~ ZHPCleaner v2016.1.12.7 by Nicolas Coolman (2016/01/12) ~ Run by slessner (Administrator) (14/01/2016 22:17:58) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\slessner\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\slessner\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 10586) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) REPLACED Chrome Preferences: "http://apiuseclearthink-a.akamaihd.net/" =>PUP.Optional.Browser ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (53) MOVED file: C:\Windows\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw64.sys [StdLib - StdLib] =>PUP.Optional.LinkiDoo MOVED file: C:\Windows\Prefetch\CACAOWEB (8).EXE-BC0A6CCE.pf =>.Superfluous.CacaoWeb MOVED file: C:\Users\slessner\Desktop\rcpsetup_softonic_sd_new.exe [Systweak Inc - RegClean Pro] =>.Superfluous.Systweak MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_apiuseclearthink-a.akamaihd.net_0.localstorage =>PUP.Optional.AkamaiHD MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_apiuseclearthink-a.akamaihd.net_0.localstorage-journal =>PUP.Optional.AkamaiHD MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage =>PUP.Optional.AkamaiHD MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal =>PUP.Optional.AkamaiHD MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_static.boostsaves.com_0.localstorage =>PUP.Optional.BoostSaves MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_static.boostsaves.com_0.localstorage-journal =>PUP.Optional.BoostSaves MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage =>PUP.Optional.PricePeep MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal =>PUP.Optional.PricePeep MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage =>PUP.Optional.Multiplug MOVED file: C:\Users\slessner\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal =>PUP.Optional.Multiplug MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (1).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (2).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (3).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (4).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (5).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (6).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (7).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb (8).exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\cacaoweb.exe =>.Superfluous.CacaoWeb MOVED file: \Documents and Settings\Bilal\Downloads\iLividSetup (1).exe [Bandoo Media Inc - iLivid Install] =>PUP.Optional.Bandoo MOVED file: \Documents and Settings\Bilal\Downloads\iLividSetup (2).exe [Bandoo Media Inc - iLivid Install] =>PUP.Optional.Bandoo MOVED file: \Documents and Settings\Bilal\Downloads\iLividSetup.exe [Bandoo Media Inc - iLivid Install] =>PUP.Optional.Bandoo MOVED file: \Documents and Settings\Bilal\Downloads\SoftonicDownloader_pour_vlc-media-player-portable (1).exe [Softonic - Softonic Downloader] =>.Superfluous.Softonic MOVED file: \Documents and Settings\Bilal\Downloads\SoftonicDownloader_pour_vlc-media-player-portable.exe [Softonic - Softonic Downloader] =>.Superfluous.Softonic MOVED file^: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_apiuseclearthink-a.akamaihd.net_0.localstorage =>PUP.Optional.AkamaiHD MOVED file^: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_apiuseclearthink-a.akamaihd.net_0.localstorage-journal =>PUP.Optional.AkamaiHD MOVED file^: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage =>PUP.Optional.AkamaiHD MOVED file^: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal =>PUP.Optional.AkamaiHD MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.audienceinsights.net_0.localstorage =>PUP.Optional.Generic MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.audienceinsights.net_0.localstorage-journal =>PUP.Optional.Generic MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage =>PUP.Optional.BoostSaves MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal =>PUP.Optional.BoostSaves MOVED file^: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage =>PUP.Optional.PricePeep MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal =>PUP.Optional.PricePeep MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage =>PUP.Optional.Multiplug MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal =>PUP.Optional.Multiplug MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.Chatango MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage =>PUP.Optional.Generic MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal =>PUP.Optional.Generic MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.topictorch.com_0.localstorage =>.Superfluous.Torch MOVED file: \Documents and Settings\Bilal\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.topictorch.com_0.localstorage-journal =>.Superfluous.Torch MOVED folder^: C:\Program Files (x86)\ClearThink =>PUP.Optional.ClearThink MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 =>PUP.Optional.OptimizerPro MOVED folder: \Users\Bilal\AppData\Roaming\cacaoweb =>.Superfluous.CacaoWeb MOVED folder: \Users\Bilal\AppData\Local\Pay-By-Ads =>PUP.Optional.PaybyAds ---\\ Registry ( Key, Value, Data) (27) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw64 [C:\Windows\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw64.sys (Not File)] =>PUP.Optional.LinkiDoo DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Uninstall\ClearThink [] =>PUP.Optional.ClearThink DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\ClearThink [] =>PUP.Optional.ClearThink DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw64 [C:\WINDOWS\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw64.sys (Not File)] =>PUP.Optional.LinkiDoo DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [C:\Program Files (x86)\Ask.com\ (Not File)] =>Toolbar.Ask DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update ClearThink [] =>PUP.Optional.ClearThink DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateClearThink_RASAPI32 [] =>Adware.Sambreel DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateClearThink_RASMANCS [] =>Adware.Sambreel DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilClearThink_RASAPI32 [] =>Adware.Sambreel DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilClearThink_RASMANCS [] =>Adware.Sambreel DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] =>Adware.Sambreel DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files (x86)\ClearThink\bin\bcd064.dll] =>Adware.Sambreel DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{7A345E05-610C-4467-A39B-72953134A89C}C:\users\bilal\downloads\cacaoweb (8).exe [C:\users\bilal\downloads\cacaoweb (8).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{5ED01914-BA93-4720-9853-1D3D67FEF3F6}C:\users\bilal\downloads\cacaoweb (8).exe [C:\users\bilal\downloads\cacaoweb (8).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{15671F86-E97D-4071-B679-8367D3BE9B14}C:\users\bilal\downloads\cacaoweb (7).exe [C:\users\bilal\downloads\cacaoweb (7).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{93879C83-B1B4-4389-A945-864B2A0FC3F7}C:\users\bilal\downloads\cacaoweb (7).exe [C:\users\bilal\downloads\cacaoweb (7).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{531B0390-AC3B-4A6D-9687-187A13242847}C:\users\bilal\downloads\cacaoweb (6).exe [C:\users\bilal\downloads\cacaoweb (6).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{FEFF8565-0C88-47B8-9998-653E9D209BA0}C:\users\bilal\downloads\cacaoweb (6).exe [C:\users\bilal\downloads\cacaoweb (6).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{F7449F28-197E-456B-8295-110DD9153AFB}C:\users\bilal\downloads\cacaoweb (5).exe [C:\users\bilal\downloads\cacaoweb (5).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{81707675-E259-49D7-9F3B-A0E68B3D1AB9}C:\users\bilal\downloads\cacaoweb (5).exe [C:\users\bilal\downloads\cacaoweb (5).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{19466CC4-F6D6-4F8A-99C5-E8564D5FBF34}C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{45371F24-A052-446D-8CB3-A3EA5C7E094E}C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{FEBA7FD7-0E52-415F-8D1A-C56CD1B99EDB}C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{E6C8A129-CFCF-40A9-AC7F-17F4E269B8B7}C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\bilal\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{FF774741-23BF-4428-B583-EF4FB6139B51}C:\users\bilal\downloads\cacaoweb (8).exe [C:\users\bilal\downloads\cacaoweb (8).exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{7BBA987B-9F8D-433D-BBA2-DC760C2CB5FD}C:\users\bilal\downloads\cacaoweb (8).exe [C:\users\bilal\downloads\cacaoweb (8).exe] =>.Superfluous.CacaoWeb ---\\ Summary of the elements found (20) http://www.nicolascoolman.fr/?p=546 =>PUP.Optional.Browser http://www.nicolascoolman.fr/?p=62 =>PUP.Optional.LinkiDoo http://www.nicolascoolman.fr/?p=338 =>.Superfluous.CacaoWeb http://www.nicolascoolman.fr/pup-systweak/ =>.Superfluous.Systweak http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.AkamaiHD http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BoostSaves http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.PricePeep http://www.nicolascoolman.fr/?p=1402 =>PUP.Optional.Multiplug http://www.nicolascoolman.fr/?p=237 =>PUP.Optional.Bandoo http://www.nicolascoolman.fr/?p=4664 =>.Superfluous.Softonic http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Generic http://www.nicolascoolman.fr/?p=134 =>PUP.Optional.PutLocker http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Chatango http://www.nicolascoolman.fr/?p=905 =>PUP.Optional.AddLyrics http://www.nicolascoolman.fr/?p=4664 =>.Superfluous.Torch http://www.nicolascoolman.fr/pup-clearthink/ =>PUP.Optional.ClearThink http://www.nicolascoolman.fr/?p=324 =>PUP.Optional.OptimizerPro http://www.nicolascoolman.fr/?p=1754 =>PUP.Optional.PaybyAds http://www.nicolascoolman.fr/?p=235 =>Toolbar.Ask http://www.nicolascoolman.fr/pup-optional-sambreel/ =>Adware.Sambreel ---\\ Other deletions. (17) ~ Registry Keys Tracing deleted (17) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 259 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 81 ~ End of clean in 00h01mn35s =================== ZHPCleaner-[R]-14012016-22_19_33.txt ZHPCleaner-[S]-14012016-21_26_37.txt ZHPCleaner-[S]-14012016-22_16_58.txt