() C:\Users\Jon Kunkel\AppData\Local\sinlzmk\msngvui.exe
() C:\Users\Jon Kunkel\AppData\Local\sinlzmk\msngvui.exe
() C:\Users\Jon Kunkel\AppData\Local\sinlzmk\msngvui.exe
() C:\Users\Jon Kunkel\AppData\Local\sinlzmk\msngvui.exe
VirusTotal: C:\Users\Jon Kunkel\AppData\Local\sinlzmk\msngvui.exe
VirusTotal: C:\Program Files\Windows Portable Devices\4W3WDWDJYTXU0TQT6R7H64\wXfmiwUXhW.exe
HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Windows Portable Devices\4W3WDWDJYTXU0TQT6R7H64\wXfmiwUXhW.exe [237056 2018-11-26] () <==== ATTENTION
Unlock: C:\Users\Jon Kunkel\AppData\Local\sinlzmk
C:\Users\Jon Kunkel\AppData\Local\sinlzmk
Unlock: C:\Program Files\Windows Portable Devices
C:\Program Files\Windows Portable Devices
HKU\S-1-5-21-1485860245-594436115-3714588008-1002\...\Run: [XZJYJ&J&kN.exe] => C:\Program Files\Windows Portable Devices\4W3WDWDJYTXU0TQT6R7H64\XZJYJ&J&kN.exe [534016 2018-11-26] ()
HKU\S-1-5-21-1485860245-594436115-3714588008-1002\...\Run: [hbebiw] => rundll32.exe "C:\Users\Jon Kunkel\AppData\Local\hbebiw.dll",hbebiw <==== ATTENTION
HKU\S-1-5-21-1485860245-594436115-3714588008-1002\...\RunOnce: [AutoHot] => C:\Users\Jon Kunkel\AppData\Roaming\AutoHot.exe [586240 2018-11-26] ()
HKU\S-1-5-21-1485860245-594436115-3714588008-1002\...\MountPoints2: {ebcc7e73-eb61-11e8-aeae-806e6f6e6963} - "D:\Setup.exe"
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\snluv 
R2 MicroV2Service; C:\Users\Jon Kunkel\AppData\Local\William\William.dll [581632 2018-11-26] () [File not signed]
S2 Windows Updates Services; C:\Windows\servicing\starter.exe [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
R3 knqtxa; system32\drivers\qtxadg.sys [X]
S3 mpsvzc; system32\drivers\svycfi.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
S1 owuizp; \??\C:\Users\JONKUN~1\AppData\Local\Temp\tirgvknl.sys [X] <==== ATTENTION
S0 wxhgpl; System32\drivers\sidpowkl.sys [X]
2018-11-26 07:44 - 2018-11-28 17:07 - 000000000 ____D C:\Users\Jon Kunkel\AppData\Local\avescud
2018-11-26 07:41 - 2018-12-01 14:37 - 000000000 ____D C:\Users\Jon Kunkel\AppData\Local\sinlzmk
2018-11-26 07:41 - 2018-11-26 07:41 - 000000000 ____D C:\Users\Jon Kunkel\AppData\Local\dsnmguv
2018-11-26 07:40 - 2018-11-26 07:43 - 000000000 ____D C:\Windows\system32\serilxa
2018-11-26 07:40 - 2018-11-26 07:40 - 006860752 _____ (NeoSoft Tools ) C:\Users\Jon Kunkel\AppData\Roaming\cexplorer.exe
2018-11-26 07:40 - 2018-11-26 07:40 - 000586240 _____ C:\Users\Jon Kunkel\AppData\Roaming\AutoHot.exe
2018-11-26 07:40 - 2018-11-26 07:40 - 000289792 _____ C:\Users\Jon Kunkel\AppData\Local\TempQce34.exE
2018-11-26 07:40 - 2018-11-26 07:40 - 000016384 _____ C:\Users\Jon Kunkel\AppData\Local\hbebiw.dll
2018-11-26 07:40 - 2018-11-26 07:40 - 000003000 _____ C:\Windows\System32\Tasks\Chameleon Folder-Jon Kunkel
2018-11-26 07:40 - 2018-11-26 07:40 - 000000000 ____D C:\Windows\SysWOW64\serilxa
2018-11-26 07:40 - 2018-11-26 07:40 - 000000000 ____D C:\Users\Jon Kunkel\AppData\Local\William
2018-11-26 07:40 - 2018-11-26 07:40 - 000000000 ____D C:\ProgramData\Microleaves
2018-11-26 07:37 - 2018-11-26 07:37 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-11-26 07:40 - 2018-08-13 11:18 - 000145744 ____N C:\Windows\system32\Drivers\lsrbmcgz.sys
2018-11-26 07:39 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-11-26 07:40 - 2018-11-26 07:40 - 000586240 _____ () C:\Users\Jon Kunkel\AppData\Roaming\AutoHot.exe
2018-11-26 07:40 - 2018-11-26 07:40 - 006860752 _____ (NeoSoft Tools                                               ) C:\Users\Jon Kunkel\AppData\Roaming\cexplorer.exe
2018-11-26 07:40 - 2018-11-26 07:40 - 000016384 _____ () C:\Users\Jon Kunkel\AppData\Local\hbebiw.dll
2018-11-26 07:40 - 2018-11-26 07:40 - 000289792 _____ () C:\Users\Jon Kunkel\AppData\Local\TempQce34.exE
C:\Program Files\Windows Portable Devices\4W3WDWDJYTXU0TQT6R7H64\wXfmiwUXhW.exe
Unlock: C:\Windows\system32\drivers\lsrbmcgz.sys
C:\Windows\system32\drivers\lsrbmcgz.sys
Task: {0C3100A9-7065-4695-B334-0E1E2EC147E8} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
C:\Program Files (x86)\Microleaves
Task: {2D6229A6-EC27-4251-9943-242423AF4E11} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {34008D99-F192-4367-9893-A635F848D040} - System32\Tasks\Chameleon Folder-Jon Kunkel => "C:\Program Files (x86)\Chameleon Explorer\ChameleonFolder.exe"
Task: {3AB9636E-C385-4C9C-B549-73A79DF4F9FF} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {51A5B6F5-E5C1-4FEB-87F1-45E45470D432} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-09] (Microleaves) <==== ATTENTION
Task: {71FC2ED9-F06F-4735-A971-FFEFC488DFF2} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {82684B71-BC06-4527-AD4C-0521D6C0D745} - System32\Tasks\KMS_VL_ALL => C:\Windows\schemas\Scripts\KMS_VL_ALL.cmd
Task: {A1D596DF-725C-48B1-B466-2780989269BA} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {C1FD6F42-9E51-4195-BACD-F25EAD5BC8D5} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job =>  C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe
C:\Users\Jon Kunkel\AppData\Local\hbebiw.dll
c:\users\jon kunkel\appdata\local\william
C:\Users\Jon Kunkel\AppData\Local\Temp\8JEND7QDCT
EMPTY TEMP:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: