Vista rootkit issue - all legit. software

Hi

I have Windows Vista Home Premium pre-installed on my new HP laptop.

Every time I go to open a folder that has audio, ripped from a CD, in .wav
format, my hard-drive goes overtime, running almost 100% constantly. System
responsiveness to a single-click is about 30 to 60 seconds. This is the
definite trigger, (the folder).

I have Norton Internet Security 2007, not my first choice of av software
installed, and I also run Windows Defender. I update regularly and run IE
with very tight security settings.

I recently purchased and installed Ashampoo Burning Studio 7, as my burning
needs are for simple document backups.

I ripped my first audio CD since I purchased today and that's when my
problems began.

I have stopped and permanently disabled the Windows Search Index service to
prevent further hard-drive activity.

I do own Sony Sound Forge Audio Studio 9.

Nothing on this laptop has been an issue since today and ripping that audio
CD into .wav. By the way, when I rip a CD, Ashampoo connects to the Internet
to collect the music CD's track and album details.

I have tried a couple of free rootkit detection app's but nothing yet. NIS
2007 is supposed to detect them...

I don't need to rip CD's normally or in future but I do want to know if I
have a rootkit and/or DRM issue on this laptop.

Wadda ya think?

Many thanks

Bob

Thanks Mr Arnold

I have used some of that software and have found no 'rogue' processes.

I have deleted the music folder that has caused the problem. This appears to
be some kind of digital rights management issue.

To check if the burning application I used is the culprit, I'm going to try
and extract music using another program.

Thanks again.

Bob


"Mr. Arnold" <MR. Arnold@xxxxxx> wrote in message
news:ObYzaGiBIHA.4160@xxxxxx

My CD burning application appears to be the culprit.

I managed to extract audio from the same CD, using another application and I
can access those .wav files and the folder they're contained in just fine.

My conclusion at this point therefore is that Ashampoo Burning Studio 7.1
contains some form of digital rights management protection that is used when
extracting audio from CD's, or it activates some form of digital rights
management protection in Vista.

I'm not sure if I should keep using the software, as it may lead to other
vulnerabilites later. At this point I do plan to keep using it though.

Bob

"Mr. Arnold" <MR. Arnold@xxxxxx> wrote in message
news:ObYzaGiBIHA.4160@xxxxxx

"Bob" <bob@xxxxxx> wrote in message
news:13g79ajr46ph120@xxxxxx <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
<http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
<http://www.microsoft.com/technet/sysinternals/default.mspx>

ActivePorts doesn't work on Vista, but CurrPort does.

<http://www.nirsoft.net/>

Also use Google to find information on how to use Process Explorer.

I could be wrong, but absolutely nothing about your symptoms suggest to me
this is related to DRM. Instead it sounds like a regular bug somewhere. When
you hit this 100% activity on your system, can you use Task Manager on the
'Process' tab to see which process on your system is using 100% CPU?


"Bob" <bob@xxxxxx> wrote in message
news:13g8gbhj3dkrcc5@xxxxxx

Careful - 100% drive activity does not necessarily correlate to 100% CPU
usage.

Try the Performance and Reliability Monitor.

Alun.
~~~~

"Dave Wood [MS]" <davewood@xxxxxx> wrote in message
news:efXD4jsBIHA.1212@xxxxxx

I believe svchost was accessing the drive when I struggled at the time to
get access to the the perf. and reliability monitor.

I was mostly concerned about a rootkit or something affecting my PC. I don't
appear to have a rootkit on the PC.

It only happens when I extract audio from a copied CD with that particular
app.

Thanks for the replies guys


"Alun Jones" <alun@xxxxxx> wrote in message
news:%23F$QuQtBIHA.1208@xxxxxx