# AdwCleaner v6.043 - Logfile created 07/02/2017 at 23:20:08
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Monika - MONIKASALAMON
# Running from : D:\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: iSafeKrnl
[-] Service deleted: iSafeKrnlBoot
[-] Service deleted: iSafeNetFilter
[-] Service deleted: UncheckitSvc
[-] Service deleted: WinSAPSvc
[-] Service deleted: WinSnare


***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\WinSnare(4.0.7)
[-] Folder deleted: C:\Program Files (x86)\WinSnare(4.0.8)
[-] Folder deleted: C:\Program Files (x86)\WinSnare(4.0.9)
[-] Folder deleted: C:\Users\Monika\AppData\Roaming\Elex-tech
[-] Folder deleted: C:\Users\Monika\AppData\Roaming\Uncheckit
[-] Folder deleted: C:\Users\Monika\AppData\Roaming\gjdgj
[-] Folder deleted: C:\Users\Monika\AppData\Roaming\aMule
[-] Folder deleted: C:\Users\Monika\AppData\Roaming\WinSnare
[-] Folder deleted: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Folder deleted: C:\ProgramData\QQBrowser
[-] Folder deleted: C:\ProgramData\Uncheckit
[-] Folder deleted: C:\ProgramData\ChelfNotify
[-] Folder deleted: C:\ProgramData\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\winsapsvc
[#] Folder deleted on reboot: C:\ProgramData\chelfnotify
[-] Folder deleted: C:\ProgramData\adgad
[#] Folder deleted on reboot: C:\ProgramData\Application Data\QQBrowser
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uncheckit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ChelfNotify
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\winsapsvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\chelfnotify
[#] Folder deleted on reboot: C:\ProgramData\Application Data\adgad
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
[-] Folder deleted: C:\Program Files (x86)\Elex-tech
[-] Folder deleted: C:\Program Files (x86)\Uncheckit
[-] Folder deleted: C:\Program Files (x86)\WinArcher
[-] Folder deleted: C:\Program Files (x86)\UvConverter
[#] Folder deleted on reboot: C:\Program Files (x86)\winarcher
[-] Folder deleted: C:\Program Files (x86)\amuleC1
[-] Folder deleted: C:\Program Files (x86)\Gubed_WMI
[-] Folder deleted: C:\Program Files (x86)\Gubed
[-] Folder deleted: C:\WINDOWS\SysWOW64\upddf
[-] Folder deleted: C:\Users\Monika\AppData\Local\Temp\iSafeRightKeyScan
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\aMule
[-] Folder deleted: C:\ProgramData\WinTools
[#] Folder deleted on reboot: C:\Users\Monika\AppData\Roaming\WinSnare
[-] Folder deleted: C:\Program Files (x86)\MIO


***** [ Files ] *****

[-] File deleted: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Uncheckit.lnk
[-] File deleted: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uncheckit.lnk
[-] File deleted: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Uncheckit.lnk
[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Uncheckit.lnk
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat
[-] File deleted: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\95rdmy2d.default-1485871521331\searchplugins\amisites.xml      


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk


***** [ Scheduled Tasks ] *****

[-] Task deleted: UncheckitTaskMN
[-] Task deleted: UncheckitUpdateTaskC
[-] Task deleted: UncheckitUpdateTaskDB
[-] Task deleted: WinTOOL
[-] Task deleted: Milimili


***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Key deleted: HKU\.DEFAULT\Software\Elex-tech
[-] Key deleted: HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Uncheckit
[-] Key deleted: HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\WinSnare
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Elex-tech
[#] Key deleted on reboot: HKCU\Software\Uncheckit
[#] Key deleted on reboot: HKCU\Software\WinSnare
[-] Key deleted: HKLM\SOFTWARE\Elex-tech
[-] Key deleted: HKLM\SOFTWARE\Uncheckit
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\WinZiper
[-] Key deleted: HKLM\SOFTWARE\WinArcher
[-] Key deleted: HKLM\SOFTWARE\amule-custom
[-] Key deleted: HKLM\SOFTWARE\amisitesSoftware
[-] Key deleted: HKLM\SOFTWARE\UvConv
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
[#] Key deleted on reboot: [x64] HKCU\Software\Uncheckit
[#] Key deleted on reboot: [x64] HKCU\Software\WinSnare
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B68CE107A2DED706DC47D6BC4BF3C4C1
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C076B2283AB74D88D5E4D34BC497FF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Data restored: HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adnetworkperformance.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.pl
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onclicktop.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.pl
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onclicktop.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adnetworkperformance.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.pl
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onclicktop.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.pl
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onclicktop.com
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Value deleted: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxp://www.amisites.com/?type=hp&ts=1486113298&z=69afbda22dae7447b3ade2egdz7b8qfg9g7caccebw&from=che0812&uid=WDCXWD10S12X-55JTET0_WD-WX61A839982899828"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [18274 Bytes] - [24/04/2016 20:24:38]
C:\AdwCleaner\AdwCleaner[C2].txt - [13297 Bytes] - [07/02/2017 23:20:08]
C:\AdwCleaner\AdwCleaner[R0].txt - [907 Bytes] - [02/08/2015 21:22:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [962 Bytes] - [02/08/2015 21:23:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [22047 Bytes] - [24/04/2016 20:23:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [673 Bytes] - [27/09/2015 22:23:28]
C:\AdwCleaner\AdwCleaner[S3].txt - [15460 Bytes] - [07/02/2017 23:16:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [13735 Bytes] ##########