Solved

Need assistance running ComboFix

Posted on 2013-05-20
54
656 Views
Last Modified: 2013-11-22
A client mistakenly downloaded MapGalaxy instead of using Mapquest which caused all kinds of issues.  She has had other PUPs on her computer in the past.

Since she had just downloaded MapGalaxy I tried to run a System Restore with not much luck.  I was unable to set a SR from April...tried to run both in normal and safe mode.  Said it restored to 5/15, which was 2 days before the PUPs were added, but when I got into SR is shows it was restored to 5/17??

When I tried to go into msconfig, to change to clean boot state, the cursor would simply travel, there and other places, without touching the mouse.  Her homepage in IE or Chrome would not load...could not access the internet, although I am connecting remotely to her, to access any webpage.  I transfer tools from my computer to hers since I could not download anything.

Norton was completely disabled.  MBAM was reset to zero updates but the server could update the program, no issues found.

Major error message when attempting to download and install Google Chrome, even though I uninstalled first.

I put her computer in a clean boot state and one by one, running scans, I have been able to get her computer working again.

Autoruns has 1 scheduled task in Red - Microsoft\Windows\NetTrace\GatherNetworkInfo, seems legit...why would it be in red?

If I understand a little about how ComboFix works I am hoping to have some assistance using it, incase we have left over beasts!

Any other suggestions?
Thanks,
Mags
Rkill--1.txt
AdwCleaner-S1-.txt
HitmanPro-20130518-1137.log
a2scan-130518-120508.txt
RKreport-1--S-05182013-02d1318.txt
RKreport-2--PR-05182013-02d1318.txt
Google-Chrome-error-message.txt
AutoRuns--2.arn
JRT.txt
Rkill--6.txt
0
Comment
Question by:MagsMcKinley14
  • 22
  • 9
  • 6
  • +5
54 Comments
 
LVL 24

Expert Comment

by:aadih
Comment Utility
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Thanks aadih...I know how to use it I simply don't know how to read the logs.  My understanding is that you should never use it without assistance with someone that knows how to interpret the outcome.

Did you see anything in the attached logs that show any red flags?
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
No, I don't see any red-flag items.  Why don't run Combofix and post the log file?
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
I will tomorrow.  aadith I appreciate your assistance.  What is your experience in reading ComboFix logs?
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
I have used it several times over the years to fix virus problems that MBAM could not clean.
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Here is the ComboFix log.  Looks like it took care of some things but since I can't read it I'm not sure if there is a fix that needs to be run or not.  Thanks for reading it for me and letting me know at your earliest convenience.
Mags
ComboFix-log.txt
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
Please check the following files (if you recognize them or know the programs that use them):

cvhsvc.exe            
sasdifsv64.sys
a2ddax64.sys            
sftlist.exe            
g2ax_customer_downloadhelper_win32_x86.exe      
nissrv.exe            
wlcrasvc.exe      
hitmanpro37.sys      
gapaengine.dll
chrmstp.exe            
sftvsa.exe            
saskutil64.sys      
ppcrlconfig600.dll            
hpcee.exe
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
cvhsvc.exe - Client Virtualization Handler - Part of MS Office
sasdifsv64.sys - SUPERAntiSpyware
a2ddax64.sys - Emsisoft
sftlist.exe - Microsoft Application Virtualization Client Service
g2ax_customer_downloadhelper_win32_x86.exe - My remote Go-to-Assist
nissrv.exe - Microsoft Network Inspection System or Microsoft Antimalware
wlcrasvc.exe - Windows Live Mesh Remote Desktop Service or Live Mesh Remote Desktop
hitmanpro37.sys - Hitman Pro
gapaengine.dll - part of Microsoft Network Inspection System
chrmstp.exe - Google Chrome
sftvsa.exe - Microsoft Application Virtualization Virtual Service Agent or Application Virtualization Service Agent
saskutil64.sys - SUPERAntiSpyware
ppcrlconfig600.dll - seems to be an essential system or application file
hpcee.exe - HP - stands for Customer Experience Enhancement

aadih  I really appreciate your help but I have to say I'm a little nervous about your analysis...I've never had to look up files for a diagnosis of the ComboFix Log.  These could be legit files but are they in the right location???

If you don't know how to read or run fixes with ComboFix can you send this to someone who can, such as Sudeep??  Otherwise I think I should request attention or send it over to BleepingComputers.

Let me know...again I appreciate your help and assistance.
Mags
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
From what I know (from using combofix, not a professional in it) I believe it's clean.

I am sure people with greater expertize will weigh in and help you.

Meanwhile, please re-scan with MBAM.
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Thanks...will do.
Again, I appreciate your assistance and expertise.
Mags
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
In the past, I have used ComboFix without assistance (before there were any warnings not to do so) so continued using it after warnings also and have been able to clean the PC each time without any problems (I do make a restore point before, just in case, but never had to use it).

I have seen ComboFix delete the infected programs (as you can see two programs deleted in your case) and have been helpful in removing some tough infections. I use it only a last resort, however.

But, I am not a professional ComboFix helper.  There are ComboFix-experts in this forum, however; and I do believe they'll hesitate not to offer any help -- if needed -- in less than a "New York Minute."

Good luck.
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
MagsMcKinley14--
FWIW--gathernetworkinfo.vbs does not seem to be a virus or malware.
http://windows7forums.com/windows-7-support/5649-gathernetworkinfo-vbs.html

http://www.boostbyreason.com/resource-sha1-628b6b4bf3cc7f77578cf3ccfcc587dbf9ec7e07-gathernetworkinfo-vbs.aspx   Do not run Boost.

In any event I would cancel the Scheduled Task to run it.

And in answer to your original question, the bleeping computer people offer to read your ComboFix log.  They also provide a list of other sites that do this near the end of
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Now look what you've done...just kidding!!

I went to BleepingComputer as suggested and just signed up for their Malware Removal Training Program!  I am so excited!!

Maybe when I graduate I'll apply to be an Expert with Experts Exchange!!  You have all been such a help to me!

In the meantime if anyone would be willing to read the ComboFix Log here on Experts Exchange I would greatly appreciate it since I was told by aadih to go ahead and run it.

If not I will jump over to a suggested forum to have them read it...it would just be helpful to me to have someone with EE read it since I have already posted all my logs.

Let me know.

Thanks,
Mags
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
MagsMcKinley14--Yes, we would be honored to have you join the ranks of E-E Experts.  Here is the Antivirus Support home page.
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/

Going back to your original post, I am looking at all the things you did.  At what point in time did you run ComboFix?
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Hi jcimarron
Very last scan...today I ran full MBAM scan as requested - no threats.  Have not done clean up yet...waiting for an all clear!!
Mags

PS  Thanks for your encouragement!!
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
I believe your PC is clean.  

Let's know, however, if you find anything to the contrary.
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
MagsMcKinley14--While no expert, I agree with aadih .  That is why I asked when you ran ComboFix.  I suspect you had gotten rid of the baddies before then from running all the other scans.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
Mags
did you run any crack for any software recently?
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Hi Mohammed,
Sorry if I don't know the lingo...what do you mean by "run any crack for any software recently?"  Thanks for chiming in!

I will do cleanup tomorrow unless anyone thinks otherwise.
Thanks,
Mags
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
I think you had a trojan or something like that by looking at your combofix log. the registry seems to had Iflashbroker which is mostly reported as a part of trojan/hacking tool or virus.. Probably it's a left over since you ran combofix.
Try to check your registry if it's still there. create a restore point and backup the registry before you go on and delete it.

Check malwarebytes.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Thanks...I'll take a look.
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Mohammed I found [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] but was denied deleting it.  IFlashBroker5 was part of it...was that the only part I should have attempted to delete or the entire registry entry?
Thanks,
Mags
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
Right click on the key and change permissions (to everyone).  Then delete the entire key.

Also delete {6AE38AE0-750C-11E1-B0C4-0800200C9A66} from HCR/CLSID if it exists there.

[Caution: Make a restore point before making any registry changes.]
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
I believe you can delete it in safe mode if the permission changing as Aadih mentioned didn't work.

But before deleting the key make sure you export it. just as a backup procedure.
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Thanks...I already backed it up...I will start her computer in Safe Mode tomorrow and try.
Mags
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:MagsMcKinley14
Comment Utility
Okay...went into safe mode and still got the message "Cannot delete - Error while deleting key.  I believe I have Permissions set correctly to allow.  Do I?


Also what is ANONYMOUS LOGON?  CREATOR OWNER??

Just curious...I have a similar entry on my computer with the Data being IFlashBroker4.  Should I be concerned??  I do not believe I have had any malware on this computer.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
I have the same key as well but I don't have anonymous. from what I can tell this reg key is there by default and it belongs to the registry to some kind of COM interface which provides windows with services.

Microsoft provided a very brief explanation about it here
http://msdn.microsoft.com/en-us/library/ee487925.aspx

This link provide good and comprehensive and by reading part of it I can tell that it might be a trojan which has loaded a service on the PC.

http://www.codeproject.com/Articles/1265/COM-IDs-Registry-keys-in-a-nutshell


I'm not sure how much are you familiar with Windows Services but looking at the services console you could probably tell if you have any weird services running there? This might explain why you can't delete the reg key.

If you would like to continue further with this, please follow the steps in the below Link and provide your logs here to investigate.

http://forums.malwarebytes.org/index.php?showtopic=115198
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Hi moh10ly ANONYMOUS LOGON and CREATOR OWNER seem to be associated only with the registry entry we are trying to delete.

I glanced at services but do not know them well enough to know if something is incorrect.

I followed your Malwarebytes link and since I have already run ComboFix and RogueKiller I have run OTL and am attaching the logs.  I did not run the scan with custom settings since it seemed specific to their issues and not mine.  I only customize things when specifically asked...let me know.

{6AE38AE0-750C-11E1-B0C4-0800200C9A66}  was not included in HCR/CLSID
Thank you,
Mags
OTL.Txt
Extras.Txt
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Hello...is anyone available to read the OTL logs?
Should I be concerned about ANONYMOUS LOGON and CREATOR OWNER swhich seem to be associated only with the registry entry we are trying to delete - [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]?
Thanks a million!
Mags
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Mags,

This is the first I've seen this question.  I am definitely not a combofix logs reader.  But have you run chameleon (from MBAM) in safemode with networking?

Follow the instructions on the following page (even though they are not for the specific problem you are having)

http://forums.malwarebytes.org/index.php?showtopic=125373

Good luck!
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

Wild Tangent is something that I don't like. But I see that it is part of the HP suite of products.

I'd be tempted to do a  (from an elevated command prompt)
sc delete GamesAppService
and delete the WildTangent Games folder
But that is just me.. Wild Tangent has a bad reputation.  Same with removng ASK.com from the search providers.

Are you still having the msconfig problem?



Also what is ANONYMOUS LOGON?  CREATOR OWNER??
Just curious...I have a similar entry on my computer with the Data being IFlashBroker4.  Should I be concerned??  I do not believe I have had any malware on this computer.

No don't be concerned about these security entries they are a  normal local account.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
I am of the same mind when it comes to WildTangent.  If you can get it off the machine the owner will be better off.  Also get rid of any BHOs (like ask.com toolbar) that the user does not use.
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Thanks for the suggestions...I will set up a time to access her computer.  

They like to play solitaire and some other games that came with the computer will deleting GamesAppService and the WildTangent Games folder cause an issue with that?  If never worked with these.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
I suggest deleting WildTangent anyway and have them get the games elsewhere.  I don't see if you said this was a Windows 7 machine (sorry if I missed that), but if so, WildTangent is not needed for the games that come with win7.  As for GamesAppService - I have no idea.  Is this an OEM model (sounds like it)?  If so, getting rid of the OEM add ons is a must.
0
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
I'm not sure where to start.
I clean up lots of computers (almost all of them successfully).  Rarely, if ever, do I have to resort to reading logs.  That's more an exercise in inefficiency if you don't know how or what to do with the results.
But, on rare occasion, I've manually removed things that were reported by some tools.
Rarely do I resort to reinstalling Windows (under 5% of cases).

In a small number of cases one can find out what the parasite is and can find a reputable removal tool that's targeted to that parasite.  
There are some peripheral fixit tools that rather fall into this category that restore Start menus, desktop icons, etc.

I would suggest that NO scanner can find everything.  So, keep a bunch of good ones available.

You might do things in this orderr:

CCleaner / cleaner to get rid of temporary files where parasistes often lurk.

Malwarebytes.  If a Quick Scan reveals nothing then you might be done.
If a Quick Scan reveals anything then a Full Scan is indicated.
And, as above, it may mean nothing has been solved.
I'm much more comfortable when it finds and removes things.

HiJack This! is good for generaly cleanup.  I don't know that I've every actually pinpointed a parasite with it.  But, I've become rather skilled in being very aggressive in removing things without breaking anything.  I don't view it as very important to this discussion.

SuperAntispyware.

Trojan Remover.

RogueKiller from Tigzy I've been using more often and believe it to be pretty effective.  It appears you haven't run this and I would suggest it.

I will use Combofix wihout advice or special scripts when I'm feeling adventurous and a bit stymied.  After all, if one is going to be faced with reinstalling Windows as a next step, then what's to lose?  It's never broken anything anyway that I know of.

When you *think* the computer is clean then you want to ask: "Is it?"
- Does Internet Explorer get you to Windows Updates?  This is often blocked by parasites.
- Do browsers go where they're supposed to go directly without any redirection?  (Sometimes it takes patience here to uncover strange behavior).
- Does anything else strange continue to happen?
I can't say I'm 100% satisfied with these "tests" but it's the best I know to do and it seems to be effective.  I don't get callbacks.

I have found that the ESET online scanner will find things that others don't.  So, when I'm "nervous" about the state of cleanup, I will use it.

Then, in the end, uninstall the tools and installl a good program to protect the computer, update it (no, a new install does not necessarily also update the signatures, etc.).  Run a full scan with it.  Since Norton was disabled, I'd remove it and install something else to avoid damaged Norton elements.

CCleaner registry cleaner to clean up in the end.

In my experience, infected computers result from:
- out-of-date protection programs!!  Some people just don't get that they have to be current.  This includes using old versions of the programs even if they are "fully" updated (re: signatures, etc.).
- User habits.  Adventurous users cause more problems than anything else on computers that are "protected".  No protection is perfect.
- There are plenty of guides on safe / safer practices.
- In some cases, using Parental Controls or the equivalent that is password protected FROM the User is necessary for longevity of cleanliness.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Although fmarshall makes some very good points.  Some things though you need to be very careful of.  For instance, CCleaner is an excellent tool. but is dangerous to use if you don't know what is hitting the computer.  Some of the more recent (past 18 months) malware moves necessary system files and user documents to the temp directory, so running CCleaner using defaults might cause even more damage.  You should definitely check out and completely read this article:

http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

Also, Most of my extensive collection of tools are portable - they run from a stick which is write protected.  This is important since sometimes you are going to try and recover a file and you don't want to overwrite it with a new install.  Also some malware won't let you install new software.

I have found that SuperAntiSpyware tends to miss more than MBAM.  And Chameleon from MBAM is a combination of Roguekiller and MBAM like a dynamic duo.  I have yet to come up against a problem that can't be beat with Chameleon and a few other tools , depending on the type of infection.

Fmarshall is correct about protecting the computer from the user.  There is very little you can do if the user starts clicking links in their email.
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
Comment Utility
Hi Mags,

Sorry for chipping in late on this issue. I have gone through the Combofix logs and it has done its part already, here:

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Dale and Sheesh\g2ax_customer_downloadhelper_win32_x86.exe

and here:
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.

My only concern is one of the sys file which is getting loaded from the Downloaded folder of the user:

 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Dale and Sheesh\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys

I would recommend to scan the file on online virus scanners and see if this file is harmful, otherwise Combofix logs are good.

I would request you to submit the file to any one of these URLs below:

http://virusscan.jotti.org/en

http://www.virustotal.com/

http://www.threatexpert.com/submit.aspx

They would let you know if the file is harmful.

Sudeep
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
tzucker thanks for the info...I think I will try it on one of my machines first.

fmarshall thank you for your info...I follow most of the same procedures you have listed...I think you are right about ComboFix so I appreciate that.

I do have one question for you in regards to running CCleaner first.  I use to do that all the time but then read in several places it should only be done once you believe the computer is clean.  I'm not sure where I read that, just now tried to look it up and couldn't find it.  I would appreciate your input on running CCleaner at the beginning of the cleanup process.

Thanks,
Mags
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
As I said, I would definitely no run it first.  I too would be interested in fmarshall's reasoning - I'm always open to new ideas.
0
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
The other approach would be to delete the temp files.  If you're concerned about that then maybe not.  Historically, the temp files have held parasites.
0
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
I very much appreciate the sites that provide help.  But having been rejected as a trainee, I'm a bit put off.
I have NO idea what they are doing except at a very high level - i.e. "here, run this script" isn't very informative.
It can take days and days to get satisfaction and one must have access to the infected computer all the while.  Often this isn't practical.
So I feel compelled to do it myself.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Fmarshall,

I too was put off by Majorgeeks when I inquired about doing exactly what I do here, there.  That's alright, in that I like the format better here.  Do it yourself is generally the best way to go about things, as long as you are informed, which doesn't seem to be a problem in this instance.

Most users and technicians really have very little idea of the best way to go about getting rid of the newest variants.

A little reading on their part can go a long way.  I'm generally the go-to person in my institution when it comes to windows infections, fortunately or unfortunately.  This means I spend a lot of time do virtually the same thing over and over again.  I've gotten pretty good at it and I now have a standing policy - if their computing environment/computer does not meet my requirements, I won't even touch their machine.

Although it has changed somewhat, my policy is still pretty much what you see here.
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Hey Sudeep thanks for chipping in...I installed EmsisoftEmergencyKit and have used it effectively on several computers...it was recommended to me by an expert here on EE.  Still need for concern??  Thanks for taking a look at the ComboFix log.

I will be on my clients computer tomorrow and post you up.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 500 total points
Comment Utility
I see you ran OTL too. Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

    Double-click OTL.exe to start the program.
    Copy and Paste the following code into the Custom Scans/Fixes textbox.
============================================
:otl
IE:64bit: - HKLM\..\SearchScopes\{7071600E-0858-4850-A0F3-D0AEAE684530}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FFF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll ()
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll
O3 - HKU\S-1-5-21-520623350-1644863393-1938669185-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
C:\Users\Dale and Sheesh\AppData\Roaming\PFP100JPR.{PB
C:\Users\Dale and Sheesh\AppData\Roaming\PFP100JCM.{PB
ipconfig /flushdns /c
:Commands
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
======================================================
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Sudeep
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Hi Sudeep, I applied the fix, attached is the log.  The unusual thing is now when she opens up Windows Live mail she can see her mail but there is no message in the body of the email.  I do not have a system restore point to go back to.  Please advise.
Mags
06262013-143648.log
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Sudeep since I didn't hear back I simply updated WLM and deleted and readded her email account.  She is good to go unless you see something in the log I sent.
Thanks,
Margaret
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 500 total points
Comment Utility
Logs looks good. If the system is running fine now then you are good to go. Just cleanup is left.

From OTL hit the "Cleanup" button, which might ask to reboot. After the reboot. update the following:
Adobe Acrobat Reader
Adobe Flash for IE, Mozilla and Chrome.
Java.

Flash for IE:
http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player_ax.exe

Flash for all other Browsers:
http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player.exe

Adobe Acrobat Reader:
ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.03/en_US/AdbeRdr11003_en_US.exe

Java:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

Sudeep
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Thanks...will do...I will let you know when finished!
Thanks,
Mags
0
 

Author Comment

by:MagsMcKinley14
Comment Utility
Finished...not sure what happened to Windows Live Mail but I got it working.
0
 

Author Closing Comment

by:MagsMcKinley14
Comment Utility
Thanks Sudeep for reading the logs...I'm not sure what happened to WLM but all seems to be resolved.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
The viewer will learn common shortcuts with easy ways to remember them. The viewer will then learn where to find all of the keyboard shortcuts, how to create/change them, and how to speed up their workflow.
The viewer will learn how to create multiple layers to apply various filters and how to delete areas from each layer’s filter.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now