[iDuane]

I'm having a trouble with this bug,only the facebook website i cant access,i try all option to fix this bug..like changing browser,cleaning my cache,check my host file,reset the router and i try the restore system method but everything didnt work...i dont know why facebook only i cant access,it's seems the facebook is blocked to my computer..i really need help! i hope someone could help me to fix this problem..


Log for Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:08 AM, on 8/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\BitTorrent\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9899ABB1-248A-400F-B94D-C266DDD53603}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5131 bytes

[Juli007]

Its 100% sure you have a virus or worm. I know I had this kind of problem with the Microsoft website not with facebook.

[iDuane]

yah probably is a virus but i hope this software you give it to me could fix this bug and remove the bug..

[iDuane]

i try the software you give it to me and i did a scan system,few viruses was dected but the problem about i cant access to the facebook website is still on going..


here's the log!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7551

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/24/2011 7:39:18 AM
mbam-log-2011-08-24 (07-39-18).txt

Scan type: Quick scan
Objects scanned: 153045
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0 ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED4 03E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7 370F91F-6994-4595-9949-601FA2261C8D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370 F91F-6994-4595-9949-601FA2261C8D} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Juli007]

Hmmm this looks strange. You have done so many things the viruses are now gone but the problem still persist. What does the browser say when you go to facebook?

[iDuane]

yah,hmm i notice something on my computer tho,when i open the Internet Option then click open..it didnt show up..and i check the Windows Task Bar if there's a program running on my computer..it has but it didnt show any Session ID and CPU only the Mem Usage..i really dont know how i could fix this thing..

[Juli007]

Can you get that prggrams name?

[valis]

Juli007, as you are not qualified to perform malware removal, I'm going to ask you to stop. Please read the rules page at www.techguy.org/rules.html :

Quote:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield (Username) is authorized to help remove malware. next to their name and authorized malware removal trainees have a blue shield (Username) is training to help remove malware. next to their names. If you'd like to participate in a training program, please contact a Moderator or see this article.

iDuane, I'm going to move this to the malware removal area; I will also flag down a security expert to take a look at your logs. Please follow the instruction here and wait for further instructions.

Thanks,

v

[iDuane]

just check this out..i took a screenshot to my windows task bar..strange right? as you can see there's no Session ID and CPU..they're should be a number on them.
http://imageshack.us/f/571/sdsda1.png/

[iDuane]

ok sir,i just really need help..i really need to get through on facebook..i have 2 kids and wife and only the facebook our way to communicate..is really important to me,i know some of ppl who can read this mssg gonna laugh me but it's true..please help me.

[valis]

I've contacted a couple security experts, they should be by shortly to take a look at your logs. Please follow my instructions from earlier to prepare.

thanks,

v

[iDuane]

ok sir,im just right here,waiting for help..im just so worried about this.

[valis]

have you done the below yet?

Quote:

Please follow the instruction here and wait for further instructions.

Thanks,

v

[flavallee]

iDuane:

I've been requested to assist you, so I'll do what I can within my limitations in this forum.

I see you're still using Windows XP SP2 and haven't upgraded to SP3 - which was released about 3 years ago.
Your computer is listed as having an AMD processor, so I'll assume that's why you didn't make the upgrade.
Have you been keeping up with and installing the high-priority updates that are released every month?

----------------------------------------------------------

Let's see what's in your computer that may need to be uninstalled, updated, or replaced.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------

Let's get rid of any buildup of temp files.

Click Start - Run, then type in

%temp%

then click OK.

Click Start - Run, then type in

c:\windows\temp

then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

It's all junk and is a good place for "nasties" to hide.

After you're done, restart the computer.

----------------------------------------------------------

[iDuane]

Hello sir,thanks for your response,i did the step's about deleting on the temps..when i delete there's a error message that "cannot delete avg-203c2771-eb26-433c-8969-f47e44c66632: Access is denied this error is from method "c:\windows\temp and the %temp% method it has error tho about deleteing and this is the error message said " Cannot delete Perflib_Perfdata_d08; It is being used by another person or program..

here's the log from highjackthis

Acrobat.com
Acrobat.com
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2011
AVG 2011
AVG 2011
BitTorrent
BitTorrentBar Toolbar
Broadcom 802.11 Network Adapter
Conduit Engine
Conexant AC-Link Audio
Garena 2010
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 6.0 (x86 en-US)
MSXML 6.0 Parser (KB933579)
PageRage 1.10.01
Skype™ 5.3
Synaptics Pointing Device Driver
TeamViewer 6
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Windows Imaging Component
Windows Installer 3.1 (KB893803)
WinRAR 4.00 beta 3 (32-bit)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar