Hya Sir Golitech , sorry for the late reply. I haven't been feeling to well the last couple of days.

Lets see if something shows up here:


1. start HijackThis
2. click on 'Config'
3. click on 'Misc Tools'
4. Put a check in 'List also minor sections (full)'
5. click on 'Generate StartupList log'
6. click on 'yes' to make the log
7. Then post the resulting log please

Hi Joe, thanks for the response once again. Sorry your not feeling well.
This is a strange one, it seems to mimick related sites. For example, every time I come to this site I get a WinAnti Virus popup window. I'm so close to reformating it's not even funny.

Attached Files

startuplist.txt (11.3 KB, 1 views)

Ah , we have something here:

(no name) - C:\WINDOWS\system32\jkhfg.dll - {341B05E9-5B82-4E7E-BDB3-AC040A9BD6BC}

That is from a Vundo infection , lets get rid of it:

Please download VundoFix.exe from here , and save it to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.

Please post the contents of C:\vundofix.txt and a new HiJackThis log.

And it looks like you switched to Kerio for a firewall and removed the Symantec suite? If yes , then lets get rid of this task:

download KillBox by Option^Explicit from HERE.

Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\Tasks\Symantec NetDetect.job

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

Sorry, but I wasn't sure what HJT log you wanted, so I've posted both startup and scan logs.
Yeah I got rid of Nortons only cause it's such a resource hog and AVG does a great job. I reinstalled Nortons, in hope it would fix my problem.

Attached Files

	startuplist2.txt (11.2 KB, 1 views)
	hijackthis2.txt (6.1 KB, 2 views)
	VundoFix.txt (251 Bytes, 1 views)

Ok , the Vundofix didn't actually remove the infection , but it did remove its cloaking abilities. So now it is possible to remove it manually.


Please download Process Explorer by Systernals from HERE.

Make sure you still have KillBox by Option^Explicit from HERE.



Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.


Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of jkhfg.dll once and then click the kill button.
After you have killed all of the jkhfg.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of jkhfg.dll then click the kill button.
Once you have done that click OK again.


Next run HijackThis and place a check beside each of the following:

Now click fix checked and close HijackThis.
Please copy the text in the quote below, and paste it into a blank notepad window.

Save it as vundo.reg and in the "save as" type box choose "all files".
Once you have saved it double click it and allow it to merge with the registry.


Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\system32\jkhfg.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

After your computer has rebooted please run Hijackthis again and post a new Hijackthis log.

Well that was fun...

Attached Files

hijackthis.log (5.9 KB, 2 views)