I would like to point out something here: not only have I been undermined by people claiming that I have missed something while helping people on this thread because I do not have access to secret information, but this claim itself has, as far as I can see, proved to be wrong.
I asked why it was suggested that this might be Wareout, when nobody had complained of the pop-ups typical of Wareout, and was told that it was because of the 017 entries: infomation that I couldn't be given access to. My own research suggested this was a DNS hijack and my advice was to reset the DNS settings following the instructions on the site linked to in the 017 entries.
Check the IP in the "O17" entry. If it is imhoster.com, it is wareout.
I must be missing something here. The 017 entries point to domainserror.com. While I cannot know if, in some secret forum, this site is associated with Wareout, I suggest that it may simply be a DHS hijack operation operating sometimes at least with no association with Wareout.
I was told that Wareout uses a rootkit and cannot be seen. I posted a link that showed that some entries are evident even with a rootkit infection.
Well, where is this evidence of a rootkit infection? I believe WareoutFix is supposed to find a rootkit Wareout infection, but it seems to have found nothing, as did BlackLight and Gmer.
Gnarf, it seems, that Avast or Spybot deleted the file allready(possible?) and the "o17" was only the leftover from the infection.
Maybe there was no Wareout infection. Maybe it was just a DNS hijack like I originally suggested. Maybe some Trojan just reset the DNS server which is why you could fix it by removing the HijackThis! entries, or why the person I advised previously in the thread could fix it by following the instructions to reset the DNS settings in XP.
I don't mind when somebody with more experience than me comes along and offers help on this forum- raman's original help allowed me to spot the DNS hijack. But here three people have undermined the advice I gave and told a user they had an infection which there was really no indication of, and which proved not to be present.
A careful examination of symptoms described, HijackThis! log and information on the web site linked to might have suggested this. If Geek-To-Go are going to jump in every time they see a juicy HijackThis! this log, at least they could read the whole thread carefully without making an instant diagnosis on one 017 entry, underling somebody who's spent a lot of time on the thread already, and claiming expert knowledge the rest of us don't have access to.
EDIT: Typo