ComboFix 17-01-29.01 - windows 01/29/2017  14:33:26.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.213.1025.18.2012.1210 [GMT 1:00]
Running from: c:\users\windows\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ÌÏÇÑ ÇáÍãÇíÉ ÇáÔÎÕí ESET *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\windows\ZHPCleaner.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-12-28 to 2017-01-29  )))))))))))))))))))))))))))))))
.
.
2017-02-23 13:15 . 2017-02-23 13:15	--------	d-----w-	c:\users\windows\AppData\Local\ElevatedDiagnostics
2017-02-20 22:37 . 2017-02-21 20:25	--------	d-----w-	c:\users\windows\AppData\Roaming\ZHP
2017-02-07 13:35 . 2016-12-30 22:26	9561744	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5F0F3BD-CE1B-44CD-8E42-2FA70F02B3A8}\mpengine.dll
2017-01-30 13:12 . 2017-01-30 13:13	6930376	----a-w-	C:\idmupdtf.exe
2017-01-26 14:41 . 2016-10-17 15:35	147120	----a-w-	c:\windows\system32\drivers\idmwfp.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-23 12:53 . 2016-10-29 20:45	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-14 22:46 . 2016-02-14 12:52	802904	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2017-02-14 22:46 . 2016-02-14 12:52	144472	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2016-11-29 13:55 . 2016-11-29 13:55	122496	----a-w-	c:\windows\system32\drivers\ekbdflt.sys
2016-11-29 13:55 . 2016-06-23 13:31	71304	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2016-11-29 13:55 . 2016-06-23 13:31	206472	----a-w-	c:\windows\system32\drivers\eamonm.sys
2016-11-29 13:55 . 2016-06-23 13:31	162952	----a-w-	c:\windows\system32\drivers\epfw.sys
2016-11-29 13:55 . 2016-06-23 13:31	156288	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2016-11-29 13:55 . 2016-02-23 14:25	52872	----a-w-	c:\windows\system32\drivers\EpfwLWF.sys
2016-11-28 17:29 . 2016-08-24 21:12	24688	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2016-11-11 19:49 . 2016-09-17 12:15	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-23 20:49	759072	----a-w-	c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52	23520	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\windows\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-02-08 7347928]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-01-30 4015216]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2017-02-08 7347928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-01-31 623520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\E617A003.sys]
@="Driver"
.
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files\IObit\IObit Uninstaller\IUService.exe [2016-10-28 360736]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-04-24 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2016-05-03 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2016-05-03 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2016-05-03 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2016-05-03 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S0 E617A003;E617A003;c:\windows\system32\drivers\E617A003.sys [2016-04-08 153784]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-11-29 71304]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-11-29 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-11-29 156288]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-11-29 52872]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-11-29 122496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-11-29 2166040]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S3 solo;TerraTec Base2PCI (WDM);c:\windows\system32\drivers\solo.sys [2000-07-10 73873]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 19:25	1368920	----a-w-	c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-18 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14 22:46]
.
2017-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-14 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{07FC3D91-9359-4CB0-8788-95F211F6361E}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\p4f63ept.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-29  14:49:28
ComboFix-quarantined-files.txt  2017-01-29 13:49
.
Pre-Run: 87,606,177,792 bytes free
Post-Run: 87,333,978,112 bytes free
.
- - End Of File - - 380308453537E71F6E79F9F247DA560A
A36C5E4F47E84449FF07ED3517B43A31