HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\MountPoints2: {2b13ba87-5fe2-11eb-825c-50465db36e87} - "G:\Setup.exe"
Unlock: "C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll"
File: "C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll"
Unlock: "C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe"
File: "C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe"
Task: {C38DB12F-6996-49D9-A354-E58EA55CD46E} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
AlternateDataStreams: C:\ProgramData\TEMP:D735933A [138]
ContextMenuHandlers1: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers2: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers4: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers5: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> No File
ContextMenuHandlers6: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Users\Dyfan\FastCopy\FastEx64.dll -> No File
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager"
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: