Do not remove anything unless you are sure you know what you're doing.
Find.bat is running from: C:\Documents and Settings\JP Clark\Desktop\Clean Up
------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 1015-5A79
Directory of C:\WINDOWS\System32
07/10/2005 11:25 PM <DIR> dllcache
04/26/2005 01:12 AM 56 18E3C9DF74.sys
08/12/2003 01:43 PM <DIR> Microsoft
1 File(s) 56 bytes
2 Dir(s) 44,428,488,704 bytes free
------- Hidden Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 1015-5A79
Directory of C:\WINDOWS\System32
07/10/2005 11:25 PM <DIR> dllcache
04/26/2005 01:12 AM 56 18E3C9DF74.sys
08/12/2003 01:34 PM 488 logonui.exe.manifest
08/12/2003 01:34 PM 488 WindowsLogon.manifest
08/12/2003 01:34 PM 749 nwc.cpl.manifest
08/12/2003 01:34 PM 749 sapi.cpl.manifest
08/12/2003 01:34 PM 749 ncpa.cpl.manifest
08/12/2003 01:34 PM 749 cdplayer.exe.manifest
08/12/2003 01:34 PM 749 wuaucpl.cpl.manifest
8 File(s) 4,777 bytes
1 Dir(s) 44,428,484,608 bytes free
------------ Files Named "Guard" ---------------
Volume in drive C has no label.
Volume Serial Number is 1015-5A79
Directory of C:\WINDOWS\System32
------ Temp Files in System32 Directory ------
Volume in drive C has no label.
Volume Serial Number is 1015-5A79
Directory of C:\WINDOWS\System32
------------------ User Agent ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
------------- Keys Under Notify -------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
------------- Locate.com Results -------------
C:\WINDOWS\SYSTEM32\
18e3c9~1.sys Tue Apr 26 2005 1:12:14a ..SHR 56 0.05 K
1 item found: 1 file, 0 directories.
Total of file sizes: 56 bytes 0.05 K
-------- Strings.exe Qoologic Results --------
C:\WINDOWS\system32\pav.sig: Qoologic
C:\WINDOWS\system32\pav.sig: Qoologic
--------- Strings.exe Aspack Results ---------
C:\WINDOWS\system32\pav.sig: AsPack
-------------- HKLM Run Key ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"PmProxy"="C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TFNF5"="TFNF5.exe"
"TFncKy"="TFncKy.exe /Type 28"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"Tpwrtray"="TPWRTRAY.EXE"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"