DNS Unlocker removal

[ShadowHound]

Having ads by DNS unlocker similar to a lot of other people. Attached are the log files from FRST. Adwcleaner Cleaner scan log wouldn't let me attach the file. Here is the text from the log:

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 10:23:40
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Akshay - AKSHAYLAPTOP
# Running from : C:\Users\Jaip\Downloads\adwcleaner_5.101.exe
# Option : Scan
# Support : ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files\groover310120160545
Folder Found : C:\Program Files\shopperz310120160523
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Program Files (x86)\OneSystemCare
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\SystemHealer
Folder Found : C:\Program Files (x86)\34444335-1454215353-3035-4748-6CC21777BFC1
Folder Found : C:\Program Files\Common Files\Goobzo
Folder Found : C:\ProgramData\TVTime
Folder Found : C:\ProgramData\48219865-62b3-0
Folder Found : C:\ProgramData\48219865-6b87-0
Folder Found : C:\ProgramData\8960da4d
Folder Found : C:\ProgramData\a504970a-19c3-1
Folder Found : C:\ProgramData\a504970a-1c73-0
Folder Found : C:\ProgramData\a504970a-5ad5-1
Folder Found : C:\ProgramData\a504970a-6851-0
Folder Found : C:\ProgramData\f4fcb22a-0065-0
Folder Found : C:\ProgramData\f4fcb22a-1481-0
Folder Found : C:\ProgramData\f4fcb22a-1563-1
Folder Found : C:\ProgramData\f4fcb22a-3ed1-1
Folder Found : C:\ProgramData\{12a082c3-712c-1}
Folder Found : C:\ProgramData\{356a9883-712c-0}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
Folder Found : C:\Users\Jaip\AppData\Local\BrowserAir
Folder Found : C:\Users\Jaip\AppData\Local\pokki
Folder Found : C:\Users\Jaip\AppData\Local\SearchProtect
Folder Found : C:\Users\Jaip\AppData\Local\TVTime
Folder Found : C:\Users\Jaip\AppData\Local\bvxvbxxvaa
Folder Found : C:\Users\Jaip\AppData\Roaming\One System Care
Folder Found : C:\Users\Jaip\AppData\Roaming\System Healer

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage
File Found : C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : {38075876-4EF7-C121-6598-2148001E2734}

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8960da4d}
Key Found : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2F423120-6D20-4F23-A690-9F6E8ED8E996} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3D483170-CCC6-46E7-8ECC-48C73D54A2A2} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{88FF0F03-FEB1-4FD5-B42F-EB3F0E548649} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C7BE9743-B3FD-44EA-AFF5-C0EF562261E3} [NameServer] - 82.163.142.7 95.211.158.134
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Found : HKCU\Software\Classes\pokki

***** [ Web browsers ] *****

[C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Jaip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [6404 bytes] - [08/03/2016 10:23:40]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [6497 bytes] ##########

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[ShadowHound]

Hey there TwinHeadedEagle,

Thanks for your speedy reply. I followed your steps and please find the logfile attached. A quick check seems like the pop up ads have been removed. Any next steps to be taken?

 

[TwinHeadedEagle]

Wait few days and let me know.