Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2022
Ran by BT (administrator) on DESKTOP-I9MQLIO (MSI MS-7845) (06-10-2022 17:25:01)
Running from C:\Users\BT\Desktop
Loaded Profiles: BT
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1083 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe ->) (Devine Software Oy -> Devine Software Oy) C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Devine Software Oy -> Devine Software Oy) C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Greatis Software LLC -> Greatis Software, LLC) C:\Windows\L1HGDU145E\SU10Guard.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Ramadutha Software Services -> Ramadutha Software Services) C:\Program Files (x86)\ProudBrowser\ProudBrowser.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: [] 
HKU\S-1-5-20\...\Policies\system: [] 
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630048 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365160 2020-02-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [8822376 2022-09-20] (Proton Technologies AG -> ProtonVPN)
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Run: [GoogleChromeAutoLaunch_C1D27B2CBE2B23A65DED98D2912EC885] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2438312 2021-06-24] (Google LLC -> Google LLC)
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38502416 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Run: [EpicGamesLauncher] => D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32688080 2022-09-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Policies\system: [] 
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-18\...\Policies\system: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\106.0.5249.103\Installer\chrmstp.exe [2022-10-06] (Google LLC -> Google LLC)
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy-Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032CAD6E-DC3F-44D6-9C52-59CFAA151EB4} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\BT\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-10-01] (ESET, spol. s r.o. -> ESET)
Task: {04BFAE90-0328-4105-867B-BD6D8D22CAEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E1F4D2F-784F-4FE1-9095-169F8395EC58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-26] (Google Inc -> Google LLC)
Task: {273FD5C5-84F1-4889-8E50-60E33FD35426} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {294EC8AF-E038-4E6C-A385-1126573396A7} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\BT\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-10-01] (ESET, spol. s r.o. -> ESET)
Task: {3950E324-553B-4A83-8AAC-4F9468D114B2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {41FF2A63-BF4D-45BB-BBC9-9BC0340DCB0E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165000 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {43807AF4-F28D-443F-BE7B-B16A39C93B0F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6132DE05-9F5F-4EC8-95BA-FC0CBD809FE6} - System32\Tasks\CCleanerSkipUAC - BT => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {724124EA-162C-4C1B-90EE-8E28A620C828} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {77A0BD4A-F353-4ACA-8859-9842C939D829} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AE185AF-5996-4B9E-BBCE-73F0B70C4B87} - System32\Tasks\FreeDownloadManagerHelperService => F:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (No File)
Task: {8875B9E4-B5E4-42C4-9AEE-40C3BFF5BAAB} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "bc5f7280-74c9-44dd-9900-2f0551207663" --version "6.04.10044" --silent
Task: {9C762F96-6BB7-4793-B86B-60F15F005E49} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A8860ABB-BBF1-4765-9AA5-80F0D0ADF7C3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform)
Task: {AA53D7B9-52DF-493D-B65C-1D3DC65249FE} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1186171619-893856383-1054623740-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165000 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB6D3E45-CA1F-416D-B66F-57F641837AB3} - System32\Tasks\Opera scheduled Autoupdate 1612203682 => C:\Users\BT\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {FB418E33-A9BD-4F61-8AE6-8115DE95C296} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-26] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9186c049-7f74-41ea-89b0-7a612598f2b1}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\BT\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-06]
Edge Extension: (Avira Safe Shopping) - C:\Users\BT\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2022-06-29]
Edge Extension: (Avira Password Manager) - C:\Users\BT\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2022-08-06]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: upoua2ca.default
FF ProfilePath: C:\Users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\upoua2ca.default [2020-02-21]
FF ProfilePath: C:\Users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\26re0e98.default-release [2022-10-06]
FF Notifications: Mozilla\Firefox\Profiles\26re0e98.default-release -> hxxps://ceske-serialy.cz
FF Extension: (AdBlocker Ultimate) - C:\Users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\26re0e98.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2022-10-02]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\26re0e98.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-08-30]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default [2022-10-06]
CHR Notifications: Default -> hxxps://steamunlocked.net; hxxps://www.facebook.com
CHR Extension: (Prezentace) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-26]
CHR Extension: (Dokumenty) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-26]
CHR Extension: (Disk Google) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-05]
CHR Extension: (YouTube) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-26]
CHR Extension: (Avira Password Manager) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-10-05]
CHR Extension: (Avira Safe Shopping) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-10-05]
CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-08-08]
CHR Extension: (Tabulky) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-26]
CHR Extension: (Avira Browser Safety) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2022-10-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-08-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-10]
CHR Extension: (Gmail) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\BT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-10]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"ProudBrowser" => service was unlocked. <==== ATTENTION

R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2022-01-29] (Apple Inc. -> Apple Inc.)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4506728 2020-02-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-04-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
S4 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncHelper.exe [3383688 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 Great Discover; C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe [2809856 2021-07-01] (Devine Software Oy -> Devine Software Oy) <==== ATTENTION
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-30] (Malwarebytes Inc. -> Malwarebytes)
S4 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.176.0821.0003\OneDriveUpdaterService.exe [3803528 2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2020-12-07] (Even Balance, Inc. -> )
S4 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [401000 2022-09-20] (Proton Technologies AG -> ProtonVPN)
S4 ProtonVPN WireGuard; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe [328808 2022-09-20] (Proton Technologies AG -> ProtonVPN)
R2 ProudBrowser; C:\Program Files (x86)\ProudBrowser\ProudBrowser.exe [220816 2021-07-19] (Ramadutha Software Services -> Ramadutha Software Services)
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2718048 2022-09-27] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394864 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SU10Guard; C:\Windows\L1HGDU145E\SU10Guard.exe [72032 2021-07-06] (Greatis Software LLC -> Greatis Software, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-02-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-02-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [89776 2021-11-08] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsla29fb127; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05649F9A-1466-4785-95C4-830A31C64C87}\MpKslDrv.sys [228600 2022-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2022-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [69048 2020-09-24] (Famatech Corp. -> Famatech Corp.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-10-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-10-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-10-01] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2022-06-01] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-06-01] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X]
S3 Denuvo Kuser Data Driver 1.0.0.7; \??\F:\Users\BT\Downloads\TEKKEN7ALLDLCs\TEKKEN 7 + ALL DLC's\TEKKEN 7\TekkenGame\Binaries\Win64\Denuvo64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-06 17:25 - 2022-10-06 17:25 - 000021415 _____ C:\Users\BT\Desktop\FRST.txt
2022-10-06 17:24 - 2022-10-06 17:25 - 000000000 ____D C:\FRST
2022-10-06 17:18 - 2022-10-06 17:18 - 002371072 _____ (Farbar) C:\Users\BT\Desktop\FRST64.exe
2022-10-05 12:06 - 2022-10-05 12:06 - 000001230 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2022-10-05 12:06 - 2022-10-05 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2022-10-01 03:02 - 2022-10-01 03:02 - 000000000 ___HD C:\$SysReset
2022-10-01 03:01 - 2022-10-01 03:01 - 000000000 ___HD C:\$GetCurrent
2022-10-01 03:00 - 2022-10-01 03:00 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-10-01 02:24 - 2022-10-01 02:24 - 000003846 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-10-01 02:24 - 2022-10-01 02:24 - 000003404 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-10-01 02:20 - 2022-10-01 02:20 - 000000085 _____ C:\WINDOWS\wininit.ini
2022-10-01 02:16 - 2022-10-01 02:16 - 000001375 _____ C:\Users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-10-01 02:16 - 2022-10-01 02:16 - 000001269 _____ C:\Users\BT\Desktop\ESET Online Scanner.lnk
2022-10-01 02:16 - 2022-10-01 02:16 - 000000000 ____D C:\Users\BT\AppData\Local\ESET
2022-09-30 23:30 - 2022-09-30 23:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2022-09-30 23:28 - 2022-10-01 02:20 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-09-30 11:33 - 2022-09-30 11:33 - 000022072 _____ (Advanced System Repair Inc.) C:\WINDOWS\system32\Drivers\asrscan.sys
2022-09-28 07:00 - 2022-09-28 07:00 - 001443872 _____ (CPUID, Inc. ) C:\Users\BT\Downloads\hwmonitor_1.46.exe
2022-09-28 07:00 - 2022-09-28 07:00 - 000000833 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2022-09-28 07:00 - 2022-09-28 07:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2022-09-21 17:51 - 2022-09-21 17:51 - 000015732 _____ C:\Users\BT\Documents\cc_20220921_175106.reg
2022-09-20 22:37 - 2022-10-05 08:49 - 000000280 _____ C:\WINDOWS\Tasks\CCleanerClean.job
2022-09-20 22:37 - 2022-10-05 08:40 - 000002978 _____ C:\WINDOWS\system32\Tasks\CCleanerClean
2022-09-20 19:18 - 2022-10-06 16:08 - 000003416 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2022-09-20 19:18 - 2022-10-06 16:08 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2022-09-20 19:16 - 2022-09-20 19:16 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-09-20 19:16 - 2022-09-20 19:16 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-09-20 19:09 - 2022-09-20 19:09 - 000472476 _____ C:\Users\BT\Documents\cc_20220920_190936.reg
2022-09-20 11:41 - 2022-09-20 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boosteroid
2022-09-20 11:37 - 2022-09-20 11:37 - 000000000 ____D C:\ProgramData\Piriform
2022-09-20 11:34 - 2022-10-06 16:08 - 000000000 ____D C:\Program Files\CCleaner
2022-09-20 11:34 - 2022-09-20 19:18 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-09-20 11:34 - 2022-09-20 11:34 - 000002892 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - BT
2022-09-20 11:34 - 2022-09-20 11:34 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-09-20 11:34 - 2022-09-20 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-09-20 11:33 - 2022-09-20 11:33 - 050156080 _____ (Piriform Software Ltd) C:\Users\BT\Downloads\ccsetup603_pro_trial.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-06 17:03 - 2020-02-21 12:11 - 000000000 ____D C:\Users\BT\AppData\Local\Packages
2022-10-06 17:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-06 17:02 - 2020-03-26 08:16 - 000000000 ____D C:\Users\BT\AppData\Local\ElevatedDiagnostics
2022-10-06 17:02 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-06 17:02 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-06 16:30 - 2020-02-26 23:17 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-06 16:10 - 2021-04-24 09:30 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-06 16:10 - 2019-12-07 16:43 - 000716726 _____ C:\WINDOWS\system32\perfh005.dat
2022-10-06 16:10 - 2019-12-07 16:43 - 000144904 _____ C:\WINDOWS\system32\perfc005.dat
2022-10-06 16:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-06 16:08 - 2021-07-25 22:51 - 000000000 ____D C:\WINDOWS\L1HGDU145E
2022-10-06 16:06 - 2021-04-24 09:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-06 16:06 - 2021-04-24 09:20 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-06 16:06 - 2021-04-24 09:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-06 15:51 - 2021-04-24 09:21 - 000000000 ____D C:\Users\BT
2022-10-06 13:35 - 2021-07-19 16:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-06 13:35 - 2020-02-21 12:31 - 000000000 ____D C:\Users\BT\AppData\LocalLow\Mozilla
2022-10-06 13:35 - 2020-02-21 12:31 - 000000000 ____D C:\ProgramData\Mozilla
2022-10-06 06:38 - 2020-02-26 23:18 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-06 06:38 - 2020-02-26 23:18 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-05 12:06 - 2022-06-01 16:06 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2022-10-05 12:06 - 2020-12-14 16:22 - 000000000 ____D C:\Users\BT\AppData\Roaming\Proton Technologies AG
2022-10-04 10:54 - 2020-06-06 00:10 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-04 10:54 - 2020-06-06 00:10 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-02 19:12 - 2021-04-25 02:07 - 000000000 ____D C:\Users\BT\AppData\Local\D3DSCache
2022-10-01 20:54 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-01 18:39 - 2021-02-14 08:55 - 000000000 ____D C:\Users\BT\Desktop\metroy
2022-10-01 02:30 - 2022-02-19 19:01 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-10-01 02:30 - 2022-02-19 19:01 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-10-01 02:29 - 2022-02-19 18:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-01 02:29 - 2022-02-19 18:59 - 000000000 ____D C:\Program Files\Malwarebytes
2022-10-01 02:26 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-01 01:24 - 2020-02-21 12:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-01 01:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2022-10-01 00:13 - 2020-02-21 12:25 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-30 23:05 - 2020-02-21 12:00 - 000000000 ____D C:\WINDOWS\SoftwareDistribution.old
2022-09-30 22:17 - 2022-01-05 21:17 - 000000000 ____D C:\Users\BT\AppData\Local\WeMod
2022-09-30 22:17 - 2021-02-06 01:51 - 000000000 ____D C:\Users\BT\AppData\Roaming\WeMod
2022-09-30 22:17 - 2021-02-06 01:51 - 000000000 ____D C:\Users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2022-09-29 20:31 - 2021-10-25 19:20 - 000001463 _____ C:\Users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk
2022-09-29 20:31 - 2021-10-25 19:20 - 000001455 _____ C:\Users\BT\Desktop\NVIDIA GeForce NOW.lnk
2022-09-29 20:31 - 2020-03-05 08:46 - 000000000 ____D C:\Users\BT\AppData\Local\NVIDIA Corporation
2022-09-26 23:00 - 2022-05-14 18:36 - 000007596 _____ C:\Users\BT\AppData\Local\Resmon.ResmonCfg
2022-09-26 18:54 - 2022-08-10 19:18 - 000000000 ____D C:\Users\BT\AppData\Local\Boosteroid Games S.R.L
2022-09-26 02:00 - 2021-02-01 23:03 - 000000000 ____D C:\Users\BT\AppData\Local\CrashDumps
2022-09-20 22:33 - 2020-02-21 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2022-09-20 19:16 - 2020-02-26 21:47 - 000000000 ____D C:\Users\BT\AppData\Local\NVIDIA
2022-09-20 19:16 - 2020-02-21 12:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-09-20 19:01 - 2021-12-11 20:24 - 000003126 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1186171619-893856383-1054623740-1001
2022-09-20 19:01 - 2021-04-24 09:26 - 000002776 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-09-20 11:41 - 2022-08-10 19:17 - 000001387 _____ C:\Users\BT\Desktop\Boosteroid.lnk
2022-09-20 11:35 - 2020-06-01 10:34 - 000000000 ____D C:\Users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-09-20 11:35 - 2020-06-01 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-09-20 11:35 - 2020-06-01 10:34 - 000000000 ____D C:\Program Files\WinRAR
2022-09-20 11:35 - 2020-02-28 23:56 - 000000000 ____D C:\Users\BT\AppData\Local\LogMeIn Hamachi
2022-09-20 11:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-09-20 11:30 - 2021-11-08 20:58 - 000000000 ____D C:\WINDOWS\Minidump
2022-09-20 11:29 - 2020-02-21 12:13 - 000000000 ___RD C:\Users\BT\OneDrive
2022-09-15 20:46 - 2021-09-09 18:41 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-09-15 13:01 - 2020-05-17 04:30 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-08 20:20 - 2022-06-01 16:06 - 000000000 ____D C:\Users\BT\AppData\Local\ProtonVPN

==================== Files in the root of some directories ========

2021-09-05 21:36 - 2021-09-11 21:11 - 000012288 _____ () C:\Users\BT\AppData\Roaming\emp.bin
2021-02-01 20:19 - 2021-02-01 20:19 - 000016438 _____ () C:\Users\BT\AppData\Local\partner.bmp
2022-05-14 18:36 - 2022-09-26 23:00 - 000007596 _____ () C:\Users\BT\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================