Internet Connection is Messed Up

If you cannot download at all, it does make the procedure more difficult and what we typically recommend is what you are doing. Downloading the files on another computer and burning to a CD (or use any other method) to get the scanners to the problem PC. Obviously the online scanners would not be run but please run all the other steps that are possible. Then proceed to doing the below (again you will need to get the HijackThis program to your PC via any method possible):


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Okay! We I'll be looking for you.

 

Four months is like infinity in the spyware world. Even after a week or so we normally say you need run the READ ME FIRST again. Are you still having problems getting online?

Your system is way out of date with your Microsoft updates. We will have to address that later.

Disable Spybot's Teatimer! Then post a new HJT log.

To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot!

 

Look in Add/Remove programs for EBATES_MOEMONEYMAKER and uninstall if found!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [kjcloj] C:\WINDOWS\kjcloj.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\kjcloj.exe
C:\WINDOWS\FARMMEXT.exe
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

One minor item left to fix using HJT.

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

Other than that your all clean now. You should not be having problems using Windows Updates and you really need them or you will always have malware problems. Could it possibly be that what you perceived as problems with Windows Updates was due to malware being on your PC at the time.

Don't forget you can be a little selective about which updates you install. Just get all the Critical updates. Especially items for Windows Explorer. What you really need to do is work thru the below thread (some you already have, like an antivirus and a firewall).

How to Protect yourself from malware!