HijackThis log assistance please

[hanaleia]

Please check my HJT log. I think I have some Malwhere or viruses or something, My computer is slow and I noticed some weird programs running in task manager like, $sys$DRMServer.exe and CDProxyServ.exe. I ran my AVG and found multiple trojans in the quarantine vault. I deleted them from the vault then I ran all my spyware protection stuff, Adaware,spybot,Xoftspy,I found some spyware but then Windows Defender popped up and said I should block F41Rootkit but when I did my cd and dvdburner disappeared from MY COMPUTER. In Device Manager they now show up with a yellow excalmation point over them, I tried to uninstall and reinstall (add hardware wizard) and I get the message "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)" I still have not figured out what to do.
I ran the online scanners as suggested first and they said I had viruses in some Restore files and in Firefox(I saved the reports) I think they were able to remove them cause when I ran AVG again they were not there.
I have an old copy(last year) of Hijack This when everything was just fine and there are some odd things showing up now. Could you please help me? Attached is a copy of the hijack this file. if a copy of the Kaspersy and Bitdefender report would be helpful let me know(Trend Micro could not find anything) I also ran rootkitrevealer and all it said there was a data mismatch between windows API and raw hive data. Thank you so much for your help with this.
Sherry

 

[howard_hopkinso]

Your system is infected with the Sony drm rootkit.

Go HERE and download and run this removal tool. Follow the instructions.

Then, post a fresh HJT log.

Regards Howard

 

[hanaleia]

Fresh HJT log

Thanks for your swift help! I ran aries remover and have attached the new log. Sherry

 

[howard_hopkinso]

It dosen`t look like that has worked.

Go HERE and download and run the Microsoft malicious software removal tool. Hopefully that`ll kill it.

Follow the instructions carefully.

Then post a fresh HJT log.

Regards Howard

 

[tomrca]

found this here:http://www.f-secure.com/v-descs/xcp_drm.shtml.
it is only a snip of it. dont know how up to date is though.

Removing

Uninstallation of the DRM software can currently only be done by sending an uninstallation request to Sony through their customer support. The form can be found here:

http://cp.sonybmg.com/xcp/english/form14.html

Sony has also released an update the disables the hiding features. The updates can be found here:

http://cp.sonybmg.com/xcp/english/updates.html

Please note that the uninstallation of the software will require using Internet Explorer and accepting an ActiveX component that might pose additional security problems. The uncloaking update is also available as a standalone executable. This update will not uninstall the whole DRM software but the software will no longer be hidden.

 

[howard_hopkinso]

Thanks for the info tomrca.

Regards Howard

 

[hanaleia]

You guys rock!

Thanks both of you for your help, tomcra, the sony uninstall went great and I even have both my roms back showing up in MY COMPUTER again. You guys are the Knights in Shining Armor of Cyberspace. tell me where to send my donation. hooah! thanks again!

 

[howard_hopkinso]

No donation necessary lol.

Glad we could help.

I`d still like you to post a fresh HJT log, as the Sony drm rootkit wasn`t your only problem.

Regards Howard

 

[hanaleia]

Fresh HJT log

Thanks for checking this again. Oh ,and did I tell you you guys rock?
Sherry

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = mozilla.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = mozilla.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard

 

[hanaleia]

Fresh log

Thanks again for your help. Attached is the fresh log. A quick question please. I just tried to copy music from My Music to a dvd for backup, when I start up DVDCopy it says "cannot connect to hardware access layer" This never happned before I had the DRM rootkit and i suspect it has caused some damage or has something to do with it. Which forum should I post this problem in? Is it a continuation of this thread or should I start a new one somewhere else?Thanks so much.
Sherryt

 

[howard_hopkinso]

Have HJT fix the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = mozilla.com[<Fix this if you have not set this home page yourself.[/b]


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

Other than the above, your HJT log is clean.

As to your music copy problem, try uninstalling and reinstalling your DVDcopy programme. See if that helps.

If not, open a new thread in the Audio and Video forum.

Regards Howard