Ripping Problem

johndoe99

This started a few days ago and is doing my head in:

When i try to Rip CD's the software (WinAmp Pro) rips all of the tracks, lets say 15 tracks, but at least 5 of these tracks are only half ripped. If i go back and choose these tracks again they still only Rip half way through. The CD is brand new, this happens on all my CDs (16 so far now).

I have 2 CDRW drives in my PC and its the same on both. I even bought a new external DVDRW and its the same.

If i try to play the CDs the sound is all garbled on all tracks.

Here's the weird part, if I play MP3 files i ripped previous to this they play perfectly. I also tried Nero, imgburn, Media Player with same results.

The CDRW drives also open normal CDs containing Software and games no problem.

I'm thinking that somewhere between the CDRW drives to the software theres something amiss, but what could it be. I updated the firmware, uninstalled the drives etc.

There was some CDs back in the day that installed malicious software onto your computer to interfere with the operation of the CD drive.

Sony were notorious for it, and I remember an old Velvet Revolver album completely wrecking my computer back in the day as well.

They don't really do it any more but if you tried to rip some older albums that might be one possible explanation. Google the Sony Rootkit list and also the MediaMax CD-3 list to see if any of your CDs are on it.

johndoe99

found the listing for those here:

http://en.wikipedia.org/wiki/List_of_compact_discs_sold_with_MediaMax_CD-3

http://en.wikipedia.org/wiki/List_of_Compact_Discs_sold_with_XCP

but have never had any of them. Thanks for that info though.

yoyo

Yeah its a rootkit malware "protection" that shipped with CDs a while back more than likely, known as "Copy control". Most anti malware/virus scanners should remove it

Nick

johndoe99

I found more information, apparently if the service (the file) is on the PC:
using the command prompt enter (without quotes):

"sc query sbcphid"

this will inform you if the file exists

"sc stop sbcphid"

this halts the service

"sc delete sbcphid"

this will prevent it from automatically starting on reboots.

yoyo

johndoe99 wrote: »

I found more information, apparently if the service (the file) is on the PC:
using the command prompt enter (without quotes):

"sc query sbcphid"

this will inform you if the file exists

"sc stop sbcphid"

this halts the service

"sc delete sbcphid"

this will prevent it from automatically starting on reboots.

There are mutiple types of this protection, mediamax, xcp, ripguard etc to name a couple. All discs had to have the copy control label like this iirc:

If you see that on any CD you own have a Google and see if you can find the varient on your machine. The sympthoms you describe are classic of the protection.

Nick

johndoe99

thinking back a few weeks ago i did get a CD from the library, it had copy protection on it and it refused to play in the CDROM.

From reading up on the protection online, early versions installed on machines without notifying users. I cant remember which one I got but it was a Compilation.

I'll drop into the library tomorrow and have a look for it. See if it states a particular brand, that way i can trace a fix down online (if one exists). I don't fancy having to format, i have a lot of software and have my PC tweaked.

yoyo

johndoe99 wrote: »

thinking back a few weeks ago i did get a CD from the library, it had copy protection on it and it refused to play in the CDROM.

From reading up on the protection online, early versions installed on machines without notifying users. I cant remember which one I got but it was a Compilation.

I'll drop into the library tomorrow and have a look for it. See if it states a particular brand, that way i can trace a fix down online (if one exists). I don't fancy having to format, i have a lot of software and have my PC tweaked.

Have you tried running malware scans? also try using the ESET Online Scanner. Most anti virus software will pick these up as they are now (and rightly so) considered malware

Nick

johndoe99

ran my mcafee antivirus, and tried the ESET Online Scanner, both found not a single item.

Hopefully i can find that CD tomorrow, and get the brand, will update you soon as i get it.

thanks for your info so far, much appreciated.

johndoe99

i found the CD: "Number Ones" EMI Gold (2005), i'm gonna search now and see if theres a fix. It has that label you posted yoyo.

But i cannot find anything about them installing anything to interfere with the PC.

Update:
Went to EMI, and they pointed me to the CD and that there is an uninstall tool on the CD, i ran the tool, but it gave back a message stating "the media rights software is NOT installed on your system".

yoyo

Please follow this posts instructions and include the two reports on here,

Nick

johndoe99

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Buck Rogers at 12:52:57 on 2012-05-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.350 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Buck Rogers\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.ie/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\buck rogers\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\buckro~1\startm~1\programs\startup\ecentral.lnk - c:\program files\eshasoft\all-in-one desktop calendar software\eCentral.exe
StartupFolder: c:\docume~1\buckro~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: uploaded.to
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{8D3D3E59-190A-4E1A-B989-6E3977BDBE7A} : DhcpNameServer = 89.101.160.5 89.101.160.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2012-3-28 2500944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-3 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-3 116648]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\buckro~1\locals~1\temp\mfe_rr.sys --> c:\docume~1\buckro~1\locals~1\temp\mfe_rr.sys [?]
S3 tepsrv;Tracks Eraser Service;c:\program files\acesoft\tracks eraser pro\tepsrv.exe [2012-5-12 32768]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-12 21:50:44

---

d

---

w- c:\program files\Autodesk
2012-05-12 21:50:35

---

d

---

w- c:\program files\common files\Macrovision Shared
2012-05-12 21:50:34 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2012-05-12 21:50:34 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2012-05-12 21:49:48

---

d

---

w- c:\documents and settings\buck rogers\local settings\application data\Autodesk
2012-05-12 21:49:39

---

d

---

w- c:\program files\AnswerWorks 4.0
2012-05-12 21:48:49

---

d

---

w- c:\program files\common files\Autodesk Shared
2012-05-12 21:48:49

---

d

---

w- c:\documents and settings\buck rogers\application data\Autodesk
2012-05-12 21:48:48

---

d

---

w- c:\program files\AutoCAD 2004
2012-05-12 10:52:01 277504 ----a-w- c:\windows\system32\oestore.dll
2012-05-12 10:52:01 132880 ----a-w- c:\windows\system32\msinet.ocx
2012-05-12 10:52:01

---

d

---

w- c:\program files\Acesoft
2012-05-12 10:29:19

---

d

---

w- c:\windows\system32\oodag
2012-05-12 10:25:58

---

d

---

w- c:\documents and settings\buck rogers\local settings\application data\O&O
2012-05-12 10:25:43

---

d

---

w- c:\program files\OO Software
2012-05-09 14:37:35

---

d

---

w- c:\program files\ESET
2012-05-09 01:37:27

---

d--h--w- c:\windows\system32\GroupPolicy
2012-05-04 21:46:31

---

d

---

w- C:\temp
2012-05-02 22:32:38

---

d

---

w- c:\documents and settings\buck rogers\application data\SmartDraw
2012-05-02 22:26:32

---

d

---

w- c:\program files\SmartDraw 2010
2012-04-30 21:12:14 298496 ----a-w- c:\windows\uninst.exe
2012-04-30 21:12:12

---

d

---

w- c:\documents and settings\buck rogers\WINDOWS
2012-04-30 21:10:52

---

d

---

w- c:\windows\Desktop
2012-04-30 21:09:41

---

d

---

w- c:\program files\Interplay
2012-04-30 21:09:26 306688 ----a-w- c:\windows\IsUninst.exe
2012-04-30 19:05:02

---

d

---

w- c:\program files\DriverTuner
2012-04-30 18:57:17

---

d

---

w- c:\windows\SmartPack
2012-04-30 18:57:17

---

d

---

w- c:\program files\SmartPack
2012-04-27 17:38:20

---

d

---

w- c:\program files\Unlocker
.
==================== Find3M ====================
.
2012-05-10 20:34:43 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-05-05 18:03:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 18:03:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 17:01:20 1632592 ----a-w- c:\windows\system32\ooscrsav.scr
2012-03-28 17:00:12 277840 ----a-w- c:\windows\system32\oodbs.exe
2012-03-28 16:58:58 536400 ----a-w- c:\windows\system32\oodssrs.dll
2012-03-28 16:58:36 10064 ----a-w- c:\windows\system32\oodbsrs.dll
2012-03-17 23:48:36 130 ----a-w- c:\windows\system32\rpicfica.bin
2012-03-04 10:10:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-04 10:10:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:53:17.71 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2012 1:07:08 PM
System Uptime: 5/14/2012 8:35:01 AM (4 hours ago)
.
Motherboard: Acer | | MRS600M
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 153 GiB total, 110.612 GiB free.
is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73261462&REV_13\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73261462&REV_13\3&61AAA01&0&A0
Service:
.
==== System Restore Points ===================
.
RP49: 2/14/2012 5:27:26 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP50: 2/14/2012 5:28:15 PM - Installed Windows XP KB942288-v3.
RP51: 2/14/2012 5:28:39 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP52: 2/14/2012 5:29:11 PM - Installed DirectX
RP53: 2/14/2012 5:29:20 PM - Installed DirectX
RP54: 2/14/2012 5:29:27 PM - Installed DirectX
RP55: 2/14/2012 5:29:35 PM - Installed DirectX
RP56: 2/14/2012 5:29:43 PM - Installed DirectX
RP57: 2/14/2012 5:29:50 PM - Installed DirectX
RP58: 2/14/2012 5:29:57 PM - Installed DirectX
RP59: 2/14/2012 5:34:01 PM - Installed Nero Burning ROM 11.
RP60: 2/14/2012 6:05:30 PM - Removed Nero Burning ROM 11.
RP61: 2/14/2012 7:43:05 PM - Installed DirectX
RP62: 2/14/2012 7:43:51 PM - Installed Nero 8 Trial
RP63: 2/15/2012 8:06:22 PM - System Checkpoint
RP64: 2/16/2012 9:00:30 PM - System Checkpoint
RP65: 2/17/2012 11:27:32 PM - System Checkpoint
RP66: 2/19/2012 12:25:32 AM - System Checkpoint
RP67: 2/20/2012 11:29:37 AM - System Checkpoint
RP68: 2/21/2012 12:02:16 PM - System Checkpoint
RP69: 2/22/2012 12:35:44 PM - System Checkpoint
RP70: 2/23/2012 3:06:47 PM - System Checkpoint
RP71: 2/24/2012 4:42:20 PM - System Checkpoint
RP72: 2/24/2012 11:36:51 PM - Installed iTunes
RP73: 2/26/2012 12:06:17 AM - System Checkpoint
RP74: 2/26/2012 12:18:09 PM - Installed Windows Media Format Runtime
RP75: 2/26/2012 12:18:57 PM - Installed Windows XP Wudf01000.
RP76: 2/26/2012 12:20:34 PM - Installed Sound Forge Pro 10.0
RP77: 2/27/2012 12:46:30 PM - System Checkpoint
RP78: 2/28/2012 1:04:02 PM - System Checkpoint
RP79: 2/29/2012 1:05:14 PM - System Checkpoint
RP80: 3/1/2012 1:43:37 PM - System Checkpoint
RP81: 3/2/2012 2:26:33 PM - System Checkpoint
RP82: 3/3/2012 2:56:38 PM - System Checkpoint
RP83: 3/4/2012 10:08:57 AM - Removed Java(TM) 6 Update 30
RP84: 3/5/2012 11:06:55 AM - System Checkpoint
RP85: 3/6/2012 11:31:15 AM - System Checkpoint
RP86: 3/7/2012 12:32:21 PM - System Checkpoint
RP87: 3/8/2012 12:48:44 PM - System Checkpoint
RP88: 3/9/2012 2:18:43 PM - System Checkpoint
RP89: 3/10/2012 3:29:48 PM - System Checkpoint
RP90: 3/11/2012 5:15:54 PM - System Checkpoint
RP91: 3/12/2012 6:08:58 PM - System Checkpoint
RP92: 3/13/2012 7:55:34 PM - System Checkpoint
RP93: 3/14/2012 8:54:33 PM - System Checkpoint
RP94: 3/15/2012 10:06:00 PM - System Checkpoint
RP95: 3/16/2012 11:51:32 PM - System Checkpoint
RP96: 3/18/2012 12:27:05 AM - System Checkpoint
RP97: 3/18/2012 12:20:15 PM - Installed Medieval CUE Splitter
RP98: 3/19/2012 12:32:03 PM - System Checkpoint
RP99: 3/20/2012 2:58:55 PM - System Checkpoint
RP100: 3/21/2012 3:32:16 PM - System Checkpoint
RP101: 3/22/2012 4:32:02 PM - System Checkpoint
RP102: 3/23/2012 7:57:46 PM - System Checkpoint
RP103: 3/24/2012 9:10:22 PM - System Checkpoint
RP104: 3/26/2012 12:05:14 AM - System Checkpoint
RP105: 3/27/2012 11:28:14 AM - System Checkpoint
RP106: 3/28/2012 12:23:00 PM - System Checkpoint
RP107: 3/29/2012 2:30:52 PM - System Checkpoint
RP108: 3/30/2012 2:59:16 PM - System Checkpoint
RP109: 3/31/2012 3:22:04 PM - System Checkpoint
RP110: 4/1/2012 5:19:43 PM - System Checkpoint
RP111: 4/2/2012 7:19:44 PM - System Checkpoint
RP112: 4/3/2012 7:54:08 PM - System Checkpoint
RP113: 4/4/2012 7:50:51 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
RP114: 4/5/2012 9:28:52 PM - System Checkpoint
RP115: 4/7/2012 11:14:41 AM - System Checkpoint
RP116: 4/8/2012 11:46:20 AM - System Checkpoint
RP117: 4/9/2012 12:00:06 PM - System Checkpoint
RP118: 4/10/2012 2:33:23 PM - System Checkpoint
RP119: 4/11/2012 3:24:20 PM - System Checkpoint
RP120: 4/12/2012 3:31:09 PM - System Checkpoint
RP121: 4/13/2012 3:36:07 PM - System Checkpoint
RP122: 4/14/2012 3:44:51 PM - System Checkpoint
RP123: 4/15/2012 3:56:42 PM - System Checkpoint
RP124: 4/16/2012 4:20:59 PM - System Checkpoint
RP125: 4/17/2012 5:14:44 PM - System Checkpoint
RP126: 4/18/2012 5:27:15 PM - System Checkpoint
RP127: 4/19/2012 5:41:58 PM - System Checkpoint
RP128: 4/20/2012 8:40:03 PM - System Checkpoint
RP129: 4/21/2012 9:01:40 PM - System Checkpoint
RP130: 4/22/2012 11:52:15 PM - System Checkpoint
RP131: 4/24/2012 12:45:28 AM - System Checkpoint
RP132: 4/25/2012 10:30:26 AM - System Checkpoint
RP133: 4/26/2012 12:22:19 PM - System Checkpoint
RP134: 4/27/2012 1:09:04 PM - System Checkpoint
RP135: 4/28/2012 4:03:26 PM - System Checkpoint
RP136: 4/29/2012 4:13:26 PM - System Checkpoint
RP137: 4/30/2012 6:01:57 PM - System Checkpoint
RP138: 5/1/2012 6:52:17 PM - System Checkpoint
RP139: 5/2/2012 9:00:06 PM - System Checkpoint
RP140: 5/3/2012 9:01:07 PM - System Checkpoint
RP141: 5/4/2012 10:18:48 PM - System Checkpoint
RP142: 5/5/2012 11:15:53 PM - System Checkpoint
RP143: 5/7/2012 12:40:44 AM - System Checkpoint
RP144: 5/8/2012 10:07:48 AM - System Checkpoint
RP145: 5/9/2012 12:31:15 PM - System Checkpoint
RP146: 5/10/2012 12:54:12 PM - System Checkpoint
RP147: 5/11/2012 1:09:42 PM - System Checkpoint
RP148: 5/12/2012 11:25:34 AM - Installed O&O Defrag Professional.
RP149: 5/12/2012 10:48:35 PM - Installed AutoCAD 2004
RP150: 5/13/2012 11:36:27 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
AACDEcoder 2.10
ACDSee 9 Photo Manager
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
All-In-One Desktop Calendar Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Audio Converter Plus 4.5.0.0
AutoCAD 2004
Autodesk Express Viewer
AutoUpdate
AVG 2012
Bandwidth Monitor v3.4 build 757
Better File Rename 5.7
BitLord 1.1
Bonjour
Brother MFL-Pro Suite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Collectorz.com Movie Collector
Collectorz.com Music Collector
Corel Paint Shop Pro Photo XI
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DriverTuner 3.1.0.0
DVD Audio Extractor 6.3.0
eMule
Fast Plans 11
FileZilla Client 3.5.3
Google Chrome
Google Earth
Google Update Helper
Hotfix for Windows XP (KB942288-v3)
HTML Executable HTML Viewer Runtime
HyperSnap 7
ImTOO DVD Ripper Ultimate
ImTOO MPEG Encoder Ultimate
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Magic ISO Maker v5.5 (build 0281)
Marvell Miniport Driver
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Cinemania 97
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mp3tag v2.46a
MSXML 4.0 SP3 Parser
Nero 8
neroxml
Nuclear Coffee - VideoGet
O&O Defrag Professional
PaperPort
RapidShare Downloader version 5.2
RapidShare Manager 2
Realtek High Definition Audio Driver
SafeCast Shared Components
Skins
SmartPack 1.21.0
Sound Forge Pro 10.0
Tracks Eraser Pro v8.73 build 1000
Unlocker 1.9.1
uTorrentControl2 Toolbar
Virtual Pool 3
VLC media player 1.1.11
WebFldrs XP
Winamp
Winamp Toolbar
Windows Internet Explorer 8
Windows Media Format 11 runtime
WinRAR 4.01 (32-bit)
Xara 3D Maker 7
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 12:04:13 AM, error: Dhcp [1002] - The IP address lease 79.97.95.143 for the Network Card with network address 0019DB54C24D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/12/2012 11:57:09 AM, error: Service Control Manager [7034] - The O&O Defrag Agent service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

yoyo

It looks like your machine has a rootkit:
S3 MFE_RR;MFE_RR;\??\c:\docume~1\buckro~1\locals~1\temp\mfe_rr.sys --> c:\docume~1\buckro~1\locals~1\temp\mfe_rr.sys [?]
I don't recognise this:
2012-03-17 23:48:36 130 ----a-w- c:\windows\system32\rpicfica.bin

Have you run malware/virus scans? I would run and update: MBAM and Super AS. Also worth running is TDSS Killer. See how you get on.

Nick

edit: A Tool you can also try here

johndoe99

I ran all 4 of those, they found not a single item.

I still have my laptop for my CDs, then i can transfer the tracks to my PC.

Don't fancy formatting as I only did that 3 months ago, will go as long as I can.

Can't find any solution to "rpicfica.bin", some other users have mentioned that .bin file on other sites, but no explanation to what it is.

yoyo

johndoe99 wrote: »

I ran all 4 of those, they found not a single item.

I still have my laptop for my CDs, then i can transfer the tracks to my PC.

Don't fancy formatting as I only did that 3 months ago, will go as long as I can.

Can't find any solution to "rpicfica.bin", some other users have mentioned that .bin file on other sites, but no explanation to what it is.

I'm not sure, something isn't right with those things showing up. I would download the bootable Kaspersky Live rescue disc, burn to a CD and boot off it. Update it and run a scan, there may be a rootkit purposely fooling the anti malware programs nothing exists.
Let me know if this does anything, if not we can look at going the combofix route...

Nick

Uninstall Safecast Shared Components. One of the components may be C-Dilla which screws with CD drives.

beprint

Have you tried Itunes?

yoyo

Deleted User wrote: »

Uninstall Safecast Shared Components. One of the components may be C-Dilla which screws with CD drives.

Well spotted, that looks to be it op. Although I think the bigger issue is if there are other rootkits on the system. Were you ever hit with a fake anti virus/hard disk corrupt type program?

Nick

johndoe99

yoyo wrote: »

Well spotted, that looks to be it op. Although I think the bigger issue is if there are other rootkits on the system. Were you ever hit with a fake anti virus/hard disk corrupt type program?

Nick

SafeCast is part of AutoCad (its to do with my licence). Anyways i installed AutoCad only 3 days ago, this ripping problem started 12 days ago.

I run my antivirus weekly and in the past 6 months since i last formatted my virus count has been zero.

Edit: i ran the Kaspersky Live rescue disc, found nothing also.

yoyo

johndoe99 wrote: »

SafeCast is part of AutoCad (its to do with my licence). Anyways i installed AutoCad only 3 days ago, this ripping problem started 12 days ago.

I run my antivirus weekly and in the past 6 months since i last formatted my virus count has been zero.

Edit: i ran the Kaspersky Live rescue disc, found nothing also.

OK, another thing to try. Download ComboFix and save it on your desktop. Please follow this guide as far as to the stage where the log file has been created.
When combofix has run and rebooted the machine please post the contents of the log in this thread. I do believe there is something on the machine that is virus/malware related, from your DDS log

Nick

johndoe99

ComboFix 12-05-15.01 - Buck Rogers 15/05/2012 10:25:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.459 [GMT 1:00]
Running from: c:\documents and settings\Buck Rogers\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Buck Rogers\Application Data\dvdae
c:\documents and settings\Buck Rogers\Application Data\dvdae\dvdae.config
c:\documents and settings\Buck Rogers\Application Data\dvdae\dvdae.lic
c:\documents and settings\Buck Rogers\WINDOWS
c:\windows\desktop
c:\windows\desktop\Virtual Pool 3.lnk
c:\windows\system32\SETD9C.tmp
c:\windows\system32\SETDA8.tmp
c:\windows\system32\skinboxer43.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 10:06 . 2012-05-15 10:06

---

d

---

w- C:\WINDOWS.0
2012-05-15 08:35 . 2012-05-15 08:35

---

d

---

w- c:\program files\Magical Jelly Bean
2012-05-14 13:07 . 2012-05-14 13:07

---

d

---

w- c:\documents and settings\Buck Rogers\Application Data\Malwarebytes
2012-05-14 13:06 . 2012-05-14 13:06

---

d

---

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-12 21:50 . 2012-05-12 21:50

---

d

---

w- c:\program files\Autodesk
2012-05-12 21:50 . 2012-05-12 21:50

---

d

---

w- c:\program files\Common Files\Macrovision Shared
2012-05-12 21:50 . 2012-05-12 21:50 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2012-05-12 21:50 . 2012-05-12 21:50 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2012-05-12 21:49 . 2012-05-12 21:49

---

d

---

w- c:\documents and settings\Buck Rogers\Local Settings\Application Data\Autodesk
2012-05-12 21:49 . 2012-05-12 21:49

---

d

---

w- c:\program files\AnswerWorks 4.0
2012-05-12 21:48 . 2012-05-12 21:52

---

d

---

w- c:\documents and settings\Buck Rogers\Application Data\Autodesk
2012-05-12 21:48 . 2012-05-12 21:49

---

d

---

w- c:\program files\Common Files\Autodesk Shared
2012-05-12 21:48 . 2012-05-12 21:48

---

d

---

w- c:\documents and settings\All Users\Application Data\Autodesk
2012-05-12 21:48 . 2012-05-12 21:51

---

d

---

w- c:\program files\AutoCAD 2004
2012-05-12 10:52 . 2012-05-12 10:52

---

d

---

w- c:\program files\Acesoft
2012-05-12 10:52 . 2007-01-22 23:43 277504 ----a-w- c:\windows\system32\oestore.dll
2012-05-12 10:52 . 2004-03-08 23:00 132880 ----a-w- c:\windows\system32\msinet.ocx
2012-05-12 10:29 . 2012-05-12 10:29

---

d

---

w- c:\windows\system32\oodag
2012-05-12 10:25 . 2012-05-12 10:25

---

d

---

w- c:\documents and settings\Buck Rogers\Local Settings\Application Data\O&O
2012-05-12 10:25 . 2012-05-12 10:25

---

d

---

w- c:\program files\OO Software
2012-05-09 14:37 . 2012-05-09 14:37

---

d

---

w- c:\program files\ESET
2012-05-09 01:37 . 2012-05-09 01:37

---

d--h--w- c:\windows\system32\GroupPolicy
2012-05-04 21:46 . 2012-05-04 21:46

---

d

---

w- C:\temp
2012-05-03 00:42 . 2012-05-03 00:43

---

d

---

w- c:\program files\Google
2012-05-02 22:32 . 2012-05-02 22:33

---

d

---

w- c:\documents and settings\Buck Rogers\Application Data\SmartDraw
2012-05-02 22:26 . 2012-05-12 21:30

---

d

---

w- c:\program files\SmartDraw 2010
2012-04-30 21:12 . 1996-08-16 12:49 298496 ----a-w- c:\windows\uninst.exe
2012-04-30 21:09 . 2012-04-30 21:09

---

d

---

w- c:\program files\Interplay
2012-04-30 21:09 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-04-30 19:05 . 2012-04-30 19:05

---

d

---

w- c:\program files\DriverTuner
2012-04-30 18:57 . 2012-04-30 18:57

---

d

---

w- c:\program files\SmartPack
2012-04-30 18:57 . 2012-04-30 18:57

---

d

---

w- c:\windows\SmartPack
2012-04-27 17:38 . 2012-04-27 17:38

---

d

---

w- c:\program files\Unlocker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:03 . 2012-04-02 07:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 18:03 . 2012-01-15 18:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-28 17:01 . 2012-03-28 17:01 1632592 ----a-w- c:\windows\system32\ooscrsav.scr
2012-03-28 17:00 . 2012-03-28 17:00 277840 ----a-w- c:\windows\system32\oodbs.exe
2012-03-28 16:58 . 2012-03-28 16:58 536400 ----a-w- c:\windows\system32\oodssrs.dll
2012-03-28 16:58 . 2012-03-28 16:58 10064 ----a-w- c:\windows\system32\oodbsrs.dll
2012-03-04 10:10 . 2012-03-04 10:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-04 10:10 . 2012-01-15 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 22:10 . 2012-03-01 22:10 427385 ----a-w- c:\documents and settings\Buck Rogers\Local Settings\Application Data\aacdecoder.exe
.
.

---

Sigcheck

---

Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-19 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"RTHDCPL"="RTHDCPL.EXE" [2012-01-06 16844800]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Buck Rogers\Start Menu\Programs\Startup\
eCentral.lnk - c:\program files\Eshasoft\All-In-One Desktop Calendar Software\eCentral.exe [2011-2-14 4217344]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 00:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 16:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 09:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [3/28/2012 6:00 PM 2500944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 7:21 AM 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2012 1:42 AM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 8:20 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2012 1:42 AM 116648]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\BUCKRO~1\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\BUCKRO~1\LOCALS~1\Temp\mfe_rr.sys [?]
S3 tepsrv;Tracks Eraser Service;c:\program files\Acesoft\Tracks Eraser Pro\tepsrv.exe [5/12/2012 11:52 AM 32768]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:03]
.
2012-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 00:42]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 00:42]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1425521274-1177238915-1003Core.job
- c:\documents and settings\Buck Rogers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-15 18:23]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1425521274-1177238915-1003UA.job
- c:\documents and settings\Buck Rogers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-15 18:23]
.
2012-05-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
.

---

Supplementary Scan

---

.
uStart Page = https://www.google.ie/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: uploaded.to
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
.
.

---

File Associations

---

.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MicrosoftCinemania97 - \cinmania.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 10:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E193B470582A56844FDA02C81C5949D8C6B4434F0A6F242CE250124C861EBEBAAF46D08011108FB0725EEDDC30B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407C038D530D6EB34525D575E7D6A3B9808A696356A50ABC99ABD89DE774E6C6406323243D3310C860C9E3897569DB9D498A2760E2843C9187D4ADE1888286727B3B0FD761CB8D59CB484FB9AC2ABC5E2E24C3ED413BA3109F90D8F564C25D86D9A2C5700EB83B9B6E0B46A07CD6AAB1A88DD605F53637B75A1EB018227AF20B7DFD73E7C0ED9011963D13BCB3D1EBEA32E86ED13D01E220B0D44C01AC6E304D7A95ED69E0CB6575A9671CD7120C0B57BFE6A9C6BBB0205CBD6E57E2C1917AB74A4DB6B2AB84BCEE8559D2391467DA8F3A79E49F706D7E70E1C948EDDD0CD2308806268F725F8DE8102D46259453518305B2FF25C641CF17B0188E6E5E544DBE27075DE772C58DD390109D48D77FCE6A9CD1C3BCFD1012E102BEDA59293E72926AB0F0329E8B58B78B91F6782781DD92CB9D5691C8D6D8C9FC5630AC258DAC3CA6F9B2E21BA0F07791AF12D23A9111BDADC45E8A117F8604FFE00776BF6744898FA7D5D0AC698584E91505C6DB00B3B28F846485438F2E0988A48F594F83FB7AF9088312075BAE75816FACD7376EEAA5FD2A6BA3BF7DAA94A1E3BB15926797504F886EFB5F18E82D01F2900DC2954BF9A34A896F025E7BA8474C67AEB1115C95A7FB3002FADE6D9C2AA841462B708B6CA6B84D6A4D28375BDCC5044118ABA624FF341EF075B44830FB72A51D2D80CACB64AE41B1B574A24C1E8AEA69EA9C2CDD0A954F0C8F36078E74C2C21900614A3F5A56925A9CB0EEE2A90AFDD81CABB0320F8065696342596D571129092FA8803F5D7A35DBC0F5468EC0D11C9BB8DE95757BCE31B261BB31F3632D4D1613A061676BD9CCC53425681CD2E886F60D2C20A5F566DD9C06CDD373620633B1D095C880D3A4D2400CC0313E5C63DF3174470B976A698D5C2B12CE85ACF9D47F66F90ED213126B5EAD77B58242C4B261DCA52EB30174FF29DB6DAA07BD95B92353A5C3DF10E0AF6505293704A39C373C2177A07F2136E39578B58B1C35A6760B2FC2A510EBDCE857D6E56DE6ECDA9F1EA9BAED97A0A45D50904484FB473FC95DC891CE6DAB1C11E56A1018A79CBF4D790106A93D3709A1BDF38021421C8D03BB77C0622125F1FA4D22785BF291A92823D6FDC49E3BD267C9C05917C3103878157AFF008BFC11C9F7D7B87AC8F2360F01278E6725F6C9693160BB5EB60CE3C39674798044554DE3AF662E3E513563647C42F21EC52FB8A1E33ACE3A5FDDC7B58A5A66E64559B8343F0E02562EC2558CC1C59D2779AF11AFA7313C053AEE148F7E37616D9FA1B962E"
.

---

DLLs Loaded Under Running Processes

---

.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-05-15 10:46:03
ComboFix-quarantined-files.txt 2012-05-15 09:46
.
Pre-Run: 117,946,810,368 bytes free
Post-Run: 118,629,687,296 bytes free
.
- - End Of File - - CDF7FEE2FA9535C79034CCDE277AD893

yoyo

OK, you can now remove combofix:
start>Run and type combofix.exe /uninstall to remove from your machine, any change with the ripping?

Nick

johndoe99

yoyo wrote: »

OK, you can now remove combofix:
start>Run and type combofix.exe /uninstall to remove from your machine, any change with the ripping?

Nick

I've just did a CD and it ripped perfectly, i'm gonna Rip a couple more to be sure, will update shortly.

yoyo

johndoe99 wrote: »

I've just did a CD and it ripped perfectly, i'm gonna Rip a couple more to be sure, will update shortly.

You had a few things on there that were dodgy, seems like combofix sorted it out.

Nick

johndoe99

just finished ripping 3 more CDs and they were done perfectly too. That seems to be sorted, thanks yoyo.

johndoe99

update:

i noticed after the combofix there were a few problems:

(1) indexing problems on my PC
(2) the Word completion function was gone
(3) about 50% of the icons on my PC were deleted, and replaced with a default windows icon.

I found my long lost Vista DVD and formatted/installed that last night, what a nightmare.

combofix had definitely fixed the ripping problem, but i guess its not without errors.

yoyo

johndoe99 wrote: »

update:

i noticed after the combofix there were a few problems:

(1) indexing problems on my PC
(2) the Word completion function was gone
(3) about 50% of the icons on my PC were deleted, and replaced with a default windows icon.

I found my long lost Vista DVD and formatted/installed that last night, what a nightmare.

combofix had definitely fixed the ripping problem, but i guess its not without errors.

Combofix can sometimes mess stuff up, a re-install is not neccesary as I could have probably walked you through the fixing of the issues, thats why I was reluctant to use it up until then, Vista should be more secure than XP anyways, just make sure to leave UAC enabled

Nick

johndoe99

yoyo wrote: »

just make sure to leave UAC enabled

Nick

yeah i have that on. Its a bit of a pain in certain circumstances, but it will stop anything from installing again without my pemission.

I felt it was best to format/reinstall, best to start from scratch to know everything was right again.

yoyo

johndoe99 wrote: »

yeah i have that on. Its a bit of a pain in certain circumstances, but it will stop anything from installing again without my pemission.

I felt it was best to format/reinstall, best to start from scratch to know everything was right again.

Make sure to keep all your Flash/Java etc plugins up to date as well . Sometimes a re-install is for the better,

Nick

_AVALANCHE_

If I see a hint of a virus on a machine I just wipe it, saves all that messing.