VirusTotal: C:\Program Files (x86)\TCP Host\tcphost.exe HKLM-x32\...\Run: [TCP Host] => C:\Program Files (x86)\TCP Host\tcphost.exe [324220 2017-11-25] () Task: {0764B4D5-54A1-4694-B76D-5EB607F78AA2} - System32\Tasks\TCP Host Task => C:\Program Files (x86)\TCP Host\tcphost.exe [2017-11-25] () <==== ATTENTION C:\Program Files (x86)\TCP Host S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed] S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed] AlternateDataStreams: C:\Users\Administrator\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [738] AlternateDataStreams: C:\ProgramData\Temp:072F1F69 [380] AlternateDataStreams: C:\ProgramData\Temp:12258D63 [207] AlternateDataStreams: C:\ProgramData\Temp:249F95D0 [430] AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134] AlternateDataStreams: C:\ProgramData\Temp:33B04540 [394] AlternateDataStreams: C:\ProgramData\Temp:4EEC7800 [188] AlternateDataStreams: C:\ProgramData\Temp:5D351BC6 [394] AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [206] AlternateDataStreams: C:\ProgramData\Temp:77B64C59 [192] AlternateDataStreams: C:\ProgramData\Temp:7C412B92 [185] AlternateDataStreams: C:\ProgramData\Temp:7FA0D639 [188] AlternateDataStreams: C:\ProgramData\Temp:834DD57E [193] AlternateDataStreams: C:\ProgramData\Temp:8FAE08A5 [229] AlternateDataStreams: C:\ProgramData\Temp:91FE43FF [204] AlternateDataStreams: C:\ProgramData\Temp:91FFEC32 [416] AlternateDataStreams: C:\ProgramData\Temp:922DA2DB [147] AlternateDataStreams: C:\ProgramData\Temp:98982C88 [192] AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [173] AlternateDataStreams: C:\ProgramData\Temp:A819A132 [213] AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7 [390] AlternateDataStreams: C:\ProgramData\Temp:AD7183FA [203] AlternateDataStreams: C:\ProgramData\Temp:C0A9D0E7 [184] AlternateDataStreams: C:\ProgramData\Temp:C7684F3C [209] AlternateDataStreams: C:\ProgramData\Temp:D47B19A6 [394] AlternateDataStreams: C:\ProgramData\Temp:E51234A9 [366] AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [202] CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: