View Single Post

edifier · 11-09-2006, 04:57 PM

I don't know how busy 'Buzz' still is so hopefully he won't mind me offering some additional help.

The answer is 'NO'!.

I CRINGED when 'PC eye' found out about that analizer and started listing whatever it flagged, - as most entries are 'LEGIT'.

Very Important:
Make sure security programs such as - Trend Micro, AVG Anti-Spyware 7.5, WebrootSpy Sweeper, WinPatrol, SPYBOT, etc are DISABLED until they are needed. They may interfere with the cleaning process.

Go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

Run HijackThis and put a check by the following entries, close all open windows and browsers except HijackThis and click 'Fix Checked'

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [SYSTRAV] xwiz.exe
O4 - HKLM\..\Run: [sound64] br0ken.exe
O11 - Options group: [INTERNATIONAL] International*

Close 'HJT'.

Look in ADD/REMOVE Programs for anything to do with 'Wareout' and get rid of it.

Now you need to search your 'C' drive/Partition e.g. - C/Program Files, C/Windows, C/Windows/system, C/Windows/System32, etc to locate and 'Delete' these to entries.

xwiz.exe
br0ken.exe

Run FixWareout again.

Reboot your computer and post a new 'HJT' log.

11-09-2006, 04:57 PM	#7 (permalink)
edifier Platinum Member Join Date: Jan 2006 Posts: 567	I don't know how busy 'Buzz' still is so hopefully he won't mind me offering some additional help. The answer is 'NO'!. I CRINGED when 'PC eye' found out about that analizer and started listing whatever it flagged, - as most entries are 'LEGIT'. Very Important: Make sure security programs such as - Trend Micro, AVG Anti-Spyware 7.5, WebrootSpy Sweeper, WinPatrol, SPYBOT, etc are DISABLED until they are needed. They may interfere with the cleaning process. Go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay. Run HijackThis and put a check by the following entries, close all open windows and browsers except HijackThis and click 'Fix Checked' R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [SYSTRAV] xwiz.exe O4 - HKLM\..\Run: [sound64] br0ken.exe O11 - Options group: [INTERNATIONAL] International* Close 'HJT'. Look in ADD/REMOVE Programs for anything to do with 'Wareout' and get rid of it. Now you need to search your 'C' drive/Partition e.g. - C/Program Files, C/Windows, C/Windows/system, C/Windows/System32, etc to locate and 'Delete' these to entries. xwiz.exe br0ken.exe Run FixWareout again. Reboot your computer and post a new 'HJT' log.