In such case you need to select "Until restart".A. I had no problems. But AVG only gives 4 options to temporary disable it. And those are to reenable in 5, 10, 15 mins, or until restart. Doesn't give me an option of an hour or more. So I just did until restart. And if my PC restarted after a scan I made sure to disable it again before I did another scan like you requested.
The OTL saved log files in two places:Also the OTL files weren't saved in my local disc C: , they just got saved to the desktop and replaced the previous one I had.
- on the Desktop if you run OTL scan;
- on the disk C: in C:\_OTL\MovedFiles\ folder if you run OTL fix script.
In my previous set of steps I asked you to run the fix script firstly and then finally the fresh OTL scan. It looks like you did not run the fix script at all but run OTL scan twice instead. In the first run you probably put the script contents to the Custom Scan/Fixes text bot but press Run Scan button instead of Run Fix one.
I cannot prove that you downloaded infected installation file but installed application was definitely infected and deleted by ZOEK clean.So it seems like it was the internet download manager that I downloaded like a week ago? Was it infected? Did I download an infected one?
You are welcome!E. YES! I can browse the internet once again! and use internet related apps! Thank you SO MUCH!
Before we start the next step of our treatment, please check again the existence of C:\_OTL\MovedFiles\ folder and if you find there any MMDDYYYY_HHMMSS.log files, post the contents of the most recent one in the next replay as separate post.
Then let continue...
Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
- Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
- Underneath Output at the top, make sure Standard Output is selected.
- Highlight and copy the following entries: into the text box.
(Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)- Code: Select all
:Commands [createrestorepoint] :Files C:\Windows\Prefetch\PURELEADS.SERVICE.EXE-4A3C10E6.pf C:\Windows\Prefetch\PURELEADSCONTROL.EXE-8E038C48.pf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeads.Servic_a77541c0ae186b088591bc7e3a4ddcc821b4e5d_217cbd35 C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeadsSvc.exe_866ed53aae4b69bf325788e226cc0d4c5c6b4_16bca40a C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeads.Servic_a77541c0ae186b088591bc7e3a4ddcc821b4e5d_217cbd35 C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeadsSvc.exe_866ed53aae4b69bf325788e226cc0d4c5c6b4_16bca40a C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Internet Download Manager :Reg [-HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\PureLeads.ini] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR] @="" [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASAPI32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\1296121B] "AppFullPath"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\1296121B] "AppFullPath"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\1296121B] "AppFullPath"=- [-HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\FLEXnet\Connect\db\PureLeads.ini] [HKEY_CURRENT_USER\Software\DownloadManager] "ExePath"=- [HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\IDMan.exe] "Path"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}] "AppPath"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}] "AppPath"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] "AppPath"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] "AppPath"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM] @="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM] @="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IDMan"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}] "LocalizedString"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR] @="" [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Internet Download Manager] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}] "AppPath"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] "AppPath"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}] "LocalizedString"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR] @="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IDMWFP] "Description"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\IDMWFP] "Description"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IDMWFP] "Description"=- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\DownloadManager] "ExePath"=- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\IntelliType Pro\AppSpecific\IDMan.exe] "Path"="- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}] "AppPath"=- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}] "AppPath"=- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] "AppPath"=- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] "AppPath"=- [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM] @="" [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM] @="" [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Windows\CurrentVersion\Run] "IDMan"=- :Commands [emptytemp]
- Click under the Custom Scan/Fixes box and paste the copied text.
- Click the Run Fix button. If prompted... click OK.
- OTL may ask to reboot the machine. Please do so if asked.
- Let the program run unhindered and reboot the PC when it is done.
When the computer reboots, and you start your usual account, a Notepad text file will appear. - Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log
Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
- Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button. - Highlight and copy the following entries: into SystemLook's main text entry window.
(Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)- Code: Select all
:filefind *PureLeads* *Internet Download Manager* :folderfind *PureLeads* *Internet Download Manager* :Regfind PureLeads Internet Download Manager
- Press the Look button to start the scan. Please be patient - it may take a while...
When finished, a Notepad window will open with the results of the scan.
A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt - Please post the contents of the SystemLook.txt file in your next reply.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
Please include in your next reply:
- Do you have any problems executing the instructions?
- Contents of the most recent (if exists) C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run from previous set of instractions
- Contents of the most recent C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after current OTL FixScript run
- Contents of the SystemLook.txt log file
- Do you see any changes in computer behavior?
Thanks,
pgmigg
Failure to post replies within 72 hours will result in this thread being closed