Cannot access antivirus sites

April 25, 2011 at 19:13:08
Specs: Windows XP SP2, 2.8 GHz/240 MB
I reformated an old labtop and loaded Avg Free version. Since Avg geately slowed down internet access of the PC, I un-installed AVG. I tried to install lighter antivius app. I tried to download MSE first. However, the web site cannot be opened. I tried to go to down load sites of Avast, PC Tools and even AVG. All of those web pages could not be opened. If I go to other sites, I have no problem to connect. I do not know if this indicates my PC is contaminated by some virus.

Here is my HijackThis. (btw, I could not send the file Trend Micro site either)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:49 PM, on 4/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe

End of file - 4925 bytes

Could anybody help me to fix this problem.

Many Thanks in advance.


See More: Cannot access antivirus sites

Report •

April 25, 2011 at 19:49:10
Try restarting the computer in Safe Mode with Networking
As your computer restarts tap F8.
In the Boot Options menu, use the arrow keys to highlight the above safe mode option, and then press ENTER.

Any luck accessing AntiVirus websites?

If you can access them, download Malwarebytes' Anti-Malware (MBAM):
Save the program to the Desktop
On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts

If an update is found, MBAM will download and install the latest.

At the main program window, make sure the following is checked: Perform Quick Scan
Click: Scan (The scan may take some time to finish, so please be patient.)
When the scan completes, a message box appears, click OK

At the main Scanner screen:
Click on: Show Results
A screen displaying the malware found shows
Make sure everything found is checked, and click: Remove Selected

When the disinfection is complete, you may be prompted to Restart the computer. Please do so.

When MBAM finishes removing malware, a log opens in Notepad
The log is automatically saved and can be viewed by clicking the Logs tab.

Please provide the contents of the MBAM log in your reply.

Report •

April 26, 2011 at 08:58:42
Thanks so lot, Aaflac44. I'll do it this evening

Report •

April 26, 2011 at 20:58:49

After running MBAM, two files were found infected and removed from my PC. I successfully downloaded Avast, and everything works very well.

Thank you so much for your help.

Here is the log of MBAM
Malwarebytes' Anti-Malware

Database version: 6451

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/26/2011 7:51:23 PM
mbam-log-2011-04-26 (19-51-23).txt

Scan type: Quick scan
Objects scanned: 146899
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\hong\application data\mlrgrs.exe (CrypTool.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HONG\local settings\temporary internet files\Content.IE5\YDZEOQCI\svchost[1].bat (CrypTool.Agent) -> Quarantined and deleted successfully.

Report •

Related Solutions

April 26, 2011 at 22:30:14
Glad to help.

This is a good time to create a System Restore Point:

...and also, remove all the System Restore points except the recent one:

Good luck, BingDu!! :-)

Report •

Ask Question