CloseProcesses:
Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" 
Unlock: C:\ProgramData\NTUSER.pol
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
CreateDummy: C:\ProgramData\NTUSER.pol
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" 
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2020-12-07] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Program Files\Common Files\System\symsrv.dll
Unlock: C:\Program Files\Common Files\System\symsrv.dll
CreateDummy: C:\Program Files\Common Files\System\symsrv.dll
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v LoadAppInit_DLLs /d 0 /f
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /d "" /f
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" 
Task: {E48B989B-767B-436E-BBDB-98DFFDA9321F} - System32\Tasks\AdwCleaner_onReboot => C:\Users\mewtw_000\Desktop\AdwCleaner.exe [8525431 2020-12-07] (Malwarebytes) [File not signed]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: