Has anyone considered here the same thing I thought of, "Everything maxed but view distance", lower shadow details and see what happens they rape machines for minimal at best graphical improvement (If your worried about them your likely to have a rig equally as enthusiast level that can take it).
I had a family member have the SAME exact issue happen with her computer and WoW installation. I checked EVERYTHING. Ended up using ComboFix and found she had accidently picked up a rootkit somewhere and that what was causing her issues. Combofix killed and removed the rootkit and she was fine again.
Give that a shot.
Fanboy (Fanboi):
1. A term used towards someone when a person disagrees with the said someone on a subject, person, place, thing, company, or product line and they are not smart enough to debate their counterpoints or facts, so they resort to childish name calling in hopes of shaming others into silence and thus them winning through dominance.* 2. A term used as a taunt/peer pressure technique to shape popular opinion through shame and humiliation.
I am guessing it is one of 2 things either you were logged on during non peak hours last night and your server is a its peak when you logged on today. Or one of your add-ons is messing it all up. It could also be your MOP install, I have had to delete Wow and totally re-install a few times before.
YOu must not of read all my posts, no addons and I did that reinstall already
---------- Post added 2013-02-19 at 07:30 PM ----------
I downloaded that program. I ran it and this came up... any idea how to read this:
ComboFix 13-02-18.02 - Rooster 013-Feb-19 8:59.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.5769 [GMT -8:00]
Running from: c:\users\Rooster\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-01-19 to 2013-02-19 )))))))))))))))))))))))))))))))
.
.
2013-02-19 17:10 . 2013-02-19 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-15 03:20 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-02-15 03:20 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-15 03:20 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-15 03:20 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-15 03:13 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 03:13 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 03:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-15 03:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-02-15 03:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-02-15 03:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-15 02:58 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-15 02:58 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-15 02:57 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-15 02:57 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-15 02:57 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-15 02:57 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-15 02:57 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-15 02:52 . 2013-01-09 01:07 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-15 02:52 . 2013-01-09 01:07 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-15 02:52 . 2013-01-09 01:05 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-15 02:52 . 2013-01-08 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-02-15 02:52 . 2013-01-09 01:13 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-02-15 02:52 . 2013-01-08 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-02-15 02:52 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-02-15 02:52 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 02:52 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-15 02:35 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-15 02:35 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-15 02:35 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-15 02:35 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-02-15 02:35 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-02-15 02:34 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-02-15 02:34 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-02-15 02:34 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-02-15 02:34 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-02-15 02:31 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-02-15 02:31 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-02-15 02:31 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-15 02:31 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-02-15 02:31 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-15 02:31 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-15 02:31 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-15 02:31 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-15 02:31 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-15 02:31 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-15 02:27 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-02-15 02:26 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-02-15 02:26 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-02-15 02:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-02-15 01:50 . 2013-02-15 02:16 -------- d-----w- c:\users\Rooster\AppData\Roaming\Sammsoft
2013-02-15 01:30 . 2013-02-15 02:13 -------- d-----w- c:\program files (x86)\ARO 2012
2013-02-14 15:21 . 2013-02-19 06:49 -------- d-----w- c:\program files (x86)\World of Warcraft
2013-02-14 05:45 . 2013-02-14 17:13 -------- d-----w- c:\program files\CPUID
2013-02-13 20:59 . 2013-02-13 20:59 -------- d-----w- c:\users\Rooster\AppData\Local\SwvUpdater
2013-02-13 20:59 . 2013-02-13 20:59 -------- d-----w- c:\program files (x86)\Conduit
2013-02-13 20:59 . 2013-02-13 21:06 -------- d-----w- c:\users\Rooster\AppData\Local\Conduit
2013-02-13 20:58 . 2013-02-13 20:58 -------- d-----w- c:\users\Rooster\AppData\Local\CRE
2013-02-13 20:52 . 2013-02-13 20:52 -------- d-----w- c:\programdata\ATI
2013-02-13 20:33 . 2013-02-13 20:33 -------- d-----w- c:\programdata\AMD
2013-02-13 20:33 . 2013-02-13 20:33 -------- d-----w- c:\program files (x86)\AMD AVT
2013-02-13 20:33 . 2013-02-13 20:33 -------- d-----w- c:\program files (x86)\AMD APP
2013-02-13 20:33 . 2013-02-13 20:33 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-02-13 20:33 . 2013-02-13 20:33 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-02-13 20:24 . 2013-02-13 20:26 -------- d-----w- C:\AMD
2013-01-30 17:51 . 2013-01-12 11:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-28 16:50 . 2013-01-28 16:50 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 17:04 . 2012-05-26 06:39 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 17:04 . 2011-08-23 11:19 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-05 06:49 . 2010-08-17 14:11 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-15 02:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 23:45 . 2012-12-19 23:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 23:44 . 2012-12-19 23:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 23:44 . 2012-12-19 23:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 23:44 . 2012-12-19 23:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 23:44 . 2012-12-19 23:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 23:44 . 2012-12-19 23:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 23:38 . 2012-12-19 23:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 23:34 . 2012-12-19 23:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 23:34 . 2012-12-19 23:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-19 20:50 . 2010-06-24 16:32 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2010-10-29 05:22 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2010-10-29 05:22 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2010-10-29 05:22 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2010-06-24 16:32 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2010-06-24 16:32 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2010-06-24 16:32 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2010-06-24 16:32 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2010-10-29 05:22 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2010-10-29 05:22 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2010-10-29 05:22 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2010-10-29 05:22 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-11 19:19 . 2012-12-11 19:19 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-11 19:19 . 2010-07-30 00:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Rooster\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-13 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-28 75048]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Rooster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-2-14 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2005-02-18 120704]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [2007-04-11 43416]
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [2007-04-11 51096]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-07-13 40144]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-07-13 42192]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-10-13 178400]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [2009-07-13 46792]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/07/29 19:28];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-16 04:28 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0 106e5e8\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-02 25136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-19 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Rooster\AppData\Local\SwvUpdater\Updater.exe [2013-02-13 20:56]
.
2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-473968919-1270870001-2859423357-1000Core.job
- c:\users\Rooster\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-12 06:25]
.
2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-473968919-1270870001-2859423357-1000UA.job
- c:\users\Rooster\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-12 06:25]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473968919-1270870001-2859423357-1000Core.job
- c:\users\Rooster\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 17:45]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473968919-1270870001-2859423357-1000UA.job
- c:\users\Rooster\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN67118102816610489&ctid=CT3281023
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 74.77.51.169:1139
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rooster\AppData\Roaming\Mozilla\Firefox\Profiles\0z2ygryq.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281023&SearchSource=2&CUI=UN13784956511813423&UM=UM_ID&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Rooster\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
SafeBoot-Symantec Antvirus
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Fallout Tactics - c:\program files (x86)\GOG.com\Fallout Tactics\unins000.exe
AddRemove-{8C3727F2-8E37-49E4-820C-03B1677F53B6} - c:\program files (x86)\GOG.com\Stronghold Crusader\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-473968919-1270870001-2859423357-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,b6,f0,80,bc,c5,ce,b2,d2,58,a0,80,85,9e,66,85,2f,0a,cf,79,c1,
dc,2b,eb,d1,4f,aa,c3,4f,25,27,c9,2b,cf,0d,1b,49,d3,4a,27,5a,d2,c6,63,41,17,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-19 09:13:19
ComboFix-quarantined-files.txt 2013-02-19 17:13
.
Pre-Run: 44,046,790,656 bytes free
Post-Run: 43,935,305,728 bytes free
.
- - End Of File - - 8BAAE980D5C0029224A0E1A2885C0BDB
"I don't agree with you on that, I'm going to have to check Google." -Martin, Role Models.