Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by User (administrator) on DESKTOP-V64D4NE (LENOVO 80YE) (15-07-2021 23:12:14)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Windows 10 Pro Version 2004 19041.1052 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0325150.inf_amd64_734c117c182d30db\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\setup\instup.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHeciSvc.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Failed to access process -> wuauclt.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32873544 2021-01-15] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-25] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Inc)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2019-08-12]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C6AAB9-684B-4308-8850-14D5A5A81637} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {093909C5-C04F-4EB9-A57A-380FF2F5E6B2} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {134DC2AB-B8C8-404D-BE01-A3A8CAD87877} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {317F8233-B4FE-468C-AC67-9105CBF4C19B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {48B231C8-33CC-4D14-9A50-DD3C38601B0F} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4903192 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
Task: {55F937E3-0D62-4B5D-BAC5-D51F61E988A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {5BD6FEF6-8F6E-40E8-8F3F-233F9367A24C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5F847EEB-BBBB-4C8E-9964-7929ABCC624F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-10-12] (Apple Inc. -> Apple Inc.)
Task: {7A6C1E11-BC05-4FB7-8055-50EFC47040B0} - System32\Tasks\{383BA929-7153-43A1-A939-0695410A5355} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://www.skype.com/go/downloading?source=lightinstaller&ver=7.35.0.102&LastError=12002
Task: {915FE601-C2EB-4A90-A7B5-C05B1DAEAD05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9623E8C2-D657-424E-8DD4-AA184A5D4982} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {A01EE4A7-BE07-45EE-BE4E-466CB9CEB7C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A393EA85-5748-41BD-84B1-5A0AA5662E9B} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {B63152FD-D69A-4499-BC33-BB8DCFBD1573} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {DB750AA2-61E6-4A62-A768-2EEEB7EEB4C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE02C212-E267-4B07-A9EA-9D9BDFB2E26B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-01-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F770D362-4037-4F60-9E48-1BF686B5F498} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2476376 2021-06-22] (Overwolf Ltd -> Overwolf LTD)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.86.160.5 192.168.1.1
Tcpip\..\Interfaces\{69fd8649-3c1b-4ae3-be83-f0de707108fb}: [DhcpNameServer] 185.86.160.5 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-15]

FireFox:
========
FF DefaultProfile: aq9k7zhw.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\aq9k7zhw.default [2021-07-15]
FF Homepage: Mozilla\Firefox\Profiles\aq9k7zhw.default -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\aq9k7zhw.default -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2018-08-01] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-07-15]
CHR DefaultSearchURL: Default -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496724&altserp=1
CHR DefaultSearchKeyword: Default -> poshukach engin search
CHR DefaultSuggestURL: Default -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-01]
CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-24]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2021-04-27]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-27]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-15]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-07-15]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-14]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-14]
CHR Extension: (Google Docs hors connexion) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-14]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-14]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-15]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8249936 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [625432 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [373528 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-02] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-06-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2476376 2021-06-22] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH -> TeamViewer GmbH)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-25] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-07-03] (Avast Software s.r.o. -> AVAST Software)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-08] (Malwarebytes Inc -> Malwarebytes)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [890944 2017-09-29] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-15 23:12 - 2021-07-15 23:18 - 000022842 _____ C:\Users\User\Downloads\FRST.txt
2021-07-15 23:09 - 2021-07-15 23:15 - 000000000 ____D C:\FRST
2021-07-15 23:05 - 2021-07-15 23:05 - 002300416 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2021-07-15 15:11 - 2021-07-15 15:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-15 15:02 - 2021-07-03 12:39 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-07-15 11:53 - 2021-07-15 11:53 - 000000000 ____D C:\Program Files\Google
2021-07-14 23:25 - 2021-07-15 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-07-14 23:25 - 2021-07-14 23:25 - 000000000 ____D C:\ProgramData\GridinSoft
2021-07-14 16:16 - 2021-07-14 17:22 - 000811329 _____ C:\Users\User\Downloads\nourriture.ai
2021-07-14 15:41 - 2021-07-14 15:44 - 000000000 ____D C:\Users\User\AppData\Local\AMSDK
2021-07-14 15:41 - 2021-07-14 15:41 - 000000000 ____D C:\Users\User\AppData\Local\Zemana
2021-07-14 15:41 - 2021-07-14 15:41 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-07-12 16:47 - 2021-07-12 16:47 - 005195222 _____ C:\Users\User\Downloads\vecteezy_set-of-different-tree-illustration_433409.zip
2021-07-10 16:29 - 2021-07-10 16:29 - 000074539 _____ C:\Users\User\Downloads\WhatsApp Image 2021-07-09 at 16.12.34.jpeg
2021-07-06 21:18 - 2021-07-06 21:19 - 000226163 _____ C:\Users\User\Downloads\WhatsApp Image 2021-07-06 at 21.16.36 (1).jpeg
2021-07-06 21:18 - 2021-07-06 21:18 - 000141045 _____ C:\Users\User\Downloads\WhatsApp Image 2021-07-06 at 21.16.36.jpeg
2021-07-06 21:18 - 2021-07-06 21:18 - 000126700 _____ C:\Users\User\Downloads\WhatsApp Image 2021-07-06 at 21.16.59.jpeg
2021-07-05 19:58 - 2021-07-05 19:58 - 000303752 _____ C:\Users\User\Downloads\CV Nour Bakhos.pdf
2021-07-05 19:56 - 2021-07-06 18:19 - 000584195 _____ C:\Users\User\Downloads\d07a3d5f-free-indesign-portfolio-layout-templates-with-yellow-accents.zip
2021-07-05 19:55 - 2021-07-06 18:21 - 000679736 _____ C:\Users\User\Downloads\018085ad-free-version-magazine-layout.zip
2021-07-05 19:55 - 2021-07-06 18:17 - 000591567 _____ C:\Users\User\Downloads\3f433d81-free-version-portfolio-template-indesign.zip
2021-07-05 19:53 - 2021-07-06 18:15 - 000264362 _____ C:\Users\User\Downloads\2d0924e0-free-version-portfolio-layout.zip
2021-07-05 19:00 - 2021-07-05 19:00 - 000308906 _____ C:\Users\User\Downloads\NOUR BAKHOS.pdf
2021-07-05 01:29 - 2021-07-05 01:29 - 000081630 _____ C:\Users\User\Downloads\WhatsApp Image 2021-07-05 at 01.23.14.jpeg
2021-07-04 22:29 - 2021-07-15 15:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-03 12:42 - 2021-07-03 12:39 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-26 16:31 - 2021-06-26 16:31 - 109468224 _____ C:\Users\User\Downloads\Among.Us.v2021.6.15s.rar
2021-06-24 18:33 - 2021-06-24 18:33 - 000036343 _____ C:\Users\User\Downloads\Waitress CV.pdf
2021-06-23 17:07 - 2021-06-23 17:10 - 000090872 _____ C:\Users\User\Downloads\my-cv.pdf
2021-06-19 17:00 - 2021-06-19 17:01 - 001958472 _____ C:\Users\User\Downloads\vecteezy_a-set-of-assorted-frames-in-quintessential-japanese-style-vector-illustrations-text-translation-japanese-frame-headline_182244.zip
2021-06-17 15:17 - 2021-06-17 15:17 - 000000612 _____ C:\Users\User\AppData\Roaming\PureRef.ini
2021-06-17 00:24 - 2021-06-17 00:24 - 000114549 _____ C:\Users\User\Downloads\WhatsApp Image 2021-06-17 at 00.23.53.jpeg
2021-06-17 00:24 - 2021-06-17 00:24 - 000085784 _____ C:\Users\User\Downloads\WhatsApp Image 2021-06-17 at 00.23.52.jpeg
2021-06-15 17:02 - 2021-06-15 17:02 - 016449803 _____ C:\Users\User\Downloads\vecteezy_get-black-wood-grain-texture-illustration-here-you-can-use-it-as-your-background_178157.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-15 23:15 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-15 23:10 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-15 23:07 - 2018-10-02 23:00 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-07-15 23:03 - 2019-12-07 12:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-15 22:59 - 2018-08-01 13:58 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-15 22:58 - 2021-01-22 23:51 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-15 22:55 - 2020-10-24 18:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-15 15:26 - 2020-10-24 19:18 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-15 15:26 - 2018-11-04 14:12 - 000000000 ____D C:\Program Files\CCleaner
2021-07-15 15:24 - 2021-02-21 15:09 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2021-07-15 15:23 - 2019-12-07 12:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-15 15:12 - 2019-05-18 13:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-15 15:11 - 2018-10-02 23:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-15 15:08 - 2018-10-02 23:00 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-15 15:05 - 2021-01-22 23:44 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-15 15:02 - 2019-12-07 12:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-07-15 14:59 - 2018-08-01 13:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2021-07-15 14:26 - 2021-02-06 23:54 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-07-15 14:26 - 2017-09-29 04:12 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-07-15 14:21 - 2020-10-24 19:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-15 14:20 - 2020-10-24 18:38 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-15 14:14 - 2021-01-22 23:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Avast Software
2021-07-15 14:14 - 2021-01-22 23:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-07-15 14:14 - 2021-01-22 23:50 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-07-15 14:14 - 2018-08-01 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2021-07-15 14:14 - 2018-08-01 13:56 - 000000000 ____D C:\Program Files\KMSpico
2021-07-15 14:13 - 2021-01-22 23:45 - 000000000 ____D C:\Program Files\Avast Software
2021-07-15 14:13 - 2019-09-12 16:04 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-07-15 13:40 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-15 13:22 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\registration
2021-07-15 13:22 - 2018-10-02 23:00 - 000000000 ____D C:\Users\User\AppData\Local\Mozilla
2021-07-15 13:21 - 2021-01-23 00:12 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2021-07-15 13:13 - 2021-02-08 19:00 - 000000000 ____D C:\Program Files (x86)\GameHouse
2021-07-15 00:00 - 2018-12-31 17:41 - 000000000 ____D C:\Users\User\AppData\Roaming\inkscape
2021-07-14 23:55 - 2020-10-18 00:45 - 000000000 ___DC C:\WINDOWS\Panther
2021-07-13 23:47 - 2017-09-29 04:14 - 000000000 ___RD C:\Users\User\OneDrive
2021-07-11 23:18 - 2020-10-25 14:26 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6aa1ec79c4faf
2021-07-11 23:18 - 2020-10-24 19:18 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-11 23:18 - 2020-10-24 19:18 - 000003308 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B1125D7B-A76B-4BE3-91D2-D65CCA19AA73}
2021-07-11 23:18 - 2020-10-24 19:18 - 000003244 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-07-11 23:18 - 2020-10-24 19:18 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-11 23:18 - 2020-10-24 19:18 - 000002966 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2021-07-11 23:18 - 2020-10-24 19:18 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3736682232-2262673394-1125935760-1001
2021-07-11 23:18 - 2020-10-24 19:18 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-07-11 23:18 - 2020-10-24 19:18 - 000002352 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON
2021-07-11 23:18 - 2020-10-24 19:18 - 000002316 _____ C:\WINDOWS\system32\Tasks\{383BA929-7153-43A1-A939-0695410A5355}
2021-07-11 23:18 - 2020-10-24 19:18 - 000002306 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_Dolby
2021-07-11 23:18 - 2020-10-24 19:18 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-07-11 23:18 - 2020-10-24 19:18 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-07-11 23:18 - 2020-10-24 19:18 - 000002146 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-07-11 22:21 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-10 16:14 - 2020-06-09 13:05 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-08 00:05 - 2020-10-25 04:06 - 000759144 _____ C:\WINDOWS\system32\perfh00C.dat
2021-07-08 00:05 - 2020-10-25 04:06 - 000146072 _____ C:\WINDOWS\system32\perfc00C.dat
2021-07-08 00:05 - 2020-10-24 19:03 - 001681370 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-03 12:39 - 2021-01-22 23:50 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-07-03 12:39 - 2021-01-22 23:50 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-07-03 12:38 - 2021-01-22 23:50 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-07-03 12:38 - 2021-01-22 23:50 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-07-03 12:38 - 2021-01-22 23:50 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-07-03 12:38 - 2021-01-22 23:50 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-06-27 23:44 - 2020-10-24 18:49 - 000002364 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-25 14:08 - 2018-08-01 13:31 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-20 22:35 - 2020-10-03 10:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2020-09-26 17:30 - 2021-06-11 15:45 - 000000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS6 Prefs
2019-06-06 14:51 - 2020-09-28 21:55 - 000000146 _____ () C:\Users\User\AppData\Roaming\licecap.ini
2021-06-17 15:17 - 2021-06-17 15:17 - 000000612 _____ () C:\Users\User\AppData\Roaming\PureRef.ini
2021-01-30 20:15 - 2021-01-30 20:15 - 000003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-10-28 20:35 - 2019-10-28 20:35 - 000021066 _____ () C:\Users\User\AppData\Local\kritacrash.log
2020-05-14 01:04 - 2020-05-14 01:04 - 000000039 _____ () C:\Users\User\AppData\Local\kritadisplayrc
2019-03-22 16:39 - 2020-05-14 01:04 - 000014999 _____ () C:\Users\User\AppData\Local\kritarc
2019-11-29 20:02 - 2019-11-29 20:02 - 000000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================