Thanks for you help,
Tom
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545
Run by Tom at 10:58:53 on 2014-05-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.669 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Tom\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Tom\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files\webroot\wrdata\pkg\vistax86\wrflt.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\tom\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PCShowServer] "c:\users\tom\appdata\local\directv player\PCShowServerPMWrapper.exe"
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: turbotax.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{837B7C71-5871-45E6-B5A6-A4CCD5A82203} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\odvrni0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://entertainment.verizon.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\geocomply\gc-browser-plugin-client-c\2.1.4.2\npgc-browser-plugin-client-c.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tom\appdata\local\directv player\npPlayerPlugin.dll
FF - plugin: c:\users\tom\appdata\local\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 19:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-5-3 123512]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-4-1 118240]
R1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_68261.sys [2014-5-16 358008]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-5-3 170968]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-5-3 249400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 354888]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-5-3 1882392]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-7-10 766040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\microsoft sql server\mssql10_50.mssqlserver\mssql\binn\fdlauncher.exe [2010-4-3 28512]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\msrs10_50.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [2011-4-24 1177952]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-05-18 14:37:05 -------- d-----w- c:\users\tom\appdata\local\{37ABCA1F-EE75-4F40-AD1B-1172AFF71639}
2014-05-17 17:47:09 -------- d-----w- C:\b669c1d23554d3a6ea9c9c7a083443
2014-05-16 15:55:37 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aa87caa-377d-43fa-976c-6ea5054105b1}\mpengine.dll
2014-05-16 14:07:21 -------- d-----w- C:\143c5157fef7113b9ada7b821a
2014-05-16 14:04:52 -------- d-----w- c:\users\tom\appdata\local\{B80BBFBC-C5AD-4BC0-B34A-87F49ADC6632}
2014-05-15 00:36:57 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-15 00:03:41 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-15 00:03:39 -------- d-----w- c:\users\tom\appdata\local\Temp
2014-05-14 23:18:09 -------- d-----w- C:\zoek_backup
2014-05-12 23:08:31 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-12 23:07:47 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 23:07:47 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 23:07:46 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-08 11:21:12 188272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-05-08 11:21:12 188272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-05-04 02:55:46 123512 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-05-03 04:06:22 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-03 04:05:32 -------- d-----w- C:\AdwCleaner
2014-05-03 03:50:09 -------- d-----w- c:\windows\ERUNT
2014-05-03 03:33:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-01 22:46:55 -------- d-----w- C:\_OTL
2014-04-27 18:59:25 63824 ----a-r- c:\users\tom\appdata\roaming\microsoft\installer\{a1bb9be6-729f-4049-a36a-aad335c86c01}\ARPPRODUCTICON.exe
2014-04-27 18:59:17 -------- d-----w- c:\users\tom\appdata\local\DIRECTV Player
2014-04-19 03:30:36 -------- d-----w- c:\windows\Migration
.
==================== Find3M ====================
.
2014-05-16 14:37:24 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 14:37:24 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-13 16:35:49 154248 ----a-w- c:\windows\system32\WRusr.dll
2014-04-13 16:35:49 118240 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 02:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 13:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 10:59:35.18 ===============