CMD randomly opening up and closing 2-3 times a day.

[Versed]

Hello, I have recently been having some CMD issues the passed two weeks or so. I don't recall the specific date that this started happening. I've read some of the other threads here that have similar problems, but I didn't want to take it upon myself to do more than just run maleware bytes and ccleaner. I happened to click on it once when it opened and the CMD was blank and just said something about SCHTask.exe at top bar. I would greatly appreciate any assist thanks in advanced.

 

[TwinHeadedEagle]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Versed]

alright, here ya go

 

[Versed]

sorry to double post, but CMD still seems to be opening up randomly. I have no idea what the problem is T.T

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Versed]

here ya go. I'll restart my pc now and I'll let you know if it worked.

 

[Versed]

yepp. it's still popping up

 

[TwinHeadedEagle]

This is not malware related, I don't see signs of active infection. Can you try to perform a System Restore to the time before this happened?

 

[Versed]

uhhh... I tried that a couple days ago, but there was no time that I could go back to that would make a difference.

 

[TwinHeadedEagle]

Let's try this:

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Cleaning.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[Versed]

It wont let me post the zoek results for some reason or upload rather. "the uploaded file is empty" I haven't seen CMD pop up yet though, so maybe that's a good sign.

 

[Versed]

cmd still opening up randomly ._.

 

[TwinHeadedEagle]

Can you copy its content?

 

[Versed]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Justin on Fri 08/19/2016 at 4:27:42.03.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Justin\Desktop\cleaning software\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-08-09-153959.log 631 bytes

==== System Restore Info ======================

8/19/2016 4:28:39 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\NexonUS deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Justin\AppData\Local\ActiveSync deleted successfully
C:\Users\Justin\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Justin\AppData\Local\Skype deleted successfully
C:\Users\Justin\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3927516532-1166689485-3256073822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7B42741-8A63-4D57-824D-5F01B101F724} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\Users\Justin\AppData\Roaming\discord deleted
C:\Users\Justin\.android deleted
C:\PROGRA~2\Skillbrains deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Justin\AppData\Local\updater.log deleted
C:\Users\Justin\AppData\Local\Unity deleted
C:\Users\Justin\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Justin\AppData\LocalLow\Unity deleted
C:\windows\SysNative\tasks\update-S-1-5-21-3927516532-1166689485-3256073822-1001 deleted
C:\windows\SysNative\tasks\update-sys deleted
C:\WINDOWS\tasks\update-S-1-5-21-3927516532-1166689485-3256073822-1001.job deleted
C:\WINDOWS\tasks\update-sys.job deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
"C:\ProgramData\mntemp" deleted
"C:\Users\Justin\AppData\Roaming\Nox" deleted
"C:\Users\Justin\AppData\Roaming\VMware" deleted

==== Chromium Look ======================


Session Manager - Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi
FFZ - Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb
LastPass - Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Session Manager - Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc
Chrome Media Router - Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - {searchTerms} - Google Search
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\38NRX4WG will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\45TZM47X will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\5940QJRZ will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\5IRY9FJI will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\6TD2KJJN will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\C6VH7IPS will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\CQX0NRQP will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\HPDRTZNF will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\QAFJ5P88 will be deleted at reboot
C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\ZCN1LUNW will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Justin\AppData\Local\NexonLauncher\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1068 folders=110 533588119 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Justin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\38NRX4WG" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\45TZM47X" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\5940QJRZ" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\5IRY9FJI" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\6TD2KJJN" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\C6VH7IPS" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\CQX0NRQP" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\HPDRTZNF" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\QAFJ5P88" not found
"C:\Users\Justin\AppData\Local\Microsoft\Windows\INetCache\IE\ZCN1LUNW" not found

==== EOF on Fri 08/19/2016 at 4:37:13.38 ======================

 

[TwinHeadedEagle]

What happens now?

 

[Versed]

well, same thing really. CMD just pops up randomly. cmd schtask or something. I really have no idea what the problem could be. I thought it was a RAT at first because I did some searching around, but now I don't believe it is.

 

[TwinHeadedEagle]

Please download Process Monitor >> Process Monitor

• Unpack it and start Procmon.exe
• Click Filter >> Filter and then set like on the image:
  
  
  
  
• Keep Process Monitor active or minimized. When CMD pop up again, click File >> Save and click OK. Saved report will be in Process Monitor folder.
• Upload it here: Zippyshare.com - Free File Hosting

 

[Versed]

Logfile.PML

I hope this is the right file. I'm assuming it is.

 

[TwinHeadedEagle]

This shows nothing. Can you reset filter and then post a whole log after this happens?

 

[Versed]

so.. whenever i go into the filter > filter and add the "cmd.exe" with process name is cmd.exe then include. all of this http://puu.sh/qIVgT/8e227fb30c.png disappears and the box in blank. is that normal?