start::
closeprocesses:
createrestorepoint:
reg: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\explorer
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\WINDOWS\System32:tdsrset.gfc [5846]
HKLM\...\StartupApproved\Run: => "Reimage"
FirewallRules: [{24F1DB9F-696A-462A-8344-07FC2E70F3DA}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe No File
FirewallRules: [{679E539F-5892-48FD-ADD6-33DB0AAFD50D}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe No File
FirewallRules: [{B5F1608D-4515-49D6-80CE-330562518913}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe No File
FirewallRules: [{59A2D495-C9F7-4B4E-8B56-6F61C2E66318}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe No File
FirewallRules: [{F75581E1-8A49-4982-9167-B09921333632}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServices.exe No File
FirewallRules: [{BB705294-E795-49BB-8261-788A1B4078DA}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServices.exe No File
FirewallRules: [{82EB7ADF-EB76-4A6F-BA08-1B66499F3C16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{1060864C-3E16-4C67-B241-9DCFA8DE021C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{51836F90-2C9E-4074-9E9A-43574F4286E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe No File
FirewallRules: [{BB9D28CD-8E61-4750-81F9-E4B877AC8981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe No File
FirewallRules: [{79A445B7-33B5-4748-B57D-E025656EDF9A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{F60B4682-D407-4CE8-903B-057E969CA534}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{C01F0478-DF82-4CEE-90D8-E69120AFE9A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{42EA0963-FF85-4FA9-B4CC-7CA509D5C0F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe No File
FirewallRules: [{085C99A3-A0D0-4257-8DAF-B66E72D15437}] => (Allow) D:\Games\Ghost Recon Breakpoint\GRB_BE.exe No File
FirewallRules: [{53AB0290-3E47-4DDA-95AA-658B09F91797}] => (Allow) D:\Games\Ghost Recon Breakpoint\GRB_BE.exe No File
FirewallRules: [TCP Query User{76104BBB-E40B-4088-A7CC-719D38B4EC05}D:\games\ghost recon breakpoint\grb.exe] => (Allow) D:\games\ghost recon breakpoint\grb.exe No File
FirewallRules: [UDP Query User{37D2D241-FE72-4AE3-92FE-A7F876B69826}D:\games\ghost recon breakpoint\grb.exe] => (Allow) D:\games\ghost recon breakpoint\grb.exe No File
FirewallRules: [TCP Query User{E33CF04C-0DB8-4F6F-BC03-791F69687D8A}D:\games\rise of the tomb raider - 20 years celebration\rottr.exe] => (Allow) D:\games\rise of the tomb raider - 20 years celebration\rottr.exe No File
FirewallRules: [UDP Query User{8C8B593A-BDD6-44A7-AD93-CE9BFC9AA4C0}D:\games\rise of the tomb raider - 20 years celebration\rottr.exe] => (Allow) D:\games\rise of the tomb raider - 20 years celebration\rottr.exe No File
FirewallRules: [{D3D370BF-BB09-42F8-B9C0-57D6EB4A7AE6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{A507EBF8-0880-4017-AABB-F18312A05717}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{4B513E10-B08B-4309-9E77-FC14E0E7EE0B}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe No File
FirewallRules: [UDP Query User{EBEC865F-2A60-4F4C-8933-A50C8392E56D}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe No File
FirewallRules: [TCP Query User{672BD36A-E86C-4312-B6EC-D0FCB0D072AD}C:\program files (x86)\epubor\alldrmremoval\alldrmremoval.exe] => (Allow) C:\program files (x86)\epubor\alldrmremoval\alldrmremoval.exe No File
FirewallRules: [UDP Query User{AAD0785B-2C06-4361-9EC8-85AB3416129A}C:\program files (x86)\epubor\alldrmremoval\alldrmremoval.exe] => (Allow) C:\program files (x86)\epubor\alldrmremoval\alldrmremoval.exe No File
FirewallRules: [{6CB515A0-6F81-4DE0-8AB9-F0C6B72991C6}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{432BF485-2C80-4DE0-86C5-2FF74D918162}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{1C7F6722-E592-40EA-8665-DC2652B72B74}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{17A0E739-5792-48DB-9E1C-C8A4F4FC94FF}] => (Allow) %systemroot%\system32\alg.exe No File
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Task: {1612935C-4E64-474E-8B17-5D79B138B3E5} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {16568078-7CE9-4285-9C90-B426F79BDD14} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {E85CA1C7-4F65-48AA-90E1-2E5C60356955} - System32\Tasks\PulsewayServiceCheck => C:\Program Files\Pulseway\watchdog.bat [184 2019-12-22] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-263582596-3771093479-4034240698-1001\...\MountPoints2: {4cb00dda-cf02-11e9-8ca5-04d4c460660c} - "E:\setup.EXE" /AUTORUN
HKU\S-1-5-21-263582596-3771093479-4034240698-1001\...\MountPoints2: {bd160005-d3db-11e9-8cab-04d4c460660c} - "E:\OnePlus_setup.exe" /s
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\Surya\AppData\Roaming\Mozilla\Firefox\Profiles\durqi66h.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\Surya\AppData\Roaming\Profiles\gkbglbm8.default [2019-07-25] <==== ATTENTION
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: DISM /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
emptytemp:
end::