system
3
Thank you so much for replying!
I had to reboot and cmd still tried to run but this time it was empty (no commands running) and it just disappeared 1 second after it appeared.
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by JoseAlejandroPC (23-10-2017 08:12:12) Run:1
Running from C:\Users\JoseAlejandroPC\Desktop
Loaded Profiles: JoseAlejandroPC (Available Profiles: JoseAlejandroPC & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Task: {3F3FD970-6D5D-4050-BF60-E1652500D59F} - System32\Tasks\5C4502B04B5 => "C:\Users\JoseAlejandroPC\AppData\Local\1A5159A.cmd"
Task: {A04F0DED-0D78-46FD-98D8-4A390CC63B65} - System32\Tasks\98E35C9D23B1 => "C:\Users\JoseAlejandroPC\AppData\Local\2B8845.cmd"
VirusTotal: C:\WINDOWS\SysWOW64\8256711.exe
VirusTotal: C:\Users\JoseAlejandroPC\AppData\Local\2B8845.cmd
VirusTotal: C:\Users\JoseAlejandroPC\AppData\Local\1A5159A.cmd
VirusTotal: C:\Users\JoseAlejandroPC\AppData\Local\Temp\f2h98xkf99.exe
C:\Users\JoseAlejandroPC\AppData\Local\2B8845.cmd
C:\Users\JoseAlejandroPC\AppData\Local\1A5159A.cmd
cmd: bitsadmin /RESET /ALLUSERS
EmptyTemp:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F3FD970-6D5D-4050-BF60-E1652500D59F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F3FD970-6D5D-4050-BF60-E1652500D59F} => key removed successfully
C:\WINDOWS\System32\Tasks\5C4502B04B5 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5C4502B04B5 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04F0DED-0D78-46FD-98D8-4A390CC63B65} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04F0DED-0D78-46FD-98D8-4A390CC63B65} => key removed successfully
C:\WINDOWS\System32\Tasks\98E35C9D23B1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98E35C9D23B1 => key removed successfully
VirusTotal: C:\WINDOWS\SysWOW64\8256711.exe => https://www.virustotal.com/file/452eb204875973149566fed16fe8869f3ee9cb11961b50dd088e5efb5a093889/analysis/1508583519/
VirusTotal: C:\Users\JoseAlejandroPC\AppData\Local\2B8845.cmd => https://www.virustotal.com/file/e313bc84cf631e99a776feda312adfa2090b90d26885f97787388a28e8b2fde8/analysis/1508764334/
VirusTotal: C:\Users\JoseAlejandroPC\AppData\Local\1A5159A.cmd => https://www.virustotal.com/file/0ad0a02cc3572f3a5512844f83778d5b6e49d981c377710ba07a73126d48da72/analysis/1508764335/
VirusTotal: C:\Users\JoseAlejandroPC\AppData\Local\Temp\f2h98xkf99.exe => Error()
C:\Users\JoseAlejandroPC\AppData\Local\2B8845.cmd => moved successfully
C:\Users\JoseAlejandroPC\AppData\Local\1A5159A.cmd => moved successfully
========= bitsadmin /RESET /ALLUSERS =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{92B0FE23-5119-4C4E-A4A3-B4A8D3CD51A6} canceled.
{24A6BC72-A0F9-45B7-88A0-6D432489F39F} canceled.
2 out of 2 jobs canceled.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27118771 B
Java, Flash, Steam htmlcache => 281283386 B
Windows/system/drivers => 1678379 B
Edge => 1089334 B
Chrome => 409573375 B
Firefox => 13978921 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 51284 B
NetworkService => 7264046 B
JoseAlejandroPC => 433784286 B
Administrator => 17740 B
RecycleBin => 46077689894 B
EmptyTemp: => 44 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 08:13:25 ====
