CloseProcesses:
CreateRestorePoint:
Unlock: C:\windows\System32\drivers\drmkpro64.sys
Unlock: C:\Program Files (x86)\dataup
Unlock: C:\Program Files (x86)\dataup\dataup.exe
Unlock: C:\Program Files (x86)\cpx\cpx.exe
Unlock: C:\Program Files (x86)\cpx
Unlock: C:\Program Files (x86)\svcvmx\svcvmx.exe
Unlock: C:\Program Files (x86)\svcvmx\vmxclient.exe
unlock: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx 
reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx" /f 
unlock: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx 
reg: reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx" /f 
unlock: HKLM\SYSTEM\CurrentControlSet\services\Dataup 
reg: reg delete "HKLM\SYSTEM\CurrentControlSet\services\Dataup" /f 
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" /f
C:\Program Files (x86)\dataup\dataup.exe
C:\WINDOWS\system32\Drivers\drmkpro64.sys
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Program Files (x86)\regtool
C:\Program Files (x86)\winscr
C:\Program Files (x86)\svcvmx
C:\Program Files (x86)\dataup
C:\WINDOWS\system32\Drivers\drmkpro64.sys
C:\Program Files (x86)\svcvmx\svcvmx.exe
C:\Program Files (x86)\svcvmx\vmxclient.exe
C:\Program Files (x86)\svcvmx\libcef.dll
C:\Program Files (x86)\svcvmx\libglesv2.dll
C:\Program Files (x86)\svcvmx\libEGL.dll
C:\WINDOWS\System32\CoreUIComponents.dll
C:\Program Files (x86)\svcvmx\pepflashplayer.dll
HKLM-x32\...\Run: [cpx] => "C:\WINDOWS\system32\config\systemprofile\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\WINDOWS\system32\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Gregory\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
S4 UpdaterLong; C:\WINDOWS\Tattvamasi\WinUpdaterLong.exe [X]
R0 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [80968 2017-03-23] () [File not signed] <==== ATTENTION
Emptytemp: