Unlock: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\...\Run: [smss-DoOoM] => "C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoM.lnk" <==== ATTENTION
HKLM\...\Run: [smss-DoOoMs] => "C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoMp.lnk" <==== ATTENTION
Unlock: HKEY_USERS\S-1-5-21-2412909951-2128502360-3926930416-1001\Software\Microsoft\Windows\CurrentVersion\Run
HKU\S-1-5-21-2412909951-2128502360-3926930416-1001\...\Run: [Freedom] => C:\Program Files (x86)\Freedom\Freedom.exe [2143872 2018-07-30] (Freedom.to)
HKU\S-1-5-21-2412909951-2128502360-3926930416-1001\...\Run: [smss-DoOoMs] => "C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoMp.lnk" <==== ATTENTION
HKU\S-1-5-21-2412909951-2128502360-3926930416-1001\...\Run: [smss-DoOoM] => "C:\Users\Sungji\AppData\Local\Temp\MagiXDrivers\smss-DoOoM.lnk" <==== ATTENTION
Unlock: C:\Windows\System32\Tasks\smss-DoOoM.vbe
C:\Windows\System32\Tasks\smss-DoOoM.vbe
Task: {B4D2DDF1-092D-4792-876D-FE8FFCDF7122} - System32\Tasks\smss-DoOoM.vbe => C:\Users\Sungji\AppData\Local\Temp\System\smss-DoOoMs.vbs <==== ATTENTION
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: