Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old March 26th, 2019, 11:49 PM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Potential Malware?

Hello All,

Hope all is well. I found this in my startup programs. It just says Program. Seems too vague to be legit. How do I Clean this? I disabled this. What else should I do to ensure no malware? Are there any other suggestions to fine tune my CPU?



Thanks again!
Reply With Quote
  #2  
Old March 28th, 2019, 02:13 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Howdy oasis.g,

Right off let's make your image more accessible.


https://imgur.com/Rj8nP8K


We'll use an older tool to see what's installed there.


Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Reply With Quote
  #3  
Old March 29th, 2019, 12:05 AM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Apex Legends
Apple Application Support (32-bit)
Apple Software Update
Avast Free Antivirus
Avast Secure Browser
Avast Update Helper
Betcoin Poker
BovadaPoker
Contivio.com Client
Contivio.com Client
Electroneum Pool Miner BETA v1.1
Epic Games Launcher
Google Chrome
Google Update Helper
Holdem Indicator 2.9.4.0
Ignition Casino
Ignition Hand Converter
Intel® PROSet/Wireless Software
Launcher Prerequisites (x64)
Ledger Wallet Ripple version 1.0.2
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212
NAOS7000 Software
NAOS7000 Software
Notepad++ (32-bit x86)
NVIDIA Stereoscopic 3D Driver
OEM Application Profile
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Localization Component
Origin
PokerTracker 4 (remove only)
PPPOKER
Realtek Ethernet Controller Driver
REALTEK Wireless LAN Driver
Steam
TunnelBear
TunnelBear
UpdateAssistant
Windows 10 Update Assistant
Reply With Quote
  #4  
Old March 29th, 2019, 02:17 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Darn. I was trying to avoid you using a scanner that turns out a pretty big log file, but nothing is really showing in this view.


For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.
Reply With Quote
  #5  
Old March 29th, 2019, 06:12 PM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Thanks for the help!

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Alex (29-03-2019 10:09:24)
Running from C:\Users\Alex\Downloads
Windows 10 Home Version 1803 17134.648 (X64) (2018-05-19 22:50:38)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1271123810-21777831-3259583340-500 - Administrator - Disabled)
Alex (S-1-5-21-1271123810-21777831-3259583340-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-1271123810-21777831-3259583340-503 - Limited - Disabled)
Guest (S-1-5-21-1271123810-21777831-3259583340-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1271123810-21777831-3259583340-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.2 - Electronic Arts, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 72.0.1174.121 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Betcoin Poker (HKLM-x32\...\DEAECD1E-0CEF-494d-A7DE-20EC7A6E3F61) (Version: 16.6 - IGSoft)
BitShares 2.0.180201 (only current user) (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\55efd047-5d18-54f5-be19-affeff8cc8e9) (Version: 2.0.180201 - Sigve Kvalsvik)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )
CoinPoker (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\{500764e9-d6e5-43de-9b43-f71f5689552d}) (Version: 5.19 - TGLab)
Contivio.com Client (HKLM-x32\...\{F574E44C-F5A1-43EA-A561-036C5807D1AD}) (Version: 9.0.7 - Contivio.com) Hidden
Contivio.com Client (HKLM-x32\...\Contivio.com Client 9.0.7) (Version: 9.0.7 - Contivio.com)
Electroneum Pool Miner BETA v1.1 (HKLM-x32\...\Electroneum Pool Miner BETA v1.1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{8FEB5B5F-0777-4E9D-8705-06F0A2295544}) (Version: 1.1.143.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Holdem Indicator 2.9.4.0 (HKLM-x32\...\Holdem Indicator_is1) (Version: - hxxp://www.HoldemIndicator.com)
Ignition Casino (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E4}}_is1) (Version: - )
Ignition Hand Converter (HKLM-x32\...\{1843AD45-F895-4E7B-BC65-CD1F76B48HDC}_is1) (Version: 1.0.56 - Ace Poker Solutions LLC)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ledger Live 1.2.5 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 1.2.5 - Ledger)
Ledger Wallet Ripple version 1.0.2 (HKLM-x32\...\{2A226916-F20B-403D-B564-F2CF5CF8CEF8}_is1) (Version: 1.0.2 - Ledger)
Lisk Nano 1.0.2 (only current user) (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\5cb54643-a0c0-58ee-97a6-2ab7b13c24f7) (Version: 1.0.2 - Lisk Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.11328.20222 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NAOS7000 Software (HKLM-x32\...\{862235D3-2A93-44F6-AADB-4E6786D88D76}) (Version: 1.24 - Mionix) Hidden
NAOS7000 Software (HKLM-x32\...\InstallShield_{862235D3-2A93-44F6-AADB-4E6786D88D76}) (Version: 1.24 - Mionix)
Neon 0.1.3 (only current user) (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 0.1.3 - Ethan Fast)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 9.3 (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
PPPOKER (HKLM-x32\...\{DF8E35C3-A063-44AA-9913-C24D53F151B9}) (Version: 22.0 - LeinTech)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
Smartcash (64-bit) (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\Smartcash (64-bit)) (Version: 1.0.2 - Smartcash project)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 0.11.15 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.11.15 - General Workings, Inc.)
Telegram Desktop version 1.4.3 (HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.4.3 - Telegram Messenger LLP)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22225 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1271123810-21777831-3259583340-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-12-11] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025E5FF6-AA64-4AFB-BF5E-BDC374F2AA56} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0E980E88-2E05-48BD-95F2-962397062BC7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe (Microsoft Corporation -> Microsoft Corporation)
Task: {1562B4C1-5FED-41BB-9AEF-24DDA8DBF5C5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {16CF55E0-740A-4362-AED6-97554C828AD6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {270A9383-2739-4384-94DF-CB9290436280} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2914446D-9086-43A0-881E-52615291D7F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5C862C48-92CA-4A27-8366-A569FB764BF8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {696D4EC5-7846-45CA-8B26-0A30DFF0B345} - System32\Tasks\Microsoft\Windows\Flighting\Feature Config\ReconcileFeatures
Task: {7BEF651F-4F3E-410B-A071-7BC33E330DAB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe (Microsoft Corporation -> Microsoft Corporation)
Task: {BE6E7F59-6CB9-44E8-B558-86387A579FD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {BEA558F0-71F7-45B2-8BE3-96002CE8ED10} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BEC17222-88E2-4856-9DB9-6D37BE4BFCA9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {CCE7FA17-256F-4CB8-A95A-2DAB28538EDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D23D2EF1-2832-40D0-BCCF-CFA9238C79CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {F0979DAB-62A7-418E-8DD2-68B44881BF47} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Alex\Desktop\Chad - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\ahuyn h@livewiresupply.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2018-05-19 15:34 - 2018-01-23 15:42 - 000877440 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-05-19 15:35 - 2018-01-23 15:42 - 000343912 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSyste m\NvStereo\_nvstapisvr64.dll
2013-05-16 06:52 - 2013-05-16 06:52 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2013-05-16 06:52 - 2013-05-16 06:52 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-08-26 14:32 - 2017-05-08 21:59 - 000092672 _____ (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
2017-08-26 14:32 - 2017-05-08 21:59 - 000178688 _____ () [File not signed] C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2017-08-26 14:32 - 2011-01-10 08:16 - 000240862 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\libintl-8.dll
2017-08-26 14:32 - 2017-01-30 23:35 - 001662976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\LIBEAY32.dll
2017-08-26 14:32 - 2017-01-30 23:35 - 000353280 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\SSLEAY32.dll
2017-08-26 14:32 - 2017-05-08 21:58 - 005498368 _____ (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
2017-08-26 14:32 - 2016-08-02 03:40 - 002257408 _____ () [File not signed] C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2018-02-25 16:06 - 2018-02-25 16:06 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win 64\chrome_elf.dll
2018-02-25 16:06 - 2018-02-25 16:06 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win 64\libcef.dll
2018-02-25 16:06 - 2018-02-25 16:06 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win 64\libGLESv2.dll
2018-02-25 16:06 - 2018-02-25 16:06 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win 64\libEGL.dll
2016-06-23 13:17 - 2016-11-29 18:39 - 001355776 _____ () [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\pjsipDll.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 000094208 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ippcore-5.3.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 000233472 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ipps-5.3.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 000114688 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ippsc-5.3.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 000139264 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ippsr-5.3.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 000294912 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\libguide40.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 003174400 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ippsv8-5.3.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 002093056 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ippscp8-5.3.dll
2015-08-25 15:54 - 2015-08-25 05:54 - 002482176 _____ (Intel Corporation.) [File not signed] C:\Program Files (x86)\Contivio.com\Contivio.com Client\ippsrp8-5.3.dll
2018-12-27 14:31 - 2018-12-27 14:31 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2018-12-27 14:31 - 2018-12-27 14:31 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2018-12-27 14:32 - 2018-12-27 14:32 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:04 - 2019-01-04 08:54 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1271123810-21777831-3259583340-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "electron.app.Honey Miner"
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{041E60E4-62AA-48AA-B84D-C334044529EE}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{A8617041-4EA4-4654-93A1-E4FCE262E169}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{80E99B22-8FDD-4EA4-8187-E924C1E5837A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{5A1DE321-17C1-4F27-8430-8DDBF7BCC204}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{9E94E2EE-140D-4F09-9439-9B21E248A917}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C6054851-0E35-41E8-BCF3-FFCEC24532D5}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{89262153-E3B1-4F46-AB62-7B35CF8045E1}C:\users\alex\downloads\xgox-qt-win32-v2221\xgox-qt.exe] => (Allow) C:\users\alex\downloads\xgox-qt-win32-v2221\xgox-qt.exe () [File not signed]
FirewallRules: [TCP Query User{41F1FF91-0483-4A84-8FE4-7C22B7F55B38}C:\users\alex\downloads\xgox-qt-win32-v2221\xgox-qt.exe] => (Allow) C:\users\alex\downloads\xgox-qt-win32-v2221\xgox-qt.exe () [File not signed]
FirewallRules: [UDP Query User{3BFBDEAC-7A3C-4D21-99EC-C8AE89E392BC}C:\users\alex\downloads\condensation-qt\condensation-qt.exe] => (Allow) C:\users\alex\downloads\condensation-qt\condensation-qt.exe () [File not signed]
FirewallRules: [TCP Query User{0647DF84-5CD5-4FE6-9FCE-D9F817C81A86}C:\users\alex\downloads\condensation-qt\condensation-qt.exe] => (Allow) C:\users\alex\downloads\condensation-qt\condensation-qt.exe () [File not signed]
FirewallRules: [UDP Query User{E74992F8-63DA-4AC2-BFCA-EF15CC6B4264}C:\program files\smartcash\smartcash-qt.exe] => (Allow) C:\program files\smartcash\smartcash-qt.exe () [File not signed]
FirewallRules: [TCP Query User{13B53DCC-C2BA-4C0B-B9EB-C573D42C0C87}C:\program files\smartcash\smartcash-qt.exe] => (Allow) C:\program files\smartcash\smartcash-qt.exe () [File not signed]
FirewallRules: [{528C0B46-C3CE-4F22-9D4E-99CBA8FC5AF3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{C137616B-8582-4B5E-8543-05172A27AC1A}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe (HoldemIndicator.com) [File not signed]
FirewallRules: [{83A77C99-F8DD-46BB-9BF3-1168DC9FB77C}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe (HoldemIndicator.com) [File not signed]
FirewallRules: [{C950AB6B-4F5F-49F3-BCF7-D46A9DDE5626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9010BB63-43BD-4EC5-86AF-40522149812A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59C8862C-64B3-4F3A-8BF7-CBD777A06245}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7CA5E6BD-44E3-4E75-ADE0-4E473EF33D10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3A17F05-3363-4F44-AF6E-E815D8C3ABDB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{138E2F50-BCDA-4601-BF11-EA829CA0E1AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5040280-7C6C-42F4-909C-024886B2877A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CC2B47CE-BBF8-4967-95B4-87E294D3A23F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5863F213-B5D0-4497-8311-F9CC2EDA6527}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{08D0C8A5-9F37-42A7-9F47-CD50AF8FAE4C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{6390CD07-7F05-4737-A74F-CB7886B67998}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe (NSSTUDIO INC. -> NS Studio)
FirewallRules: [{E1F44368-27EA-40BD-90E7-A3B977515C1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe (NSSTUDIO INC. -> NS Studio)
FirewallRules: [TCP Query User{23935813-26BE-4B78-9012-30D8A123D340}C:\users\alex\downloads\smartcash-qt-0.8.7.9-win-launcher\smartcash-qt.exe] => (Allow) C:\users\alex\downloads\smartcash-qt-0.8.7.9-win-launcher\smartcash-qt.exe No File
FirewallRules: [UDP Query User{039084F3-340C-4247-95EC-0069EC62C9F7}C:\users\alex\downloads\smartcash-qt-0.8.7.9-win-launcher\smartcash-qt.exe] => (Allow) C:\users\alex\downloads\smartcash-qt-0.8.7.9-win-launcher\smartcash-qt.exe No File
FirewallRules: [TCP Query User{F735646B-D218-4B39-ADF7-341A9390E555}C:\users\alex\desktop\smartcash-qt.exe] => (Allow) C:\users\alex\desktop\smartcash-qt.exe No File
FirewallRules: [UDP Query User{3C51AD19-A756-42F1-A4FB-F85B858B9932}C:\users\alex\desktop\smartcash-qt.exe] => (Allow) C:\users\alex\desktop\smartcash-qt.exe No File
FirewallRules: [TCP Query User{BA148897-C077-487B-ABBB-CB3B3D603065}C:\users\alex\appdata\local\temp\temp 1_gotokens-qt-windows.zip\gotokens-qt.exe] => (Allow) C:\users\alex\appdata\local\temp\temp1_gotokens-qt-windows.zip\gotokens-qt.exe No File
FirewallRules: [UDP Query User{CD55C395-DF9A-4510-8688-27F951A09B2C}C:\users\alex\appdata\local\temp\temp 1_gotokens-qt-windows.zip\gotokens-qt.exe] => (Allow) C:\users\alex\appdata\local\temp\temp1_gotokens-qt-windows.zip\gotokens-qt.exe No File
FirewallRules: [TCP Query User{7A45CB72-2427-49B9-9894-2A9AC02324AA}C:\users\alex\downloads\gocoin-qt.exe] => (Allow) C:\users\alex\downloads\gocoin-qt.exe () [File not signed]
FirewallRules: [UDP Query User{0917D45B-E572-43C0-95A1-407833CB59C0}C:\users\alex\downloads\gocoin-qt.exe] => (Allow) C:\users\alex\downloads\gocoin-qt.exe () [File not signed]
FirewallRules: [TCP Query User{ED69EC16-727B-41BD-89CD-2EF28CDCAC08}C:\users\alex\desktop\gocoin-qt.exe] => (Allow) C:\users\alex\desktop\gocoin-qt.exe No File
FirewallRules: [UDP Query User{C9FE95DB-7DC2-4E1B-9D53-B4F83A1ABC57}C:\users\alex\desktop\gocoin-qt.exe] => (Allow) C:\users\alex\desktop\gocoin-qt.exe No File
FirewallRules: [TCP Query User{9E4818F8-BECE-43B8-B0F9-577BD72EA8C9}C:\users\alex\appdata\roaming\gocoin\ gocoin-qt.exe] => (Allow) C:\users\alex\appdata\roaming\gocoin\gocoin-qt.exe No File
FirewallRules: [UDP Query User{A256EC3F-6D22-47DD-A1B3-B98EAC4D1824}C:\users\alex\appdata\roaming\gocoin\ gocoin-qt.exe] => (Allow) C:\users\alex\appdata\roaming\gocoin\gocoin-qt.exe No File
FirewallRules: [TCP Query User{E37C235A-E212-4A7B-8A1A-4A09EC7AFFA6}C:\users\alex\downloads\xgox-qt-win32-v2100\xgox-qt.exe] => (Allow) C:\users\alex\downloads\xgox-qt-win32-v2100\xgox-qt.exe No File
FirewallRules: [UDP Query User{0187B817-EEF9-4FA4-955D-1F14D477867E}C:\users\alex\downloads\xgox-qt-win32-v2100\xgox-qt.exe] => (Allow) C:\users\alex\downloads\xgox-qt-win32-v2100\xgox-qt.exe No File
FirewallRules: [TCP Query User{96261E15-462E-446A-B638-09CF22B441AB}C:\users\alex\downloads\smartcash-1.0.0-win64\smartcash-1.0.0\bin\smartcash-qt.exe] => (Allow) C:\users\alex\downloads\smartcash-1.0.0-win64\smartcash-1.0.0\bin\smartcash-qt.exe () [File not signed]
FirewallRules: [UDP Query User{CF4F1250-6A74-4ED9-89D7-6E85782627D4}C:\users\alex\downloads\smartcash-1.0.0-win64\smartcash-1.0.0\bin\smartcash-qt.exe] => (Allow) C:\users\alex\downloads\smartcash-1.0.0-win64\smartcash-1.0.0\bin\smartcash-qt.exe () [File not signed]
FirewallRules: [TCP Query User{BBD84050-B0B5-453B-A18F-E9DB65B3E583}C:\users\alex\downloads\xgox-qt-win32-v221\xgox-qt.exe] => (Allow) C:\users\alex\downloads\xgox-qt-win32-v221\xgox-qt.exe No File
FirewallRules: [UDP Query User{E066853B-1C1B-4F2E-88F9-D953998C4394}C:\users\alex\downloads\xgox-qt-win32-v221\xgox-qt.exe] => (Allow) C:\users\alex\downloads\xgox-qt-win32-v221\xgox-qt.exe No File
FirewallRules: [TCP Query User{CD2ACD3F-961D-4CD1-B133-1964351606CE}C:\users\alex\desktop\zoin-qt.exe] => (Allow) C:\users\alex\desktop\zoin-qt.exe () [File not signed]
FirewallRules: [UDP Query User{4DB5A6CD-6041-4145-B05D-B30121C074B3}C:\users\alex\desktop\zoin-qt.exe] => (Allow) C:\users\alex\desktop\zoin-qt.exe () [File not signed]
FirewallRules: [{84F80992-84B9-42EF-8970-072A289F3117}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB9265D5-3446-445A-9AAE-0D84378B5BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe (NSSTUDIO INC. -> NS Studio, Inc.)
FirewallRules: [{64C36B8A-628D-44D2-AC78-ACC4C1A25B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe (NSSTUDIO INC. -> NS Studio, Inc.)
FirewallRules: [TCP Query User{6A34B79F-43BA-4122-874F-3347F56E07C6}C:\users\alex\desktop\xgox-qt-win32-v2230\xgox-qt.exe] => (Allow) C:\users\alex\desktop\xgox-qt-win32-v2230\xgox-qt.exe No File
FirewallRules: [UDP Query User{93753026-31E6-4501-B487-895E2D642924}C:\users\alex\desktop\xgox-qt-win32-v2230\xgox-qt.exe] => (Allow) C:\users\alex\desktop\xgox-qt-win32-v2230\xgox-qt.exe No File
FirewallRules: [{4E1A2D58-EBC1-4181-A3F6-2AEC4236F2A7}] => (Allow) C:\Program Files (x86)\Holdem Indicator\GG.exe (HoldemIndicator.com) [File not signed]
FirewallRules: [{0CBA0182-7CE6-41A4-A777-7D30D397060F}] => (Allow) C:\Program Files (x86)\Holdem Indicator\GG.exe (HoldemIndicator.com) [File not signed]
FirewallRules: [{EBBCFE76-0AD4-4B0A-9B99-B9F147694743}] => (Allow) C:\Program Files (x86)\Holdem Indicator\GG.exe (HoldemIndicator.com) [File not signed]
FirewallRules: [{05E9CDFF-A16C-4A2D-BA68-B65171D4736B}] => (Allow) C:\Program Files (x86)\Holdem Indicator\GG.exe (HoldemIndicator.com) [File not signed]
FirewallRules: [TCP Query User{C8E52B7E-080C-425A-9BC0-68F5D3A63ECF}C:\users\alex\desktop\xgox-qt.exe] => (Allow) C:\users\alex\desktop\xgox-qt.exe () [File not signed]
FirewallRules: [UDP Query User{70550227-C8A1-4868-A477-CFEF1B044EB3}C:\users\alex\desktop\xgox-qt.exe] => (Allow) C:\users\alex\desktop\xgox-qt.exe () [File not signed]
FirewallRules: [{5B9151FA-3C7A-4CDC-86C4-A6BF8AC59584}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{504EF42E-0D86-41DE-880E-0A3A9B3932BD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7A6F310B-8E1B-4017-93D4-511EBE81A8AB}] => (Allow) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.ex e (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BD35F9CF-4CFC-49AD-9417-B8EA8543FC42}] => (Allow) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.ex e (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1D0153FC-3728-4107-BEF3-E39BDB5CA5F1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{35401969-34CB-4A58-8805-E199EDC851E4}C:\program files (x86)\contivio.com\contivio.com client\contivio.com.exe] => (Allow) C:\program files (x86)\contivio.com\contivio.com client\contivio.com.exe (CONTIVIO.COM CORPORATION -> Contivio.com)
FirewallRules: [UDP Query User{F729FA69-BCF6-4A79-9AAA-1AC521CBDD08}C:\program files (x86)\contivio.com\contivio.com client\contivio.com.exe] => (Allow) C:\program files (x86)\contivio.com\contivio.com client\contivio.com.exe (CONTIVIO.COM CORPORATION -> Contivio.com)
FirewallRules: [{5073D84B-2E32-4F0E-95A3-570CB7BDD9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{467F9777-9148-40EE-943F-D57D55BBD30A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{201E6FFC-5073-4791-8D4E-EE473B172C89}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{42783452-BAE3-4AB9-9967-BB4110710675}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7025F604-8B33-41AA-9D37-3A13C5411B99}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{39717BE0-F9B2-42DF-A1F3-C645C97A5F0B}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{9174A468-236D-4262-A95F-BE3D66A9594A}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{44511AAF-75B9-4AF6-94FE-38EABEF2012F}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1A186C50-22AE-47AD-B3B0-620E24BE976A}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{628616D9-C578-4A1C-9FA6-82F2B96A923C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win64\SteamLauncher.exe (NSSTUDIO INC. -> NS Studio)
FirewallRules: [{9B17197D-BF38-4C09-877E-38B099BC6C00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win64\SteamLauncher.exe (NSSTUDIO INC. -> NS Studio)
FirewallRules: [{C749E087-291F-4300-BEAE-9C3E25D6D7E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win64\BlackSquadGame.exe (NSSTUDIO INC. -> NS Studio, Inc.)
FirewallRules: [{0A50C519-212B-431F-9F8F-78FF098AC126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win64\BlackSquadGame.exe (NSSTUDIO INC. -> NS Studio, Inc.)
FirewallRules: [{8B39531B-3268-4967-94EC-F85257A24C1E}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{768C9253-ED05-4027-B9B2-5C787EC0ED8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

13-03-2019 18:47:04 Windows Update
20-03-2019 17:26:12 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2019 10:59:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4773578

Error: (03/28/2019 10:59:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4773578

Error: (03/28/2019 10:59:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2019 10:59:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4772296

Error: (03/28/2019 10:59:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4772296

Error: (03/28/2019 10:59:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2019 10:59:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4770953

Error: (03/28/2019 10:59:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4770953


System errors:
=============
Error: (03/29/2019 09:58:07 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-H66SN7Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-H66SN7Q\Alex SID (S-1-5-21-1271123810-21777831-3259583340-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.1713 4.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2019 09:58:06 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-H66SN7Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-H66SN7Q\Alex SID (S-1-5-21-1271123810-21777831-3259583340-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.1713 4.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2019 07:47:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (03/29/2019 07:45:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-H66SN7Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-H66SN7Q\Alex SID (S-1-5-21-1271123810-21777831-3259583340-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2019 07:44:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2019 07:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/29/2019 07:43:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (03/29/2019 07:42:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WCAssistantService service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 64%
Total physical RAM: 16316.59 MB
Available physical RAM: 5800.89 MB
Total Virtual: 20924.59 MB
Available Virtual: 3316.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1861.63 GB) (Free:1689.03 GB) NTFS

\\?\Volume{ff8639b4-e9bc-44c9-8c34-4871ec2de9a5}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{45edeef2-f749-4d07-b8d3-b1aaba97d389}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
\\?\Volume{e0377013-1bd6-4575-b04b-631a1615ec56}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 1863 GB) (Disk ID: 000264DA)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #6  
Old March 29th, 2019, 06:13 PM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Scan result (x64) Version: 17.03.2019
Ran by Alex (29-03-2019 10:11:08)
Running from C:\Users\Alex\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear\TunnelBear website.lnk -> [LFXhSBi+00Bahttps://www.tunnelbear.com/]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\SQL Shell (psql).lnk -> C:\Program Files\PostgreSQL\9.3\scripts\runpsql.bat ()


Shortcut: C:\Users\Alex\Links\Desktop.lnk -> C:\Users\Alex\Desktop ()
Shortcut: C:\Users\Alex\Links\Downloads.lnk -> C:\Users\Alex\Downloads ()
Shortcut: C:\Users\Alex\Desktop\BitShares.lnk -> C:\Users\Alex\AppData\Local\Programs\BitShares2-light\BitShares.exe (Sigve Kvalsvik)
Shortcut: C:\Users\Alex\Desktop\CoinPoker.lnk -> C:\CoinPoker\Lobby.exe (CoinPoker)
Shortcut: C:\Users\Alex\Desktop\electroneumpoolminer.lnk -> C:\Users\Alex\AppData\Roaming\Electroneum\electron eumpoolminer.exe (Electroneum LTD)
Shortcut: C:\Users\Alex\Desktop\Fortnite.lnk -> C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\Fortnit eClient-Win64-Shipping.exe (Epic Games, Inc.)
Shortcut: C:\Users\Alex\Desktop\Holdem Indicator.lnk -> C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe (HoldemIndicator.com)
Shortcut: C:\Users\Alex\Desktop\Lisk Nano.lnk -> C:\Users\Alex\AppData\Local\Programs\lisk-nano\Lisk Nano.exe (Lisk Foundation)
Shortcut: C:\Users\Alex\Desktop\Microsoft Edge.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\Desktop\Neon.lnk -> C:\Users\Alex\AppData\Local\Programs\Neon\Neon.exe (Ethan Fast)
Shortcut: C:\Users\Alex\Desktop\PokerTracker 4.lnk -> C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe (PokerTracker Software, LLC.)
Shortcut: C:\Users\Alex\Desktop\Telegram.lnk -> C:\Users\Alex\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
Shortcut: C:\Users\Alex\Desktop\Windows 10 Update Assistant.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (No File)
Shortcut: C:\Users\Alex\Desktop\µTorrent.lnk -> C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.ex e (BitTorrent Inc.)
Shortcut: C:\Users\Alex\Desktop\xgox-qt-win32-v2230\xgox-qt - Shortcut.lnk -> C:\Users\Alex\Desktop\xgox-qt-win32-v2230\xgox-qt.exe (No File)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\electroneumpoolminer.lnk -> C:\Users\Alex\AppData\Roaming\Electroneum\electron eumpoolminer.exe (Electroneum LTD)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\µTorrent.lnk -> C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.ex e (BitTorrent Inc.)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\BitShares.lnk -> C:\Users\Alex\AppData\Local\Programs\BitShares2-light\BitShares.exe (Sigve Kvalsvik)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\electroneumpoolminer.lnk -> C:\Users\Alex\AppData\Roaming\Electroneum\electron eumpoolminer.exe (Electroneum LTD)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Lisk Nano.lnk -> C:\Users\Alex\AppData\Local\Programs\lisk-nano\Lisk Nano.exe (Lisk Foundation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Neon.lnk -> C:\Users\Alex\AppData\Local\Programs\Neon\Neon.exe (Ethan Fast)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OneDrive.lnk -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\One Drive.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\xgox-qt.lnk -> C:\Users\Alex\Desktop\xgox-qt.exe ()
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerSh ell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerSh ell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Telegram Desktop\Telegram.lnk -> C:\Users\Alex\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Telegram Desktop\Uninstall Telegram.lnk -> C:\Users\Alex\AppData\Roaming\Telegram Desktop\unins000.exe ()
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Smartcash\Smartcash (64-bit).lnk -> C:\Program Files\SmartCash\smartcash-qt.exe ()
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Smartcash\Uninstall Smartcash (64-bit).lnk -> C:\Program Files\SmartCash\uninstall.exe (Smartcash project)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\PokerTracker 4\PokerTracker 4.lnk -> C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe (PokerTracker Software, LLC.)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\PokerTracker 4\Uninstall PokerTracker 4.lnk -> C:\Program Files (x86)\PokerTracker 4\uninstall.exe ()
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\CoinPoker\CoinPoker.lnk -> C:\CoinPoker\Lobby.exe (CoinPoker)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\CoinPoker\Uninstall CoinPoker.lnk -> C:\CoinPoker\uninstall.exe ()
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Se ndTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Holdem Indicator.lnk -> C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe (HoldemIndicator.com)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.ex e (BitTorrent Inc.)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\rain-qt (OSS GUI client for rain).lnk -> C:\Users\Alex\Downloads\Condensation-qt\Condensation-qt.exe ()
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation)
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Mic rosoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App .lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Micros oft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Micros oft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2tx yewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txye wy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsof t.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App .lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8 bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\Com panionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App. lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\ App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\microsoft.windowscommunicationsapps_8wek yb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\microsoft.windowscommunicationsapps_8wek yb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\Ap p.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbw e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Ap p.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Windows.ShellExperienceHost_cw 5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\A pp.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Windows.ParentalControls_cw5n1 h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\ CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Windows.ContentDeliveryManager _cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Windows.CloudExperienceHost_cw 5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7d y2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\m icrosoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.MicrosoftSolitaireCollection_8 wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bb we\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Mi crosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsD efaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.l nk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\Ap p.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App. lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\Appex Sports.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNe ws.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\Appe xFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App .lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\ App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy \App.lnk -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.ln k -> Tile and icon assets
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\king.com.CandyCrushSodaSaga_kgqvnymyfvs3 2\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\Alex\AppData\Local\Microsoft\Windows\Appl ication Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\x554f661d yd360y462cy8743yf8a99b7d41dbx.lnk -> Tile and icon assets
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Alex\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Alex\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Alex\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Alex\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Alex\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Alex ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\PPPoker.lnk -> C:\Windows\Installer\{DF8E35C3-A063-44AA-9913-C24D53F151B9}\PPPoker.exe_8CA0A8D6AF844FEBA93395A5 8BFE20C0.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{A30EA700-5515-48F0-88B0-9E99DC356B88}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLaun cher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Live.lnk -> C:\Program Files\Ledger Live\Ledger Live.exe (Ledger)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Wallet Ripple.lnk -> C:\Program Files (x86)\Ledger Wallet Ripple\ledger_wallet_ripple.exe (Ledger)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk -> C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (General Workings, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear\TunnelBear.lnk -> C:\Program Files (x86)\TunnelBear\TunnelBear.UI.Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\Application Stack Builder.lnk -> C:\Program Files\PostgreSQL\9.3\bin\stackbuilder.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\pgAdmin III.lnk -> C:\Program Files\PostgreSQL\9.3\bin\pgAdmin3.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\Documentation\pgAdmin documentation.lnk -> C:\Program Files\PostgreSQL\9.3\pgAdmin III\docs\en_US\pgadmin3.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin error reporter.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mionix\NAOS7000 Software\NAOS7000 Firmware Updater Software.lnk -> C:\Windows\Installer\{862235D3-2A93-44F6-AADB-4E6786D88D76}\NAOS7000_firmware__B6B5B66042334E128 3EAE49021DBD83E.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mionix\NAOS7000 Software\NAOS7000 Software.lnk -> C:\Windows\Installer\{862235D3-2A93-44F6-AADB-4E6786D88D76}\NAOS7000_Software._733AAF4459DE4A4DA 4F3DA362F22336F.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Unifying\Logitech Unifying Software.lnk -> C:\Program Files\Common Files\LogiShrd\Unifying\DJCUHost.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IgnitionCasino\IgnitionCasino.lnk -> C:\Ignition\IgnitionCasino.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IgnitionCasino\Uninstall IgnitionCasino.lnk -> C:\Ignition\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator\Holdem Indicator Licence Agreement.lnk -> C:\Program Files (x86)\Holdem Indicator\License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator\Holdem Indicator on the Web.lnk -> C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator\Holdem Indicator.lnk -> C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe (HoldemIndicator.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator\Player Stats Assistant.lnk -> C:\Program Files (x86)\Holdem Indicator\PSA.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator\Uninstall Holdem Indicator.lnk -> C:\Program Files (x86)\Holdem Indicator\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contivio.com Client\Contivio.Com.lnk -> C:\Program Files (x86)\Contivio.com\Contivio.com Client\Contivio.Com.exe (Contivio.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BovadaPoker\BovadaPoker.lnk -> C:\Bovada\BovadaPoker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BovadaPoker\Uninstall BovadaPoker.lnk -> C:\Bovada\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betcoin Poker\Betcoin Poker Uninstall.lnk -> C:\Betcoin Poker\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betcoin Poker\Betcoin Poker.lnk -> C:\Betcoin Poker\BetcoinPoker.exe (IGSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apex Legends\Apex Legends.lnk -> C:\Program Files (x86)\Origin Games\Apex\r5apex.exe (Respawn Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apex Legends\Electronic Arts User Agreement.lnk -> C:\Program Files (x86)\Origin Games\Apex\Support\User Agreement\en_US.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apex Legends\Privacy and Cookie Policy.lnk -> C:\Program Files (x86)\Origin Games\Apex\Support\Privacy and Cookie Policy\en_US.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apex Legends\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\Apex\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Poker Solutions\Ignition Hand Converter\Ignition Hand Converter.lnk -> C:\Program Files (x86)\Ace Poker Solutions\Ignition Hand Converter\IgnitionHandConverter.exe (Ace Poker Solutions LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\OneDrive.lnk -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\One Drive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerSh ell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerSh ell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powersh ell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Apex Legends.lnk -> C:\Program Files (x86)\Origin Games\Apex\r5apex.exe (Respawn Entertainment)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Betcoin Poker.lnk -> C:\Betcoin Poker\BetcoinPoker.exe (IGSoft Ltd.)
Shortcut: C:\Users\Public\Desktop\BovadaPoker.lnk -> C:\Bovada\BovadaPoker.exe ()
Shortcut: C:\Users\Public\Desktop\Contivio.Com.lnk -> C:\Program Files (x86)\Contivio.com\Contivio.com Client\Contivio.Com.exe (Contivio.com)
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLaun cher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Ignition Hand Converter.lnk -> C:\Program Files (x86)\Ace Poker Solutions\Ignition Hand Converter\IgnitionHandConverter.exe (Ace Poker Solutions LLC)
Shortcut: C:\Users\Public\Desktop\IgnitionCasino.lnk -> C:\Ignition\IgnitionCasino.exe ()
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Ledger Live.lnk -> C:\Program Files\Ledger Live\Ledger Live.exe (Ledger)
Shortcut: C:\Users\Public\Desktop\Ledger Wallet Ripple.lnk -> C:\Program Files (x86)\Ledger Wallet Ripple\ledger_wallet_ripple.exe (Ledger)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\PPPoker.lnk -> C:\Windows\Installer\{DF8E35C3-A063-44AA-9913-C24D53F151B9}\PPPoker.exe1_1FE7D6FBBCC24D5D94F1FE3 DCDEAF2D3.exe (Flexera Software LLC)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\Streamlabs OBS.lnk -> C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (General Workings, Inc.)
Shortcut: C:\Users\Public\Desktop\TunnelBear.lnk -> C:\Program Files (x86)\TunnelBear\TunnelBear.UI.Launcher.exe ()


ShortcutWithArgument: C:\Users\Alex\Desktop\Chad - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Smartcash\Smartcash (testnet, 64-bit).lnk -> C:\Program Files\SmartCash\smartcash-qt.exe () -> -testnet
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\PokerTracker 4\PokerTracker 4 (Logging Enabled).lnk -> C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe (PokerTracker Software, LLC.) -> -l
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Se ndTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software) -> --check-run=src=quicklaunch
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\ahuyn h@livewiresupply.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Excel\SQD_ RFQ307292250838722347\SQD_RFQ.xlsx.lnk -> C:\Users\Alex\Downloads\SQD_RFQ.xlsx () -> 50
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Alex\AppData\Local\Microsoft\Windows\WinX \Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software) -> --check-run=src=tile
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\Reload Configuration.lnk -> C:\Windows\System32\cscript.exe (Microsoft Corporation) -> //NoLogo "C:\Program Files\PostgreSQL\9.3\scripts\serverctl.vbs" reload wait
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mionix\NAOS7000 Software\Uninstall NAOS7000 Software.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{862235D3-2A93-44F6-AADB-4E6786D88D76}\setup.exe (Mionix ) -> -runfromtemp -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk -> C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows \SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.ex e (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\W inX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Avast Secure Browser.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software) -> --check-run=src=desktop


InternetURL: C:\Users\Alex\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Alex\Downloads\DeepOnion\DeepOnionSyncSup portLink.url -> URL: hxxps://deeponion.org/DeepOnion.conf.php
InternetURL: C:\Users\Alex\Desktop\Black Squad.url -> URL: steam://rungameid/550650
InternetURL: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Steam\Black Squad.url -> URL: steam://rungameid/550650
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\Documentation\Installation notes.url -> URL: file://C:\Program Files\PostgreSQL\9.3/doc/installation-notes.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\Documentation\PostgreSQL documentation.url -> URL: file://C:\Program Files\PostgreSQL\9.3/doc/postgresql/html/index.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3\Documentation\PostgreSQL release notes.url -> URL: file://C:\Program Files\PostgreSQL\9.3/doc/postgresql/html/release.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> URL: hxxp://webcompanion.com/faq

==================== End of Shortcut.txt =============================
Reply With Quote
  #7  
Old March 31st, 2019, 04:15 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Just need to do a process of elimination.

Open Task Manager again, and Enable Program. Then reboot.

=================

Go to Start Search, type notepad.exe in the Start Search box, then press Enter.

In the open Notepad box, copy and paste the following (inside the Code box), and save it to the same location FRST is as fixlist.txt


Code:
start
IE trusted site: HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion"
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (No File)
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> URL: hxxp://webcompanion.com/faq
end
Run FRST again, and click the Fix button. Once the repairs have completed a log will open - post that back here please.

=============

Run FRST again, but before scanning with it, place a check next Addition.txt. Once the scan has finished, go to C:\Users\Alex\Downloads and open the new Addition.txt. Look through it for this portion of the log.

Quote:
==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "electron.app.Honey Miner"
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion"
Copy and paste that back here as well.
Reply With Quote
  #8  
Old March 31st, 2019, 05:43 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Y'know, those steps may not be necessary. Do the following instead.


Go to Start Search, type notepad.exe in the Start Search box, then press Enter.

In the open Notepad box, copy and paste the following (inside the Code box), and save it to the same location FRST is as fixlist.txt


Code:
start
IE trusted site: HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion"
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (No File)
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> URL: hxxp://webcompanion.com/faq
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion" 
end
Run FRST again, and click the Fix button. Once the repairs have completed a log will open - post that back here please.


Then also check in Task Manager if Program is gone.
Reply With Quote
  #9  
Old April 1st, 2019, 06:52 AM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Thanks again!

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Alex (31-03-2019 22:52:26) Run:1
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
IE trusted site: HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion"
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (No File)
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> URL: hxxp://webcompanion.com/faq
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\StartupApproved\Run: => "Web Companion"
end
*****************

HKU\S-1-5-21-1271123810-21777831-3259583340-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKU\S-1-5-21-1271123810-21777831-3259583340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-1271123810-21777831-3259583340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\Web Companion" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url => moved successfully
"HKU\S-1-5-21-1271123810-21777831-3259583340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\Web Companion" => not found
"HKU\S-1-5-21-1271123810-21777831-3259583340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\Web Companion" => not found

==== End of Fixlog 22:52:26 ====
Reply With Quote
  #10  
Old April 1st, 2019, 06:53 AM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Program is gone!

Thank you sir! Anything else I should do to remove other sypware/malware?
Reply With Quote
  #11  
Old April 1st, 2019, 03:04 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Good. Program was just some remnants of that Lavasoft Web Companion search hijacker.

You have Avast installed. I tend to find this causes slowness, and Windows 8 and 10 come with Windows Defender antivirus installed. Just uninstall Avast and Avast Secure Browser, and reboot. On reboot Windows Defender should be activated.

Then in the search bar next to the start button, type windows defender. Once that appears at the top of the display right click it, and select "Pin to taskbar". This will put a shortcut to it in your taskbar (for some reason Windows 10 hides Defender). Then click that and you should see it is active.
Reply With Quote
  #12  
Old April 2nd, 2019, 01:53 AM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
Is windows defender security center the same as window defender?

Thanks again, Jintan!
Reply With Quote
  #13  
Old April 3rd, 2019, 01:54 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Yep, that's the one.
Reply With Quote
  #14  
Old April 14th, 2019, 05:52 AM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 127
My computer seems to be pretty slow. Perhaps it's getting old? My CPU usage is at 100% all the time when playing poker and browsing on Chrome. I tried to optimize chrome quite a bit. Any thoughts on how I can figure this out?
Reply With Quote
  #15  
Old April 14th, 2019, 03:30 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
I won't be at a computer today (I'm just using my phone right now) but I promise you tomorrow I will look back through the log and help you fix this problem.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Potential Malware oasis.g Malware Removal 7 December 17th, 2020 08:23 PM
HJT error and potential infection (Checked out - not Malware) Bremang Windows 7 27 October 7th, 2016 11:47 PM
Firefox - Potential Malware - BuzWeaver Malware Removal 41 October 28th, 2015 12:31 AM
Potential Malware/Virus - Please Help Chriseb Malware Removal 10 January 2nd, 2008 04:18 PM


All times are GMT +1. The time now is 04:20 PM.