VirusTotal: C:\Users\Sungji\AppData\Local\Temp\smss-DoOoM-privacy\smss-DoOoM.vbe HKLM\...\Run: [smss-DoOoM] => C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoM.lnk [1112 2018-10-20] () <==== ATTENTION HKLM\...\Run: [smss-DoOoMs] => C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoMp.lnk [1054 2018-10-20] () <==== ATTENTION C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers HKLM-x32\...\Run: [smss-DoOoM] => C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoM.lnk [1112 2018-10-20] () <==== ATTENTION HKLM-x32\...\Run: [smss-DoOoMs] => C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoMp.lnk [1054 2018-10-20] () <==== ATTENTION HKU\S-1-5-21-2412909951-2128502360-3926930416-1001\...\Run: [Fatal1tyMousePort] => [X] HKU\S-1-5-21-2412909951-2128502360-3926930416-1001\...\Run: [smss-DoOoMs] => C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoMp.lnk [1054 2018-10-20] () <==== ATTENTION HKU\S-1-5-21-2412909951-2128502360-3926930416-1001\...\Run: [smss-DoOoM] => C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoM.lnk [1112 2018-10-20] () <==== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2018-09-11] ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File) VirusTotal: C:\Users\Sungji\AppData\Local\Temp\System\smss-DoOoMs.vbs CMD: Type C:\Users\Sungji\AppData\Local\Temp\System\smss-DoOoMs.vbs Startup: C:\Users\Sungji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smss-DoOoM.lnk [2018-10-20] ShortcutTarget: smss-DoOoM.lnk -> C:\Users\Sungji\AppData\Local\Temp\System\smss-DoOoMs.vbs () Startup: C:\Users\Sungji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smss-DoOoMs.lnk [2018-10-20] ShortcutTarget: smss-DoOoMs.lnk -> C:\Users\Sungji\AppData\Local\Temp\smss-DoOoM-privacy\smss-DoOoM.vbe () ProxyServer: [S-1-5-21-2412909951-2128502360-3926930416-1001] => http=localhost:7769;https=localhost:7769 2018-10-20 21:09 - 2018-10-20 21:09 - 000000000 ____D C:\ProgramData\Freedom.to 2018-10-20 19:20 - 2018-10-20 19:22 - 786432001 _____ C:\Users\Sungji\Downloads\103490.part1.rar 2018-10-20 19:20 - 2018-10-20 19:21 - 628791484 _____ C:\Users\Sungji\Downloads\103490.part2.rar 2018-10-20 19:10 - 2018-10-20 19:10 - 000000000 ____D C:\Users\Sungji\AppData\Roaming\Celemony Software GmbH 2018-10-20 19:10 - 2018-10-20 19:10 - 000000000 ____D C:\ProgramData\Celemony Software GmbH 2018-10-20 19:09 - 2018-10-20 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony 2018-10-20 19:09 - 2018-10-20 19:09 - 000000000 ____D C:\Program Files\Common Files\VST3 2018-10-20 19:09 - 2018-10-20 19:09 - 000000000 ____D C:\Program Files\Common Files\Celemony 2018-10-20 19:09 - 2018-10-20 19:09 - 000000000 ____D C:\Program Files\Common Files\Avid 2018-10-20 19:09 - 2018-10-20 19:09 - 000000000 ____D C:\Program Files\Celemony 2018-10-20 19:09 - 2018-10-20 19:09 - 000000000 ____D C:\Program Files (x86)\Celemony 2018-10-20 19:04 - 2018-10-20 19:04 - 001030841 _____ C:\Users\Sungji\Downloads\Install_Xfer_OTT_1_2.zip 2018-10-20 19:04 - 2018-10-20 19:04 - 000000000 ____D C:\Users\Sungji\Downloads\130057 2018-10-20 18:59 - 2018-10-20 19:04 - 025923154 _____ C:\Users\Sungji\Downloads\130057.rar 2018-10-20 18:29 - 2018-10-21 08:53 - 000000000 ____D C:\Users\Sungji\AppData\Roaming\BundleLink 2018-10-20 18:29 - 2018-10-21 08:53 - 000000000 ____D C:\Users\Sungji\AppData\Roaming\AudioLink 2018-10-20 18:23 - 2018-10-20 18:23 - 000003358 _____ C:\Windows\System32\Tasks\smss-DoOoM.vbe 2018-10-20 18:23 - 2018-10-20 18:23 - 000000000 ____D C:\Program Files (x86)\avid 2018-10-20 18:16 - 2018-10-20 18:16 - 000459874 _____ C:\Users\Sungji\Downloads\crark52.rar 2018-10-20 18:16 - 2018-10-20 18:16 - 000000000 ____D C:\Users\Sungji\Downloads\crark52 C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoM.lnk C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoMp.lnk 2018-10-21 09:17 - 2010-03-09 20:02 - 000186464 _____ (Symantec, Inc.) C:\Users\Sungji\AppData\Local\Temp\GLB1A2B.EXE Task: {2CC4734F-3A23-4078-84FB-D1A115F9DF1C} - System32\Tasks\smss-DoOoM.vbe => C:\Users\Sungji\AppData\Local\Temp\System\smss-DoOoMs.vbs [2017-10-19] () <==== ATTENTION CMD: schtasks /Query CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: