Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

Need assistance running ComboFix

A client mistakenly downloaded MapGalaxy instead of using Mapquest which caused all kinds of issues.  She has had other PUPs on her computer in the past.

Since she had just downloaded MapGalaxy I tried to run a System Restore with not much luck.  I was unable to set a SR from April...tried to run both in normal and safe mode.  Said it restored to 5/15, which was 2 days before the PUPs were added, but when I got into SR is shows it was restored to 5/17??

When I tried to go into msconfig, to change to clean boot state, the cursor would simply travel, there and other places, without touching the mouse.  Her homepage in IE or Chrome would not load...could not access the internet, although I am connecting remotely to her, to access any webpage.  I transfer tools from my computer to hers since I could not download anything.

Norton was completely disabled.  MBAM was reset to zero updates but the server could update the program, no issues found.

Major error message when attempting to download and install Google Chrome, even though I uninstalled first.

I put her computer in a clean boot state and one by one, running scans, I have been able to get her computer working again.

Autoruns has 1 scheduled task in Red - Microsoft\Windows\NetTrace\GatherNetworkInfo, seems legit...why would it be in red?

If I understand a little about how ComboFix works I am hoping to have some assistance using it, incase we have left over beasts!

Any other suggestions?
Thanks,
Mags
Rkill--1.txt
AdwCleaner-S1-.txt
HitmanPro-20130518-1137.log
a2scan-130518-120508.txt
RKreport-1--S-05182013-02d1318.txt
RKreport-2--PR-05182013-02d1318.txt
Google-Chrome-error-message.txt
AutoRuns--2.arn
JRT.txt
Rkill--6.txt
0
Mags
Asked:
Mags
  • 22
  • 9
  • 6
  • +5
3 Solutions
 
aadihCommented:
0
 
MagsAuthor Commented:
Thanks aadih...I know how to use it I simply don't know how to read the logs.  My understanding is that you should never use it without assistance with someone that knows how to interpret the outcome.

Did you see anything in the attached logs that show any red flags?
0
 
aadihCommented:
No, I don't see any red-flag items.  Why don't run Combofix and post the log file?
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
MagsAuthor Commented:
I will tomorrow.  aadith I appreciate your assistance.  What is your experience in reading ComboFix logs?
0
 
aadihCommented:
I have used it several times over the years to fix virus problems that MBAM could not clean.
0
 
MagsAuthor Commented:
Here is the ComboFix log.  Looks like it took care of some things but since I can't read it I'm not sure if there is a fix that needs to be run or not.  Thanks for reading it for me and letting me know at your earliest convenience.
Mags
ComboFix-log.txt
0
 
aadihCommented:
Please check the following files (if you recognize them or know the programs that use them):

cvhsvc.exe            
sasdifsv64.sys
a2ddax64.sys            
sftlist.exe            
g2ax_customer_downloadhelper_win32_x86.exe      
nissrv.exe            
wlcrasvc.exe      
hitmanpro37.sys      
gapaengine.dll
chrmstp.exe            
sftvsa.exe            
saskutil64.sys      
ppcrlconfig600.dll            
hpcee.exe
0
 
MagsAuthor Commented:
cvhsvc.exe - Client Virtualization Handler - Part of MS Office
sasdifsv64.sys - SUPERAntiSpyware
a2ddax64.sys - Emsisoft
sftlist.exe - Microsoft Application Virtualization Client Service
g2ax_customer_downloadhelper_win32_x86.exe - My remote Go-to-Assist
nissrv.exe - Microsoft Network Inspection System or Microsoft Antimalware
wlcrasvc.exe - Windows Live Mesh Remote Desktop Service or Live Mesh Remote Desktop
hitmanpro37.sys - Hitman Pro
gapaengine.dll - part of Microsoft Network Inspection System
chrmstp.exe - Google Chrome
sftvsa.exe - Microsoft Application Virtualization Virtual Service Agent or Application Virtualization Service Agent
saskutil64.sys - SUPERAntiSpyware
ppcrlconfig600.dll - seems to be an essential system or application file
hpcee.exe - HP - stands for Customer Experience Enhancement

aadih  I really appreciate your help but I have to say I'm a little nervous about your analysis...I've never had to look up files for a diagnosis of the ComboFix Log.  These could be legit files but are they in the right location???

If you don't know how to read or run fixes with ComboFix can you send this to someone who can, such as Sudeep??  Otherwise I think I should request attention or send it over to BleepingComputers.

Let me know...again I appreciate your help and assistance.
Mags
0
 
aadihCommented:
From what I know (from using combofix, not a professional in it) I believe it's clean.

I am sure people with greater expertize will weigh in and help you.

Meanwhile, please re-scan with MBAM.
0
 
MagsAuthor Commented:
Thanks...will do.
Again, I appreciate your assistance and expertise.
Mags
0
 
aadihCommented:
In the past, I have used ComboFix without assistance (before there were any warnings not to do so) so continued using it after warnings also and have been able to clean the PC each time without any problems (I do make a restore point before, just in case, but never had to use it).

I have seen ComboFix delete the infected programs (as you can see two programs deleted in your case) and have been helpful in removing some tough infections. I use it only a last resort, however.

But, I am not a professional ComboFix helper.  There are ComboFix-experts in this forum, however; and I do believe they'll hesitate not to offer any help -- if needed -- in less than a "New York Minute."

Good luck.
0
 
jcimarronCommented:
MagsMcKinley14--
FWIW--gathernetworkinfo.vbs does not seem to be a virus or malware.
http://windows7forums.com/windows-7-support/5649-gathernetworkinfo-vbs.html

http://www.boostbyreason.com/resource-sha1-628b6b4bf3cc7f77578cf3ccfcc587dbf9ec7e07-gathernetworkinfo-vbs.aspx   Do not run Boost.

In any event I would cancel the Scheduled Task to run it.

And in answer to your original question, the bleeping computer people offer to read your ComboFix log.  They also provide a list of other sites that do this near the end of
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
MagsAuthor Commented:
Now look what you've done...just kidding!!

I went to BleepingComputer as suggested and just signed up for their Malware Removal Training Program!  I am so excited!!

Maybe when I graduate I'll apply to be an Expert with Experts Exchange!!  You have all been such a help to me!

In the meantime if anyone would be willing to read the ComboFix Log here on Experts Exchange I would greatly appreciate it since I was told by aadih to go ahead and run it.

If not I will jump over to a suggested forum to have them read it...it would just be helpful to me to have someone with EE read it since I have already posted all my logs.

Let me know.

Thanks,
Mags
0
 
jcimarronCommented:
MagsMcKinley14--Yes, we would be honored to have you join the ranks of E-E Experts.  Here is the Antivirus Support home page.
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/

Going back to your original post, I am looking at all the things you did.  At what point in time did you run ComboFix?
0
 
MagsAuthor Commented:
Hi jcimarron
Very last scan...today I ran full MBAM scan as requested - no threats.  Have not done clean up yet...waiting for an all clear!!
Mags

PS  Thanks for your encouragement!!
0
 
aadihCommented:
I believe your PC is clean.  

Let's know, however, if you find anything to the contrary.
0
 
jcimarronCommented:
MagsMcKinley14--While no expert, I agree with aadih .  That is why I asked when you ran ComboFix.  I suspect you had gotten rid of the baddies before then from running all the other scans.
0
 
Mohammed HamadaSenior IT ConsultantCommented:
Mags
did you run any crack for any software recently?
0
 
MagsAuthor Commented:
Hi Mohammed,
Sorry if I don't know the lingo...what do you mean by "run any crack for any software recently?"  Thanks for chiming in!

I will do cleanup tomorrow unless anyone thinks otherwise.
Thanks,
Mags
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I think you had a trojan or something like that by looking at your combofix log. the registry seems to had Iflashbroker which is mostly reported as a part of trojan/hacking tool or virus.. Probably it's a left over since you ran combofix.
Try to check your registry if it's still there. create a restore point and backup the registry before you go on and delete it.

Check malwarebytes.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
0
 
MagsAuthor Commented:
Thanks...I'll take a look.
0
 
MagsAuthor Commented:
Mohammed I found [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] but was denied deleting it.  IFlashBroker5 was part of it...was that the only part I should have attempted to delete or the entire registry entry?
Thanks,
Mags
0
 
aadihCommented:
Right click on the key and change permissions (to everyone).  Then delete the entire key.

Also delete {6AE38AE0-750C-11E1-B0C4-0800200C9A66} from HCR/CLSID if it exists there.

[Caution: Make a restore point before making any registry changes.]
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I believe you can delete it in safe mode if the permission changing as Aadih mentioned didn't work.

But before deleting the key make sure you export it. just as a backup procedure.
0
 
MagsAuthor Commented:
Thanks...I already backed it up...I will start her computer in Safe Mode tomorrow and try.
Mags
0
 
MagsAuthor Commented:
Okay...went into safe mode and still got the message "Cannot delete - Error while deleting key.  I believe I have Permissions set correctly to allow.  Do I?


Also what is ANONYMOUS LOGON?  CREATOR OWNER??

Just curious...I have a similar entry on my computer with the Data being IFlashBroker4.  Should I be concerned??  I do not believe I have had any malware on this computer.
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I have the same key as well but I don't have anonymous. from what I can tell this reg key is there by default and it belongs to the registry to some kind of COM interface which provides windows with services.

Microsoft provided a very brief explanation about it here
http://msdn.microsoft.com/en-us/library/ee487925.aspx

This link provide good and comprehensive and by reading part of it I can tell that it might be a trojan which has loaded a service on the PC.

http://www.codeproject.com/Articles/1265/COM-IDs-Registry-keys-in-a-nutshell


I'm not sure how much are you familiar with Windows Services but looking at the services console you could probably tell if you have any weird services running there? This might explain why you can't delete the reg key.

If you would like to continue further with this, please follow the steps in the below Link and provide your logs here to investigate.

http://forums.malwarebytes.org/index.php?showtopic=115198
0
 
aadihCommented:
0
 
MagsAuthor Commented:
Hi moh10ly ANONYMOUS LOGON and CREATOR OWNER seem to be associated only with the registry entry we are trying to delete.

I glanced at services but do not know them well enough to know if something is incorrect.

I followed your Malwarebytes link and since I have already run ComboFix and RogueKiller I have run OTL and am attaching the logs.  I did not run the scan with custom settings since it seemed specific to their issues and not mine.  I only customize things when specifically asked...let me know.

{6AE38AE0-750C-11E1-B0C4-0800200C9A66}  was not included in HCR/CLSID
Thank you,
Mags
OTL.Txt
Extras.Txt
0
 
MagsAuthor Commented:
Hello...is anyone available to read the OTL logs?
Should I be concerned about ANONYMOUS LOGON and CREATOR OWNER swhich seem to be associated only with the registry entry we are trying to delete - [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]?
Thanks a million!
Mags
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Mags,

This is the first I've seen this question.  I am definitely not a combofix logs reader.  But have you run chameleon (from MBAM) in safemode with networking?

Follow the instructions on the following page (even though they are not for the specific problem you are having)

http://forums.malwarebytes.org/index.php?showtopic=125373

Good luck!
0
 
David Johnson, CD, MVPOwnerCommented:
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

Wild Tangent is something that I don't like. But I see that it is part of the HP suite of products.

I'd be tempted to do a  (from an elevated command prompt)
sc delete GamesAppService
and delete the WildTangent Games folder
But that is just me.. Wild Tangent has a bad reputation.  Same with removng ASK.com from the search providers.

Are you still having the msconfig problem?



Also what is ANONYMOUS LOGON?  CREATOR OWNER??
Just curious...I have a similar entry on my computer with the Data being IFlashBroker4.  Should I be concerned??  I do not believe I have had any malware on this computer.

No don't be concerned about these security entries they are a  normal local account.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I am of the same mind when it comes to WildTangent.  If you can get it off the machine the owner will be better off.  Also get rid of any BHOs (like ask.com toolbar) that the user does not use.
0
 
MagsAuthor Commented:
Thanks for the suggestions...I will set up a time to access her computer.  

They like to play solitaire and some other games that came with the computer will deleting GamesAppService and the WildTangent Games folder cause an issue with that?  If never worked with these.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I suggest deleting WildTangent anyway and have them get the games elsewhere.  I don't see if you said this was a Windows 7 machine (sorry if I missed that), but if so, WildTangent is not needed for the games that come with win7.  As for GamesAppService - I have no idea.  Is this an OEM model (sounds like it)?  If so, getting rid of the OEM add ons is a must.
0
 
Fred MarshallCommented:
I'm not sure where to start.
I clean up lots of computers (almost all of them successfully).  Rarely, if ever, do I have to resort to reading logs.  That's more an exercise in inefficiency if you don't know how or what to do with the results.
But, on rare occasion, I've manually removed things that were reported by some tools.
Rarely do I resort to reinstalling Windows (under 5% of cases).

In a small number of cases one can find out what the parasite is and can find a reputable removal tool that's targeted to that parasite.  
There are some peripheral fixit tools that rather fall into this category that restore Start menus, desktop icons, etc.

I would suggest that NO scanner can find everything.  So, keep a bunch of good ones available.

You might do things in this orderr:

CCleaner / cleaner to get rid of temporary files where parasistes often lurk.

Malwarebytes.  If a Quick Scan reveals nothing then you might be done.
If a Quick Scan reveals anything then a Full Scan is indicated.
And, as above, it may mean nothing has been solved.
I'm much more comfortable when it finds and removes things.

HiJack This! is good for generaly cleanup.  I don't know that I've every actually pinpointed a parasite with it.  But, I've become rather skilled in being very aggressive in removing things without breaking anything.  I don't view it as very important to this discussion.

SuperAntispyware.

Trojan Remover.

RogueKiller from Tigzy I've been using more often and believe it to be pretty effective.  It appears you haven't run this and I would suggest it.

I will use Combofix wihout advice or special scripts when I'm feeling adventurous and a bit stymied.  After all, if one is going to be faced with reinstalling Windows as a next step, then what's to lose?  It's never broken anything anyway that I know of.

When you *think* the computer is clean then you want to ask: "Is it?"
- Does Internet Explorer get you to Windows Updates?  This is often blocked by parasites.
- Do browsers go where they're supposed to go directly without any redirection?  (Sometimes it takes patience here to uncover strange behavior).
- Does anything else strange continue to happen?
I can't say I'm 100% satisfied with these "tests" but it's the best I know to do and it seems to be effective.  I don't get callbacks.

I have found that the ESET online scanner will find things that others don't.  So, when I'm "nervous" about the state of cleanup, I will use it.

Then, in the end, uninstall the tools and installl a good program to protect the computer, update it (no, a new install does not necessarily also update the signatures, etc.).  Run a full scan with it.  Since Norton was disabled, I'd remove it and install something else to avoid damaged Norton elements.

CCleaner registry cleaner to clean up in the end.

In my experience, infected computers result from:
- out-of-date protection programs!!  Some people just don't get that they have to be current.  This includes using old versions of the programs even if they are "fully" updated (re: signatures, etc.).
- User habits.  Adventurous users cause more problems than anything else on computers that are "protected".  No protection is perfect.
- There are plenty of guides on safe / safer practices.
- In some cases, using Parental Controls or the equivalent that is password protected FROM the User is necessary for longevity of cleanliness.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Although fmarshall makes some very good points.  Some things though you need to be very careful of.  For instance, CCleaner is an excellent tool. but is dangerous to use if you don't know what is hitting the computer.  Some of the more recent (past 18 months) malware moves necessary system files and user documents to the temp directory, so running CCleaner using defaults might cause even more damage.  You should definitely check out and completely read this article:

http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

Also, Most of my extensive collection of tools are portable - they run from a stick which is write protected.  This is important since sometimes you are going to try and recover a file and you don't want to overwrite it with a new install.  Also some malware won't let you install new software.

I have found that SuperAntiSpyware tends to miss more than MBAM.  And Chameleon from MBAM is a combination of Roguekiller and MBAM like a dynamic duo.  I have yet to come up against a problem that can't be beat with Chameleon and a few other tools , depending on the type of infection.

Fmarshall is correct about protecting the computer from the user.  There is very little you can do if the user starts clicking links in their email.
0
 
Sudeep SharmaTechnical DesignerCommented:
Hi Mags,

Sorry for chipping in late on this issue. I have gone through the Combofix logs and it has done its part already, here:

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Dale and Sheesh\g2ax_customer_downloadhelper_win32_x86.exe

and here:
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.

My only concern is one of the sys file which is getting loaded from the Downloaded folder of the user:

 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Dale and Sheesh\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys

I would recommend to scan the file on online virus scanners and see if this file is harmful, otherwise Combofix logs are good.

I would request you to submit the file to any one of these URLs below:

http://virusscan.jotti.org/en

http://www.virustotal.com/

http://www.threatexpert.com/submit.aspx

They would let you know if the file is harmful.

Sudeep
0
 
MagsAuthor Commented:
tzucker thanks for the info...I think I will try it on one of my machines first.

fmarshall thank you for your info...I follow most of the same procedures you have listed...I think you are right about ComboFix so I appreciate that.

I do have one question for you in regards to running CCleaner first.  I use to do that all the time but then read in several places it should only be done once you believe the computer is clean.  I'm not sure where I read that, just now tried to look it up and couldn't find it.  I would appreciate your input on running CCleaner at the beginning of the cleanup process.

Thanks,
Mags
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
As I said, I would definitely no run it first.  I too would be interested in fmarshall's reasoning - I'm always open to new ideas.
0
 
Fred MarshallCommented:
The other approach would be to delete the temp files.  If you're concerned about that then maybe not.  Historically, the temp files have held parasites.
0
 
Fred MarshallCommented:
I very much appreciate the sites that provide help.  But having been rejected as a trainee, I'm a bit put off.
I have NO idea what they are doing except at a very high level - i.e. "here, run this script" isn't very informative.
It can take days and days to get satisfaction and one must have access to the infected computer all the while.  Often this isn't practical.
So I feel compelled to do it myself.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Fmarshall,

I too was put off by Majorgeeks when I inquired about doing exactly what I do here, there.  That's alright, in that I like the format better here.  Do it yourself is generally the best way to go about things, as long as you are informed, which doesn't seem to be a problem in this instance.

Most users and technicians really have very little idea of the best way to go about getting rid of the newest variants.

A little reading on their part can go a long way.  I'm generally the go-to person in my institution when it comes to windows infections, fortunately or unfortunately.  This means I spend a lot of time do virtually the same thing over and over again.  I've gotten pretty good at it and I now have a standing policy - if their computing environment/computer does not meet my requirements, I won't even touch their machine.

Although it has changed somewhat, my policy is still pretty much what you see here.
0
 
MagsAuthor Commented:
Hey Sudeep thanks for chipping in...I installed EmsisoftEmergencyKit and have used it effectively on several computers...it was recommended to me by an expert here on EE.  Still need for concern??  Thanks for taking a look at the ComboFix log.

I will be on my clients computer tomorrow and post you up.
0
 
Sudeep SharmaTechnical DesignerCommented:
I see you ran OTL too. Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

    Double-click OTL.exe to start the program.
    Copy and Paste the following code into the Custom Scans/Fixes textbox.
============================================
:otl
IE:64bit: - HKLM\..\SearchScopes\{7071600E-0858-4850-A0F3-D0AEAE684530}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FFF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll ()
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll
O3 - HKU\S-1-5-21-520623350-1644863393-1938669185-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
C:\Users\Dale and Sheesh\AppData\Roaming\PFP100JPR.{PB
C:\Users\Dale and Sheesh\AppData\Roaming\PFP100JCM.{PB
ipconfig /flushdns /c
:Commands
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
======================================================
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Sudeep
0
 
MagsAuthor Commented:
Hi Sudeep, I applied the fix, attached is the log.  The unusual thing is now when she opens up Windows Live mail she can see her mail but there is no message in the body of the email.  I do not have a system restore point to go back to.  Please advise.
Mags
06262013-143648.log
0
 
MagsAuthor Commented:
Sudeep since I didn't hear back I simply updated WLM and deleted and readded her email account.  She is good to go unless you see something in the log I sent.
Thanks,
Margaret
0
 
Sudeep SharmaTechnical DesignerCommented:
Logs looks good. If the system is running fine now then you are good to go. Just cleanup is left.

From OTL hit the "Cleanup" button, which might ask to reboot. After the reboot. update the following:
Adobe Acrobat Reader
Adobe Flash for IE, Mozilla and Chrome.
Java.

Flash for IE:
http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player_ax.exe

Flash for all other Browsers:
http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player.exe

Adobe Acrobat Reader:
ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.03/en_US/AdbeRdr11003_en_US.exe

Java:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

Sudeep
0
 
MagsAuthor Commented:
Thanks...will do...I will let you know when finished!
Thanks,
Mags
0
 
MagsAuthor Commented:
Finished...not sure what happened to Windows Live Mail but I got it working.
0
 
MagsAuthor Commented:
Thanks Sudeep for reading the logs...I'm not sure what happened to WLM but all seems to be resolved.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 22
  • 9
  • 6
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now