yesterday while attempting to close a malware program that avast had caught, somehow most of my extentions were altered…cant open most programs or even do a system restore…i tried to reload the extentions in task manager but even after it said it was successfull the problem persists…i have tried everything and from what i have read online its the virus scanner that has caused the problem…please if anyone hass a suggestion im all ears! 
welcome to the forum. we need a bit more information if we are be able to help you.
what os+ avast version you using?
what extention are we talking about here?
what malware was caught by avast?
what did you do with it?, delete it?
try a scan with malwarebytes as a second opition and see it that comes up with anything avast might have missed.
http://filehippo.com/download_malwarebytes_anti_malware/
download install update and remove what it finds, a system reboot might be needed.
good luck and lets us know on the progress or if you need more help.
Sounds like the association reg key has been hijacked, MBAM should cure that
sorry i realized after i did not include what o/s syetem…its vista home basic and im useing the avast free home addition …avast found and i put put 6 infected files in the chest…my start menu wont work , explorer ie8, skype etc…i have to right click on avast to start it for this …my yahoo messenger is the only way i can get my browser to work…this is the 1st time ive had an issue in 3 years!..i should have just ignored the program that popped up cause its when i tried to close it my browser dissappeered…the popup said it was vista 2012 security poseing as a microsoft security alert…
ill try the malware bites thank you
i cant open thee malware bites program…similiar to what happens to other programs i try to open…it asks me what program to use to open malwarebites…list includes adobe, explorer etc
never mind i save it this time and scaning now…
If that should fail to remedy the problem
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
ill try it essexboy…malwarebytes did find one problem but the problem is the same…ill be back!
ok no popups with note pad but this is what was in the box i pasted your earlier instructions
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
i want to press run fix now correct?
ok i found what you wanted i hope,it wont all fit in here but heres the begginning of it…sorry im a novice eh
OTL logfile created on: 04/09/2011 4:57:48 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\jon\Documents
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1013.25 Mb Total Physical Memory | 367.04 Mb Available Physical Memory | 36.22% Memory free
2.24 Gb Paging File | 1.44 Gb Available in Paging File | 64.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 16.65 Gb Free Space | 24.20% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 9.50 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Computer Name: JON-PC | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
It is best to attach the log file using the Additional Options.
- When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).
and this…theres tons more but it wont fit
========== Processes (SafeList) ==========
PRC - [2011/09/04 16:53:02 | 000,581,120 | ---- | M] (OldTimer Tools) – C:\Users\jon\Documents\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/05 06:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) – C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/25 13:25:40 | 000,114,793 | ---- | M] () – C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2008/01/25 13:25:38 | 000,254,059 | ---- | M] () – C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2008/01/25 13:24:54 | 001,076,832 | ---- | M] (Cyberlink) – C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/12/20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) – C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () – C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () – C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) – C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 13:57:28 | 000,167,936 | ---- | M] (acer) – C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) – C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) – c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) – C:\Windows\System32\agrsmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () – C:\Program Files\Yahoo!\Messenger\yui.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] – – (McNASvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe – (MBAMService)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe – (YahooAUService)
SRV - [2008/03/05 06:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] – C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe – (eDataSecurity Service)
SRV - [2008/01/25 13:25:40 | 000,114,793 | ---- | M] () [Auto | Running] – C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe – (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/01/25 13:25:38 | 000,254,059 | ---- | M] () [Auto | Running] – C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe – (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/01/25 13:24:54 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Running] – C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe – (CyberLink Media Library Service)
SRV - [2007/12/20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] – C:\Acer\Empowering Technology\eNet\eNet Service.exe – (eNet Service)
SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] – C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe – (eSettingsService)
SRV - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] – C:\Acer\Mobility Center\MobilityService.exe – (MobilityService)
SRV - [2007/10/01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] – C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe – (eLockService)
SRV - [2007/09/20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] – C:\Acer\Empowering Technology\ePower\ePowerSvc.exe – (WMIService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] – C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe – (eRecoveryService)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] – C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe – (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] – c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe – (LVPrcSrv)
SRV - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] – C:\Windows\System32\agrsmsvc.exe – (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mbamswissarmy.sys – (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] – C:\Windows\System32\drivers\mbam.sys – (MBAMProtector)
DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\System32\drivers\aswSnx.sys – (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswSP.sys – (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswRdr.sys – (aswRdr)
DRV - [2011/07/04 04:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2008/09/26 19:04:10 | 000,101,760 | R— | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ewusbmdm.sys – (hwdatacard)
DRV - [2008/08/18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\athr.sys – (athr)
DRV - [2007/12/11 02:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Apfiltr.sys – (ApfiltrService)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] – C:\Acer\Empowering Technology\eRecovery\int15.sys – (int15)
DRV - [2007/03/18 23:39:18 | 000,052,309 | R— | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mam4410u.sys – (mam4410u)
DRV - [2007/03/08 23:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\AGRSM.sys – (AgereSoftModem)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\LVPr2Mon.sys – (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LVMVdrv.sys – (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\Lvckap.sys – (LVcKap)
DRV - [2007/02/03 11:32:34 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LVUSBSta.sys – (LVUSBSta)
DRV - [2007/02/03 11:27:27 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\LV302V32.SYS – (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/03 11:27:15 | 000,014,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\lv302af.sys – (pepifilter)
DRV - [2007/01/29 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\XAudio.sys – (XAudio)
DRV - [2007/01/15 20:44:46 | 000,011,986 | R— | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\MaVc2K.sys – (MaVctrl)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] – C:\Program Files\Launch Manager\DPortIO.sys – (DritekPortIO)
DRV - [2005/08/17 20:44:50 | 000,049,867 | R— | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mardp2k.sys – (MaRdPnp)
DRV - [2005/06/16 03:13:12 | 000,025,044 | R— | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mam4410m.sys – (mam4410m)
DRV - [2005/06/16 03:11:58 | 000,024,784 | R— | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mam4410c.sys – (mam4410c)
there thx for puttin up with me guys…again im sorry and thanks for your input/advise!!!
and the extras.txt you asked for
No problem, unfortunately essexboy will be in bed now, 3:20am in the UK, so he won’t be back on the forums until later this evening. That’s me for the night too.
A few hangers on remain, what problems do you have at the moment ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2010/04/08 14:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66} O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. [2011/09/02 19:12:29 | 000,010,308 | -HS- | M] () -- C:\ProgramData\mj3dyeqg6111ug32s0k84gfaxv3vp058o28701d204rs [2011/09/02 19:12:28 | 000,010,308 | -HS- | M] () -- C:\Users\jon\AppData\Local\mj3dyeqg6111ug32s0k84gfaxv3vp058o28701d204rs [2011/08/26 18:22:27 | 000,000,000 | ---- | M] () -- C:\Users\jon\AppData\Local\yxrv.exe [2011/08/26 18:22:27 | 000,000,000 | ---- | M] () -- C:\Users\jon\AppData\Local\sekf.exe [2011/08/26 18:22:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\rrwu.exe [2011/08/26 18:22:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\msij.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | M] () -- C:\Users\jon\AppData\Local\xupa.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\xdor.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | M] () -- C:\Users\jon\AppData\Local\tmwc.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\pqgp.exe [2011/08/26 18:22:29 | 000,010,308 | -HS- | C] () -- C:\ProgramData\mj3dyeqg6111ug32s0k84gfaxv3vp058o28701d204rs [2011/08/26 18:22:28 | 000,010,308 | -HS- | C] () -- C:\Users\jon\AppData\Local\mj3dyeqg6111ug32s0k84gfaxv3vp058o28701d204rs [2011/08/26 18:22:27 | 000,000,000 | ---- | C] () -- C:\Users\jon\AppData\Local\yxrv.exe [2011/08/26 18:22:27 | 000,000,000 | ---- | C] () -- C:\Users\jon\AppData\Local\sekf.exe [2011/08/26 18:22:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\rrwu.exe [2011/08/26 18:22:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\msij.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | C] () -- C:\Users\jon\AppData\Local\xupa.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\xdor.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | C] () -- C:\Users\jon\AppData\Local\tmwc.exe [2011/08/26 18:22:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\pqgp.exe:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
is pretty much the same…99% of my start menu, quick launch and most destop items will not start up…i downloaded skype to get it to work temporarily again…now i cant get it to go either since the reboot…my volume and scroll up/down key below my mouse pad also does not work since my original screw-up
Also, after you get it fixed (follow Essexboy’s instructions) if you still have problems with EXE’s, you can run the script on this page to get EXE’s running again: http://www.dougknox.com/xp/file_assoc.htm
I’ve used them 3 times so far and it works wonders.
scythe944
that link was for XP correct?..i have vista home basic…its as if i am hyjacked as earlier suggested…when i try to go into my start up program i get “access denied”…computer runs faster then ever cause all my programs are not running…it will eventually jam up cause i cant do any maintenace either
OK lets up the ante
Download and Install Combofix
Download ComboFix from one of the following locations:
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now