Thanks so much for your help.
Michael York
Response to the preperation guide as outlined by Grinler:
1) backup your data - done
2-4) done
5) Enable Firewall - done
6) disable your CD emulation software - done
7) Download and Run dds - done (see results below)
8) GMER lot - Cannot run. starts to scan then the system shuts down and reboots
Windows XP PRO SP3
Intel Core 2 duo
2.5 GHz 3 GIG ram
IE 6 (required for business applications)
FireFox
DDS (Ver_10-03-17.01) - NTFSx86
Run by cyorkmi at 16:41:45.40 on Sat 06/26/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3036.1523 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\LonWorks\bin\LnsMtsSvc.exe
C:\Inetpub\Wwwroot\MetasysIII\Tool\bin\ActionQueue.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\SoftGate\SoftGateNotify.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\spyware\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.johnsoncontrols.com/
uInternet Connection Wizard,ShellNext = hxxp://localhost/SCT
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [{B53ACCA6-3F22-B04D-FFE9-9998B7DB6F98}] "c:\documents and settings\cyorkmi\application data\qaek\exla.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [AccessManager] c:\program files\accessmanager\client\AccessMgr.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Softgate] c:\program files\softgate\SoftGateNotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
StartupFolder: c:\docume~1\cyorkmi\startm~1\programs\startup\monito~1.lnk - c:\program files\eroom 7\ERClient7.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aimver~1.lnk - c:\program files\johnson controls\aim\aimver\reminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\panasonic\videocamsuite\VideoCamSuiteAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://eroom.johnsoncontrols.com/eRoomSetup/client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://jwimkns12.na.jci.com/dwa8W.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: AMINIT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cyorkmi\applic~1\mozilla\firefox\profiles\6szzaxkv.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll
FF - plugin: c:\program files\java\jre1.5.0_13\bin\NPJPI150_13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npeRoom7.dll
FF - HiddenExtension: XULRunner: {1D048104-F73F-4FF5-98E6-B5A8F21F125A} - c:\documents and settings\cyorkmi\local settings\application data\{1D048104-F73F-4FF5-98E6-B5A8F21F125A}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-5-4 40560]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-9-22 24064]
R2 AMBroker;Access Manager Configuration Service;c:\program files\accessmanager\client\AMBroker.exe [2004-3-4 81920]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-27 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-27 108392]
R2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\lonworks\bin\LnsMtsSvc.exe [2007-9-21 62776]
R2 MIIIAQ;Metasys III Action Queue;c:\inetpub\wwwroot\metasysiii\tool\bin\ActionQueue.exe [2009-12-9 192512]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-7-27 2440632]
R2 TSM Scheduler;TSM Scheduler;c:\program files\tivoli\tsm\baclient\dsmcsvc.exe [2007-2-21 3117056]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-9-22 475520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-4-19 228408]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-11 240344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-4 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-11-11 41216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100624.002\NAVENG.SYS [2010-6-24 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100624.002\NAVEX15.SYS [2010-6-24 1347504]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-10-2 47616]
S1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [2007-5-29 9216]
S2 ChkLpt;ChkLpt;c:\windows\system32\drivers\Chklpt.sys [2004-6-19 6364]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-27 23888]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\accessmanager\client\DAPlugin.exe [2004-3-4 81920]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2006-5-17 29404]
S3 LdvxBroker;Echelon xDriver Connection Broker;c:\lonworks\bin\LdvxBroker.exe [2007-9-21 66872]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\accessmanager\smoc\spi_da.exe [2003-4-17 81920]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-19 189792]
=============== Created Last 30 ================
2010-06-26 21:41:44 0 d-----w- c:\temp\186.tmp
2010-06-26 21:41:18 0 ----a-w- c:\documents and settings\cyorkmi\defogger_reenable
2010-06-26 21:38:53 0 d-----w- C:\spyware
2010-06-26 16:47:36 0 d-----w- c:\temp\hsperfdata_cyorkmi
2010-06-25 03:11:20 0 d-----w- c:\temp\WPDNSE
2010-06-25 03:10:30 16384 ----atw- c:\temp\Perflib_Perfdata_334.dat
2010-06-25 03:10:09 16384 ----atw- c:\temp\Perflib_Perfdata_d5c.dat
2010-06-25 03:09:54 16384 ----atw- c:\temp\Perflib_Perfdata_38c.dat
2010-06-24 22:57:28 16384 ----atw- c:\temp\Perflib_Perfdata_27c.dat
2010-06-24 22:54:00 4054 ----a-w- c:\windows\wininit.ini
2010-06-24 22:28:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 22:28:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-24 22:03:50 16384 ----atw- c:\temp\Perflib_Perfdata_394.dat
2010-06-24 05:46:51 0 d-----w- c:\temp\hsperfdata_SYSTEM
2010-06-24 00:49:09 16384 ----atw- c:\temp\Perflib_Perfdata_300.dat
2010-06-23 04:24:28 256752 ----a-w- c:\temp\SSUPDATE.EXE
2010-06-23 03:54:40 16384 ----atw- c:\temp\Perflib_Perfdata_304.dat
2010-06-23 03:54:19 16384 ----atw- c:\temp\Perflib_Perfdata_f18.dat
2010-06-23 03:36:58 0 d-----w- c:\docume~1\cyorkmi\applic~1\SUPERAntiSpyware.com
2010-06-23 03:36:40 0 d-----w- c:\temp\SUPERSetup
2010-06-22 20:25:48 0 d-----w- c:\temp\BTN%Copy%1
2010-06-22 20:17:18 16384 ----atw- c:\temp\Perflib_Perfdata_214.dat
2010-06-21 19:28:27 16384 ------w- c:\temp\Perflib_Perfdata_47c.dat
2010-06-20 16:59:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-20 14:39:36 120 ----a-w- c:\windows\Kzabuyanamisu.dat
2010-06-20 14:39:36 0 ----a-w- c:\windows\Erepahemofi.bin
2010-06-20 05:18:10 0 d-----w- c:\program files\WBFS
2010-06-18 17:13:12 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-06-18 17:13:12 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-06-18 17:13:12 383 ----a-w- c:\windows\system32\haspdos.sys
2010-06-18 17:13:12 264704 ----a-w- c:\windows\system32\hlvdd.dll
2010-06-18 17:13:12 2577 ----a-w- c:\windows\system32\config.hsp
2010-06-18 17:13:10 0 d-----w- C:\AZ Commercial
2010-06-18 17:13:07 82432 ------w- c:\windows\system32\msxml4r.dll
2010-06-18 17:13:07 44544 ------w- c:\windows\system32\msxml4a.dll
2010-06-18 17:13:07 1233920 ------w- c:\windows\system32\msxml4.dll
2010-06-18 17:12:58 0 d-----w- C:\ALLDATAW
2010-06-18 17:06:07 0 ----a-w- c:\windows\hlktmp
2010-06-18 17:06:06 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-06-18 17:05:48 24576 ----a-w- c:\windows\system32\hdsuinst.exe
2010-06-18 17:05:47 153088 ----a-w- c:\windows\system32\UNWISE.EXE
2010-06-18 17:05:46 2511360 ----a-w- c:\windows\system32\haspds_windows.dll
2010-06-18 16:02:26 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-06-17 19:53:26 0 d-----w- c:\windows\JCITemplate
2010-06-10 19:47:51 0 d-----w- c:\docume~1\cyorkmi\applic~1\Anibdi
2010-06-08 00:04:11 0 d-----w- C:\books
2010-06-01 21:27:49 0 d-----w- C:\SWSetup
2010-05-28 21:56:12 0 d-----w- c:\docume~1\cyorkmi\applic~1\Johnson Controls
2010-05-28 00:44:58 16384 ------w- c:\temp\Perflib_Perfdata_264.dat
==================== Find3M ====================
2010-05-13 18:47:39 4987 ----a-w- C:\bradyprinterlog.dat
2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 23:38:56 182608 ----a-w- c:\windows\system32\cnvshell.dll
2010-04-22 18:07:00 228352 ----a-w- c:\documents and settings\cyorkmi\DataRefreshUI_5.0.0.8300.dll
2010-04-22 14:07:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-19 15:38:43 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-19 15:31:15 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-19 15:31:15 104960 ------w- c:\windows\system32\pxinsi64.exe
2010-04-19 15:13:10 1638400 ----a-w- c:\windows\system32\Gdiplus.dll
2005-11-15 20:32:22 3638 ----a-r- c:\program files\common files\Altiris_Icon.ico
============= FINISH: 16:42:24.40 ===============