I was re-directed here by an admin from the Mozilla/Firefox Browsers support forum.
My FireFox randomly installs extensions onto itself. It'll even close and restart to start up a new extension if it's added. They're never officially support extensions, they're always ones that cause pop ups. My Microsoft Essentials and AVG scans have never turned up any issues, and while I do keep changing my passwords when it happens, I've never noticed any issues. Any help would be much appreciated, it's driving me insane, not to mention making me worried about computer security. Formatting my PC is an option, but a last resort.
Thanks in advance for any help given. Below is my DDS scan, and the Attach file is attached as requested.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267 BrowserJavaVersion: 11.40.2
Run by KlownKefka at 9:02:39 on 2015-05-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5855 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}\teen seduce.exe
C:\Users\KlownKefka\AppData\Local\Apps\2.0\BTEA6YWM.PX0\HQVJJ8EO.6MZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchy.easylifeapp.com/
mStart Page = hxxp://searchy.easylifeapp.com/
mWinlogon: Userinit = userinit.exe
BHO: Fiun2SavE: {4302bf62-7c57-403b-bf78-e16de082763c} - C:\Program Files (x86)\Fiun2SavE\fuxCIesdxhsCA4.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Amazon Music] "C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\KLOWNK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEENSE~1.LNK - C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}\teen seduce.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0784B62F-3DE6-4272-8FA2-1B6B95421FB1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{958E6B69-9261-4586-B5A7-D2FB52FE0BA6} : DHCPNameServer = 192.168.0.1
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://searchy.easylifeapp.com/
x64-BHO: Fiun2SavE: {4302bf62-7c57-403b-bf78-e16de082763c} - C:\Program Files (x86)\Fiun2SavE\fuxCIesdxhsCA4.x64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KlownKefka\AppData\Roaming\Mozilla\Firefox\Profiles\uyzapdgp.default-1429546533444\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\KlownKefka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2015-1-5 604192]
R2 4261c3f1;IncrementGeneration;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 43641ff3;BocaFoobar;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 124560]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2013-10-23 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-10-19 484592]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-6-25 131912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-6-21 48488]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2015-5-7 1764408]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-5-7 6544952]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-12-17 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-6-29 1931632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-23 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-21 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-05-14 14:51:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AB52940-9F81-422E-8B23-912E4220B6B9}\offreg.dll
2015-05-14 14:49:58 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AB52940-9F81-422E-8B23-912E4220B6B9}\mpengine.dll
2015-05-13 12:50:16 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-12 14:39:12 -------- d-----w- C:\Program Files (x86)\NewSuaver
2015-05-12 14:38:54 -------- d-----w- C:\Program Files (x86)\Fiun2SavE
2015-05-11 07:24:54 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\GOG
2015-05-11 02:54:54 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\Sierra
2015-05-11 02:04:44 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\Ascaron Entertainment
2015-05-11 00:27:35 179200 ----a-w- C:\Windows\SysWow64\rsx.dll
2015-05-11 00:27:35 11776 ----a-w- C:\Windows\SysWow64\aaudio.dll
2015-05-07 12:54:24 -------- d-----w- C:\ProgramData\GOG.com
2015-05-07 12:54:24 -------- d-----w- C:\Program Files (x86)\GalaxyClient
2015-05-02 13:37:28 -------- d-----w- C:\Program Files (x86)\Blank Canvas Signatures for Gmail
2015-05-02 13:37:05 -------- d-----w- C:\Program Files (x86)\AllSaaver
2015-05-02 13:36:35 -------- d-----w- C:\Program Files (x86)\DigiiSaver
2015-05-02 13:36:07 -------- d-----w- C:\Program Files (x86)\REguullarDDealesa
2015-05-01 18:10:42 229608 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-05-01 13:29:53 939520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll
2015-04-29 13:27:48 -------- d-----w- C:\ProgramData\Supreme AdBlocker
2015-04-24 15:09:50 -------- d-----w- C:\Program Files (x86)\IncrementGeneration
2015-04-24 15:08:49 -------- d-----w- C:\Program Files (x86)\Online 8 Ball Pool Multiplayer
2015-04-24 15:08:30 -------- d-----w- C:\Program Files (x86)\bestadblocker
2015-04-24 15:08:19 -------- d-----w- C:\Program Files (x86)\UniDeals
2015-04-23 17:45:33 -------- d-----w- C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}
2015-04-23 13:41:24 -------- d-----w- C:\Users\KlownKefka\AppData\Local\openvr
.
==================== Find3M ====================
.
2015-05-11 06:58:55 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2015-05-11 06:58:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2015-05-11 06:58:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2015-05-11 06:58:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2015-04-15 12:41:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 12:41:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 12:41:08 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-03-07 13:53:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-23 10:52:04 2237952 ----a-w- C:\Windows\System32\wininet.dll
2015-02-23 10:51:56 600576 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-23 10:50:40 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-23 10:50:34 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-23 10:50:34 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-02-23 10:49:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-23 09:17:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-23 08:51:29 441856 ----a-w- C:\Windows\System32\html.iec
2015-02-23 08:25:10 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-02-21 05:31:25 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-21 05:31:19 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-21 05:30:16 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-21 05:30:11 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-21 05:30:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-02-21 05:29:25 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-21 05:09:51 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-21 04:42:37 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-02-21 04:19:22 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-17 21:04:46 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 9:02:54.00 ===============
My FireFox randomly installs extensions onto itself. It'll even close and restart to start up a new extension if it's added. They're never officially support extensions, they're always ones that cause pop ups. My Microsoft Essentials and AVG scans have never turned up any issues, and while I do keep changing my passwords when it happens, I've never noticed any issues. Any help would be much appreciated, it's driving me insane, not to mention making me worried about computer security. Formatting my PC is an option, but a last resort.
Thanks in advance for any help given. Below is my DDS scan, and the Attach file is attached as requested.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267 BrowserJavaVersion: 11.40.2
Run by KlownKefka at 9:02:39 on 2015-05-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5855 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}\teen seduce.exe
C:\Users\KlownKefka\AppData\Local\Apps\2.0\BTEA6YWM.PX0\HQVJJ8EO.6MZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchy.easylifeapp.com/
mStart Page = hxxp://searchy.easylifeapp.com/
mWinlogon: Userinit = userinit.exe
BHO: Fiun2SavE: {4302bf62-7c57-403b-bf78-e16de082763c} - C:\Program Files (x86)\Fiun2SavE\fuxCIesdxhsCA4.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Amazon Music] "C:\Users\KlownKefka\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\KlownKefka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\KLOWNK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEENSE~1.LNK - C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}\teen seduce.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0784B62F-3DE6-4272-8FA2-1B6B95421FB1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{958E6B69-9261-4586-B5A7-D2FB52FE0BA6} : DHCPNameServer = 192.168.0.1
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://searchy.easylifeapp.com/
x64-BHO: Fiun2SavE: {4302bf62-7c57-403b-bf78-e16de082763c} - C:\Program Files (x86)\Fiun2SavE\fuxCIesdxhsCA4.x64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KlownKefka\AppData\Roaming\Mozilla\Firefox\Profiles\uyzapdgp.default-1429546533444\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\KlownKefka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2015-1-5 604192]
R2 4261c3f1;IncrementGeneration;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 43641ff3;BocaFoobar;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 124560]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2013-10-23 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-10-19 484592]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-6-25 131912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-6-21 48488]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2015-5-7 1764408]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-5-7 6544952]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-12-17 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-6-29 1931632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-23 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-21 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-05-14 14:51:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AB52940-9F81-422E-8B23-912E4220B6B9}\offreg.dll
2015-05-14 14:49:58 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AB52940-9F81-422E-8B23-912E4220B6B9}\mpengine.dll
2015-05-13 12:50:16 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-12 14:39:12 -------- d-----w- C:\Program Files (x86)\NewSuaver
2015-05-12 14:38:54 -------- d-----w- C:\Program Files (x86)\Fiun2SavE
2015-05-11 07:24:54 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\GOG
2015-05-11 02:54:54 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\Sierra
2015-05-11 02:04:44 -------- d-----w- C:\Users\KlownKefka\AppData\Roaming\Ascaron Entertainment
2015-05-11 00:27:35 179200 ----a-w- C:\Windows\SysWow64\rsx.dll
2015-05-11 00:27:35 11776 ----a-w- C:\Windows\SysWow64\aaudio.dll
2015-05-07 12:54:24 -------- d-----w- C:\ProgramData\GOG.com
2015-05-07 12:54:24 -------- d-----w- C:\Program Files (x86)\GalaxyClient
2015-05-02 13:37:28 -------- d-----w- C:\Program Files (x86)\Blank Canvas Signatures for Gmail
2015-05-02 13:37:05 -------- d-----w- C:\Program Files (x86)\AllSaaver
2015-05-02 13:36:35 -------- d-----w- C:\Program Files (x86)\DigiiSaver
2015-05-02 13:36:07 -------- d-----w- C:\Program Files (x86)\REguullarDDealesa
2015-05-01 18:10:42 229608 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-05-01 13:29:53 939520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll
2015-04-29 13:27:48 -------- d-----w- C:\ProgramData\Supreme AdBlocker
2015-04-24 15:09:50 -------- d-----w- C:\Program Files (x86)\IncrementGeneration
2015-04-24 15:08:49 -------- d-----w- C:\Program Files (x86)\Online 8 Ball Pool Multiplayer
2015-04-24 15:08:30 -------- d-----w- C:\Program Files (x86)\bestadblocker
2015-04-24 15:08:19 -------- d-----w- C:\Program Files (x86)\UniDeals
2015-04-23 17:45:33 -------- d-----w- C:\ProgramData\{91e5c10d-e109-d3a0-91e5-5c10de100437}
2015-04-23 13:41:24 -------- d-----w- C:\Users\KlownKefka\AppData\Local\openvr
.
==================== Find3M ====================
.
2015-05-11 06:58:55 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2015-05-11 06:58:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2015-05-11 06:58:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2015-05-11 06:58:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2015-04-15 12:41:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 12:41:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 12:41:08 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-03-07 13:53:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-23 10:52:04 2237952 ----a-w- C:\Windows\System32\wininet.dll
2015-02-23 10:51:56 600576 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-23 10:50:40 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-23 10:50:34 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-23 10:50:34 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-02-23 10:49:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-23 09:17:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-23 08:51:29 441856 ----a-w- C:\Windows\System32\html.iec
2015-02-23 08:25:10 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-02-21 05:31:25 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-21 05:31:19 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-21 05:30:16 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-21 05:30:11 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-21 05:30:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-02-21 05:29:25 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-21 05:09:51 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-21 04:42:37 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-02-21 04:19:22 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-17 21:04:46 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 9:02:54.00 ===============