[ctviggen]

There's a program called "jkdfrag.exe" that loads on my computer even from a standby.  The program does not exist anywhere that I can find on my internal or external (USB) hard drives.  However, a temporary folder is created on the internal hard drive and jkdfrag.exe is placed there, and this occurs every restart from a reboot to a start from standby.  I delete that temporary folder, and it comes back. 

I have used msconfig to turn off a lot of stuff, but still this program loads.  What happens is that it tries to defrag my external hard drive, and every single day for hours on end, I hear the drive getting hammered by this program.  I can't take it, so I continually kill the jkdfrag.exe process.

Where can this program be loading from in Windows XP? 

[bregez]

It's either a disk defrag utility or malware, possibly a key logger. 
You may want to check out http://kessels.com/jkdefrag/
to see if this is what you have.  If not, I would run Malwarebytes.
Good Luck.

[ctviggen]

I've gone to that website, but the problem is that the website indicates that you put the program wherever you would like to put it and to uninstall, you simply delete the program.  The problem is that there is no program called "jkdefrag" on any of my hard drives, until I reboot or return out of sleep mode, then something creates a temporary folder and puts jkdefrag.exe in the temp folder and jkdefrag begins executing.  It then begins hammering my external drive. 

So, I cannot delete the file, as the file does not exist (until the computer reboots or comes out of sleep).  (And I've deleted the temporary folder containing jkdefrag multiple times, to no avail.) 

I'll try malwarebytes. 

[bacobits1]

MalwareBytes or Google Revo Uninstaller (free) and see if it shows up there.
Revo is a nice uninstaller that uninstalls everything related to that program you are removing. Not like the Windows uninstaller that leaves a bunch of stuff behind everywhere still taking space and possibly running on startup.

You may want to ask how to remove it completely on that site forum.

D

[bregez]

Some malware will hide scripts/keys in the registry.  Then once the computer is online it will phone home and download an executable.  So you may want to check the registry if Malwarebytes doesn’t find anything.

[ctviggen]

Well, I'm at a loss.  I ran MalwareBytes (and an antivirus is run weekly) and nothing shows up.  I've gone through the registry and every other place I know of (win.ini, etc.) that a program can load and nothing appears to explicitly load this program.  I've searched both hard drives and cannot find any file named jkdfrag or files that contain the text jkdefrag.  Yet, it loads every single time I reboot or come out of sleep. 

Some other program must be launching jkdefrag, but I cannot find out which program that is.  And, the jkdefrag appears legit, as it creates an output file of what it's doing.  The only problem is that it hammers my external drive for hours, and it drives me crazy.

[WGH]

Click on the Start button --> Run...
Type in services.msc
Click OK

It could be running as a service, you can stop it and disable it from the panel so it won't run.

While there you can also change other annoying services like Indexing Service (don't need it) I first right click on the hard drive icon --> Properties --> uncheck "Allow Indexing Service to index this disk for fast file searching" --> OK, then after I uncheck Indexing on all the hard drives I disable Indexing Service in the Services window. XP will now be faster.

Wayne

[ctviggen]

Thanks, Wayne, but it's not there either (at least in a form I can spot).  I agree with you about the indexer; it's useless.

This is a work computer that someone else had.  I inherited it.  I'm at a complete loss as to how the program is started up each time, especially when returning from sleep mode.  Certainly a service makes more sense at that time.  But I cannot figure out what program is loading jkdefrag.  The only thing I can think of is disabling basically everything (like entering safe mode) and enabling things one at a time until I find the cause.  Unfortunately, I don't have time to do that.

[bregez]

And, the jkdefrag appears legit, as it creates an output file of what it's doing.

Are you sure it's legit.  The website says "All you have to do is download the zip and unpack anywhere you like. The programs are ready to run, even from memory stick or cdrom. The zip contains the following, JkDefrag.exe, JkDefragCmd.exe and JkDefragScreenSaver.scr  + JkDefragScreenSaver.exe "

This tells me to run the program each time you have to execute it (manually).  I would check the output file to see if it looks similar to the one posted online. 

In the meantime use CCleaner to dump all the temp/cache files on your drive in addition to clean up the registry.  Before you do this get into your task manager and end the jkdefrag process.

[WGH]

I'm sure you checked the Add or Remove Programs in the Control Panel and it is not there so now is the time to get geeky:

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.



Windows Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

If you are able to find the program it may be hooked so deep in XP that you may not be able to delete it. I then use MoveOnBoot:

MoveOnBoot allows you to copy, moves or delete files on the next system boot. This comes in very handy, if you need to replace or delete files which are locked by other applications, loaded into memory or cannot be changed until next system boot.

http://www.softpedia.com/get/System/Boot-Manager-Disk/MoveOnBoot.shtml

[ctviggen]

This thing has me totally flummoxed.  I came in this morning, started my computer from sleep mode and left to make my morning shake.  I came back, and jkdfrag was hammering my external drive (this drive has all my music on it and a copy of my home hard drive). 

The program appears legit.  Here's part of an output file, produced this morning:

08:15:05 JkDefrag v3.34
08:15:05 Date: 2010/05/14
08:15:05 Commandline argument '-a' accepted, optimizemode = 3

So, it's a legitimate defrag program, but somehow it's starting on its own. I cannot find the program anywhere on any hard drive, and I delete the temporary file it makes (which does contain jkdegrag.exe), and yet the program comes back every single time.

I'll try your suggestions.  If I can find out how to remove this darn thing, I'll post here. 

[WGH]

Maybe the previous owner renamed program for some strange reason, in that case it would be very hard to find.
Look for a file with -a 3 after the .exe

example from website:
"C:\JkDefrag\JkDefrag.exe" -a 7
"C:\JkDefrag\JkDefrag.exe" D:

If the program starts with a command line then try searching with a wildcard, you might get lucky

try searching for the following arguments (keep the quotes in the search or else you will find every .exe, which will be 1000's):
"*.exe -a"
""C:\*.exe" -a"