# AdwCleaner v6.043 - Logfile created 07/02/2017 at 23:16:58
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Monika - MONIKASALAMON
# Running from : D:\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found:  iSafeKrnl
Service Found:  iSafeKrnlBoot
Service Found:  iSafeNetFilter
Service Found:  UncheckitSvc
Service Found:  WinSAPSvc
Service Found:  WinSnare


***** [ Folders ] *****

Folder Found:  C:\Program Files (x86)\WinSnare(4.0.7)
Folder Found:  C:\Program Files (x86)\WinSnare(4.0.8)
Folder Found:  C:\Program Files (x86)\WinSnare(4.0.9)
Folder Found:  C:\Users\Monika\AppData\Roaming\Elex-tech
Folder Found:  C:\Users\Monika\AppData\Roaming\Uncheckit
Folder Found:  C:\Users\Monika\AppData\Roaming\gjdgj
Folder Found:  C:\Users\Monika\AppData\Roaming\aMule
Folder Found:  C:\Users\Monika\AppData\Roaming\WinSnare
Folder Found:  C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Folder Found:  C:\ProgramData\QQBrowser
Folder Found:  C:\ProgramData\Uncheckit
Folder Found:  C:\ProgramData\ChelfNotify
Folder Found:  C:\ProgramData\WinSAPSvc
Folder Found:  C:\ProgramData\winsapsvc
Folder Found:  C:\ProgramData\chelfnotify
Folder Found:  C:\ProgramData\adgad
Folder Found:  C:\ProgramData\Application Data\QQBrowser
Folder Found:  C:\ProgramData\Application Data\Uncheckit
Folder Found:  C:\ProgramData\Application Data\ChelfNotify
Folder Found:  C:\ProgramData\Application Data\WinSAPSvc
Folder Found:  C:\ProgramData\Application Data\winsapsvc
Folder Found:  C:\ProgramData\Application Data\chelfnotify
Folder Found:  C:\ProgramData\Application Data\adgad
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
Folder Found:  C:\Program Files (x86)\Elex-tech
Folder Found:  C:\Program Files (x86)\Uncheckit
Folder Found:  C:\Program Files (x86)\WinArcher
Folder Found:  C:\Program Files (x86)\UvConverter
Folder Found:  C:\Program Files (x86)\winarcher
Folder Found:  C:\Program Files (x86)\amuleC1
Folder Found:  C:\Program Files (x86)\Gubed_WMI
Folder Found:  C:\Program Files (x86)\Gubed
Folder Found:  C:\WINDOWS\SysWOW64\upddf
Folder Found:  C:\Users\Monika\AppData\Local\Temp\iSafeRightKeyScan
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\aMule
Folder Found:  C:\ProgramData\WinTools
Folder Found:  C:\Users\Monika\AppData\Roaming\WinSnare
Folder Found:  C:\Program Files (x86)\MIO


***** [ Files ] *****

File Found:  C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Uncheckit.lnk
File Found:  C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uncheckit.lnk
File Found:  C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Uncheckit.lnk
File Found:  C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
File Found:  C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
File Found:  C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Uncheckit.lnk
File Found:  C:\Users\Public\Documents\temp.dat
File Found:  C:\Users\Public\Documents\report.dat
File Found:  C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\95rdmy2d.default-1485871521331\searchplugins\amisites.xml      


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected:  C:\Users\Public\Desktop\Avast SafeZone Browser.lnk ( hxxp://www.amisites.com/?type=sc&ts=1482400026&z=2027fb5b2b6d30b394ead34g3z1bfo5zde0e6ecodm&from=che0812&uid=WDCXWD10S12X-55JTET0_WD-WX61A839982899
Shortcut infected:  C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1486113298&z=69afbda22dae7447b3ade2egdz7b8qfg9g7caccebw&from=che0812&uid=WDCXWD10S12X-55JTET0_WD-WX61A839982899828 )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk ( hxxp://www.amisites.com/?type=sc&ts=1482400026&z=2027fb5b2b6d30b394ead34g3z1bfo5zde0e6ecodm&from=che0812&uid=WDCXWD10S
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1486113298&z=69afbda22dae7447b3ade2egdz7b8qfg9g7caccebw&from=che0812&uid=WDCXWD10S12X-55J
Shortcut infected:  C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.amisites.com/?type=sc&ts=1482400026&z=2027fb5b2b6d30b394ead34g3z1bfo5zde0e6ecodm&from=che0812&u
Shortcut infected:  C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.amisites.com/?type=sc&ts=1482400026&z=2027fb5b2b6d30b394ead34g3z1bfo5zde0e6ecodm&from=che0812&ui
Shortcut infected:  C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.amisites.com/?type=sc&ts=1482400026&z=2027fb5b2b6d30b394ead34g3z1bfo5zde0e6ec
Shortcut infected:  C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1486113298&z=69afbda22dae7447b3ade2egdz7b8qfg9g7c


***** [ Scheduled Tasks ] *****

Task Found:  UncheckitTaskMN
Task Found:  UncheckitUpdateTaskC
Task Found:  UncheckitUpdateTaskDB
Task Found:  WinTOOL
Task Found:  Milimili


***** [ Registry ] *****

Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  HKU\.DEFAULT\Software\Elex-tech
Key Found:  HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Uncheckit
Key Found:  HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\WinSnare
Key Found:  HKU\S-1-5-18\Software\Elex-tech
Key Found:  HKCU\Software\Uncheckit
Key Found:  HKCU\Software\WinSnare
Key Found:  HKLM\SOFTWARE\Elex-tech
Key Found:  HKLM\SOFTWARE\Uncheckit
Key Found:  HKLM\SOFTWARE\ScreenShot
Key Found:  HKLM\SOFTWARE\WinZiper
Key Found:  HKLM\SOFTWARE\WinArcher
Key Found:  HKLM\SOFTWARE\amule-custom
Key Found:  HKLM\SOFTWARE\amisitesSoftware
Key Found:  HKLM\SOFTWARE\UvConv
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
Key Found:  [x64] HKCU\Software\Uncheckit
Key Found:  [x64] HKCU\Software\WinSnare
Key Found:  [x64] HKLM\SOFTWARE\InterSect Alliance
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B68CE107A2DED706DC47D6BC4BF3C4C1
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C076B2283AB74D88D5E4D34BC497FF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Data Found:  HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e
Data Found:  HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0t
Data Found:  HKU\S-1-5-21-3178937606-276424082-2874363280-1002\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55JTE
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55JTET0
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55JTET0
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55JTE
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55J
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55JTE
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1480330968&z=4c7960c34043ce01a6f5b66g4zbb0efc6c4e0tbmfb&from=archer1028&uid=WDCXWD10S12X-55JTE
Data Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files\internet explorer\iexplore.exe" hxxp://www.amisites.com/?type=sc&ts=1486375013&z=ce1d515c6d8b58dab7c70a4g
Data Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.amisites.com/?type=sc&ts=1486375013&z=ce1d515c6d8b58dab7c70a
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adnetworkperformance.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.pl
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onclicktop.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.pl
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onclicktop.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adnetworkperformance.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.pl
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onclicktop.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.pl
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onclicktop.com
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Key Found:  HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Value Found:  HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\95rdmy2d.default-1485871521331\prefs.js] - "browser.startup.homepage" -  "hxxp://www.amisites.com/?type=hp&ts=1486113298&z=69afbda22dae7447b3ad
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [18274 Bytes] - [24/04/2016 20:24:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [907 Bytes] - [02/08/2015 21:22:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [962 Bytes] - [02/08/2015 21:23:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [22047 Bytes] - [24/04/2016 20:23:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [673 Bytes] - [27/09/2015 22:23:28]
C:\AdwCleaner\AdwCleaner[S3].txt - [15186 Bytes] - [07/02/2017 23:16:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [15260 Bytes] ##########