NewDotNet & Winfixer - can't get rid of them

[LonnyRJones]

If tea timer is set to not start with windows then this item
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pwiarq.exe reg_run
Should be fixed with hiajckthis and it should stay fixed.
In other words if you choose the wrong decision when tea timer alerted it can put back the reg entry, even if the file (real infection) is no longer there.

Fix it once again (with hijackthis)then restart your pc and check if its back

Another great program to have its ewido, its a trial, You can continue to use it after the trial period but without its resident. http://www.ewido.net/en/download/

 

[Little Oscar]

NewDotNet & WinFixer continued

Lonny - I turned off tea-timer and ran HJT as instructed. There was some of the junk from 04/09/06 report as well as the 04...[winsync]... I fixed those and think that I got everything but I'm attaching the HJT for your review.

 

[LonnyRJones]

Hi

Scan and fix these with hijackthis
O2 - BHO: (no name) - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - (no file)
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\OJML6XML\WinAntiSpyware2006FreeInstall[1].exe" -nag
================

Turn off Tea Timer (right-click its icon in the tray area near the windows close and choose exit)
and close SpyBot if open. Download ResetTeaTimer.bat (rightclick save as)
http://downloads.subratam.org/ResetTeaTimer.bat
To your desktop, run ResetTeaTimer.bat.
Since it will not be needed again delete ResetTeaTimer.bat.
Turn Tea timer back on again via SpyBots tools resident page.

Let us know if any items we have fixed show again in a hijackthis log

 

[Little Oscar]

NewDotNet & WinFixer

Lonny - This one is still there after completing tasks:
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\OJML6XML\WinAntiSpyware2006FreeInstall[1].exe" -nag

HJT log attached.

 

[LonnyRJones]

OK, Lets use a regfix
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file. (not including the word code)
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NI.UWAS6_0001_N68M2301"=-

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

If tea timer is on and alerts to the change click allow, do not tick the box to remember the decision..

 

[Little Oscar]

Lonny - that did it! YEAAAA! Is there anything else that needs to be done?

 

[LonnyRJones]

You turned Tea timer back on ?

Think Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated

To help avoid reinfection see >
http://forums.spybot.info/showthread.php?t=27

Stay safe

 

[Little Oscar]

Thank you

Lonny - I can't thank you enough for all your help, patience and advice! You are a gem indeed! THANK YOU! THANK YOU! THANK YOU!

 

[LonnyRJones]

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.