R&R Completed, your assistance please

I have gone through the R&R post process completely. Now I am at the point to post what I have for your help. I would like to say thank you very much in advance! I don't know what I would have done without this site and the people running it!

Some of the items found were: vcodec, pipas, trojanproxy xorpix.fam, backdoor eterok among others I'm sure. I am also have problems with IE trying to access an IP with win32:adan-094 and -078 Fortunately Avast keeps blocking it but IE just wont stop trying.

Please let me know what I should do next to clean everything up and how to keep it clean. Thank you!

 

I also have a counterspy log for you since defender wont run on my computer yet.

 

Please download FixWareout by LonnyRJones from one of the two below links and save it to your desktop.

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

• Run Fixwareout.
• Click Next,
• then Install,
• make sure Run fixit is checked
• and click Finish.
• The fix will begin; follow the prompts.
• You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.

When you run fixwareout, just follow the prompts, you will need to restart when prompted.

After rebooting (restart) back into normal boot mode, make sure you have all web browsers closed.

• Go into Control Panel -->Network Connections.
• Right click on your connection
• and click Properties.
• On the Properties page, highlight Internet Protocol(TCP/IP)
• Click Properties. This will bring up another page.
• Select Obtain DNS Server Automatically.
• Click the ok button. The page will close.
• Press ok on the page in front of you.
• Restart the computer.
• Reconnect to the Internet using Internet Explorer.
• Now come back here and attach the log from fixwareout. It is located at c:\fixwareout\report.txt

Post a fresh HijackThis log as well.

 

Done deal. Thanks. What's next?

 

Download
- Pocket Killbox

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Wow, okay done. Here you go. What do you think?

 

FYI, last night after I posted the reply above I disconnected this computer from the internet. CounterSpy ran a scan at its sceduled time and found the same 3 it keeps finding, zlob.media-codec, backdoor.eterok, and Trojan-Proxy.Win32.Xorpix.Fam Backdoor

the copied the report into notepad, TXT below

 

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

REBOOT to Safe Mode.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

REBOOT to Normal Mode.

CounterSpy come back clean now?

Post a fresh HijackThis log.

 

Ran into a problem. See HT file attached. There is no 020 line do you still want me to do step 1 as described in your post?

 

Well I figured I would just go ahead and do the second step since O20 wasn't in need of repair.... You guys work miracles, of the non-supernatural kind, but still. Your right the scan cam up clean. Here is a fresh HT. How does it look?

 

Your HijackThis log is clean.

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

W2K here. I am making sure that I am following the thread to prevent this.

Thank you so very much for all your time and attention. Given the current state of the internet, I am sure I'll be back at some point. Take care, cheers.

 

You're welcome.