i did a scan with malwarebyte, it revealed some kmspico files, i don't wanna touch that but it did show some things that might say something.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/19/20
Scan Time: 10:34 PM
Log File: b88ab196-8274-11ea-8534-1c1b0db56206.json
-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.22664
License: Trial
-System Information-
OS: Windows 10 (Build 18362.77
CPU: x64
File System: NTFS
User: JETSPARKER\Owner
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 309220
Threats Detected: 26
Threats Quarantined: 0
Time Elapsed: 1 min, 19 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 7
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, No Action By User, 3793, 723556, , , ,
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, No Action By User, 3793, 723556, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AutoPico Daily Restart, No Action By User, 1276, 769804, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7472B602-7C7A-4D4B-A5A5-5170D8B64389}, No Action By User, 1276, 769804, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7472B602-7C7A-4D4B-A5A5-5170D8B64389}, No Action By User, 1276, 769804, , , ,
PUP.Optional.NovaRambler.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, 370, -1, 0.0.0, , action,
PUP.Optional.NovaRambler.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, 370, -1, 0.0.0, , action,
Registry Value: 3
Trojan.BitCoinMiner.COMSPECRST, HKU\S-1-5-21-32607050-3764378424-1887730265-1001\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AUTORUN, No Action By User, 4028, 756081, 1.0.22664, , ame,
Trojan.BitCoinMiner.COMSPECRST, HKU\S-1-5-21-32607050-3764378424-1887730265-1001\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, No Action By User, 4028, -1, 0.0.0, , action,
Trojan.BitCoinMiner.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WMS\PARAMETERS|APPPARAMETERS, No Action By User, 3793, 723556, 1.0.22664, , ame,
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 2
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 370, 493310, , , ,
File: 14
Trojan.BitCoinMiner.E, , No Action By User, 3793, 723556, 1.0.22664, , ame,
HackTool.KMS, C:\WINDOWS\SYSTEM32\TASKS\AutoPico Daily Restart, No Action By User, 1276, 769804, , , ,
HackTool.KMS, C:\PROGRAM FILES\KMSPICO\AUTOPICO.EXE, No Action By User, 1276, 769804, 1.0.22664, , ame,
HackTool.Agent.KMS, C:\PROGRAM FILES\KMSPICO\KMSELDI.EXE, No Action By User, 7579, 700614, 1.0.22664, FE127395B1E1F2D763AB8611, dds, 00683360
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002499.log, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002501.ldb, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 370, 493310, 1.0.22664, , ame,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 370, 493310, 1.0.22664, , ame,
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)