Virus Loaded Laptop

[moochy]

Hello
I was asked to check this laptop out for a friend (I'm a novice at this for sure). I'm aware of the great things you people are doing to help people get computers back on line. I read the posts from time to time and they help me but this is the first post for me. This Dell Latitude D620 came to me with a blue STOP screen and I was able to run in safe mode with networking and run using last good configuration. I loaded Avast antivirus software and ran a scan there as well. There were several viruses detected and I moved them to the  chest. From here I loaded and ran the free version of Super spyware. That's when I remembered this forum and hope I didn't jump the gun running those scans prior to logging on with your website.
The OS is Windows XP Professional SP3.
Dell Latitude D620
T2400 @ 1.83 Hz
987 MHz 1.0G of RAM
Super spyware log was clean when I ran it in the procedure (probably because I ran it earlier prior to running the Malware Removal procedure). I have attached the other two logs though.
Thanks so much for your time!
I followed the instructions for Removing Malware here and have the log files attached and will wait for your suggestions.

[Saving space, attachment deleted by admin]

[SuperDave]

Hello moochy and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {509dccb4-4010-49c8-aacd-107079b84b62} - C:\WINDOWS\default32.dll
O20 - AppInit_DLLs: c:\windows\system32\zifirobo.dll,hojudozi.dll
O21 - SSODL: niyosipif - {ff65bbbe-d81c-4d6c-91d9-74581073e67b} - c:\windows\system32\zifirobo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {ff65bbbe-d81c-4d6c-91d9-74581073e67b} - c:\windows\system32\zifirobo.dll (file missing)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[moochy]

TY SD
I have completed the tasks you requested and have a new hijackthis log and combfix log for you to check. Also I have an error coming up for the windows defender. It is as follows on the screen:
Application Failed to Initialize 0x800106ba A problem caused Windows Defender to stop, to restart either restart your computer or use the Help and Support to restart manually.
The computer has been restarted several times with the same error coming up-any suggestions?
Thank you for your help thus far!!!!!!!!!!!!!!!!!


[Saving space, attachment deleted by admin]

[SuperDave]

Hello moochy. Do you have your XP Pro CD?

[moochy]

I have the XP  cd for my pc not the one for this laptop.
I believe this came loaded already.

update on window defender-i removed it in add/remove programs.
Do i still need it with Avast,Comodo firewall pro,sas,mbam

[SuperDave]

You definitely need one AV program and one third-party Firewall. You can keep SAS and MBAM, update them and run them about once a week. You can uninstall HJT. Are you going to re-install Windows Defender?

[moochy]

I wasnt going to reload Windows Defender unless you think I need it. Is the Comodo Firewall a good one?

[SuperDave]

I wasnt going to reload Windows Defender unless you think I need it. Is the Comodo Firewall a good one?

Windows Defender is a good program and I just started using Commod Firewall about 5 days ago and I would say it's one of the best. Just one more scan.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[moochy]

I cant thank you enough for all your help with this laptop. It is working great and runs much faster now. I decided to keep the Comodo Firewall and see how he does with this one. I was unable to run the last scan you requested before he went back to school but I have emailed him the scan directions and will have him run it. Thanks to people like you for putting your time and effort into our problem.