HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () [File not signed]
Task: {39E304B8-F66C-4057-920C-91E7F68B8906} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {52489F98-F930-4F9C-8550-E5B2D2F99E36} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1390472 2019-11-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {748C56D9-D949-423A-BAD8-FA08023868C5} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-10] (Acer Incorporated -> Acer Incorporated)
Task: {91F9D2B6-9405-4B55-8297-BF24C7AD5C78} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [40288 2015-07-10] (Acer Incorporated -> )
Task: {963D0548-1350-439C-91DB-3B3E394E6CEE} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {990840B6-1D29-4796-8B6E-5633AB46887E} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [3438680 2016-09-24] (AVAST Software a.s. -> AVAST Software)
Task: {CD6F702C-470B-4241-8589-E1071B89BA8F} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
Task: {CFC884A2-479E-4D58-84FB-D7DECC63B6F1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2143908317-127953287-3357993830-1001 -> DefaultScope {F02A6038-51E2-4D69-86A7-38258E4572F0} URL = 
SearchScopes: HKU\S-1-5-21-2143908317-127953287-3357993830-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2143908317-127953287-3357993830-1001 -> {F02A6038-51E2-4D69-86A7-38258E4572F0} URL = 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed]
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-11-20] (AVAST Software s.r.o. -> AVAST Software)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (Acer Incorporated -> acer)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No FileHKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\Run32: => "isa"
FirewallRules: [{47207378-CE51-49CF-97E0-CE9E155ED936}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{B857FA43-9973-4E29-A247-8CC9AAF4F0B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{8ED2EACC-863B-43AF-AFED-247AFAE53E24}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{07E2E778-89FE-49DA-A222-5B83D39F9457}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{88378351-27F3-48B5-BCFA-624DE4120830}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{AF52775A-5F90-4421-97C0-117B15D77E88}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{D08DD7C6-D871-4D07-AB76-480B40340346}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{279BDFBC-3138-4C7E-99A7-7BCFB2AD3CA5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [UDP Query User{5F43A9BE-E685-43BB-B7AB-CE00582FB02D}C:\users\harley\desktop\stellite wallet\stellite gui wallet 1.0.2\stellited.exe] => (Allow) C:\users\harley\desktop\stellite wallet\stellite gui wallet 1.0.2\stellited.exe => No File
FirewallRules: [TCP Query User{B911AF0D-8ACB-4622-8856-2DE5C4ADA3C2}C:\users\harley\desktop\stellite wallet\stellite gui wallet 1.0.2\stellited.exe] => (Allow) C:\users\harley\desktop\stellite wallet\stellite gui wallet 1.0.2\stellited.exe => No File
FirewallRules: [UDP Query User{194A15EE-167E-4D6C-ADBC-4AF9FDE8D0E9}C:\program files (x86)\digital pandacoin\digital pandacoin\pandacoin-qt.exe] => (Allow) C:\program files (x86)\digital pandacoin\digital pandacoin\pandacoin-qt.exe => No File
FirewallRules: [TCP Query User{DF7FF793-09F0-4577-AEE1-E47F0BB1FE2F}C:\program files (x86)\digital pandacoin\digital pandacoin\pandacoin-qt.exe] => (Allow) C:\program files (x86)\digital pandacoin\digital pandacoin\pandacoin-qt.exe => No File
FirewallRules: [UDP Query User{A49B3E29-B253-436E-A55E-D3E992655245}C:\program files\royalties foundation\royalties wallet\royaltieswallet.exe] => (Allow) C:\program files\royalties foundation\royalties wallet\royaltieswallet.exe => No File
FirewallRules: [TCP Query User{22D396FE-C3A7-4AE9-AA84-CB270774ED84}C:\program files\royalties foundation\royalties wallet\royaltieswallet.exe] => (Allow) C:\program files\royalties foundation\royalties wallet\royaltieswallet.exe => No File
FirewallRules: [UDP Query User{3B9ABB0C-8571-4E29-8FAA-24F1DF741610}C:\program files (x86)\verium\verium-qt.exe] => (Allow) C:\program files (x86)\verium\verium-qt.exe => No File
FirewallRules: [TCP Query User{8B6FB2A8-7A22-4D3A-AEC7-BB1712A1A23A}C:\program files (x86)\verium\verium-qt.exe] => (Allow) C:\program files (x86)\verium\verium-qt.exe => No File
FirewallRules: [UDP Query User{15D06793-8EEA-4BF6-BCA9-9CEDC640EC8B}C:\users\harley\desktop\sumokoin\sumokoin gui wallet\resources\bin\sumokoind.exe] => (Allow) C:\users\harley\desktop\sumokoin\sumokoin gui wallet\resources\bin\sumokoind.exe => No File
FirewallRules: [TCP Query User{3A41663D-C9A2-4169-B70E-408C65ECB1CF}C:\users\harley\desktop\sumokoin\sumokoin gui wallet\resources\bin\sumokoind.exe] => (Allow) C:\users\harley\desktop\sumokoin\sumokoin gui wallet\resources\bin\sumokoind.exe => No File
FirewallRules: [{BDBCBAB3-2D5E-40DC-AF89-8AA75AB6751F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{57241F91-7D8B-4B06-9DE8-6145935875AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe => No File
FirewallRules: [{D16315B2-0E42-4221-B384-34947AF6BB78}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [TCP Query User{0E3EC75E-CCEC-48A7-AE2F-07B8C0E06350}C:\users\harley\appdata\local\temp\temp1_windows-x64-1.2.3.2.zip\bin\stellited.exe] => (Allow) C:\users\harley\appdata\local\temp\temp1_windows-x64-1.2.3.2.zip\bin\stellited.exe => No File
FirewallRules: [UDP Query User{5E42D516-5968-4CAF-AB21-968FAA41D6B5}C:\users\harley\appdata\local\temp\temp1_windows-x64-1.2.3.2.zip\bin\stellited.exe] => (Allow) C:\users\harley\appdata\local\temp\temp1_windows-x64-1.2.3.2.zip\bin\stellited.exe => No File
FirewallRules: [TCP Query User{DC6C4F91-3444-4C2D-AFA7-69B5EB9B6891}C:\users\harley\desktop\stellitegui-win-v0.0.8-1\stellited.exe] => (Allow) C:\users\harley\desktop\stellitegui-win-v0.0.8-1\stellited.exe => No File
FirewallRules: [UDP Query User{15FC10D0-596E-4879-B4EF-4E077C560C0C}C:\users\harley\desktop\stellitegui-win-v0.0.8-1\stellited.exe] => (Allow) C:\users\harley\desktop\stellitegui-win-v0.0.8-1\stellited.exe => No File
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: type C:\Windows\Logs\DISM\dism.log
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: