[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


No Internet Connection

Posted on 2004-10-31
Medium Priority
Last Modified: 2013-11-16

My son must have got a virus or something on his pc as he has no connectivity to the Internet.  We use a cable modem to conenct to the Internet.  I tried running Ad-Aware and cleaned off a bunch of stuff.  Then downloaded from another computer HiJackThis and ran that.  The log file is below.  I also downloaded WinFix 1.2 and ran that but couldn't connect to the Internet.  WinFix supposedly fixed the probelm but after a reboot still can't connect.

Here is the HiJackThis file:

Logfile of HijackThis v1.98.2
Scan saved at 3:48:36 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dy] C:\documents and settings\michael wetherholt\local settings\temp\dy.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe

My son uses AdVir as an antivirus software and we just ran a scan.  Found a Trojan Horse called PSW.SclogB but AdVir can't delete it.  But I don't think this Trojan is causing the nonconnectivity to the Internet.

Any ideas?  If I could get online I could update AdWare, SpyBot Search and Destroy, etc.


Question by:MichaelWetherholt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 65

Accepted Solution

SheharyaarSaahil earned 2000 total points
ID: 12458915
Hello MichaelWetherholt =)

Plzz post ur log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines in Hijackthis scan and click on Fix Checked !!

HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
LVL 65

Expert Comment

ID: 12458925
Then Download these tools and install them:
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Stinger ==> http://vil.nai.com/vil/stinger

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that here are some "canned" Instructions of mine, If u want u can follow them to check if they can work for u or not :)

1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool and delete all viruses it found
3. Run the Spyware Removal tools and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here
(ofcourse im assuming that u have already saved all the login passwords for ur websites :)
8. Goto C:\Windows\Temp and delete all files present here
9. Reboot back in Normal Mode and check if problems are gone or not
LVL 65

Expert Comment

ID: 12458935
If still NOT, then Goto Start>Run>msconfig>Startup
and untick all applications except the Antivirus and Firewall entires
Now run the winsockfix tool, and restart, check if same problem still ??

Post Back :)
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

LVL 49

Expert Comment

ID: 12458982
Hi MichaelWetherholt,

According to what I see in this link http://www.bullguard.com/forum/8/Trojen-Horse---PSWSclogB-C_2418.html
those 2 files listed there are the ones created by that trojan that you have.

Can you search for those files and remove them in your computer. Search for them in safe mode if you cannot find and remove in Normal mode .

Probably guess since your adware definitions are not fully updated , the softwares cannot find the virus and remove them

Disable system restore too

LVL 27

Expert Comment

by:Asta Cu
ID: 12458990
Shehar has guided you very well here....

Did you try uninstalling Winfax, which had "some" known issues and then try again?

Shehar, what do you know about this entry which I've seen HijackThis results post as problem before, which is noted above?
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe    
Nasty   The entered application explorer was identified: Explorer lptt01 or Explorer ml097e. Hit rate: 65 % (result)   Must be fixed!

By the way,  MichaelWetherholt .... before checking with Updated Viruscan program and then spyware, be sure to turn off system restore or the problem will return.  You do this as follows _ start-run-control panel - system - system restore and there turn it off before cleaning your system, then reboot and turn it back on.  Very important.


LVL 27

Expert Comment

by:Asta Cu
ID: 12458994
You're running both ZoneAlarm and AV; both of which can cause problems (older versions) so another thing to explore.
LVL 65

Expert Comment

ID: 12459027
asta dont have any specific information on this process,,, many trojans can put this process... but its a faked one as its not running from the original location.... have seen it many times before also !! =\
LVL 27

Expert Comment

by:Asta Cu
ID: 12459249
Bottom line, you helped and Asker is happy.  Me too.  ":0) Asta
LVL 65

Expert Comment

ID: 12459286

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question