Cleaned a computer today that had many bits of malware. One of the bits of junk had changed the DNS entries on the Windows 7 computer to:
inetnum: 126.96.36.199 – 188.8.131.52
descr: Bezeq International-Ltd
status: ALLOCATED PA
remarks: please send ABUSE complains only to email@example.com
184.108.40.206 (no RDNS)
Net Range 220.127.116.11 – 18.104.22.168
Parent ELRON-C-BLK1 (NET-199-203-0-0-1)
Seems to redirect and inject their own code into requests for Google Analytics.
They had also done something to the winsock and IP settings on the system to prevent any other DNS server being used. This was resolved by:
netsh interface ip reset
netsh winsock reset
Running Hitman pro would also have solved the problem.