I looked in Task manager as it came back again today, and there was nothing related in there like the article you linked to says. However, I do have the scan results here which might help a bit more:
Code:Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19/05/2015 Scan Time: 11:54:16 Logfile: scan_results.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.19.02 Rootkit Database: v2015.05.16.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Christopher Scan Type: Threat Scan Result: Completed Objects Scanned: 348593 Time Elapsed: 29 min, 16 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 1 PUM.Hijack.CMDPrompt, HKU\S-1-5-21-2974942078-2449443277-1922112558-1001\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),,[c6b8197c0e7c84b257e2e23aaf57e41c] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
Registry Data: 1
PUM.Hijack.CMDPrompt, HKU\S-1-5-21-2974942078-2449443277-1922112558-1001\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),,[c6b8197c0e7c84b257e2e23aaf57e41c]
Go ahead and delete this key.
Okay, I removed the key 'DisableCMD'. Hopefully that should solve the issue, I'll let you know what happens.
Nope, the same key has come back again. I've removed it with MalwareBytes and removed the key in regedit again, though I have a feeling it will probably just come back again ....
Have you tried that link I posted in post #19?
Try running a Full Scan with your Anti Virus, than a full scan with Microsoft’s Malicious Software Removal Tool(Just type MRT in search), and then Malwarebytes again. Try to do it in safe mode.
There was also a default key picked up when I searched, I'm not sure whether that should be deleted or not so I attempted it and it wouldn't let me. The default key did not have a value, though.
I'll run the scans you suggested now, but after removing it again I may need to wait a few hours yet for it to come back.
You could also look in services and see if there is anything related. Some malware have services so that it can repair it self. But the best bet is to scan in safe mode.
I found this in Task manager, when I looked much more closely in the "Details" tab: wmiprvse.exe
I honestly don't know what stood out to me about this, as I don't know some of the process names in Task manager, but something did about this name, and when searched Google, it seems to have given me incontrovertible proof it's related: https://www.google.co.uk/#q=wmiprvse+PUM+hijack
The initial scans finished with nothing found, I'll let you know later what happens when I run it in safe mode.