Win32 something or other worm found....malwarebytes constantly finds open shell

[essexboy]

The shell commands are not a problem, what they are doing is stopping various commands from being run

e.g. if some malware tried to drop a registry fix on your system it would open up in notepad rather than add to the registry, I have mine set like that   

I can see nothing apparent on the system

What are the specific problems you are experiencing

[HorshackSmyname]

where do I start...? spybot always finds these name is not entries... and if I ignore the scans it gets more and more until my computer stopps working and I reinstall from disk... When I Use spybots process to get into there registry it always has some bootexecute files that I cannot obliterate... if I rename it ( by any means it comes back with a more complex code symbol that looks like something from a star wars movie...
I use facebook all day long... half the time pages load and show me the posts from three days ago... I get weird format problems... pictures appearing where thety shouldn't (in facebook) I seem to be redirected alot of the time...I will put this address into the browser and it will take me to some other place.... there is a new entry in my start up folder now...it says windows command processor... & says it's part of a videocard system... I didn't put that there....do I wait for th programs that wrote me to all zeros rage through my system again?... I watched these things... it was in avast fire wall all lit up addresses, resolve names, show path detailed view... something watches my sytem... it's like I can go off line and do anything but when I go back online it takes a few minutes to report what I did to somewhere.... the print spoller will be open... and they'll direct draw reverse compress me right into their system... then when they find what I been doing... my system works again... snappy and everthing... until I do something they don't like... like take them off line... then all of the sudden what program I had going freezes... am I sure I want to do that? yes microsuck I Am sure.
so yeah that's pretty specific hope not too much.... another thing.... for over a year the dvd drive won't work... reformat reinstall drivers... whatever you want... don't work... then the other windows media center allowed me to use the dvd drive to RIP a music disk( mistake...put it in the wrong one) and when I tried again... it says, no disk...everytime....
reformated reinstalled from disk windows seven problem always comes back...

[HorshackSmyname]

ps I did notice an entry at the bottom of the second TOL log...or the absolute end of the log... it was an open stream from some :@Alternate Data Stream - 76 bytes -> C:\Users\Top\Documents\Untitled12.dmsd:Roxio EMC Stream....
I opened the adress with RUN and it opened the Roxio mydvd maker and put half a file in it...1%n2%/ ofr something.... I found the actual file location was in the registry so I deleted it

[HorshackSmyname]

is that what you said it would open up in a note pad rather than the registry... that's where spybot always... for over a year... with multiple systemys...find the problems... when you say go to file location it opens Library or Documents... but there is nothing in it....where? whre does it hide?... am I getting this online? how do I stop getting infected if so? close all accts?? I have run every system in here...

[HorshackSmyname]

if some one could just speak to me instaed of back and forth waiting I wouldn't looks so rushing you but really....really, no really.

anyway... so you are saying that the "Malware Problems" which malwarbytes finds are not a problem at all and I should ignore malware bytes until it goes away?... what do I do about my registry cleaner program constsntly wanting me to Fix the  (-5 now) security problems...? this is in my system or on my network... did you look at the spybot log? can I securely send/post a spybot log on here>?

[HorshackSmyname]

I keep adding things as I remember them... my brain works in a funny way....the last time I reinstalled I though maybe they come from some hidden files in the countless notepad enties I have... so I made all personal parts removed files for all my codes and saved them then only put them back into the Clean drive.... you don't think it's in one of the notepads do you...? I ahve tried to change the way IE deals with HTML files but it won't let me set it to anything.... it has notepad under the closed button.... but you can set it to notepad...or ckick off and it goes back to the upopened button again... does that mean it's on notepad?

[essexboy]

You really need to be carefull in the registry one wrong move and your computer becomes a door stop

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[HorshackSmyname]

it says all my registry keys are marked for deletion... we'll see how this pans out....

[HorshackSmyname]

my event log viewer says...

[HorshackSmyname]

I cannot click on anything on the desktop or bar because it says it doesn't exsist... it's a shortcut thats been removbed...guess it's KOOBOVR ! Wa Wa Wak. (pac-man sound dieing) if this gets worse it's back to the reinstall but what if it's in the permissions far enough I can't set the drive prefrence...oh crap.

[essexboy]

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Reboot please as Combofix failed to release the registry