Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: msngames says your browser or operating system does not meet min rquirements  (Read 16671 times)

0 Members and 1 Guest are viewing this topic.

gomer309

    Topic Starter


    Intermediate

    Not sure I'm in the right place for this question.  I have IE11/Windows 7.  When my wife or grandson (not sure which) was playing games, something called conduit or something like hat was trying to download, but my anti-virus blocked it.  Unfortunately it kept popping up everytime the wife tried to play something or go to her home page. Anyways, I searched online and all my answers said to simply reset ie, which I did but now she gets mad cuz she can't play her games because of the error.  I know the system meets the minimum requirements because all was fine before this conduit thing.  I did a virus scan/check and it's all clean.  Thanks for any help you can provide or shed light on this issue.

    Hi, I was directed over here on account of I am apparently infected.  I've started the process, but when I clicked on the adw, my site advisor said don't go there, so I tried to find an alternate site but they all keep wanting me to download or install other stuff I don't want or need at this time.  suggestions?

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1010
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Yes, you are infected. Your AV doesn't stop this type of malware. Please run these scans and post the logs.

    Please download AdwCleaner by Xplode onto your Desktop.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click the scan button
    • Once the scan is complete Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    *********************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    *************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    gomer309

      Topic Starter


      Intermediate

      thanks, looking forward to fixing this.  whenever I go to adw, mcaffee says it's a risky site, so I click visit anyway and then I get internet explorer stopped working, is there another site I should use, skip this piece? or something else?

      gomer309

        Topic Starter


        Intermediate

        and it does the same thing with the junkyard removal tool...

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1010
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Download them on another computer and transfer them to your computer with a USB memory stick or try disabling McAfee.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        gomer309

          Topic Starter


          Intermediate

          I think I've got em all, thanks..

          [recovering disk space, attachment deleted by admin]

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 1010
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

          Malwarebytes' Anti-Rootkit

          Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
          • Be sure to print out and follow the instructions provided on that same page for performing a scan.
          • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
          • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
          • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
          • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
          • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
          • Copy and paste the contents of these two log files in your next reply.
          *******************************************
          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          gomer309

            Topic Starter


            Intermediate

            sorry about the last post, read the instructions wrong.  here are the files you requested.  Thanks.
            Malwarebytes Anti-Rootkit BETA 1.07.0.1007
            www.malwarebytes.org

            Database version: v2013.12.03.07

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 11.0.9600.16428
            papa :: PAPA-PC [administrator]

            12/3/2013 12:18:40 PM
            mbar-log-2013-12-03 (12-18-40).txt

            Scan type: Quick scan
            Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
            Scan options disabled:
            Objects scanned: 257198
            Time elapsed: 6 minute(s), 9 second(s)

            Memory Processes Detected: 0
            (No malicious items detected)

            Memory Modules Detected: 0
            (No malicious items detected)

            Registry Keys Detected: 2
            HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Delete on reboot.
            HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Delete on reboot.

            Registry Values Detected: 0
            (No malicious items detected)

            Registry Data Items Detected: 0
            (No malicious items detected)

            Folders Detected: 0
            (No malicious items detected)

            Files Detected: 0
            (No malicious items detected)

            Physical Sectors Detected: 0
            (No malicious items detected)

            (end)
            Malwarebytes Anti-Rootkit BETA 1.07.0.1007
            www.malwarebytes.org

            Database version: v2013.12.03.07

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 11.0.9600.16428
            papa :: PAPA-PC [administrator]

            12/3/2013 12:30:51 PM
            mbar-log-2013-12-03 (12-30-51).txt

            Scan type: Quick scan
            Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
            Scan options disabled:
            Objects scanned: 255990
            Time elapsed: 6 minute(s), 17 second(s)

            Memory Processes Detected: 0
            (No malicious items detected)

            Memory Modules Detected: 0
            (No malicious items detected)

            Registry Keys Detected: 0
            (No malicious items detected)

            Registry Values Detected: 0
            (No malicious items detected)

            Registry Data Items Detected: 0
            (No malicious items detected)

            Folders Detected: 0
            (No malicious items detected)

            Files Detected: 0
            (No malicious items detected)

            Physical Sectors Detected: 0
            (No malicious items detected)

            (end)
             Results of screen317's Security Check version 0.99.77 
             Windows 7 Service Pack 1 x64 (UAC is enabled) 
             Internet Explorer 11 
            ``````````````Antivirus/Firewall Check:``````````````[/u]
             Windows Firewall Enabled! 
            McAfee Anti-Virus and Anti-Spyware   
             WMI entry may not exist for antivirus; attempting automatic update.
            `````````Anti-malware/Other Utilities Check:`````````[/u]
             Malwarebytes Anti-Malware version 1.75.0.1300 
             Java 7 Update 45 
             Adobe Reader 10.1.8 Adobe Reader out of Date! 
            ````````Process Check: objlist.exe by Laurent````````[/u] 
             Malwarebytes Anti-Malware mbamservice.exe 
             Malwarebytes Anti-Malware mbamgui.exe 
             Malwarebytes' Anti-Malware mbamscheduler.exe   
            `````````````````System Health check`````````````````[/u]
             Total Fragmentation on Drive C: 0%
            ````````````````````End of Log``````````````````````[/u]

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1010
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Update your Adobe Reader. get.adobe.com/reader.

            Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

            **************************************
            I'd like to scan your machine with ESET OnlineScan

            •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
            ESET OnlineScan

            •Click the button.
            •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
            • Click on to download the ESET Smart Installer. Save it to your desktop.
            • Double click on the icon on your desktop.
            •Check
            •Click the button.
            •Accept any security warnings from your browser.
            • Leave the check mark next to Remove found threats.
            •Check
            •Push the Start button.
            •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
            •When the scan completes, push
            •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
            •Push the button.
            •Push
            A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            gomer309

              Topic Starter


              Intermediate

              eset didn't have any threts or anything else, so this is the only log. thanks

              [email protected] as downloader log:
              all ok
              # version=8
              # OnlineScannerApp.exe=1.0.0.1
              # OnlineScanner.ocx=1.0.0.6920
              # api_version=3.0.2
              # EOSSerial=ec55bce0db12a74194cef25b6ba38dfa
              # engine=16126
              # end=stopped
              # remove_checked=false
              # archives_checked=true
              # unwanted_checked=false
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2013-12-04 08:14:24
              # local_time=2013-12-04 12:14:24 (-0800, Pacific Standard Time)
              # country="United States"
              # lang=1033
              # osver=6.1.7601 NT Service Pack 1
              # compatibility_mode=5122 16777214 66 86 4096386 133973460 0 0
              # compatibility_mode=5893 16776574 100 94 11684983 137688314 0 0
              # scanned=4284
              # found=0
              # cleaned=0
              # scan_time=1005

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1010
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              How's your computer running now?
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              gomer309

                Topic Starter


                Intermediate

                well, I went to msn games, and I still have the same error message, and there is another window which pops up , it's blank, but says
                http://zone.msn.com/en/utility/clientunsupported.aspx as the ?url? (not real sure).  everything else seems to be just fine, so I'm not sure why
                the error.

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1010
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Please give me the specifics of your computer.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                gomer309

                  Topic Starter


                  Intermediate

                  it'll be at least another 5 hours till i get off work, don't wait up.  do you think i'm okay to do some online bill pay? i got things to pay but wanted to make sure i was clean of virus, malware, etc.  thanks again

                  gomer309

                    Topic Starter


                    Intermediate

                    Not sure how much system info you need.

                    Dell XPS 8300
                    WIndows 7 SP1
                    intel core i7
                    12GB RAM
                    64-bit operating system
                    Internet Explorer: 11.0.9600.16428
                    mCafee scty center (can't find the version number, but it's updated reg)

                    thanks again.

                    gomer309

                      Topic Starter


                      Intermediate

                      not sure if this is an issue related to this or not, on account of thngs seem to be coming back clean.  My printer seems to have its own issue, prints a couple of pages and I have to restart the computer to get it talking again, I can live with that for the moment, but when I restarted I was actually watching the screen and something flashed by real quick which said shwiconxp and then window cleared/closed.  not really sure what that is because I don't recall seeing it before.  thanks

                      SuperDave

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Thanked: 1010
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 8
                      Please try this. It's supposed to fix a number of issues with MS.

                      Please download and run MS Fix-it from here.
                      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                      gomer309

                        Topic Starter


                        Intermediate

                        okay thanks, i'll see what i can do when i get home.

                        gomer309

                          Topic Starter


                          Intermediate

                          did the ms-fix thing, but the problem still exists, and the shwiconxp thing popped up when I was rebooting again...thanks

                          gomer309

                            Topic Starter


                            Intermediate

                            again not sure if this is related or not.  my wife tried to open facebook on her account and got this pop up window
                            there was a  problem starting  c\users\candee\appdata\local\conduit\backgroundcontainer\backgroundcontainer.dll the specified module could not be found.

                            not sure if this conduit is the same one which appeared to have started my problems or not?

                            thanks

                            gomer309

                              Topic Starter


                              Intermediate

                              sorry to be such a bother, but I did google this particular error and there are some steps out there which say how to remove, but I haven't done that cuz I wanted to wait for your input.  also I don't think my wife was trying to enter facebook, the computer was rebooted before that and I think she was simply logging on to her account and that is when the error showed up.  thanks.

                              SuperDave

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Thanked: 1010
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 8
                              Please run AdwCleaner again and see what turns up.
                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                              gomer309

                                Topic Starter


                                Intermediate

                                don't know why, but on a whim I ran adw cleaner under my account and my wifes, both logs attached, my account first, hers second.  on the reboot, I didn't get the conduit box I mentioned in the last couple of posts when I logged on to her account (has never happened on mine) so maybe that piece is fixed.  I did get a box that said shwiconxp pop up, not sure why (again when I logged on to her account), I closed it.  unfortunately, the problem still exists within msngames telling me my browser etc (start of thread) and that other msn zone pop up window I mentioned earlier.  thanks..

                                # AdwCleaner v3.014 - Report created 06/12/2013 at 17:32:28
                                # Updated 01/12/2013 by Xplode
                                # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
                                # Username : papa - PAPA-PC
                                # Running from : C:\Users\papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOWDBPR4\adwcleaner.exe
                                # Option : Clean

                                ***** [ Services ] *****


                                ***** [ Files / Folders ] *****

                                Folder Deleted : C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk

                                ***** [ Shortcuts ] *****


                                ***** [ Registry ] *****

                                Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

                                ***** [ Browsers ] *****

                                -\\ Internet Explorer v11.0.9600.16428


                                -\\ Google Chrome v

                                [ File : C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


                                [ File : C:\Users\Candee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


                                *************************

                                AdwCleaner[R0].txt - [30029 octets] - [02/12/2013 17:49:05]
                                AdwCleaner[R1].txt - [1228 octets] - [06/12/2013 17:31:32]
                                AdwCleaner[S0].txt - [29992 octets] - [02/12/2013 17:53:12]
                                AdwCleaner[S1].txt - [1153 octets] - [06/12/2013 17:32:28]

                                ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1213 octets] ##########
                                # AdwCleaner v3.014 - Report created 06/12/2013 at 17:37:14
                                # Updated 01/12/2013 by Xplode
                                # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
                                # Username : Candee - PAPA-PC
                                # Running from : C:\Users\Candee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP5W6OP4\adwcleaner.exe
                                # Option : Clean

                                ***** [ Services ] *****


                                ***** [ Files / Folders ] *****


                                ***** [ Shortcuts ] *****


                                ***** [ Registry ] *****

                                Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
                                Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
                                Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
                                Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
                                Key Deleted : HKCU\Software\APN DTX
                                Key Deleted : HKCU\Software\IM
                                Key Deleted : HKCU\Software\ImInstaller
                                Key Deleted : HKCU\Software\incredibar
                                Key Deleted : HKCU\Software\InstallCore
                                Key Deleted : HKCU\Software\MyWebSearch
                                Key Deleted : HKCU\Software\AppDataLow\Toolbar
                                Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
                                Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
                                Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
                                Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
                                Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
                                Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
                                Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
                                Key Deleted : HKCU\Software\AppDataLow\Software\iWon_5k
                                Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
                                Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
                                Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

                                ***** [ Browsers ] *****

                                -\\ Internet Explorer v11.0.9600.16428


                                -\\ Google Chrome v

                                [ File : C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


                                [ File : C:\Users\Candee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


                                *************************

                                AdwCleaner[R0].txt - [30029 octets] - [02/12/2013 17:49:05]
                                AdwCleaner[R1].txt - [1228 octets] - [06/12/2013 17:31:32]
                                AdwCleaner[R2].txt - [3081 octets] - [06/12/2013 17:36:28]
                                AdwCleaner[S0].txt - [29992 octets] - [02/12/2013 17:53:12]
                                AdwCleaner[S1].txt - [1293 octets] - [06/12/2013 17:32:28]
                                AdwCleaner[S2].txt - [2451 octets] - [06/12/2013 17:37:14]

                                ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2511 octets] ##########

                                SuperDave

                                • Malware Removal Specialist
                                • Moderator


                                • Genius
                                • Thanked: 1010
                                • Certifications: List
                                • Experience: Expert
                                • OS: Windows 8
                                Download the Fix IE Utility to your desktop.

                                Before running the utility, make sure that all your Internet Explorer windows are closed!

                                * Extract the contents of the .zip file to your desktop.
                                * Double click the Fix IE Utility button to run the tool.
                                * Click Run Utility
                                * Click OK when you see 'Re-registered all files'
                                * Open Internet Explorer and see how it works.
                                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                gomer309

                                  Topic Starter


                                  Intermediate

                                  well did as you said, but still same problem, browser doesn't meet ... and that annoying client unsupported window thing.  thanks

                                  SuperDave

                                  • Malware Removal Specialist
                                  • Moderator


                                  • Genius
                                  • Thanked: 1010
                                  • Certifications: List
                                  • Experience: Expert
                                  • OS: Windows 8
                                  Can you provide the link where you're getting that message?
                                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                  gomer309

                                    Topic Starter


                                    Intermediate

                                    www.msngames.com, then click on online games. thanks

                                    SuperDave

                                    • Malware Removal Specialist
                                    • Moderator


                                    • Genius
                                    • Thanked: 1010
                                    • Certifications: List
                                    • Experience: Expert
                                    • OS: Windows 8
                                    I can open that link with IE 8 so I really don't understand why you're having problems with it.
                                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                    gomer309

                                      Topic Starter


                                      Intermediate

                                      yeah, I don't understand it either.  I appreciate all your help, any further suggestions?

                                      SuperDave

                                      • Malware Removal Specialist
                                      • Moderator


                                      • Genius
                                      • Thanked: 1010
                                      • Certifications: List
                                      • Experience: Expert
                                      • OS: Windows 8
                                      When you ran MSFix-It did you click on the "Visit our Solution Center and select the IE tab?

                                      Download Combofix from any of the links below, and save it to your DESKTOP
                                      If your version of Windows defaults to you download folder you will need to copy it to your desktop.

                                      Link 1
                                      Link 2
                                      Link 3

                                      To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
                                      • Close any open windows and double click ComboFix.exe to run it.

                                        You will see the following image:


                                      Click I Agree to start the program.

                                      ComboFix will then extract the necessary files and you will see this:



                                      As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

                                      It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

                                      If you did not have it installed, you will see the prompt below. Choose YES.



                                      Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

                                      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

                                      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



                                      Click on Yes, to continue scanning for malware.

                                      When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

                                      Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

                                      Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
                                      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                      gomer309

                                        Topic Starter


                                        Intermediate

                                        here ya go.  thanks.

                                        ComboFix 13-12-08.01 - papa 12/08/2013  21:58:35.1.8 - x64
                                        Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12270.9971 [GMT -8:00]
                                        Running from: c:\users\papa\Desktop\ComboFix.exe
                                        AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
                                        FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
                                        SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
                                        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                                         * Created a new restore point
                                        .
                                        .
                                        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                                        .
                                        .
                                        c:\programdata\PCDr\6361\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\9e7391aa-d9c2-4547-bdb7-737a833083a2.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\f586fa98-17b8-498c-9c59-24de5750efab.dll
                                        c:\programdata\PCDr\6361\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
                                        c:\programdata\SPLCEB.tmp
                                        c:\programdata\SPLDBFC.tmp
                                        c:\programdata\SPLEC41.tmp
                                        c:\programdata\SPLF476.tmp
                                        c:\programdata\SPLF695.tmp
                                        c:\windows\wininit.ini
                                        .
                                        .
                                        (((((((((((((((((((((((((   Files Created from 2013-11-09 to 2013-12-09  )))))))))))))))))))))))))))))))
                                        .
                                        .
                                        2013-12-09 06:03 . 2013-12-09 06:03   --------   d-----w-   c:\users\Default\AppData\Local\temp
                                        2013-12-06 03:13 . 2013-12-06 03:15   --------   d-----w-   c:\users\papa\AppData\Local\ElevatedDiagnostics
                                        2013-12-04 07:55 . 2013-12-04 07:55   --------   d-----w-   c:\program files (x86)\ESET
                                        2013-12-03 20:17 . 2013-12-03 20:30   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
                                        2013-12-03 01:59 . 2013-12-03 01:59   --------   d-----w-   c:\windows\ERUNT
                                        2013-12-03 01:48 . 2013-12-07 01:37   --------   d-----w-   C:\AdwCleaner
                                        2013-12-02 20:52 . 2013-12-02 20:52   --------   d-----w-   c:\users\papa\AppData\Roaming\Malwarebytes
                                        2013-12-02 20:51 . 2013-12-02 20:51   --------   d-----w-   c:\programdata\Malwarebytes
                                        2013-12-02 20:51 . 2013-12-02 20:51   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
                                        2013-12-02 20:51 . 2013-04-04 22:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
                                        2013-12-02 20:51 . 2013-12-02 20:51   --------   d-----w-   c:\users\papa\AppData\Local\Programs
                                        2013-12-02 15:13 . 2013-12-02 15:13   --------   d-----w-   c:\program files\CCleaner
                                        2013-11-27 21:23 . 2013-11-27 21:23   --------   d-----w-   c:\program files (x86)\Oberon Media SIDR
                                        2013-11-27 21:22 . 2013-11-27 21:23   --------   d-----w-   c:\program files (x86)\msn_en
                                        2013-11-26 11:03 . 2013-10-15 02:00   28368   ----a-w-   c:\windows\system32\IEUDINIT.EXE
                                        2013-11-14 11:01 . 2013-11-14 11:03   --------   d-----w-   C:\a052c3cea54cb0cea1
                                        .
                                        .
                                        .
                                        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                                        .
                                        2013-11-26 18:16 . 2012-04-22 14:37   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
                                        2013-11-26 18:16 . 2011-12-02 18:04   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                                        2013-11-14 11:01 . 2012-01-25 22:10   82896128   ----a-w-   c:\windows\system32\MRT.exe
                                        2013-11-05 00:51 . 2011-03-13 17:20   70112   ----a-w-   c:\windows\system32\drivers\cfwids.sys
                                        2013-11-05 00:46 . 2011-03-13 17:20   343696   ----a-w-   c:\windows\system32\drivers\mfewfpk.sys
                                        2013-11-05 00:46 . 2011-12-02 18:33   182752   ----a-w-   c:\windows\system32\mfevtps.exe
                                        2013-11-05 00:43 . 2011-03-13 17:20   782360   ----a-w-   c:\windows\system32\drivers\mfehidk.sys
                                        2013-11-05 00:41 . 2011-03-13 17:20   519576   ----a-w-   c:\windows\system32\drivers\mfefirek.sys
                                        2013-11-05 00:40 . 2011-03-13 17:20   311120   ----a-w-   c:\windows\system32\drivers\mfeavfk.sys
                                        2013-11-05 00:39 . 2011-03-13 17:20   179792   ----a-w-   c:\windows\system32\drivers\mfeapfk.sys
                                        2013-10-08 14:50 . 2013-10-20 17:32   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
                                        2013-09-30 23:50 . 2013-09-30 23:50   1121538   ----a-w-   c:\programdata\SPLAA09.tmp
                                        2013-09-27 22:48 . 2011-12-02 18:22   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
                                        2013-09-23 20:49 . 2013-10-16 22:26   197704   ----a-w-   c:\windows\system32\drivers\HipShieldK.sys
                                        2013-09-20 16:38 . 2013-09-20 16:38   10856   ----a-w-   c:\windows\system32\drivers\mfeclnrk.sys
                                        2013-09-20 16:38 . 2013-09-20 16:38   95984   ----a-w-   c:\windows\system32\drivers\mfencrk.sys
                                        2013-09-20 16:37 . 2013-09-20 16:37   390552   ----a-w-   c:\windows\system32\drivers\mfencbdc.sys
                                        2013-01-17 03:27 . 2013-01-17 03:27   464   ----a-w-   c:\program files (x86)\0116201319273618.bat
                                        2012-11-18 19:15 . 2012-11-18 19:15   465   ----a-w-   c:\program files (x86)\1118201211152934.bat
                                        .
                                        .
                                        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                                        .
                                        .
                                        *Note* empty entries & legit default entries are not shown
                                        REGEDIT4
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5e7c3693-318c-4f0f-9ff2-db485880944c}]
                                        2013-11-08 15:53   115840   ----a-w-   c:\program files (x86)\msn_en\encyclopediabritannicagamesbarX.dll
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
                                        "{5e7c3693-318c-4f0f-9ff2-db485880944c}"= "c:\program files (x86)\msn_en\encyclopediabritannicagamesbarX.dll" [2013-11-08 115840]
                                        .
                                        [HKEY_CLASSES_ROOT\clsid\{5e7c3693-318c-4f0f-9ff2-db485880944c}]
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                                        "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
                                        "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
                                        "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
                                        "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
                                        "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
                                        "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
                                        "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
                                        "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
                                        "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
                                        "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
                                        "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
                                        "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
                                        "Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]
                                        "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
                                        "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
                                        "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-09-27 295512]
                                        "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
                                        "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                                        "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
                                        .
                                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                                        "ConsentPromptBehaviorAdmin"= 5 (0x5)
                                        "ConsentPromptBehaviorUser"= 3 (0x3)
                                        "EnableUIADesktopToggle"= 0 (0x0)
                                        .
                                        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                                        "aux2"=wdmaud.drv
                                        .
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                                        @=""
                                        .
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
                                        @=""
                                        .
                                        R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe

                                        R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/02 12:23;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe

                                        R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

                                        R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

                                        R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

                                        R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys

                                        R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys

                                        R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

                                        R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys

                                        R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe

                                        R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys

                                        R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

                                        R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

                                        R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

                                        R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

                                        R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe

                                        R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

                                        S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys

                                        S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys

                                        S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

                                        S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe;c:\windows\SYSNATIVE\dleecoms.exe

                                        S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleeserv.exe

                                        S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

                                        S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

                                        S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

                                        S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

                                        S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe

                                        S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe

                                        S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

                                        S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

                                        S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

                                        S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe

                                        S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe

                                        S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe

                                        S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe

                                        S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE

                                        S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

                                        S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE

                                        S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys

                                        S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

                                        S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys

                                        S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

                                        S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys

                                        S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys

                                        S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys

                                        S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys

                                        S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms

                                        .
                                        .
                                        --- Other Services/Drivers In Memory ---
                                        .
                                        *Deregistered* - CLKMDRV10_9EC60124
                                        .
                                        Contents of the 'Scheduled Tasks' folder
                                        .
                                        2013-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
                                        - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 18:16]
                                        .
                                        .
                                        --------- X64 Entries -----------
                                        .
                                        .
                                        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e7c3693-318c-4f0f-9ff2-db485880944c}]
                                        2013-11-08 15:53   131712   ----a-w-   c:\program files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                                        "{5e7c3693-318c-4f0f-9ff2-db485880944c}"= "c:\program files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll" [2013-11-08 131712]
                                        .
                                        [HKEY_CLASSES_ROOT\CLSID\{5e7c3693-318c-4f0f-9ff2-db485880944c}]
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                        "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
                                        "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
                                        "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
                                        "dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]
                                        "EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]
                                        "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
                                        .
                                        ------- Supplementary Scan -------
                                        .
                                        uLocal Page = c:\windows\system32\blank.htm
                                        mStart Page = hxxp://www.google.com
                                        mLocal Page = c:\windows\SysWOW64\blank.htm
                                        IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
                                        IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
                                        TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
                                        .
                                        - - - - ORPHANS REMOVED - - - -
                                        .
                                        URLSearchHooks-{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - (no file)
                                        Toolbar-Locked - (no file)
                                        Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
                                        Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
                                        Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
                                        HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                                        Toolbar-Locked - (no file)
                                        WebBrowser-{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - (no file)
                                        AddRemove-toolbar2 - c:\program files (x86)\toolbar2\uninstall.exe
                                        AddRemove-WildTangent CDA - c:\program files (x86)\WildTangent\Apps\CDA\CDAUninstall.exe
                                        .
                                        .
                                        .
                                        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
                                        "ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
                                        .
                                        --------------------- LOCKED REGISTRY KEYS ---------------------
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                                        @Denied: (A 2) (Everyone)
                                        @="FlashBroker"
                                        "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                                        "Enabled"=dword:00000001
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                                        @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                                        @Denied: (A 2) (Everyone)
                                        @="IFlashBroker5"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                                        @="{00020424-0000-0000-C000-000000000046}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                                        "Version"="1.0"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                                        @Denied: (A 2) (Everyone)
                                        @="FlashBroker"
                                        "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                                        "Enabled"=dword:00000001
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                                        @Denied: (A 2) (Everyone)
                                        @="Shockwave Flash Object"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
                                        "ThreadingModel"="Apartment"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                                        @="0"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                                        @="ShockwaveFlash.ShockwaveFlash.11"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                                        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                                        @="1.0"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                                        @="ShockwaveFlash.ShockwaveFlash"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                                        @Denied: (A 2) (Everyone)
                                        @="Macromedia Flash Factory Object"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
                                        "ThreadingModel"="Apartment"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                                        @="FlashFactory.FlashFactory.1"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                                        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                                        @="1.0"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                                        @="FlashFactory.FlashFactory"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                                        @Denied: (A 2) (Everyone)
                                        @="IFlashBroker5"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                                        @="{00020424-0000-0000-C000-000000000046}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                                        "Version"="1.0"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
                                        "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                                           00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                                        @Denied: (A) (Everyone)
                                        "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                                        @Denied: (A) (Everyone)
                                        .
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                                        "Key"="ActionsPane3"
                                        "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                                        .
                                        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                                        @Denied: (Full) (Everyone)
                                        .
                                        Completion time: 2013-12-08  22:05:21
                                        ComboFix-quarantined-files.txt  2013-12-09 06:05
                                        .
                                        Pre-Run: 904,289,697,792 bytes free
                                        Post-Run: 904,133,697,536 bytes free
                                        .
                                        - - End Of File - - E788921858CE60A018A19E5F6E330A64

                                        gomer309

                                          Topic Starter


                                          Intermediate

                                          i am so confused, after the combo fix, mcafee said there was a Trojan (artemis something or other) from comboxfix and needed to restart my system and since I ran combofix I get a window popping up which says you are about to leave a secure internet connection, it will be possible for others to view info you send.  I didn't have this before, am I doing something wrong?  I am following ur instructions.  thanks

                                          SuperDave

                                          • Malware Removal Specialist
                                          • Moderator


                                          • Genius
                                          • Thanked: 1010
                                          • Certifications: List
                                          • Experience: Expert
                                          • OS: Windows 8
                                          This is where you're getting the shwiconxp error. Did you install this program? c:\program files (x86)\Multimedia Card Reader(9106)
                                          Quote
                                          comboxfix and needed to restart my system and since I ran combofix I get a window popping up which says you are about to leave a secure internet connection, it will be possible for others to view info you send.  I didn't have this before, am I doing something wrong? 
                                          That's a normal warning on some sites.
                                          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                          gomer309

                                            Topic Starter


                                            Intermediate

                                            i don't recall installing it, i think it came with the system.  but if it's normal then I'm relieved.

                                            SuperDave

                                            • Malware Removal Specialist
                                            • Moderator


                                            • Genius
                                            • Thanked: 1010
                                            • Certifications: List
                                            • Experience: Expert
                                            • OS: Windows 8
                                            shwiconxp.exe is malware but in this case it looks legitimate but let's check it just to make sure.

                                            Please go to Jotti's malware scan
                                            (If more than one file needs scanned they must be done separately and links posted for each one)

                                            * Copy the file path in the below Code box:

                                            Code: [Select]
                                            c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
                                            * At the upload site, click once inside the window next to Browse.
                                            * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
                                            * Next click Submit file
                                            * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
                                            * This will perform a scan across multiple different virus scanning engines.
                                            * Important: Wait for all of the scanning engines to complete.
                                            * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
                                            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                            gomer309

                                              Topic Starter


                                              Intermediate


                                              SuperDave

                                              • Malware Removal Specialist
                                              • Moderator


                                              • Genius
                                              • Thanked: 1010
                                              • Certifications: List
                                              • Experience: Expert
                                              • OS: Windows 8
                                              I thought I was onto something but it turns out that the file is good so we're back to square one. I don't understand why. The only thing I can suggest at this point is to try another browser such as FireFox and see if you still recieve that message.
                                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                              gomer309

                                                Topic Starter


                                                Intermediate

                                                okay, i'll see what happens.

                                                gomer309

                                                  Topic Starter


                                                  Intermediate

                                                  well, i downloaded firefox, went to msn games and seems to be working just fine, but my wife will know more than i as she plays it.  As for ie, not sure why it doesn't like that particualr site, cuz it seems to be fine for everything else.  i may go to microsfot and see if they have any ideas, but for now, my computer is clean, and for that i am grateful.  You're a true genius Superdave,go ahead an close this unless there is any cleanup you need me to .  if i need something else, i'll come back.  thanks for all your help

                                                  SuperDave

                                                  • Malware Removal Specialist
                                                  • Moderator


                                                  • Genius
                                                  • Thanked: 1010
                                                  • Certifications: List
                                                  • Experience: Expert
                                                  • OS: Windows 8
                                                  Quote
                                                  i may go to microsfot and see if they have any ideas,
                                                  That would be a good idea. Let's do some cleanup and we'll finished.

                                                  To uninstall ComboFix

                                                  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                                                  • In the field, type in ComboFix /uninstall


                                                  (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                                                  • Then, press Enter, or click OK.
                                                  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                                                  **************************************
                                                  Click Start> Computer> right click the C Drive and choose Properties> enter
                                                  Click Disk Cleanup from there.



                                                  Click OK on the Disk Cleanup Screen.
                                                  Click Yes on the Confirmation screen.



                                                  This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                                                  ******************************************
                                                  Go to Microsoft Windows Update and get all critical updates.

                                                  ----------

                                                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                                                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                                                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                                                  Safe Surfing!
                                                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                                  gomer309

                                                    Topic Starter


                                                    Intermediate

                                                    thanks superdave for all your help.  i'm clean and will continue to pursue the through microsoft (msngames).  close it out, and thanks again.

                                                    SuperDave

                                                    • Malware Removal Specialist
                                                    • Moderator


                                                    • Genius
                                                    • Thanked: 1010
                                                    • Certifications: List
                                                    • Experience: Expert
                                                    • OS: Windows 8
                                                    You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
                                                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender