Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by Milan (02-07-2020 22:12:59) Run:1
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milan
Boot Mode: Normal
==============================================

fixlist content:
*****************
 Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe
CMD: dir "C:\Program Files (x86)\Norton Internet Security"
File: C:\Program Files (x86)\launcher.exe
File: C:\Windows\SysWOW64\Drivers\RegKill.sys

HKU\S-1-5-21-2134351818-1356353880-2322332928-1001\...\MountPoints2: {50c52b16-ce04-11e6-bf53-9cb654eb78ff} - "I:\Lenovo_Suite.exe" 
Task: {01598504-C068-41F2-9DBF-6DC9A666BD69} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe
Task: {1BB17350-5FEA-4A28-ACC0-CED43D5F3853} - System32\Tasks\Abelssoft\AntiLogger_3 => E:\Program Files (x86)\AntiLogger\AbLauncher.exe
Task: {1C649324-7B0A-4177-9C88-39CCD54A2D7D} - System32\Tasks\{7C2C62EC-A966-4BB0-84EB-AB13EE8AC369} => C:\WINDOWS\system32\pcalua.exe -a C:\Hobby-t�ka\setup\setup.exe
Task: {20983F87-D24B-452D-BFA8-3455683056DA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {38D8CF00-F9DA-4219-8C9D-0568DB73C874} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4983B6D6-CC17-450B-9EB9-86B8422798E9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66FAA689-D6A2-4DCF-BB00-0DA98EDFFF8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {76184C1E-CB03-400D-A813-82EE8F22D629} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9BB07B71-845F-4D15-B1C5-7F4D9E087F4B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9D7BDA2F-BA50-4356-BC34-DD59D58222D1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A62E4628-0E01-4916-A6AA-030ADFCC4A83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D2C6C099-82D8-4286-96FB-94344BD0BD62} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F728CB27-EFF5-4C61-9B99-4F9F8E672E9D} - System32\Tasks\{F0469B35-26F4-48B9-92A0-94F30953612B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Eaton\IntelligentPowerProtector\mc2.exe" -c -launch "hxxp://127.0.0.1:4679/default.html"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
CMD: type "C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\kje70kdo.default\user.js"
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 MFE_RR; \??\C:\Users\Milan\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
U2 SBKUPNT; no ImagePath
2020-06-29 20:23 - 2020-06-29 20:23 - 000000000 ____D C:\Users\Milan\Desktop\FRST-OlderVersion
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  -> No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:0888F409 [284]
AlternateDataStreams: C:\ProgramData\Temp:3440EB47 [916]
AlternateDataStreams: C:\ProgramData\Temp:66633281 [159]
AlternateDataStreams: C:\ProgramData\Temp:93433455 [960]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count    : 437
Average  : 
Sum      : 4096186786
Maximum  : 
Minimum  : 
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe ========================

"C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe" => not found
====== End of File: ======


========= dir "C:\Program Files (x86)\Norton Internet Security" =========

 Volume in drive C is Windows
 Volume Serial Number is D462-9877

 Directory of C:\Program Files (x86)

File Not Found

========= End of CMD: =========


========================= File: C:\Program Files (x86)\launcher.exe ========================

C:\Program Files (x86)\launcher.exe
File is digitally signed
MD5: B347B6D1E8C2938047EF9A2B85B46ECF
Creation and modification date: 2020-06-26 18:14 - 2020-06-22 07:54
Size: 001509400
Attributes: ----A
Company Name: Opera Software AS -> Opera Software
Internal Name: Opera
Original Name: 
Product: Opera Internet Browser
Description: Opera Internet Browser
File Version: 69.0.3686.36
Product Version: 69.0.3686.36
Copyright: Copyright Opera Software 2020
VirusTotal: https://www.virustotal.com/gui/file/3f011cf61a2598e17b197ddd4c5da626ceea2db3e153dbf732a4d156e1b3860c/detection/f-3f011cf61a2598e17b197ddd4c5da626ceea2db3e153dbf732a4d156e1b3860c-1593438414

====== End of File: ======


========================= File: C:\Windows\SysWOW64\Drivers\RegKill.sys ========================

C:\Windows\SysWOW64\Drivers\RegKill.sys
File not signed
MD5: 27CE3D4C589E5FAE38EA0BD0FDFA3FD6
Creation and modification date: 2002-11-27 23:46 - 2002-11-27 23:46
Size: 000006400
Attributes: ----A
Company Name: Elaborate Bytes
Internal Name: regkill.sys
Original Name: regkill.sys
Product: DVD Region Killer
Description: DVD RegionKiller Lower Filter Driver
File Version: 2, 7, 0, 0
Product Version: 2, 7, 0, 0
Copyright: Copyright (C) 2001, 2002 Elaborate Bytes, Oliver Kastl
VirusTotal: https://www.virustotal.com/gui/file/5dc9de9f79084a534719f4db8ad56c7bd7ed57905bd862df7a121be698c16ee5/detection/f-5dc9de9f79084a534719f4db8ad56c7bd7ed57905bd862df7a121be698c16ee5-1409515899

====== End of File: ======

HKU\S-1-5-21-2134351818-1356353880-2322332928-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c52b16-ce04-11e6-bf53-9cb654eb78ff} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01598504-C068-41F2-9DBF-6DC9A666BD69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01598504-C068-41F2-9DBF-6DC9A666BD69}" => removed successfully
C:\WINDOWS\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BB17350-5FEA-4A28-ACC0-CED43D5F3853}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BB17350-5FEA-4A28-ACC0-CED43D5F3853}" => removed successfully
C:\WINDOWS\System32\Tasks\Abelssoft\AntiLogger_3 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Abelssoft\AntiLogger_3" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C649324-7B0A-4177-9C88-39CCD54A2D7D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C649324-7B0A-4177-9C88-39CCD54A2D7D}" => removed successfully
C:\WINDOWS\System32\Tasks\{7C2C62EC-A966-4BB0-84EB-AB13EE8AC369} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C2C62EC-A966-4BB0-84EB-AB13EE8AC369}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20983F87-D24B-452D-BFA8-3455683056DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20983F87-D24B-452D-BFA8-3455683056DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38D8CF00-F9DA-4219-8C9D-0568DB73C874}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38D8CF00-F9DA-4219-8C9D-0568DB73C874}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4983B6D6-CC17-450B-9EB9-86B8422798E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4983B6D6-CC17-450B-9EB9-86B8422798E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66FAA689-D6A2-4DCF-BB00-0DA98EDFFF8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66FAA689-D6A2-4DCF-BB00-0DA98EDFFF8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76184C1E-CB03-400D-A813-82EE8F22D629}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76184C1E-CB03-400D-A813-82EE8F22D629}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB07B71-845F-4D15-B1C5-7F4D9E087F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB07B71-845F-4D15-B1C5-7F4D9E087F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D7BDA2F-BA50-4356-BC34-DD59D58222D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D7BDA2F-BA50-4356-BC34-DD59D58222D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A62E4628-0E01-4916-A6AA-030ADFCC4A83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62E4628-0E01-4916-A6AA-030ADFCC4A83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2C6C099-82D8-4286-96FB-94344BD0BD62}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2C6C099-82D8-4286-96FB-94344BD0BD62}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F728CB27-EFF5-4C61-9B99-4F9F8E672E9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F728CB27-EFF5-4C61-9B99-4F9F8E672E9D}" => removed successfully
C:\WINDOWS\System32\Tasks\{F0469B35-26F4-48B9-92A0-94F30953612B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0469B35-26F4-48B9-92A0-94F30953612B}" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => removed successfully

========= type "C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\kje70kdo.default\user.js" =========







user_pref("browser.sessionstore.resume_session_once", true);
user_pref("browser.sessionstore.resume_session_once", true);

========= End of CMD: =========

HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\System\CurrentControlSet\Services\CLVirtualBus01 => removed successfully
CLVirtualBus01 => service removed successfully
HKLM\System\CurrentControlSet\Services\MFE_RR => removed successfully
MFE_RR => service removed successfully
HKLM\System\CurrentControlSet\Services\SBKUPNT => removed successfully
SBKUPNT => service removed successfully
C:\Users\Milan\Desktop\FRST-OlderVersion => moved successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
C:\ProgramData\Temp => ":0888F409" ADS removed successfully
C:\ProgramData\Temp => ":3440EB47" ADS removed successfully
C:\ProgramData\Temp => ":66633281" ADS removed successfully
C:\ProgramData\Temp => ":93433455" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 91181009 B
Java, Flash, Steam htmlcache => 1690 B
Windows/system/drivers => 5110271 B
Edge => 0 B
Chrome => 811882552 B
Firefox => 33686137 B
Opera => 154407846 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 163926 B
systemprofile32 => 164054 B
LocalService => 16947276 B
NetworkService => 16947276 B
Milan => 62677415 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:14:25 ====