HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [electron.app.Cudo Miner] => C:\Program Files\Cudo Miner\desktop\Cudo Miner Desktop.exe --autolaunch (No File)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\MountPoints2: {4a7e26cf-2fb2-11eb-bbe9-18d6c7af94b3} - "D:\AutoRun.exe"
File: D:\AutoRun.exe
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [442128 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [555064 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhnhm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464]
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "electron.app.Cudo Miner"
File: C:\Windows|system32\drivers\MQAC.sys
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: