No Internet Connection


My son must have got a virus or something on his pc as he has no connectivity to the Internet.  We use a cable modem to conenct to the Internet.  I tried running Ad-Aware and cleaned off a bunch of stuff.  Then downloaded from another computer HiJackThis and ran that.  The log file is below.  I also downloaded WinFix 1.2 and ran that but couldn't connect to the Internet.  WinFix supposedly fixed the probelm but after a reboot still can't connect.

Here is the HiJackThis file:

Logfile of HijackThis v1.98.2
Scan saved at 3:48:36 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dy] C:\documents and settings\michael wetherholt\local settings\temp\dy.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe

My son uses AdVir as an antivirus software and we just ran a scan.  Found a Trojan Horse called PSW.SclogB but AdVir can't delete it.  But I don't think this Trojan is causing the nonconnectivity to the Internet.

Any ideas?  If I could get online I could update AdWare, SpyBot Search and Destroy, etc.


Who is Participating?
SheharyaarSaahilConnect With a Mentor Commented:
Hello MichaelWetherholt =)

Plzz post ur log at this site >>
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines in Hijackthis scan and click on Fix Checked !!

HJT Log Tutoriol >>

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
Then Download these tools and install them:
AdAware ==>
SpyBot  ==>
CoolWebShredder ==>
Stinger ==>

Then Disable ur Messenger Service if its running >>
After that here are some "canned" Instructions of mine, If u want u can follow them to check if they can work for u or not :)

1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool and delete all viruses it found
3. Run the Spyware Removal tools and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here
(ofcourse im assuming that u have already saved all the login passwords for ur websites :)
8. Goto C:\Windows\Temp and delete all files present here
9. Reboot back in Normal Mode and check if problems are gone or not
If still NOT, then Goto Start>Run>msconfig>Startup
and untick all applications except the Antivirus and Firewall entires
Now run the winsockfix tool, and restart, check if same problem still ??

Post Back :)
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Hi MichaelWetherholt,

According to what I see in this link
those 2 files listed there are the ones created by that trojan that you have.

Can you search for those files and remove them in your computer. Search for them in safe mode if you cannot find and remove in Normal mode .

Probably guess since your adware definitions are not fully updated , the softwares cannot find the virus and remove them

Disable system restore too

Asta CuCommented:
Shehar has guided you very well here....

Did you try uninstalling Winfax, which had "some" known issues and then try again?

Shehar, what do you know about this entry which I've seen HijackThis results post as problem before, which is noted above?
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe    
Nasty   The entered application explorer was identified: Explorer lptt01 or Explorer ml097e. Hit rate: 65 % (result)   Must be fixed!

By the way,  MichaelWetherholt .... before checking with Updated Viruscan program and then spyware, be sure to turn off system restore or the problem will return.  You do this as follows _ start-run-control panel - system - system restore and there turn it off before cleaning your system, then reboot and turn it back on.  Very important.


Asta CuCommented:
You're running both ZoneAlarm and AV; both of which can cause problems (older versions) so another thing to explore.
asta dont have any specific information on this process,,, many trojans can put this process... but its a faked one as its not running from the original location.... have seen it many times before also !! =\
Asta CuCommented:
Bottom line, you helped and Asker is happy.  Me too.  ":0) Asta
All Courses

From novice to tech pro — start learning today.