Win32 something or other worm found....malwarebytes constantly finds open shell

Win32 something or other worm found by avast 4.8 a couple of weeks ago… spybot says there are constantly open reg keys and files listed as applets… :name (is not) all over the place…malwarebytes constantly finds open shell commands .dll| and what else? Oh yeah I Used to have wind 8 dev pre… then went back to win 7 then upgraded to win 8 con pre… now am back to win 7 (HO premium) the First two times I installed win 7 (it’s an upgrade disk I got for my vista hp that came with the system) everything went fine until I installed the avast 7 INT SEC. then it shut me down… I had an event viewer open and watched in real time as two files marked (unknown IP) ran up through my registry and wrote it all to Zero’s.

I have run scans from autorun…installed in the C drive and checked all the stuff no illigit programs there… I have a sneaking suspicion it’s some kind of a thing that attaches to me as soon as I go online… & it makes my browser redirect… but it autohides somehow… I have seen the ntryies in the reg scan addresses flying by at a hundred thousand miles an hour…the really strang tjhing is it SAYS it’s Microsoft…? I also think what it did to me last time was it got into my rwegistry and leeked keys then sent the change program to those keys… and made them think they were zeros… Microsofts Maloicios Program removers were actived and it was them that wrote the reg to zeros… because microsoft though it had a pirated systme… (Not Genuine) sorry about akll the spelling errors but I just want this in before I go belly up again

Hello HorshackSmyname.

Welcome to the avast!WEBforum.

can you visit the following page:http://forum.avast.com/index.php?topic=53253.0

and post the logs for these in this topic

this helps our malware expert to help you quicker

Anthony

Why are You still using avast 4.8 ???

Can You post the malwarebytes log so we Can see ?

Also Follow the guide here and attach OTL and aswMBR logs
http://forum.avast.com/index.php?topic=53253.0

I cannot tell you how many times I have tried to send this… like it’s going to work this time… :-[

says its too long… huh.

try again

has to refreash the page evertime and go back to this post to reply… whhat pain,

malb

did they go in… I can’t tell it says downloaded 0 times on two of them… ??? :o

I can see your attachments.

As for the problems you were experiencing in attaching them, did it say ‘maximum file size exceeded’ or something like that? The little text below the attach textbox states:
Allowed file types: txt, jpg, gif, png, log
Restrictions: 4 per post, maximum total size 192KB, maximum individual size 200KB

Now all you have to do is wait for a malware remover to assist you. :wink:

I’m SAYN ManN 8)

Welcome sAYN ManN 8)

=.)

for the record… I have avast in sec 7…paid lic for another 140+ days…after all the pop ups bugging me to upgrade and the problems going nuts I decided to let avast try to figure out why my system doesn’t like it

one more thing while it’s in the state I need to say… here s a spy bot scannlog…should I post it? will it have sensitive info in it?

still having problems no end in sight… last night mic sec ess told me they cleaned my system two times… but the shell open commands still show on malbytes… & I’m about to run out of the free version… help!?

The shell commands are not a problem, what they are doing is stopping various commands from being run

e.g. if some malware tried to drop a registry fix on your system it would open up in notepad rather than add to the registry, I have mine set like that

I can see nothing apparent on the system

What are the specific problems you are experiencing

where do I start…? spybot always finds these name is not entries… and if I ignore the scans it gets more and more until my computer stopps working and I reinstall from disk… When I Use spybots process to get into there registry it always has some bootexecute files that I cannot obliterate… if I rename it ( by any means it comes back with a more complex code symbol that looks like something from a star wars movie…
I use facebook all day long… half the time pages load and show me the posts from three days ago… I get weird format problems… pictures appearing where thety shouldn’t (in facebook) I seem to be redirected alot of the time…I will put this address into the browser and it will take me to some other place… there is a new entry in my start up folder now…it says windows command processor… & says it’s part of a videocard system… I didn’t put that there…do I wait for th programs that wrote me to all zeros rage through my system again?.. I watched these things… it was in avast fire wall all lit up addresses, resolve names, show path detailed view… something watches my sytem… it’s like I can go off line and do anything but when I go back online it takes a few minutes to report what I did to somewhere… the print spoller will be open… and they’ll direct draw reverse compress me right into their system… then when they find what I been doing… my system works again… snappy and everthing… until I do something they don’t like… like take them off line… then all of the sudden what program I had going freezes… am I sure I want to do that? yes microsuck I Am sure.
so yeah that’s pretty specific hope not too much… another thing… for over a year the dvd drive won’t work… reformat reinstall drivers… whatever you want… don’t work… then the other windows media center allowed me to use the dvd drive to RIP a music disk( mistake…put it in the wrong one) and when I tried again… it says, no disk…everytime…
reformated reinstalled from disk windows seven problem always comes back…

ps I did notice an entry at the bottom of the second TOL log…or the absolute end of the log… it was an open stream from some :@Alternate Data Stream - 76 bytes → C:\Users\Top\Documents\Untitled12.dmsd:Roxio EMC Stream…
I opened the adress with RUN and it opened the Roxio mydvd maker and put half a file in it…1%n2%/ ofr something… I found the actual file location was in the registry so I deleted it

is that what you said it would open up in a note pad rather than the registry… that’s where spybot always… for over a year… with multiple systemys…find the problems… when you say go to file location it opens Library or Documents… but there is nothing in it…where? whre does it hide?.. am I getting this online? how do I stop getting infected if so? close all accts?? I have run every system in here…

if some one could just speak to me instaed of back and forth waiting I wouldn’t looks so rushing you but really…really, no really.

anyway… so you are saying that the “Malware Problems” which malwarbytes finds are not a problem at all and I should ignore malware bytes until it goes away?.. what do I do about my registry cleaner program constsntly wanting me to Fix the (-5 now) security problems…? this is in my system or on my network… did you look at the spybot log? can I securely send/post a spybot log on here>?