Did you follow the instructions in Mbam to reboot to delete the malware?
Do NOT use System Restore while the system is being cleaned> this entry> C:\SYSTEM VOLUME INFORMATION\_RESTORE indicates that the malware is in the restore points. We will drop the old restore point and create a new, clean on when the malware has been removed.
You have Symantec/Norton entries as well as McAfee. Decide which you want to keep and remove the other:
Norton Removal Tool is
HERE
McAfee Removal Tool is
HERE
I suspect you are not starting up, shutting down or surfing very fast. That is because you have to many processes starting on boot. (running processes, 04 entries, 023 services set to Automatic) That means they have to load, will run in the background, then each needs to shutdown. This is a waste of your resources as most can be started manually as needed. You are also using IE8 which is fat with bloat, using a lot of the system memory:
Examples: Media players (QuickTime Task, iTunes helper, ipod, Real Player updater, , Camera utilities, printer, PDF reader, Sonic, and on and on. you might want to look into that and the many Vaio processes Sony pre-loads. The ZoneAlarm Spyblocker is pre-checked on some update sites. I discourage using it because it is a BIG resource user.
Remove Bad Entries in HijackThis:
•
Run HijackThis
• Click on the
System Scan Only button
• Put a
check beside all of the items listed below (if present):
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKUS\S-1-5-19\..\Run: [hagufenoko] Rundll32.exe "C:\WINDOWS\system32\jilumuyo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hagufenoko] Rundll32.exe "C:\WINDOWS\system32\jilumuyo.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O15 - Trusted Zone: .techsatish.tv[/url]
O15 - Trusted Zone: .trymedia.com[/url] (HKLM)
• Close all open windows and browsers/email, etc...
• Click on the
"Fix Checked" button
• When completed, close the application.
Boot into Safe Mode:
Start> Run>
msconfig> enter> Selective Startup> Startup menu> UNCHECK the following:
Viewpoint entries
ZoneAlarm Spyblocker
Internet options> Security tab>
Trusted Sites> Sites> remove the following from the Trusted Zone:
*.techsatish.tv
*.trymedia.com (HKLM)
Reset Cookies:
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
Control Panel>
Add/Remove Programs> UNINSTALL the following:
Viewpoint Manager
ZoneAlarm Spyblocker
Consider removing the Weather Channel
Boot into Normal Mode> Ignore the nag message and close it after checking 'don't show message again.' Stay in Selective Startup.
Run Vundo Fix:
Please download VundoFix.exe HERE and save to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the ‘Fix Vundo’ button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please attach the C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Rescan with HijackThis after vundoFix. Attach new log and Vundfo report.
This thread is for the use of razerforlove only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Virus and Malware Removal Forum.
