~ ZHPCleaner v2017.1.27.19 by Nicolas Coolman (2017/01/27)
~ Run by user (Administrator)  (27/01/2017 16:42:30)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\user\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\user\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Services (1)
CLOSED : TTService  =>.Superfluous.TorrentsTime


---\\  Browser internet (2)
DELETED: [81o5rgg0.default] - user_pref("browser.startup.homepage", "C:\ProgramData\Quotenamrons\ff.HP");  =>PUP.Optional.Salus
DELETED: [81o5rgg0.default] - user_pref("browser.newtab.url", "C:\ProgramData\Quotenamrons\ff.NT");  =>PUP.Optional.Salus


---\\  Hosts file (1)
~ The hosts file is legitimate (26)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (71)
MOVED file: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\81o5rgg0.default\searchplugins\findit.xml    =>PUP.Optional.SmartBar
MOVED file: C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [Torrents Time - Torrents Time plugin]  =>.Superfluous.TorrentsTime
MOVED file: C:\Users\user\AppData\Roaming\Dongcom.exe    =>PUP.Optional.Pirrit
MOVED file: C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [TorrentsTime - TTService]  =>.Superfluous.TorrentsTime
MOVED file: C:\Windows\Temp\x250x5lq.exe    =>Heuristic.Suspect
MOVED file: C:\Windows\Installer\wix{4E9D4C35-BA44-4DC5-86F9-C8EC07492289}.SchedServiceConfig.rmi    =>.Superfluous.Empty
MOVED file: C:\Users\user\Downloads\BitlordSetup.exe [Larecakog - Borik Setup]  =>PUP.Optional.WhenUSave
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ar.hao123.com_0.localstorage    =>PUP.Optional.Browser
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ar.hao123.com_0.localstorage-journal    =>PUP.Optional.Browser
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal    =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.Superfluous.Atwola
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.Superfluous.Atwola
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage    =>.Superfluous.AkamaiHD
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal    =>.Superfluous.AkamaiHD
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal    =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_download.televisionfanatic.com_0.localstorage    =>PUP.Optional.TelevisionFanatic
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_download.televisionfanatic.com_0.localstorage-journal    =>PUP.Optional.TelevisionFanatic
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hdwallpaperbackgrounds.net_0.localstorage    =>.Superfluous.HDWallPaper
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hdwallpaperbackgrounds.net_0.localstorage-journal    =>.Superfluous.HDWallPaper
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_landing.chedot.com_0.localstorage    =>PUP.Optional.ChedotBrowser
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_landing.chedot.com_0.localstorage-journal    =>PUP.Optional.ChedotBrowser
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.myway.com_0.localstorage    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.myway.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.tb.ask.com_0.localstorage    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.tb.ask.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage    =>PUP.Optional.PutLocker
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal    =>PUP.Optional.PutLocker
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funmediatabsearch.com_0.localstorage    =>.Superfluous.FunMediaTab
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funmediatabsearch.com_0.localstorage-journal    =>.Superfluous.FunMediaTab
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagesearch.com_0.localstorage    =>.Superfluous.SocialNewPages
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagesearch.com_0.localstorage-journal    =>.Superfluous.SocialNewPages
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage    =>.Superfluous.AudienceInsights
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal    =>.Superfluous.AudienceInsights
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage    =>Toolbar.Ask
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal    =>Toolbar.Ask
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage    =>PUP.Optional.AddLyrics
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal    =>PUP.Optional.AddLyrics
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bringmesports.com_0.localstorage    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bringmesports.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hdwallpapernew.in_0.localstorage    =>.Superfluous.HDWallPaper
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hdwallpapernew.in_0.localstorage-journal    =>.Superfluous.HDWallPaper
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hdwallpapersnews.com_0.localstorage    =>.Superfluous.HDWallPaper
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hdwallpapersnews.com_0.localstorage-journal    =>.Superfluous.HDWallPaper
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage    =>PUP.Optional.AddLyrics
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal    =>PUP.Optional.AddLyrics
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.radiorage.com_0.localstorage    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.radiorage.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tortugabackpacks.com_0.localstorage    =>PUP.Optional.Tortuga
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tortugabackpacks.com_0.localstorage-journal    =>PUP.Optional.Tortuga
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.videodownloadconverter.com_0.localstorage    =>PUP.Optional.VideoDownloadConverter
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.videodownloadconverter.com_0.localstorage-journal    =>PUP.Optional.VideoDownloadConverter
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage    =>PUP.Optional.WhiteSmoke
MOVED file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal    =>PUP.Optional.WhiteSmoke
MOVED file*: C:\Users\user\AppData\Roaming\PDAppFlex    =>Trojan.Elpman
MOVED file: C:\program files (x86)\BitLord\BitLord.exe [House of Life - BitLord]  =>PUP.Optional.WhenUSave
MOVED folder: C:\Program Files (x86)\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\Program Files (x86)\TorrentsTime Media Player  =>.Superfluous.TorrentsTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TorrentsTime Media Player  =>.Superfluous.TorrentsTime
MOVED folder: C:\Users\user\AppData\Roaming\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\Users\user\Documents\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\Users\user\AppData\Local\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\Users\user\AppData\Local\Temp\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVED folder: C:\Users\user\AppData\Local\Temp\chrome_BITS_3412_30788  =>.Superfluous.Empty


---\\  Registry ( Key, Value, Data) (17)
DELETED key*: HKCU\Software\MozillaPlugins\torrents-time.com/TTPlugin []  =>.Superfluous.TorrentsTime
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TTService [C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe (Not File)]  =>.Superfluous.TorrentsTime
DELETED key*: HKEY_USERS\S-1-5-21-279693478-1646209937-2463236520-1000\SOFTWARE\bitlord.com []  =>PUP.Optional.WhenUSave
DELETED key*: HKEY_USERS\S-1-5-21-279693478-1646209937-2463236520-1000\SOFTWARE\Classes\BitLord [BitLord]  =>PUP.Optional.WhenUSave
DELETED key: HKCU\Software\bitlord.com []  =>PUP.Optional.WhenUSave
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\soundcloud.com []  =>PUP.Optional.SoundCloud
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com []  =>PUP.Optional.Chatango
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net [1062]  =>.Superfluous.CloudfrontNet
DELETED key*: HKLM\SOFTWARE\TTime []  =>.Superfluous.TorrentsTime
DELETED key*: [X64] HKLM\SOFTWARE\Classes\BitLord [BitLord]  =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quotenamron.exe []  =>PUP.Optional.Salus
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitLord [House of Life]  =>.Superfluous.Conduit
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{F0B9776D-52A2-4404-9218-A54A09E9CC0C}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{34D4CB3D-85CE-452F-AF3C-F21C858D9C9A}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{A0CD62C5-8B1C-4CEC-9289-6ED76D7C04E6}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{8324482B-2943-4BFE-8671-590286C8D430}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave


---\\  Summary of the elements found (30)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.TorrentsTime
https://www.nicolascoolman.com/fr/pup-salus/  =>PUP.Optional.Salus
https://www.nicolascoolman.com/fr/hijacker-smartbar/  =>PUP.Optional.SmartBar
https://www.nicolascoolman.com/fr/pup-pirritsuggestor/  =>PUP.Optional.Pirrit
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/adware-whenusave/  =>PUP.Optional.WhenUSave
https://nicolascoolman.eu/2017/01/26/hijacker-browser/  =>PUP.Optional.Browser
https://www.anti-malware.top/2016/08/31/cloudfront-net/  =>.Superfluous.CloudfrontNet
https://www.anti-malware.top/2016/07/21/superfluous-atwola/  =>.Superfluous.Atwola
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.AkamaiHD
https://www.nicolascoolman.com/fr/pup-televisionfanatic/  =>PUP.Optional.TelevisionFanatic
https://www.anti-malware.top/2016/08/22/superfluous-hdwallpaper/  =>.Superfluous.HDWallPaper
https://www.nicolascoolman.com/fr/pup-optional-chedotbrowser/  =>PUP.Optional.ChedotBrowser
https://nicolascoolman.eu/2017/01/15/superfluous-mindspark/  =>.Superfluous.MindSpark
https://www.nicolascoolman.com/fr/spyware-putlocker/  =>PUP.Optional.PutLocker
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.FunMediaTab
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.SocialNewPages
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Chatango
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.AudienceInsights
https://www.anti-malware.top/2016/09/22/toolbar-ask/  =>Toolbar.Ask
https://www.nicolascoolman.com/fr/adware-addlyrics/  =>PUP.Optional.AddLyrics
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Tortuga
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.VideoDownloadConverter
https://www.nicolascoolman.com/fr/pup-whitesmoke/  =>PUP.Optional.WhiteSmoke
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>Trojan.Elpman
https://www.nicolascoolman.com/fr/adware-domaiq/  =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.SoundCloud
https://www.nicolascoolman.com/fr/toolbar-conduit/  =>.Superfluous.Conduit


---\\  Other deletions. (11)
~ Registry Keys Tracing deleted (11)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 449
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 91


~ End of clean in 00h00mn35s
~====================
ZHPCleaner-[R]-27012017-16_43_05.txt
ZHPCleaner-[S]-27012017-16_41_55.txt