Member Panel

I have been expriencing a problem with a pop-up window on start-up that mentions explorer.exe no disk...etc. I usually just close this box, it opens once more. After I close it a second time the system starts up without any other problems.

Once that works the system eventually has a problem (usually while I am on the internet) during which the taskbar and the icons on the desktop dissappear, leaving behind only my desktop background image. After this I obviously have to restart and the whole cycle starts all over again.

Just within the last few days I also have a problem with a winfixer pop-up that appears during times of internet browsing. I have run adaware several times although it never detects anything besides the temporary internet files. Any help with these problems would be appreciated.

I attached a HJT log and a image of the pop-up for winfixer.

Welcome to PCHF

I can see that there is quite a bit of infection in your log. A Security Analyst will be along soon to look at this for you.

Thank you for the welcome. I was figured the results weren't pretty. I know some of the items are related to all of the hp software that came with the computer but others I have no idea about. I figured it was best to play it safe and have someone more knowledgable take a look.

Happy New Year everyone!

:smiley: Hi Tom,

a warm welcome from me as well.

Before we start fixing your computer with HijackThis, will you please do the following;

Download To Your Desktop
Please download Process Explorer by Systernals, KillBox by Option^Explicit, CCleaner, and ewido Security Suite


Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please print these instructions, and boot into Safe Mode where you will need to stay for the entirety of this fix. (Continually tap on your F8 key while booting up, until either a beep sounds or a menu pops up. Use your arrow keys to navigate to Safe Mode, and hit Enter)

Clean up unneccesary files and folders
Install and launch CCleaner

• Click on check for updates.
• Under Cleaner Settings, make sure that everything is checked, including Advanced.
• Answer yes to all warnings.
• Click Analyze, when it is finished, click Run Cleaner, then OK.
• Allow the program to finish and exit application.

Remove any malware using Ewido
Install Ewido Security Suite.

• When installing, under Additional Options uncheck Install background guard and Install scan via context menu
• Launch Ewido, there should be a big "E" icon on your desktop, double-click it.
• The program will prompt you to update click the "OK" button
• The program will now go to the main screen
• You will need to update Ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
• The update will start and a progress bar will show the updates being installed.*
• After the updates are installed, exit ewido.

Once the updates are installed do the following:

• If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
• Reboot into Safe Mode, restart your computer, tap the F8* key. Use your up arrow key to highlight Safe Mode, then hit enter.

Close all open windows/programs/folders and then run Ewido.* Have nothing else open while ewido performs its scan!

• Click on Scanner , Settings
• Under "How to scan" all boxes should be selected
• Under "Possibly unwanted software" all boxes should be selected
• Under "What to scan" select scan every file
• Click OK, Complete system scan
• Let the program scan the machine
• If ewido finds anything, it will pop up a notification.*

NOTE:* We have been finding some cases of false positives with the new version of Ewido, so you need to step through the fixes one-by-one.* If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged.* In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action.*

DO NOT check "Perform action with all infections."* If you are unsure of an entry, select "none" for the time being.* We will see that in the log when you post it later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.

Click Save report. Save the report to your desktop, exit ewido


Note:

If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and run a new scan.

Next
Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of jkhfe.dll once and then click the kill button.

After you have killed all of the jkhfe.dll under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of jkhfe.dll then click the kill button.

Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following.

Now click fix checked and close HijackThis.

Please copy the text in the quote below, and paste it into a blank notepad window. Save it as vundo.reg and in the Save As Type box choose All Files.

Once you have saved it double click it and allow it to merge with the registry.



Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full Path of File to Delete box

C:\WINDOWS\system32\jkhfe.dll


Click the red circle with the white x and allow your computer to reboot.

After your computer has rebooted please run Hijackthis again and post a new HijackThis log.

Look forward to your reply,

TTFN

LGW

Here is the new HJT log

All the nasty's are gone. , but these "minor" probs can be fixed with hjt:

Do you still have any problems?

Thank you for the help from all of you. The problems appear to be gone and all is back to normal. I will perform the minor fixes suggested by joe5 and turn on the system restore feature again.

Is there any recommendation as to leave the hidden files on or off?