Page 8 of 14 FirstFirst ... 678910 ... LastLast
  1.    18 Aug 2016 #71
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Perform a Clean Boot in Windows 10

    Only that part of the tutorial - other sections describe other methods

    After you restart - run Rkill again

    Then run HitmanPro

    If it's already running, Perform a Clean Boot in Windows 10 after it finishes


    Note: I think you have to tell Hitman that you don't have a license to get to the 30 day trial
    Let me know if that doesn't get it up and running
    I don't want you to think that you have to buy Hitman for this process
      My ComputerSystem Spec
  2.    18 Aug 2016 #72
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Quote Originally Posted by simrick View Post
    @Slartybart -
    I have noticed these same 2 items on systems I have scanned this week. I think they may be nothing.

    * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [Incorrect ImagePath]

    * PrintNotify => C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll [Incorrect ServiceDLL]

    I know the missing services thing is a bug that keeps reappearing.
    The temp file, well, that looks to be a problem; not sure what it is.

    * C:\Users\MyrnaZ\AppData\Local\Temp\{7E6122F0-DB5E-430A-A6AE-6F73E75D1A32}\{BCCE466F-5194-418B-B7A4-55A77A6E62F6}.exe (PID: 16284) [T-HEUR]
    Thanks,

    I think we've covered all of the bases - not sure if everything has been done - yet.

    I think the best course is to keep moving forward. I'll look through the thread for logs and do a recap of things suggested and logs found.

    Here's what I'm thinking

    Clean Boot to disable all non MS services and disable all Startups
    Rkill just to be safe (I don't think it found anything to kill, but I'd have to look at the log again)
    <!> Rkill only found one object to kill, so yes it should be run.
    Run HitmanPro

    TDSSkiller - I have to check - did I suggest that in this thread or was that in another thread
    <!> I might change my mind on TDSSKiller and suggest BitDefender Rescue.
    <!> I don't think both are necessary, wouldn't hurt. What do you think, TDSSkiller, Bitdefender, or both ... or some other tool?

    Since Mbam started us down the Poweliks Trojan path, I think it's at least warranted to query the registry
    Command Prompt (Admin)
    reg query "HKCU\software\classes\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}" /s

    The key wasn't found on my machine, so it's probably a safe bet to delete it if found on Myrna's machine
    <!> To make an informed decision, I'd have to see the results of the query - any thoughts?
    <!> Google results for the key

    I started writing instructions in my text editor, but Bitdefender kept putting the file in quarantine - that's when I said
    "Hey why not get an offline Bitdefender Rescue CD involved on Myrna's machine"

    More scans can't hurt, but I don't want to wear Myrna out with tech overload.
      My ComputerSystem Spec
  3.    18 Aug 2016 #73
    Join Date : Aug 2016
    So. CA
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter

    Code:
    HitmanPro 3.7.14.265
    www.hitmanpro.com
    
       Computer name . . . . : MYRNAZ-HP
       Windows . . . . . . . : 10.0.0.10586.X86/2
       User name . . . . . . : MYRNAZ-HP\MyrnaZ
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2016-08-18 16:53:32
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 19m 24s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 167
    
       Objects scanned . . . : 1,730,318
       Files scanned . . . . : 104,052
       Remnants scanned  . . : 582,956 files / 1,043,310 keys
    
    Potential Unwanted Programs _________________________________________________
    
       C:\Program Files\Reimage\ (ReimageRepair)
       C:\Program Files\Reimage\Reimage Protector\ (ReimageRepair)
       C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (ReimageRepair)
          Size . . . . . . . : 6,476,144 bytes
          Age  . . . . . . . : 3.2 days (2016-08-15 12:38:00)
          Entropy  . . . . . : 6.5
          SHA-256  . . . . . : BAB6C5192B19C2A989D503543DCBA7F43F847FA6BA6F99099F2ED81B0E41266D
          Product  . . . . . : Reimage Real Time Protection
          Publisher  . . . . : Reimage®
          Description  . . . : Reimage Real Time Protection
          Version  . . . . . : 2.0.1.1
          Copyright  . . . . : Reimage®. All rights reserved.
          RSA Key Size . . . : 2048
          LanguageID . . . . : 1033
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -12.0
          Forensic Cluster
             -151.3s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_5FC06980614234371AC1CAF7D2C583C5
             -151.3s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_5FC06980614234371AC1CAF7D2C583C5
             -149.4s C:\Windows\Prefetch\SETHC.EXE-6A2DC453.pf
             -146.7s C:\Windows\Prefetch\ATBROKER.EXE-2E15A492.pf
             -146.4s C:\Users\MyrnaZ\AppData\Local\Temp\nsoE6A2.tmp\
             -146.3s C:\Users\MyrnaZ\AppData\Local\Temp\downloader log.txt
             -146.1s C:\Windows\Reimage.ini
             -143.8s C:\Windows\Prefetch\SQLITE3.EXE-8A938E27.pf
             -143.7s C:\Windows\Prefetch\NSE963.TMP-E0C072FE.pf
             -136.7s C:\Windows\Prefetch\REIMAGEREPAIR.EXE-799D0DD2.pf
             -107.0s C:\Windows\Prefetch\NS7D97.TMP-2C66561A.pf
             -94.5s C:\Windows\Prefetch\NSAF48.TMP-A8EF311A.pf
             -81.6s C:\Windows\Prefetch\TASKLIST.EXE-C6CEE193.pf
             -81.6s C:\Windows\Prefetch\NSDF51.TMP-0AF7FFFB.pf
             -79.6s C:\Windows\Prefetch\NSE7CE.TMP-61983207.pf
             -69.4s C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
             -69.2s C:\Users\MyrnaZ\AppData\Local\Temp\nsoE6A2.tmp\stack.dll
             -69.2s C:\Users\MyrnaZ\AppData\Local\Temp\downloader_version.xml
             -69.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\downloader_version[1].xml
             -69.1s C:\Users\MyrnaZ\AppData\Local\Temp\nsoE6A2.tmp\xml.dll
             -69.0s C:\Users\MyrnaZ\AppData\Local\Temp\repair_version.xml
             -68.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\repair_version[1].xml
             -68.7s C:\Users\MyrnaZ\AppData\Local\Temp\ack.txt
             -67.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\events4mem[1].htm
             -67.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\events4mem[1].htm
             -65.7s C:\Windows\Prefetch\NS1B82.TMP-5C6B334C.pf
             -64.6s C:\Users\MyrnaZ\AppData\Local\Temp\ReimagePackage.exe
             -64.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\ReimagePackage1842[1].exe
             -60.3s C:\Windows\Prefetch\NS313D.TMP-D9873CCA.pf
             -58.3s C:\Windows\Prefetch\NS3A47.TMP-53982896.pf
             -56.6s C:\Windows\Prefetch\NS42B5.TMP-00DA5334.pf
             -44.2s C:\Windows\Prefetch\NS7290.TMP-93162ABD.pf
             -42.2s C:\Windows\Prefetch\NS7A51.TMP-9F9B8469.pf
             -40.2s C:\Windows\Prefetch\NS81F3.TMP-498C5D9D.pf
             -39.2s C:\Users\MyrnaZ\AppData\Local\Temp\nsoE6A2.tmp\registry.dll
             -38.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\installer[1].xml
             -37.6s C:\Users\MyrnaZ\AppData\Local\Temp\repair setup log.txt
             -35.9s C:\Windows\Prefetch\NS929E.TMP-8BC4021F.pf
             -30.9s C:\Windows\Prefetch\NSA636.TMP-C2343D22.pf
             -29.9s C:\Program Files\Reimage\
             -28.4s C:\Windows\Prefetch\REIMAGEPACKAGE.EXE-B144F924.pf
             -24.3s C:\Windows\Prefetch\LZMA.EXE-7095A461.pf
             -24.3s C:\Windows\Prefetch\NSB72F.TMP-E9C1D5D7.pf
             -21.6s C:\Windows\Prefetch\NSCAB8.TMP-12D920E0.pf
             -16.4s C:\Users\MyrnaZ\AppData\Local\Temp\nseE281.tmp\
             -16.1s C:\Users\MyrnaZ\AppData\Local\Temp\nseE281.tmp\stack.dll
             -16.0s C:\Users\MyrnaZ\AppData\Local\Temp\protector_version.xml
             -15.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\protector_version[1].xml
             -15.9s C:\Users\MyrnaZ\AppData\Local\Temp\nseE281.tmp\xml.dll
             -15.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\scan_agent_events[1].htm
             -14.0s C:\Windows\Prefetch\NSE61C.TMP-B190D88E.pf
             -13.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\ProtectorPackage2011[1].exe
             -7.9s C:\Windows\Prefetch\NSDC4D.TMP-473F9E9D.pf
             -6.1s C:\Windows\Prefetch\PROTECTORUPDATER.EXE-6B34391D.pf
             -6.0s C:\Users\MyrnaZ\AppData\Local\Temp\nsfB09.tmp\
             -4.6s C:\Windows\Prefetch\NSC13.TMP-492F97CA.pf
             -2.5s C:\Windows\Prefetch\NS1490.TMP-84B89B85.pf
             -1.2s C:\Program Files\Reimage\Reimage Protector\
              0.0s C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
              0.3s C:\Windows\Prefetch\UNIPROTECTORPACKAGE.EXE-4C4EE480.pf
             10.6s C:\Windows\Prefetch\NS23F3.TMP-3B2ECE65.pf
             12.9s C:\Windows\Prefetch\REIGUARD.EXE-D89BDA1F.pf
             16.1s C:\Windows\Prefetch\REISYSTEM.EXE-3896CB89.pf
             16.3s C:\Users\MyrnaZ\AppData\Local\Temp\nsfB09.tmp\stack.dll
             17.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\scan_agent_events[1].htm
             17.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\cfl1842[1].rei
             18.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\install_end[1].htm
             19.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\events4mem[1].htm
             19.3s C:\Windows\Temp\reimage.log
             19.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\events4mem[1].htm
             22.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x00000000000000c7.db
             26.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\132[1]
             28.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\splash_screen[1]
             28.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\layout[1].htm
             28.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\splash_screen[1]
             29.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\en[1].css
             29.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\gui[1].css
             29.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\general[1].js
             29.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\ok_hover[1]
             29.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\animation[1].js
             29.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\start_repair_green_btn[1]
             29.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\xml[1].js
             29.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\start_repair_green_btn_hot[1]
             29.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\182x39_start_repair_1[1]
             29.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\gui[1].js
             29.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\guiEx[1].js
             29.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\logging[1].js
             29.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\fixtree[1].js
             29.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\wz_jsgraphics[1].htm
             29.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\graph[1].js
             29.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\AC_OETags[1].htm
             29.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\md5[1].htm
             30.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\close2[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\user_m[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\info_icon3[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\button_Yes[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\button_No[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\button_Reboot_modified[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\button_OK[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\button_restart[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\button_Ignore[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\button_TryAgain[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\button_Exit[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\upper_button_t[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\button_renew[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\corner_bee_scan[1]
             30.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\corner_bee1[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\progress_round_43sec[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\progress_round-full[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\q_mark2[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\gauge_back3[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\gauge_needle2[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\thermo_liquid_top[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\thermo_lines[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\big_x[1]
             30.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\big_v[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\balloon_01[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\balloon_02[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\balloon_03[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\balloon_04[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\balloon_05[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\balloon_06[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\balloon_07[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\balloon_08[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\balloon_09[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\balloon_10[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\popup_BG[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\call-center-left[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\call-center-middle[1]
             30.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\call-center-right[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\ok[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\stop_btn2[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\red_led[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\progressbar_green_left2[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\progressbar_gray[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\progressbar_green3[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\progressbar_green_right_middle[1]
             30.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\progressbar_gray_right2[1]
             30.8s C:\Windows\Prefetch\REIMAGE.EXE-4681D307.pf
             30.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\empty_sign[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\thermo_liquid_middle[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\thermo_back[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\threat_bar_new[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\threat_bar_indicator[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\arrow_down[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reset_explorer[1]
             31.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\GUI_skin_annual_register[1]
             31.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\events4mem[2].htm
             32.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\loading_animation_light_white[1].gif
             32.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\events4mem[2].htm
             32.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\orange_led[1]
             33.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\green_led[1]
             34.1s C:\Users\MyrnaZ\AppData\Local\Temp\reimage.log
             34.2s C:\Users\MyrnaZ\AppData\Local\Temp\Microsoft.Explorer.Notification.{E5192AB1-3598-A1CD-F7E5-03254AB5F412}.png
             38.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\rei1842[1].ini
             38.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\ApplicationList[1].ini
             39.3s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
             59.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\gui_start_pixel[1].htm
             62.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\folder_icon_fff[1]
             63.4s C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf
             66.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\v_sign_anim[1]
             70.2s C:\Users\MyrnaZ\AppData\Local\Google\Chrome\User Data\Default\Cookies.back024
             70.2s C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\cookies.sqlite.back98
             77.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\small-bar_greyBG[1]
             77.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\small-bar_whiteBG[1]
             102.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\small-bar_indicator[1]
             108.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
             108.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
             108.7s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_EA9D5D5FED7C43E6CA70C1B14B959187
             108.7s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_EA9D5D5FED7C43E6CA70C1B14B959187
             108.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[1].htm
             109.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_334ED69A36BF882B447815998BE46E97
             109.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_334ED69A36BF882B447815998BE46E97
             109.8s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0CCA7F4B3366C6FAA13012C139D5D8C6_22CF49082707ABA47B0D221989F9C715
             109.8s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0CCA7F4B3366C6FAA13012C139D5D8C6_22CF49082707ABA47B0D221989F9C715
             113.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[1].htm
             116.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_F92E63E459D937F1515A009509C3C662
             116.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_F92E63E459D937F1515A009509C3C662
             116.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[1].htm
             118.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[1].htm
             119.9s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_8882E6641F4980577F6015B0188D2368
             119.9s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_8882E6641F4980577F6015B0188D2368
             120.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[2].htm
             124.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[2].htm
             125.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[2].htm
             126.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[2].htm
             129.7s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_26300638DA5DAC8F64C5E0B68BBFDC2C
             129.7s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_26300638DA5DAC8F64C5E0B68BBFDC2C
             129.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[3].htm
             131.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[3].htm
             134.3s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_6119572951B55A1528DBDDBA71BE9331
             134.3s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_6119572951B55A1528DBDDBA71BE9331
             135.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[3].htm
             138.3s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_84C532476A9C33613C668534EC557102
             138.3s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_84C532476A9C33613C668534EC557102
             138.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[3].htm
             141.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[4].htm
             141.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[4].htm
             141.6s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[4].htm
             145.8s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_81F72B4CE54BBA14B10B56CA4A0F4392
             145.8s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_81F72B4CE54BBA14B10B56CA4A0F4392
             146.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[4].htm
             148.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[5].htm
             152.5s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[5].htm
             154.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[5].htm
             156.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[5].htm
             160.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[6].htm
             164.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\sand_anim[2]
             164.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\x_sign_anim[1]
             170.1s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\36AC0BE60E1243344AE145F746D881FE
             170.1s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\36AC0BE60E1243344AE145F746D881FE
             174.8s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_A5A4BCEDBC2DCBF3722596C383981C66
             174.8s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_A5A4BCEDBC2DCBF3722596C383981C66
             174.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[6].htm
             180.4s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[6].htm
             181.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\x_sign_blink2[1]
             182.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_FB6BD2AF592BD59C48D4520A31AC1EA3
             182.6s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_FB6BD2AF592BD59C48D4520A31AC1EA3
             182.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[6].htm
             183.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[7].htm
             185.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[7].htm
             186.9s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162
             186.9s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162
             187.1s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[7].htm
             190.3s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[7].htm
             190.7s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F8AAE6A916F668584D043F6543292194_F45F43EB73D03DDA599355E10897F726
             190.7s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F8AAE6A916F668584D043F6543292194_F45F43EB73D03DDA599355E10897F726
             190.9s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[8].htm
             195.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[8].htm
             197.9s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_3EAEAB67121169D5C037E4B1278DEA7C
             197.9s C:\Users\MyrnaZ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_3EAEAB67121169D5C037E4B1278DEA7C
             198.0s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\C8EP8F3S\reimageavmem[8].htm
             200.7s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\H5VL8Q1Q\reimageavmem[8].htm
             204.8s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\9EOOJB6P\reimageavmem[9].htm
             211.2s C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCache\IE\XPKN9IF6\reimageavmem[9].htm
    
       C:\Windows\Reimage.ini (ReimageRepair)
       HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine\ (ReimageRepair)
       HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ (ReimageRepair)
       HKLM\SOFTWARE\Reimage\ (ReimageRepair)
       HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ (ReimageRepair)
       HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ (ReimageRepair)
       HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Reimage\ (ReimageRepair)
       HKU\S-1-5-21-2048041476-2006749296-819459500-1035\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com\ (AskBar)
    
    Cookies _____________________________________________________________________
    
       C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCookies\Low\048QCG2T.txt
       C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCookies\Low\PDAVV334.txt
       C:\Users\MyrnaZ\AppData\Local\Microsoft\Windows\INetCookies\Low\Q9094VK4.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\01OEI5AA.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\08E70RQF.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0OO6JCQL.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0WZIYHZ2.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0YUSPL18.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\11AZCGFH.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\16T0OZNR.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1M44VXFE.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1PEC9FNW.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2HPQQ5FM.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2PLCDKK3.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2R5BN9RD.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2REALCNI.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\34MA99XF.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3BBLNAT1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3COP62U6.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3RVZYX1J.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3X3LHRK8.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4CRXYD50.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4EL4PVAL.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4QV7ENQC.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4XT9PUSB.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\51MMF1MU.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\55M5NUQ5.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\58P5TBLQ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\59M9J3HS.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5AHI2YVH.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5L141OEM.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5UF6GRP1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5WPUH7QJ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6658ZE6S.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\670L64GB.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6GDRUM9J.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6SWBB9V3.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6X4DH0LS.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\73DLND92.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7513OUXC.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\767LTRBQ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8E14U8OM.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\94YWYW6C.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9CXDK7E7.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9S4K8OD0.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9VLD8B1E.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AF66C0L1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AJXO449A.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\B9IMG3Z6.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BY8LL9F6.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C1M0XRIX.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CLSTLA2U.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CYLXQKZA.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D5B5ITUG.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D62VQN72.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D8WY0MP0.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DNS9IR1W.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DOPOZFEY.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\E5TBQ9CU.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EU2N8NAU.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EUBZ7UMK.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F39CGWAR.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FDXEXXXI.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FHH2CS1T.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G3D8WT25.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G7S78VMB.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G9GS93QI.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GFKLTT92.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GG92U2IQ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GV9T3ZVI.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GX7Y6VOX.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GZ8RXPX2.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H3OZ2HI9.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H4RDGI7T.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HBBEVFUU.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HRH8ZN8U.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I0LKS5AC.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I9ERN3BP.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I9F755V6.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IEA8T8K1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ITZ2VXQE.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JY9FQSIG.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K0IVTNSI.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K3IYBG7B.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KAD9V12M.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LGB23G27.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LHVZDMAQ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LN2IYN9N.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LUOM8OZL.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M41KAZUR.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MHK8P25K.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MJ1S4XSH.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ML1FQ5J7.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MT1NDXNY.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N7L00GOW.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NMPDWDP1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O067942E.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O6F8GXDL.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OYHC9LW1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\P2J0JDWL.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\P93USM62.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PKAN24DA.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q7W28DK3.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QAF3AY5C.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QDE3X56V.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QO7Q6SEP.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QT79XCYW.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QVEOPIPX.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QVL5FBQI.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RCY72O3S.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RW2NN0IZ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RXTSCGZ7.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S94OZ3NJ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SX447H1A.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T8UV1553.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TJ6MOX91.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TNANGJF5.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UIZ40VYO.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UK3UKFIW.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UNYQDZLZ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UR1QOPC4.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UYWKIKFA.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\V3KMDQ0L.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\V4BG0MX7.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VIEN0GCE.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VQYJT018.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\W94KDSLG.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WAQ9FB2W.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WUU2QF3I.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XGC97HC5.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XOIVAYAM.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XX1JRINK.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Y19CC00R.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Y3FVRGOJ.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YCE49XVP.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YFK9SXVK.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZGWMHJON.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZSCV8UX0.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\2CPVLHS9.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\91KRJCY7.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\AQTML2VE.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\ARSR8CUE.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\DURZOKGT.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\MJP3KYE0.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\OX4Y05YH.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\Q1YVBIQT.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\UH9F6PUU.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\XWI7Z3R1.txt
       C:\Users\MyrnaZ\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\YX85F5T7.txt
      My ComputerSystem Spec
  4.    18 Aug 2016 #74
    Join Date : Aug 2016
    So. CA
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter

    If I can not run the ESET to its completion what do I do about the 8 threats it detects before finishing?
      My ComputerSystem Spec
  5.    18 Aug 2016 #75
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Quote Originally Posted by Slartybart View Post
    Thanks,

    I think we've covered all of the bases - not sure if everything has been done - yet.

    I think the best course is to keep moving forward. I'll look through the thread for logs and do a recap of things suggested and logs found.
    Sounds good.

    Quote Originally Posted by Slartybart View Post
    Here's what I'm thinking

    Clean Boot to disable all non MS services and disable all Startups
    Rkill just to be safe (I don't think it found anything to kill, but I'd have to look at the log again)
    <!> Rkill only found one object to kill, so yes it should be run.
    Run HitmanPro

    TDSSkiller - I have to check - did I suggest that in this thread or was that in another thread
    <!> I might change my mind on TDSSKiller and suggest BitDefender Rescue.
    <!> I don't think both are necessary, wouldn't hurt. What do you think, TDSSkiller, Bitdefender, or both ... or some other tool?
    I've never used BitDefender Rescue. But, I think we are still waiting for the results of TDSSKiller?

    Based on what I've read about this threat, the reg key is activated by a call to the particular CLSID, so, I doubt we'll find a rootkit (but, never know). I am thinking we will want to get to Ccleaner eventually, and get screenshots of Startup tabs to determine if anything needs to be disabled/removed that way, and run the cleaner on the registry to get rid of ReImage leftovers as well?

    Quote Originally Posted by Slartybart View Post
    Since Mbam started us down the Poweliks Trojan path, I think it's at least warranted to query the registry
    Command Prompt (Admin)
    reg query "HKCU\software\classes\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}" /s
    Agreed.
    Quote Originally Posted by Slartybart View Post
    The key wasn't found on my machine, so it's probably a safe bet to delete it if found on Myrna's machine
    <!> To make an informed decision, I'd have to see the results of the query - any thoughts?
    <!> Google results for the key


    Nor mine.

    Quote Originally Posted by Slartybart View Post
    I started writing instructions in my text editor, but Bitdefender kept putting the file in quarantine - that's when I said
    "Hey why not get an offline Bitdefender Rescue CD involved on Myrna's machine"

    More scans can't hurt, but I don't want to wear Myrna out with tech overload.
    Better more scans, than leftover infection!
      My ComputerSystem Spec
  6.    18 Aug 2016 #76
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Quote Originally Posted by myrnsterMash View Post
    If I can not run the ESET to its completion what do I do about the 8 threats it detects before finishing?
    If, when you first ran the ESET scan, you selected to have it auto-clean threats, then those 8 will be in your quarantine. To access them you can try running the scan again, selecting only memory and the Users sub-folder under C drive. They should show up again (at least that's what their instructions said int he past - hopefully they haven't changed that with their updated scan function).
      My ComputerSystem Spec
  7.    18 Aug 2016 #77
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Looks to me like HMPro found a bunch of Reimage leftovers, a bunch of cookies and one Ask toolbar. I don't see anything else. @Slartybart can confirm.
      My ComputerSystem Spec
  8.    18 Aug 2016 #78
    Join Date : Aug 2016
    So. CA
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter

    Quote Originally Posted by Slartybart View Post
    More scans can't hurt, but I don't want to wear Myrna out with tech overload.
    You have to be joking, if I am not learning something.....well, it is the difference between knowledgeable and embellishers ("yeah, my brother works for the government in IT and he told me all about this....blah blah blah"), then your computer, pc, laptop, whatever starts melting into green goo while you hear the Wicked Witch's cackle screeching "I'm melting."

    No overload of tech overload here.
      My ComputerSystem Spec
  9.    18 Aug 2016 #79
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Quote Originally Posted by myrnsterMash View Post
    You have to be joking, if I am not learning something.....well, it is the difference between knowledgeable and embellishers ("yeah, my brother works for the government in IT and he told me all about this....blah blah blah"), then your computer, pc, laptop, whatever starts melting into green goo while you hear the Wicked Witch's cackle screeching "I'm melting."

    No overload of tech overload here.
    A real trooper!
    When all is said and done, and you have the all-clear, we'll get you set up with Macrium imaging, so if anything ever happens again, you simply restore an image and you're back in business in a matter of minutes/hours, instead of days. Just need an external hard drive for that.
      My ComputerSystem Spec
  10.    18 Aug 2016 #80
    Join Date : Aug 2016
    So. CA
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter

    Quote Originally Posted by simrick View Post
    If, when you first ran the ESET scan, you selected to have it auto-clean threats.
    I was only given options about PUPS and whether to auto delete them, (I did NOT check off the auto delete, because I wanted the info before deleting), but I can not find any log, because it would stop running after it detected the 8 threats. Trust me, I looooooooked, and searched. This info has to exist somewhere, right, but where? Did I make another wrong decision? I like to know and record exactly what I am removing before initiation.
      My ComputerSystem Spec

 
Page 8 of 14 FirstFirst ... 678910 ... LastLast


Similar Threads
Thread Forum
Make a drive ask for password before installing an application?
So, a little context: We have five public gaming computers wich is free to use. The computers are running a 120 GB SSD (C:) with windows 10 and a 2 TB HDD (D:) wich is primaly used for installing games. They are set up with noe administrator user...
User Accounts and Family Safety
Copy data files from a CDROM - access denied
I just upgraded to windows 10. I am trying to copy DATA files and folders from a DVD. This is not music, movies, or anything like that, these are data files I was able to access in prior versions of Windows 10 that I placed them on the DVD myself....
General Support
Solved Do I need to remove other non OS drive?
Hi, I'm pretty sure I'll be upgrading my desktop this week while I'm on vacation. I've done my laptop with no problems at all, it's a Dell Latitude E6400 with Win7 Pro bought refurbished from Newegg. The laptop was a mid 2008 model and W10 works...
Installation and Upgrade
Solved One Drive haters - here's how to remove One Drive from File explorer
Hi there Thanks to topgundcp here's how to remove One Drive from File explorer after a reboot. OneDrive Integration in Windows 8.1 - Enable or Disable 1.Win+R->gpedit.msc 2.Navigate to: Computer Configuration\Administrative...
Software and Apps
Solved How can I remove recent use application ?
As the topic sad how can I remove recent use application like this ? :( http://i.imgur.com/QxSBzLY.jpg
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:55.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums