Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

50% Constant Cpu Nabbing By Svchost (wmi?)


  • This topic is locked This topic is locked
2 replies to this topic

#1 gapartington

gapartington

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 25 May 2008 - 05:43 PM

hi, I 'm using a stripped out version of XP SP2 for use with audio setups on a partioned drive c:\WINDAWS (F is the name for the normal windows partition) and have started getting this problem whereby under the winlogon.exe subbranch, svchost is hogging 50% CPU power all the time. I tried running SDFx and did the Kaspersky online scan with the windows installation that CAN allow me to connect to the internet. nothing found. and SDFix got locked out saying files missing but i kind of expect that may have been due to WINDAWS instead of WINDOWS system file naming.
here's the deckard main and extra logs. any help appreciated because I can't face doing a clean install again.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-25 17:11:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:12, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDAWS\System32\smss.exe
C:\WINDAWS\system32\csrss.exe
C:\WINDAWS\system32\winlogon.exe
C:\WINDAWS\system32\services.exe
C:\WINDAWS\system32\lsass.exe
C:\WINDAWS\system32\svchost.exe
C:\WINDAWS\System32\svchost.exe
C:\WINDAWS\system32\svchost.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDAWS\system32\nvsvc32.exe
C:\WINDAWS\system32\locator.exe
C:\WINDAWS\Explorer.EXE
C:\WINDAWS\system32\wbem\wmiprvse.exe
C:\WINDAWS\system32\DeltaIITray.exe
C:\WINDAWS\system32\RUNDLL32.EXE
C:\Program Files\WIBUKEY\H2O\CXWibu.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDAWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDAWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDAWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDAWS\System32\DeltaIITray.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDAWS\system32\nvsvc32.exe

--
End of file - 2083 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windaws\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 SCDEmu - c:\windaws\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 WIBUKEY (WIBU-KEY Kernel Driver) - c:\windaws\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
R3 cxwibu (Team H2O WIBU Driver) - c:\program files\wibukey\h2o\cxwibu.sys

S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 MA_CMIDI (M-Audio USB Driver) - c:\windaws\system32\drivers\ma_cmidi.sys <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MA_CMIDI_InstallerService (M-Audio Series II MIDI Installer) - c:\program files\m-audio\m-audio series ii midi\ma_cmidi_inst.exe <Not Verified; ; MA_CMIDI USB MIDI Installer Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Speed Touch 330
Device ID: USB\VID_06B9&PID_4061\0018F666491E
Manufacturer:
Name: Speed Touch 330
PNP Device ID: USB\VID_06B9&PID_4061\0018F666491E
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&625283&0&00E5
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&625283&0&00E5
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
Service:


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 17:11:50 0 d-------- C:\Program Files\Trend Micro
2008-05-25 16:21:43 0 d-------- C:\WINDAWS\ERUNT
2008-05-25 16:19:54 0 d-------- C:\Windows
2008-05-25 00:50:27 122880 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-25 00:50:27 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-25 00:50:27 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-25 00:50:27 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-24 00:47:18 720896 --a------ C:\WINDAWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-23 19:36:40 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-20 21:36:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Renoise
2008-05-20 21:35:57 0 d-------- C:\Program Files\Renoise 1.9.0
2008-05-20 21:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-05-20 21:02:28 356352 --a------ C:\WINDAWS\system32\WkExt32.dll <Not Verified; WIBU-SYSTEMS AG; Extended WIBU-KEY API>
2008-05-20 21:02:28 57552 --a------ C:\WINDAWS\system32\WkDos.exe
2008-05-20 21:02:28 524288 --a------ C:\WINDAWS\system32\wibuKJni.dll <Not Verified; WIBU-SYSTEMS AG; WIBU-SYSTEMS wibuKJni>
2008-05-20 21:02:28 17408 --a------ C:\WINDAWS\system32\drivers\Wibukey2.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
2008-05-20 21:02:27 139264 --a------ C:\WINDAWS\system32\WkWin32.dll <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection & Licensing System>
2008-05-20 21:02:27 70144 --a------ C:\WINDAWS\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
2008-05-20 21:02:27 53936 --a------ C:\WINDAWS\system\WkWin.dll <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection & Licensing System>
2008-05-20 21:02:18 0 d-------- C:\Program Files\WIBU-SYSTEMS
2008-05-20 21:02:18 0 d-------- C:\Program Files\WIBUKEY
2008-05-20 20:58:30 0 d-------- C:\Program Files\Alien Connections
2008-05-20 20:14:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Waves
2008-05-20 20:14:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Waves Preferences
2008-05-20 20:13:25 0 d-------- C:\Program Files\Waves
2008-05-20 20:02:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Waves Audio
2008-05-20 19:53:48 3693554 --a------ C:\WINDAWS\system32\TmpA453281
2008-05-19 15:42:40 1608 --ah----- C:\WINDAWS\bs-1.dat
2008-05-19 15:34:06 0 d-------- C:\Program Files\Scanned Synth Pro
2008-05-18 20:41:52 0 d-------- C:\Program Files\MIDITracker
2008-05-18 20:24:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Media
2008-05-18 20:21:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Smaart
2008-05-18 20:21:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Smaart
2008-05-18 20:21:17 0 d-------- C:\Program Files\Smaart 6
2008-05-18 20:12:57 0 d-------- C:\Program Files\OHMFORCE
2008-05-18 20:04:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Audio Damage
2008-05-18 19:53:14 0 d-------- C:\Program Files\Elevayta Productivity Tools
2008-05-18 19:50:15 0 d-------- C:\Program Files\Common Files\Cycling '74
2008-05-18 16:39:31 3693554 --a------ C:\WINDAWS\system32\TmpA6733500
2008-05-18 15:02:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Voxengo
2008-05-18 14:29:06 0 d-------- C:\Program Files\AAS
2008-05-18 14:29:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Applied Acoustics Systems
2008-05-18 13:42:57 2045952 --a------ C:\WINDAWS\system32\bconvert.dll <Not Verified; Native Instruments Software Synthesis GmbH; Kontakt Convertor>
2008-05-18 02:42:16 0 d-------- C:\Program Files\Anwida
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\ssoleth.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\ssolemn.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\sslibpop.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\ssliblww.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\sslhpt.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\solejttd.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\slibjttd.dll
2008-05-18 02:19:51 2756 --a------ C:\WINDAWS\system32\slibas.dll
2008-05-18 02:19:48 678746 --a------ C:\WINDAWS\unins000.exe <Not Verified; ; Inno Setup>
2008-05-18 02:19:48 21103 --a------ C:\WINDAWS\unins000.dat
2008-05-18 02:19:48 0 d-------- C:\Program Files\Sonalksis
2008-05-18 01:11:09 3693554 --a------ C:\WINDAWS\system32\TmpA5651312
2008-05-17 17:11:08 0 d-------- C:\Program Files\Best Service
2008-05-17 15:58:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-05-17 15:57:43 0 d-------- C:\WINDAWS\WinRAR
2008-05-17 15:40:45 17408 -----n--- C:\WINDAWS\system32\minimp3.exe
2008-05-16 03:40:22 0 d-------- C:\Program Files\Sugar Bytes
2008-05-16 03:30:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SIR
2008-05-16 03:30:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\SIR
2008-05-16 03:24:04 0 d-------- C:\Program Files\Sonik Synth 2
2008-05-16 01:39:30 0 d-------- C:\Program Files\Zero-G
2008-05-16 01:31:34 0 d-------- C:\Program Files\East West
2008-05-16 01:11:55 551936 --a------ C:\WINDAWS\th_inst2.exe <Not Verified; cmW@re; ThunderSetup>
2008-05-16 01:11:54 647168 --a------ C:\WINDAWS\system32\sonicismdsp.dll
2008-05-16 01:00:53 0 d-------- C:\Program Files\Sonnox
2008-05-15 22:30:06 6791168 --a------ C:\WINDAWS\system32\PSP Xenon.dll
2008-05-15 19:24:33 0 d-------- C:\Program Files\Antares
2008-05-15 19:14:11 0 d-------- C:\Program Files\RSO Vocal Magic Pro
2008-05-15 17:53:02 0 d-------- C:\Program Files\PSPaudioware
2008-05-15 17:20:52 0 d-------- C:\Program Files\URS Plugins
2008-05-15 12:32:12 242176 -----n--- C:\UNWISE.EXE
2008-05-15 12:25:04 0 d-------- C:\Documents and Settings\All Users\Application Data\IK Multimedia
2008-05-14 21:34:26 0 d-------- C:\Program Files\GForce
2008-05-14 20:53:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-05-14 20:53:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
2008-05-14 20:53:23 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-05-14 20:53:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Cycling '74
2008-05-14 20:43:59 0 d-------- C:\Program Files\Cycling '74
2008-05-14 20:43:59 0 d-------- C:\Program Files\Common Files\C74 Plug-in Support
2008-05-14 20:41:22 491520 --a------ C:\WINDAWS\system32\libencdec.dll
2008-05-14 20:41:22 0 d-------- C:\Program Files\Audio Ease
2008-05-14 20:41:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-05-14 20:41:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Audio Ease
2008-05-14 19:34:16 163840 --a------ C:\WINDAWS\system32\ArtFfct.dll <Not Verified; ; Bibliothèque de liaison dynamique FDlg>
2008-05-14 15:05:26 0 d-------- C:\Program Files\Arturia
2008-05-14 14:53:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Big Fish Audio
2008-05-13 21:57:36 0 d-------- C:\Program Files\Antares Audio Technologies
2008-05-13 21:57:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Antares
2008-05-13 16:13:24 0 d-------- C:\Program Files\Steinberg
2008-05-13 08:49:06 0 d-------- C:\Program Files\Vintage Amp Room
2008-05-13 08:36:16 0 d-------- C:\WINDAWS\KConvert Temp
2008-05-13 08:36:16 0 d-------- C:\WINDAWS\KConvert Logs
2008-05-13 08:34:26 2045952 --a------ C:\WINDAWS\system32\kconvert.dll <Not Verified; Native Instruments Software Synthesis GmbH; Kontakt Convertor>
2008-05-13 07:52:34 0 d-------- C:\Program Files\Common Files\Digidesign
2008-05-13 07:52:33 0 d-------- C:\Program Files\Spectrasonics
2008-05-13 07:51:53 90112 --a------ C:\WINDAWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-13 01:41:02 393216 --a------ C:\WINDAWS\system32\NI_IRC_1_2.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2008-05-13 01:41:02 61440 --a------ C:\WINDAWS\system32\NI_DFD_1_5.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH DFD (Direct From Disc) extension>
2008-05-13 00:22:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-13 00:21:34 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-05-12 23:04:32 0 d-------- C:\Temp
2008-05-12 23:04:29 0 d-------- C:\Program Files\Common Files\Celemony
2008-05-12 23:04:29 0 d-------- C:\Program Files\Celemony
2008-05-12 22:56:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TBIView
2008-05-12 22:56:30 69632 --a------ C:\WINDAWS\tbicd2hd.exe
2008-05-12 22:56:30 0 d-------- C:\Program Files\TeraByte Unlimited
2008-05-12 22:49:14 0 d-------- C:\Program Files\DiskTrix
2008-05-10 10:44:09 0 d-------- C:\Documents and Settings\All Users\Application Data\iZotope
2008-05-10 10:43:15 0 d-------- C:\Program Files\iZotope
2008-05-10 10:43:15 0 d-------- C:\Program Files\Common Files\iZotope
2008-05-10 10:07:43 231142 --a------ C:\Program Files\UninstalAlbino3.exe
2008-05-10 10:07:43 0 d-------- C:\Program Files\Rob Papen
2008-05-09 01:37:49 0 d-------- C:\Program Files\Foxit Software
2008-05-09 00:42:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mael
2008-05-09 00:40:37 0 d-------- C:\Program Files\HxD
2008-05-08 17:05:00 0 d-------- C:\Documents and Settings\All Users\Application Data\AraldFX
2008-05-08 16:44:41 51160 --a------ C:\Program Files\UninstalOrgan.exe
2008-05-08 16:44:41 0 d-------- C:\Program Files\daOrganFx
2008-05-08 16:22:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-08 16:15:13 176 --a------ C:\WINDAWS\system32\msvcsv60.dll
2008-05-08 16:15:13 176 --a------ C:\WINDAWS\msocreg32.dat
2008-05-08 16:14:17 0 d-------- C:\Program Files\IK Multimedia
2008-05-08 15:55:08 0 d-------- C:\Program Files\Nomad Factory
2008-05-08 15:51:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-05-08 15:51:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software
2008-05-08 15:50:28 0 d-------- C:\Program Files\Propellerhead
2008-05-08 15:46:21 0 d-------- C:\Program Files\Softube
2008-05-08 15:44:51 1335790 --a------ C:\WINDAWS\system32\TmpA939984
2008-05-08 15:42:29 1777664 --a------ C:\WINDAWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-08 15:41:54 0 d-------- C:\Program Files\DAMN NFO Viewer
2008-05-08 15:26:42 0 d-------- C:\Program Files\PowerISO
2008-05-08 15:25:32 0 d-------- C:\Program Files\Native Instruments
2008-05-08 14:55:10 82944 --a------ C:\WINDAWS\system32\USBMN1X1.DLL <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface>
2008-05-08 14:55:10 17920 --a------ C:\WINDAWS\system32\USBMM1X1.DLL <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface>
2008-05-08 14:55:10 86016 --a------ C:\WINDAWS\system32\ma_cmidn.dll <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>
2008-05-08 14:55:10 17920 --a------ C:\WINDAWS\system32\MA_CMIDI.DLL <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>
2008-05-08 14:55:10 22208 --a------ C:\WINDAWS\system32\drivers\USBMN1X1.SYS <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface>
2008-05-08 14:55:10 24128 --a------ C:\WINDAWS\system32\drivers\USBMM1X1.SYS <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface>
2008-05-08 14:55:10 13504 --a------ C:\WINDAWS\system32\drivers\USB11LDR.SYS <Not Verified; MIDIMAN; Midiman USB MidiSport 1x1 Loader>
2008-05-08 14:55:10 21888 --a------ C:\WINDAWS\system32\drivers\ma_cmidi.sys <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>
2008-05-07 13:18:11 0 d-------- C:\Program Files\HD Tune
2008-05-07 13:14:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-05-07 13:13:16 0 d-------- C:\Program Files\Auslogics
2008-05-07 13:10:59 0 d-------- C:\WINDAWS\pss
2008-05-07 13:08:28 0 d-------- C:\Program Files\CCleaner
2008-05-07 13:06:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\foobar2000
2008-05-07 13:06:10 0 d-------- C:\Program Files\foobar2000
2008-05-07 13:04:52 0 d-------- C:\Program Files\vstplugins
2008-05-07 12:58:56 0 d-------- C:\WINDAWS\nview
2008-05-07 12:58:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 12:58:29 0 d-------- C:\NVIDIA
2008-05-07 12:51:21 0 d-------- C:\WINDAWS\SoftwareDistribution
2008-05-07 12:42:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\REAPER
2008-05-07 12:40:09 34308 --a------ C:\WINDAWS\system32\Chip.dll
2008-05-07 12:39:58 0 d-------- C:\Program Files\REAPER
2008-05-07 09:42:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 09:42:29 0 d-------- C:\Program Files\M-Audio
2008-05-07 09:42:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-07 09:21:08 0 d-------- C:\Program Files\7-Zip
2008-05-07 00:41:04 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-07 00:41:03 122880 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-07 00:41:03 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-07 00:41:03 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-07 00:40:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-07 00:40:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-07 00:40:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-07 00:40:53 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-07 00:40:53 2621440 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-07 00:40:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-07 00:40:53 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-07 00:40:53 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-07 00:40:53 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-07 00:40:53 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-07 00:40:53 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-07 00:40:53 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-07 00:35:57 0 d-------- C:\WINDAWS\system32\xircom
2008-05-07 00:35:57 0 d-------- C:\WINDAWS\system32\restore
2008-05-07 00:35:57 0 d-------- C:\WINDAWS\system32\com
2008-05-07 00:35:57 0 d-------- C:\WINDAWS\srchasst
2008-05-07 00:35:57 0 d-------- C:\Program Files\windows nt
2008-05-07 00:35:57 0 d-------- C:\Program Files\msn gaming zone
2008-05-07 00:35:57 0 d-------- C:\Program Files\movie maker
2008-05-07 00:35:57 0 d-------- C:\Program Files\microsoft frontpage
2008-05-07 00:35:57 0 d-------- C:\Program Files\Common Files\speechengines
2008-05-07 00:35:54 122880 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-07 00:35:50 0 -rahs---- C:\MSDOS.SYS
2008-05-07 00:35:50 0 -rahs---- C:\IO.SYS
2008-05-07 00:35:50 0 --a------ C:\CONFIG.SYS
2008-05-07 00:35:50 0 --a------ C:\AUTOEXEC.BAT
2008-05-07 00:35:41 0 dr------- C:\WINDAWS\Offline Web Pages
2008-05-07 00:35:41 0 d---s---- C:\WINDAWS\Downloaded Program Files
2008-05-07 00:35:37 0 d-------- C:\Program Files\Online Services
2008-05-07 00:35:32 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-07 00:35:31 0 d-------- C:\WINDAWS\system32\Macromed
2008-05-06 21:31:22 0 d--hs---- C:\WINDAWS\Installer
2008-05-06 21:31:22 0 d-------- C:\Program Files
2008-05-06 21:31:22 0 d-------- C:\Program Files\Common Files
2008-05-06 21:31:22 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-06 21:31:12 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-06 21:31:12 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-06 21:31:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-06 21:31:12 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-06 21:31:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-06 21:31:12 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-06 21:31:12 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-06 21:31:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-06 21:31:12 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-06 21:31:12 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-06 21:31:12 0 d--h----- C:\Documents and Settings\Default User\Cookies
2008-05-06 21:31:12 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-06 21:31:12 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-06 21:31:12 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-06 21:31:12 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-06 21:31:12 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-06 21:31:03 0 d-------- C:\WINDAWS\system32\CatRoot2
2008-05-06 21:31:03 0 d-------- C:\WINDAWS\system32\CatRoot
2008-05-06 21:30:58 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-06 21:30:58 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-06 21:30:57 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-06 21:30:57 0 d-a-s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-06 21:30:35 0 d--hs---- C:\System Volume Information
2008-05-06 21:30:35 0 d-------- C:\Documents and Settings
2008-05-06 21:07:30 0 d-------- C:\WINDAWS
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\WinSxS
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Web
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\twain_32
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\wins
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\wbem
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\usmt
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\spool
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\ShellExt
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\ras
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\oobe
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\npp
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\mui
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\inetsrv
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\IME
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\icsxml
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\ias
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\export
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\drivers
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\drivers\etc
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\drivers\disdn
2008-05-06 21:07:30 0 dr-hs--c- C:\WINDAWS\system32\dllcache
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\dhcp
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\config
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\3com_dmi
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\3076
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\2052
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1054
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1042
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1041
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1037
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1033
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1031
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1028
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system32\1025
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\system
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\security
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Resources
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\repair
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Provisioning
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\PeerNet
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\pchealth
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\OemDir
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\mui
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\msapps
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\msagent
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Media
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\java
2008-05-06 21:07:30 0 d--h----- C:\WINDAWS\inf
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\ime
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Help
2008-05-06 21:07:30 0 dr--s---- C:\WINDAWS\Fonts
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\ehome
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Driver Cache
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Debug
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Cursors
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Connection Wizard
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\Config
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\AppPatch
2008-05-06 21:07:30 0 d-------- C:\WINDAWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-06 21:31:12 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltaIITaskbarApp"="C:\WINDAWS\system32\DeltaIITray.exe" [03/12/2007 11:21]
"NvCplDaemon"="C:\WINDAWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDAWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDAWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"H2OWIBU"="C:\Program Files\WIBUKEY\H2O\CXWibu.exe" [03/10/2005 00:00]
"M-Audio Taskbar Icon"="C:\WINDAWS\System32\DeltaIITray.exe" [03/12/2007 11:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService upnphost SSDPSRV
DcomLaunch DcomLaunch


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD}]
C:\WINDAWS\system32\setup\svchost.exe s



-- End of Deckard's System Scanner: finished at 2008-05-25 17:12:31 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 7%
Physical Memory (total/avail): 3327.04 MiB / 3062.64 MiB
Pagefile Memory (total/avail): 3164.75 MiB / 3063.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.07 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 54.99 GiB total, 47.99 GiB free.
D: is Fixed (NTFS) - 596.12 GiB total, 336.22 GiB free.
E: is Fixed (NTFS) - 298.08 GiB total, 37.72 GiB free.
F: is Fixed (NTFS) - 19.53 GiB total, 15.12 GiB free.
H: is Removable (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD080HJ - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 54.99 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 19.53 GiB - F:

\\.\PHYSICALDRIVE1 - JRAID SCSI Disk Device - 596.12 GiB - 1 partition
\PARTITION0 - Installable File System - 596.12 GiB - D:

\\.\PHYSICALDRIVE2 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE5 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE4 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE3 - Generic- SM/xD-Picture USB Device

\\.\PHYSICALDRIVE6 - WD 3200JB External USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.08 GiB - E:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XPDAW
ComSpec=C:\WINDAWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\XPDAW
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDAWS\system32;C:\WINDAWS;C:\WINDAWS\System32\Wbem;C:\Program Files\Common Files\iZotope\Runtimes
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINDAWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=XPDAW
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDAWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Algorithmix Plugin Bundle 1.3 --> C:\PROGRA~1\VSTPLU~1\ALGORI~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\ALGORI~1\UNINST~1\INSTALL.LOG
Ambisone VST 2.02 --> C:\WINDAWS\iun6002.exe "C:\Program Files\vstplugins\irunin.ini"
AmpegSVX --> C:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube Jimi Hendrix --> C:\Program Files\InstallShield Installation Information\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube Metal --> C:\Program Files\InstallShield Installation Information\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube X-GEAR --> C:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube2 --> C:\Program Files\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Antares Autotune VST v5.09 --> "C:\Program Files\Antares Audio Technologies\Uninstall\unins000.exe"
Antares AVOX Bundle VST RTAS v1.1.3 --> "C:\Program Files\Antares Audio Technologies\unins000.exe"
Antares Filter VST DX v1.01 --> C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
Antares Harmony Engine VST RTAS v1.0 --> "C:\Program Files\Antares Audio Technologies\unins001.exe"
Antares Tube v1.0 --> C:\PROGRA~1\Antares\TUBEUN~1\UNWISE.EXE C:\PROGRA~1\Antares\TUBEUN~1\INSTALL.LOG
Anwida Graphics Equalizer Pro v2.1 --> C:\PROGRA~1\Anwida\GEP21\UNWISE.EXE C:\PROGRA~1\Anwida\GEP21\INSTALL.LOG
Applied Acoustics Lounge Lizard EP VSTi DXi v3.0 --> C:\PROGRA~1\AAS\LOUNGE~1.0\UNWISE.EXE C:\PROGRA~1\AAS\LOUNGE~1.0\INSTALL.LOG
ARP2600 V 1.2 --> "C:\Program Files\Arturia\ARP2600 V\unins000.exe"
Arturia minimoog V v1.6 --> "C:\Program Files\Arturia\minimoog V\Uninstall\unins000.exe"
Atmosphere --> "C:\Program Files\vstplugins\Atmosphere\unins000.exe"
AudioEase Speakersphone VST RTAS v1.03 --> "C:\Program Files\Audio Ease\Speakerphone\Uninstall\unins000.exe"
AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
BBE D82 Sonic Maximizer VST RTAS v2.0 --> "C:\Program Files\Nomad Factory\Uninstall\unins002.exe"
Best Service Artist Grooves --> C:\PROGRA~1\BESTSE~1\ARTIST~1\UNWISE.EXE C:\PROGRA~1\BESTSE~1\ARTIST~1\INSTALL.LOG
Best Service Chris Hein Bass --> D:\AUDIOD~1\CHRISH~1\UNWISE.EXE D:\AUDIOD~1\CHRISH~1\INSTALL.LOG
Best Service Ethno World 4 Pro --> D:\AUDIOD~1\KONTAK~1\ETHNOW~1\UNWISE.EXE D:\AUDIOD~1\KONTAK~1\ETHNOW~1\INSTALL.LOG
bs-1 --> MsiExec.exe /I{FFD114D4-A346-4BD3-B95C-F6F31E8168C8}
bs-16 --> MsiExec.exe /I{03832DEA-EA43-451C-B37C-96CE71FFBC6D}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CS-80V 1.6 --> "C:\Program Files\Arturia\CS-80V\unins000.exe"
CSR --> C:\Program Files\InstallShield Installation Information\{648C1BFD-6A70-46D8-B855-F84D95C2DC34}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
DAMN NFO Viewer 2.10.0031 RC3 --> MsiExec.exe /I{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}
db audioware Sidechain Compressor VST v1.1.0 --> C:\PROGRA~1\VSTPLU~1\SIDECH~2\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SIDECH~2\INSTALL.LOG
db audioware Sidechain Gate VST v1.1.0 --> C:\PROGRA~1\VSTPLU~1\SIDECH~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SIDECH~1\INSTALL.LOG
Delta --> C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe -runfromtemp -l0x0009 -removeonly
DSound Stomp'n FX Vol.2 v1.0 --> C:\PROGRA~1\VSTPLU~1\STOMPN~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\STOMPN~1\INSTALL.LOG
DSound Stomp`n FX Vol.1 v1.5 --> C:\PROGRA~1\VSTPLU~1\dsound\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\dsound\INSTALL.LOG
East West Hardcore Bass XP --> C:\PROGRA~1\EASTWE~1\HARDCO~1\UNWISE.EXE C:\PROGRA~1\EASTWE~1\HARDCO~1\INSTALL.LOG
Elevayta Extra Boy Pro V5.01 --> "C:\Program Files\Elevayta Productivity Tools\Extra Boy Pro\unins000.exe"
Flying Haggis --> C:\Program Files\vstplugins\Flying Haggis\Flying Haggis Uninstaller.exe
foobar2000 v0.9.5.2 --> "C:\Program Files\foobar2000\uninstall.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GForce - Oddity --> C:\WINDAWS\unvise32.exe C:\Program Files\GForce\Oddity\uninstal.log
HD Tune 2.54 --> "C:\Program Files\HD Tune\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HxD Hex Editor version 1.7.6.2 --> "C:\Program Files\HxD\unins000.exe"
Image for Windows 2.08 Trial --> "C:\Program Files\TeraByte Unlimited\Image for Windows\V2\unins000.exe"
iZotope Ozone 3 --> "C:\Program Files\iZotope\Ozone 3\unins000.exe"
iZotope Spectron --> "C:\Program Files\iZotope\Spectron\unins000.exe"
iZotope Trash --> "C:\Program Files\iZotope\Trash\unins000.exe"
iZotope Vinyl --> "C:\Program Files\iZotope\Vinyl\unins000.exe"
LinPlug daOrgan --> C:\Program Files\UninstalOrgan.exe
M-Audio Series II MIDI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
M-Tron --> "C:\Program Files\vstplugins\uninstall_MTron.exe"
Maize Sampler 1.32 --> "C:\Program Files\vstplugins\MaizeSampler\unins000.exe"
ManyBass 1.0 --> "C:\Documents and Settings\All Users\Application Data\AraldFX\ManyBass\unins000.exe"
Melodyne plugin --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C49987B-689E-469D-86AE-8E325A038701}\setup.exe" -l0x9 -removeonly
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MIDI Tracker --> C:\Program Files\MIDITracker\MIDITracker.exe /uninstall
Miroslav Philharmonik --> C:\Program Files\InstallShield Installation Information\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Miroslav Philharmonik Instruments --> C:\Program Files\InstallShield Installation Information\{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Moog Modular V v2.2 --> "C:\Program Files\Arturia\Moog Modular V 2\Uninstall\unins000.exe"
Native Instruments Akoustik Piano --> C:\PROGRA~1\NATIVE~1\AKOUST~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\AKOUST~1\INSTALL.LOG
Native Instruments Battery 3 --> C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Native Instruments FM8 --> C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG
Native Instruments Guitar Combos --> C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Native Instruments Kontakt 3 --> C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Kore 2 --> C:\PROGRA~1\NATIVE~1\KORE2~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KORE2~1\INSTALL.LOG
Native Instruments Service Center --> C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
NomadFactory Analog Mastering Tools VST RTAS v1.0 --> "C:\Program Files\Nomad Factory\Uninstall\unins000.exe"
NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3 --> "C:\Program Files\Nomad Factory\Blue Tubes Analog TrackBox\Uninstall\unins000.exe"
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2 --> "C:\Program Files\Nomad Factory\Blue Tubes Dynamics Pack\Uninstall\unins000.exe"
NomadFactory Blue Tubes Effects Pack VST RTAS v3.2 --> "C:\Program Files\Nomad Factory\Blue Tubes Effects Pack\Uninstall\unins000.exe"
NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2 --> "C:\Program Files\Nomad Factory\Blue Tubes Equalizers Pack\Uninstall\unins000.exe"
NomadFactory BlueVerb DRV-2080 VST RTAS v1.4 --> "C:\Program Files\Nomad Factory\BlueVerb DRV-2080\Uninstall\unins000.exe"
NomadFactory Essential Studio Suite VST RTAS v1.5 --> "C:\Program Files\Nomad Factory\Essential Studio Suite\Uninstall\unins000.exe"
NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3 --> "C:\Program Files\Nomad Factory\Limiting Amplifier LM-662\Uninstall\unins000.exe"
NomadFactory Liquid Bundle VST RTAS v2.4 --> "C:\Program Files\Nomad Factory\Liquid Bundle\Uninstall\unins000.exe"
NomadFactory Program Equalizer EQP-4 VST RTAS v1.3 --> "C:\Program Files\Nomad Factory\Program Equalizer EQP-4\Uninstall\unins000.exe"
NomadFactory Retrology M-Tone EQ VST RTAS v1.0 --> "C:\Program Files\Nomad Factory\Uninstall\unins001.exe"
NomadFactory Rock Amp Legends VST RTAS v1.5 --> "C:\Program Files\Nomad Factory\Rock Amp Legends\Uninstall\unins000.exe"
NomadFactory Studio Channel SC-226 VST RTAS v1.3 --> "C:\Program Files\Nomad Factory\Studio Channel SC-226\Uninstall\unins000.exe"
NVIDIA Drivers --> C:\WINDAWS\system32\nvuninst.exe UninstallGUI
Ohm Force - Quad Frohmage VST2 --> C:\WINDAWS\unvise32.exe c:\program files\vstplugins\Ohm Force\Quad Frohmage VST2\uninstal.log
Ohm_Force_Mobilohm_VST_v1.16-PLZ --> C:\PROGRA~1\OHMFORCE\MOBILO~1\UNWISE.EXE C:\PROGRA~1\OHMFORCE\MOBILO~1\INSTALL.LOG
OhmForce Hematohm VST2 --> C:\WINDAWS\unvise32.exe c:\program files\vstplugins\Ohm Force\Hematohm VST2\uninstal.log
OhmForce Ohmboyz VST2 --> C:\WINDAWS\unvise32.exe c:\program files\vstplugins\Ohm Force\Ohmboyz VST2\uninstal.log
OhmForce Predatohm VST2 --> C:\WINDAWS\unvise32.exe c:\program files\vstplugins\Ohm Force\Predatohm VST2\uninstal.log
Pluggo 3.5.4 --> C:\PROGRA~1\CYCLIN~1\Pluggo\INSTAL~1\UNWISE.EXE C:\PROGRA~1\CYCLIN~1\Pluggo\INSTAL~1\INSTALL.LOG
Pluggo 3.6.1 --> MsiExec.exe /I{6030B0B7-EE59-40E7-9A19-4EC13EF0310C}
Polyvoks Station VSTi v1.4 --> "C:\Program Files\vstplugins\Polyvoks Station VSTi\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prosoniq PiWarp VST v2.02 --> C:\PROGRA~1\VSTPLU~1\PiWarp\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\PiWarp\INSTALL.LOG
PSOFT Void v1.52 (remove only) --> C:\Program Files\vstplugins\PSOFT\Void\uninstall.exe
PSP Audioware Xenon v1.0 --> "C:\Program Files\PSPaudioware\PSP Xenon iLok\Uninstall\unins000.exe"
PSP MasterComp 1.5.4 --> "C:\Program Files\PSPaudioware\PSP MasterComp\uninstall.exe" "/U:C:\Program Files\PSPaudioware\PSP MasterComp\irunin.xml"
PSP MixPack2 2.0.3 --> "C:\Program Files\PSPaudioware\PSP MixPack2\uninstall.exe" "/U:C:\Program Files\PSPaudioware\PSP MixPack2\irunin.xml"
PSP VintageWarmer2 2.0.1 --> "C:\Program Files\PSPaudioware\PSP VintageWarmer2\uninstall.exe" "/U:C:\Program Files\PSPaudioware\PSP VintageWarmer2\irunin.xml"
REAPER --> "C:\Program Files\REAPER\Uninstall.exe"
ReCycle 2.1.2 --> "C:\Program Files\Propellerhead\ReCycle\unins000.exe"
Renoise 1.9.0 --> "C:\Program Files\Renoise 1.9.0\unins000.exe"
ReValver Mk II --> "C:\Program Files\Alien Connections\ReValver Mk II\unins000.exe"
RF1 Systems Midi Tracker v1.2.5 --> "C:\Program Files\MIDITracker\Uninstall\unins000.exe"
rgcAudio z3ta Plus v1.40 --> C:\PROGRA~1\VSTPLU~1\RGCAUD~1\Z3TA_U~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\RGCAUD~1\Z3TA_U~1\INSTALL.LOG
Rob Papen Albino 3 --> C:\Program Files\UninstalAlbino3.exe
Robotronic --> C:\PROGRA~1\SUGARB~1\ROBOTR~1\UNWISE.EXE C:\PROGRA~1\SUGARB~1\ROBOTR~1\INSTALL.LOG
RSO ExTreme Punch 3 VST --> C:\PROGRA~1\VSTPLU~1\RSOEXT~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\RSOEXT~1\INSTALL.LOG
RSO Vocal Magic Pro VST --> C:\PROGRA~1\RSOVOC~1\UNWISE.EXE C:\PROGRA~1\RSOVOC~1\INSTALL.LOG
SampleMoog --> C:\Program Files\InstallShield Installation Information\{218AA20E-F016-4385-9F74-04FF8E596FB2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
SampleTank 2.5 --> C:\Program Files\InstallShield Installation Information\{6559654F-2F38-491F-8411-211517C3E635}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
SampleTron --> C:\Program Files\InstallShield Installation Information\{81974750-D4B1-4690-B168-D31F9A599542}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
ShapeShifter v1.2 --> "C:\Program Files\Vstplugins\ShapeShifter\unins000.exe"
Smaart 6.1.0.0 --> "C:\Program Files\Smaart 6\unins000.exe"
Softube Acoustic Feedback VST RTAS v1.0 --> "C:\Program Files\Softube\Acoustic Feedback\Uninstall\unins000.exe"
Softube Vintage Amp Room VST RTAS v1.05 --> "C:\Program Files\Vintage Amp Room\Uninstall\unins000.exe"
Sonalksis Plug-Ins for Windows 2.06 --> "C:\WINDAWS\unins000.exe"
Sonik Synth 2 --> C:\PROGRA~1\SONIKS~1\UNWISE.EXE C:\PROGRA~1\SONIKS~1\INSTALL.LOG
Sonnox Oxford Inflator Native VST v1.5.1 --> "C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Inflator Native VST\unins000.exe"
Sonnox Oxford Limiter Native VST v1.1.1 --> "C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Limiter Native VST\unins000.exe"
Sonnox Oxford R3 Dynamics Native VST v1.3.1 --> "C:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 Dynamics Native VST\unins000.exe"
Sonnox Oxford R3 EQ Native VST v1.6.1 --> "C:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 EQ Native VST\unins000.exe"
Sonnox Oxford Reverb Native VST v1.0 --> "C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Reverb Native VST\unins000.exe"
Sonnox Oxford TransMod Native VST v1.3.1 --> "C:\Program Files\Sonnox\Uninstall\Sonnox Oxford TransMod Native VST\unins000.exe"
String Machine --> MsiExec.exe /I{8B7AED24-E1A6-41E5-A2E8-18ED56144208}
StylusRMX --> C:\WINDAWS\unvise32.exe c:\program files\vstplugins\uninstal.log
TBIView 4.02c --> "C:\Program Files\TeraByte Unlimited\TBIView\unins000.exe"
Trilogy --> "C:\Program Files\vstplugins\Trilogy\unins000.exe"
UltimateDefrag 2008 --> C:\Program Files\DiskTrix\UltimateDefrag2008\Uninstall.EXE /u:"UltimateDefrag 2008"
URS Classic Console Strip Pro VST RTAS v1.0 --> "C:\Program Files\URS Plugins\Uninstall\unins000.exe"
V-Station 1.5.1 --> "C:\Program Files\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe"
Vintage Vocoder 1.03 Build 1 --> "C:\WINDAWS\th_inst2.exe" -u "C:\Program Files\vstplugins\Uninstall0"
VoxCiter VST 2.02 --> C:\WINDAWS\iun6002.exe "C:\Program Files\vstplugins\irunin.ini"
Waves GTR 3 --> C:\PROGRA~1\Waves\Logs\WAVESG~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESG~1\INSTALL.LOG
Waves Mercury Complete VST DX RTAS v1.01 --> "C:\Program Files\Waves\Uninstall\unins000.exe"
WIBU-KEY Setup (WIBU-KEY Remove) --> C:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Wibu Emu driver v1.0 --> C:\PROGRA~1\WIBUKEY\H2O\UNWISE.EXE C:\PROGRA~1\WIBUKEY\H2O\INSTALL.LOG
WinRAR --> "C:\WINDAWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
Yamaha 01X Channel Module v1.0 --> C:\PROGRA~1\VSTPLU~1\Yamaha\YAMAHA~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Yamaha\YAMAHA~1\INSTALL.LOG
Zero-G Nu Jointz --> C:\PROGRA~1\Zero-G\NUJOIN~1\UNWISE.EXE C:\PROGRA~1\Zero-G\NUJOIN~1\INSTALL.LOG
Zero-G Sounds of Polynesia --> C:\PROGRA~1\Zero-G\SOUNDS~1\UNWISE.EXE C:\PROGRA~1\Zero-G\SOUNDS~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-05-25 17:12:31 ------------

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:58 PM

Posted 26 June 2008 - 01:47 PM

Hello gapartington. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)

We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

If you still would like help, please follow the following instructions:

Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Next
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please make sure the following reports are present:
  • The Kaspersky scan report
  • DSS's Main.txt
  • DSS's Extra.txt

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:06:58 PM

Posted 02 July 2008 - 02:32 AM

Hi,

Topic is now closed due to inactivity.
If you still need assistance please send a PM (private message) to a member of the Moderating Team with a link to your thread.
All other users please start your own topic.

Thank You

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users