Inactive Windows command processor virus?

[LiamD]

hello all, any help with this would be greatly appreciated.
im having a problem with a popup when i start up my PC it said it is windows command processor i get a choice to either continue or cancel, when i click cancel it pops back up in seconds and i cant do anything till i click continue. when i noticed this problem two other problems started happening, one which has been solved but might be helpful to know to solve the main problem.
1) i got a virus which deleted AVG from my PC as far as i know this virus was found and i then installed avira because there is a virus which is stopping me from going on some websites and the AVG website was one of them.
2) i seem to be having a problem with ad-ware (i think its called that) which when i try to go on a website it will quickly change to an advert as its loading.
i have done virus scans which have found stuff. i have done a full scan with spyhunter4 found a trojan, i done a full scan with malwarebytes it also found a trojan, i did a full scan with a virus scanner i just got called SUPERAntispyware it found a trojan also lots of cookies.
one last thing not sure if its connected i have noticed these files on my PC which have random names (e.g. hcs46k3b4kn4vjj2) and they have files called MRT, i got like 13 of them and not sure what to do about it.
any help with this would be great thank you.

 

[Bobbye]

Welcome to TechSpot! I'll be glad to help you but need to get some information first.

1. I'm not aware of malware that deletes AVG. It can prevent your updating it and/or prevent you from accessing the AVG site (and other security sites) but it usually doesn't uninstall the program. Malware can disable the AV and/or shut down the Security Center.
2. Adware is considered malware. If you are not getting the site you've chosen from a search, instead being directed to a different site, you are either being redirected or have no protection from adware.

These are both signs of malware. But no matter how many scans you've done or when you have done about entries that were found, I need to see what's on the system.

Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other scan you have on your system other than what I direct you to run.

I'll give you instructions later to reset Cookies to prevent Tracking Cookies.
========================================
The Windows Command Processor is the legitimate Common prompt for Windows. But what you describe might be from the Purity Scan malware. I will be better able to help with that once I see the results of the scans.
=========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

 

[LiamD]

im having a problem connecting to the site GMER, im not sure if it is the virus blocking me from doing so, but it was also doing it when i tried to reinstall AVG before i started this thread. but i will go onto the next step and post the logs at the end.

 

[Bobbye]

Okay to skip GMER for now.

About AVG: I'd like you to run Combofix after you run Malwarebytes and DDS- but it won't run with AVG. AVG has not given us an option to disable it to run the scans. I'm sure it is still on the system, but disabled by the malware. You will need to temporarily uninstall AVG so how about running the removal below to be sure it/s gone,, then add one of the temporary AV suggested. When we've finished cleaning, you can then reinstall AVG if you still want to keep it.
=========================================
Proceed with the following when you completed the preliminary scans.
=========================================
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please leave these logs in next reply:
1. Malwarebytes (be sure to check the line to remove entries found)
2. 2 logs from DDS> DDS.txt and Attach.txt (2nd log gets pasted in, not attached (that's just the name of the file)> just paste, do not zip.
3. Combofix