That`s strange, the 017 entries are still in your HJT log. They are the hijacker.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O17 - HKLM\System\CCS\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFC1255-4B1F-4017-85E8-E0E5D4BAF195}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{B51A6E9A-A160-41A4-9769-0E81C8E8B8CF}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEB13632-733E-431C-A65E-61492EBB7923}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79
Click on the fix checked button.
Close HJT and reboot your system.
Run another HJT scan and see if those 017 entries are still there. If they`ve gone, you`re good to go. If they haven`t, post a fresh HJT log.
Regards Howard
This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.