SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{704094A6-3EF2-4A6B-B015-215FA4322AD6}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{7739C18B-9670-4F90-95BE-BF6E7F7B8D68}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB94E417-FE19-40B4-A222-D2CC2BF8F748}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



REBOOT.



It may be necessary to give MBAM a new name (rename it) to allow it to run , e.g.:

needed_scan.exe


Also check to see that the DNS entries have not been altered again.




POST A REVISED HIJACKTHIS LOG for review:

• Reboot.
• Post a new HijackThis log.
• Provide any feedback commentary as appropriate - how things are now behaving: any new or remaining apparent issues.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.