCPRFREO_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
4 Drive g: (0704120902) (Removable) (Total:1.92 GB) (Free:0.37 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:2 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 9 MB
Disk 1 Online 1968 MB 0 B
Partitions of Disk 0:
===============
Disk ID: DA7766AF
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2047 MB 1024 KB
Partition 2 Primary 139 GB 2048 MB
Partition 3 Primary 7360 MB 141 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 2047 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 139 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 7360 MB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: A83B35C6
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 16 KB
=========================================================
Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G 0704120902 FAT Removable 1967 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: DA7766AF
Partition 1:
=========
Hex: 80202100071550050008000000F83F00
Active: YES
Type: 07 (NTFS)
Size: 2 GB
Partition 2:
=========
Hex: 0015510507FEFFFF0000400000487B11
Active: NO
Type: 07 (NTFS)
Size: 140 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0048BB110000E600
Active: NO
Type: 07 (NTFS)
Size: 7 GB
==============================
Partitions of Disk 1:
===============
Disk ID: A83B35C6
Partition 1:
=========
Hex: 800101000E0FA0BF20000000E07F3D00
Active: YES
Type: 0E
Size: 2 GB
Last Boot: 2013-03-04 21:59
==================== End Of Log ============================