No Internet Connection


My son must have got a virus or something on his pc as he has no connectivity to the Internet.  We use a cable modem to conenct to the Internet.  I tried running Ad-Aware and cleaned off a bunch of stuff.  Then downloaded from another computer HiJackThis and ran that.  The log file is below.  I also downloaded WinFix 1.2 and ran that but couldn't connect to the Internet.  WinFix supposedly fixed the probelm but after a reboot still can't connect.

Here is the HiJackThis file:

Logfile of HijackThis v1.98.2
Scan saved at 3:48:36 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dy] C:\documents and settings\michael wetherholt\local settings\temp\dy.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe

My son uses AdVir as an antivirus software and we just ran a scan.  Found a Trojan Horse called PSW.SclogB but AdVir can't delete it.  But I don't think this Trojan is causing the nonconnectivity to the Internet.

Any ideas?  If I could get online I could update AdWare, SpyBot Search and Destroy, etc.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello MichaelWetherholt =)

Plzz post ur log at this site >>
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines in Hijackthis scan and click on Fix Checked !!

HJT Log Tutoriol >>

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Then Download these tools and install them:
AdAware ==>
SpyBot  ==>
CoolWebShredder ==>
Stinger ==>

Then Disable ur Messenger Service if its running >>
After that here are some "canned" Instructions of mine, If u want u can follow them to check if they can work for u or not :)

1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool and delete all viruses it found
3. Run the Spyware Removal tools and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here
(ofcourse im assuming that u have already saved all the login passwords for ur websites :)
8. Goto C:\Windows\Temp and delete all files present here
9. Reboot back in Normal Mode and check if problems are gone or not
If still NOT, then Goto Start>Run>msconfig>Startup
and untick all applications except the Antivirus and Firewall entires
Now run the winsockfix tool, and restart, check if same problem still ??

Post Back :)
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Hi MichaelWetherholt,

According to what I see in this link
those 2 files listed there are the ones created by that trojan that you have.

Can you search for those files and remove them in your computer. Search for them in safe mode if you cannot find and remove in Normal mode .

Probably guess since your adware definitions are not fully updated , the softwares cannot find the virus and remove them

Disable system restore too

Asta CuTechnical consultant & graphic designCommented:
Shehar has guided you very well here....

Did you try uninstalling Winfax, which had "some" known issues and then try again?

Shehar, what do you know about this entry which I've seen HijackThis results post as problem before, which is noted above?
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe    
Nasty   The entered application explorer was identified: Explorer lptt01 or Explorer ml097e. Hit rate: 65 % (result)   Must be fixed!

By the way,  MichaelWetherholt .... before checking with Updated Viruscan program and then spyware, be sure to turn off system restore or the problem will return.  You do this as follows _ start-run-control panel - system - system restore and there turn it off before cleaning your system, then reboot and turn it back on.  Very important.


Asta CuTechnical consultant & graphic designCommented:
You're running both ZoneAlarm and AV; both of which can cause problems (older versions) so another thing to explore.
asta dont have any specific information on this process,,, many trojans can put this process... but its a faked one as its not running from the original location.... have seen it many times before also !! =\
Asta CuTechnical consultant & graphic designCommented:
Bottom line, you helped and Asker is happy.  Me too.  ":0) Asta
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.