unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup 
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup" /f
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f
C:\Users\April\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [cpx] => "C:\Users\April\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [927744 2017-10-27] () <==== ATTENTION
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {39843cd8-3120-11e3-be7b-b8763f38aa42} - "F:\TL_Bootstrap.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {5595447e-4ef7-11e7-bfe1-b8763f38aa42} - "F:\setup.exe"
S2 0291631511534851mcinstcleanup; C:\WINDOWS\TEMP\029163~1.EXE -cleanup -nolog [X]
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 usbcir; \SystemRoot\System32\drivers\usbcir.sys [X]
S3 usbprint; \SystemRoot\System32\drivers\usbprint.sys [X]
C:\Program Files (x86)\GUTEA25.tmp
C:\windows\system32\tprdpw32.exe
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [362]
MSCONFIG\Services: Dataup =>
MSCONFIG\Services: srcsrv => 2
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION