Logfile of HijackThis v1.99.1
Scan saved at 7:44:16 PM, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RunDLL32.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\this hijack pisses me off\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {23AA0B41-BCEB-39C2-A6CF-D4796BB6424E} - iehelper.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - E:\WINDOWS\system32\gigagetbho_v10.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\programs delete\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk.disabled
O8 - Extra context menu item: &Download All by Gigaget - E:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - E:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.gunbound.net
O15 - Trusted Zone: http://*.nprotect.net
O15 - Trusted Zone: http://*.softnyx.net
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDC836-26DB-4267-89D8-87F9FA9F7078}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O20 - Winlogon Notify: WB - E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

Ok from looking at my own log,
These are the only entries I find suspicious or don't know what they are for, the other entries I think are legit.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
****possibly legit meaning blank start page and no search assistant*****

R3 - URLSearchHook: (no name) - {23AA0B41-BCEB-39C2-A6CF-D4796BB6424E} - iehelper.dll (file missing)
*****shouldnt be harmful considering the file is missing*****

O1 - Hosts: localhost 127.0.0.1
****possibley something to do with spybot****

HKLM\System\CCS\Services\Tcpip\..\{31BDC836-26DB-4267-89D8-87F9FA9F7078}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
****seems very suspicious****



E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\system32\RunDLL32.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\System32\svchost.exe
*****Some or all of these entries are legit windows services, but possible malware entry????******

apparantly my isp was having problems during the days I got this
http://forums.whirlpool.net.au/forum-replies.cfm?t=595590&p=-1#bottom

well im bored so heres my life story

1.Caught the "Kill and Clean" spyware through system tray popup which I thought was a legitimate windows notification.
2.Uninstalled "Kill and Clean" through add and remove programs.
3.Proceeded to do spybots scan which stopped at win32.sober
4.Manually unchecked suspected "Kill and Clean" install after looking at previous clean saved startup log from spybot.
http://img225.imageshack.us/img225/7737/screenhunter5kk6.th.jpg (http://img225.imageshack.us/my.php?image=screenhunter5kk6.jpg)
5.Proceeded to download Adaware,spyware blaster, ewido and all 3 antivirus programs in an attempt to be sure "Kill and Clean" was fully erradicated and because firefox and spybots immunize did not stop this program from being installed.
6.Did scans with adaware, ewido and all 3 antivirus, no "Kill and Clean" showed up.
7.Uninstalled "Antivir" to test out "Avast's realtime protection" since Avast's realtime protection gets disabled automatically if Avast detects Antivir is installed. - which is good since it prevents serious conflicts.
8.Downloads and installs Firefox 1.5.0.7 to replace 1.5.0.6
9.Notices browser redirect problem even though I had "Avast's" webshield on.
10.Decides to uninstall Avast and reininstall antivir since it didnt protect me and its a resource hog noticed by the few second delay when starting a program or closing a instant message window .
11.Does a scan with antivir, nothing shows up.
12.Uninstalls firefox 1.5.0.7 since thought that it might be reason for the browser redirect, and reinstalls 1.5.0.6.
13.Uninstalls through "add and remove" and also manually goes to firefox folder and documents and settings to remove everything firefox related since my bookmarks are installed in another location.
14.Reinstalls firefox
15.boots windows in safe mode and scans with spybots after visiting this forum, "Kill and Clean" shows up but the browser redirect doesn't.
16.Decides install Avast again and do a scan with all programs in safe mode. Exception is Ewido since can't use keyboard to do anything in Ewido.
17.Nothing shows up.
18.Downloads hijack this.

After testing all 3 antivirus:
-Avast has the most features, Realtime protection and Webshield are the most significant.
-Antivir seems to only have Realtime protection.
-AVG is stated to have realtime protection but I do not notice it working at any time, only thing I notice is it seems to do a background scan periodically as set by the schedular.

-Avast is a resource hog
-Antivir still undetermined but seems to be a slight resource hog as well
-AVG seems to be very light

Both Avast and Antivir cannot be fully disabled once installed although u can disable the realtime protection.
AVG seems to be able to be fully disabled will disappear from system tray.

Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
We will remind you to turn it on later

Download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

Ok after following those steps, heres the 2 logs


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jnomd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmenr.exe"=-
"dmonj.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
* csr.exe E:\WINDOWS\System32\CSUXF.EXE

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
E:\WINDOWS\SYSTEM32\CSUXF.EXE 51,294 2006-09-14
E:\WINDOWS\SYSTEM32\DMONJ.EXE 62,024 2004-08-04

Other suspects.
Directory of E:\WINDOWS\system32
{BF3810D6-8EF6-486D-9687-D47FB61FA491}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.




Logfile of HijackThis v1.99.1
Scan saved at 6:38:14 PM, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RunDLL32.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
C:\this hijack pisses me off\HijackThis.exe

R3 - URLSearchHook: (no name) - {23AA0B41-BCEB-39C2-A6CF-D4796BB6424E} - iehelper.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - E:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] E:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk.disabled
O8 - Extra context menu item: &Download All by Gigaget - E:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - E:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.gunbound.net
O15 - Trusted Zone: http://*.nprotect.net
O15 - Trusted Zone: http://*.softnyx.net
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDC836-26DB-4267-89D8-87F9FA9F7078}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O20 - Winlogon Notify: WB - E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

Close all browsers
Start Hijackthis and place a check next to these items If there.
O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDC836-26DB-4267-89D8-87F9FA9F7078}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete these files
E:\WINDOWS\SYSTEM32\CSUXF.EXE 51,294 2006-09-14
E:\WINDOWS\SYSTEM32\DMONJ.EXE 62,024 2004-08-04
E:\WINDOWS\system32\{BF3810D6-8EF6-486D-9687-D47FB61FA491}.exe
Your antivirus might delete when you get close to them, thats fine.
Delete E:\fixwareout as it wont be needed again

Note:
If You have connection problems or those 017's ~ 85.255.113.90 85.255.112.5, return >
Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties.
Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
Do that for every conntection listed.


Turn Tea Timer back on
Uninstall all but one antivurus program
Mention any current problems ?

Is the note only for if you have a connection problem or if those entries still appear in a hijack this scan and you don't have to do the network thing if you dont have that problem?

Merged:
http://forums.spybot.info/showpost.php?p=43705&postcount=3
http://forums.spybot.info/showpost.php?p=43701&postcount=8

From:
http://forums.spybot.info/showthread.php?t=7542

You still out there Helms ?

are there any connection problems or have those paticular 017s re-apeared ?

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).