Three notepads will open (do not worry if any are empty) please copy paste each notepad output here.
We need to see the system wide entry for winlogon shell, and others, open Powershell as admin and copy the below cmds, (one at a time) right click anywhere in the powershell window and right click, the cmd will append to the prompt. This is a non default entry and would have been added. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell with a sub key %comspec% value data being c:\windows\system32\cmd.exe. The fact is you have a entry in your registry that is non default, %comspec% (which environment variables confirms is c:\windows\system32\cmd.exe) is added to:. Hi, well if the Op knows what you mean by a 'miner' I would be surprised. PSModulePath C:\Users\Owner\Documents\WindowsPowerShell\Modules C:\Program Files\WindowsPowerShell. PROCESSOR_IDENTIFIER Intel64 Family 6 Model 60 Stepping 3, GenuineIntel Path C:\ProgramData\Oracle\Java\javapath C:\Windows\system32 C:\Windows C:\Windows\System3. LOCALAPPDATA C:\Users\Owner\AppData\Local CommonProgramFiles C:\Program Files\Common FilesĬommonProgramFiles(x86) C:\Program Files (x86)\Common FilesĬommonProgramW6432 C:\Program Files\Common Files
