Hi there lets see what I can do - from the log I will need to use this programme

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

Seems that it is useless to explain…forget about it then. I have heard before that there are some program which can ban the porn sites…can anyone suggest some (no matter it is free or not) ? Just for prevention.

For the a-squared, I have run it after your suggestion. And there is a long list of quarantine, including some value, key and also file. But seems that I can’t made a log for it…and the list is too long that I can’t use screen caught…

I have already run the ComboFix and the HJT. The two log is attached.

Thanks to everyone…I felt an immense gratitude to everyone, especially to philly, who pay most attention to this and give a lot of opinion…

Actually I am from HK…I am wonder how you found my nationality by my words…Is it really a big difference or just because my English is very weak?

You still need to kill the Vundo entry.

You can do so by following the instructions beginning:

Please print these instructions out for use in Safe Mode.

and ending:

Press enter to exit the program then manually reboot your computer.

Here:

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t35849.html

The HijackThis! entry you will need to fix is this one:

O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Boy\com_securenetasia_p11wrapper2.dll
C:\WINDOWS\system32\jkhfg.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new HijackThis log.

I have run the combofix, and the log is attached.

But I don’t know how to use the VundoFix, when I open the program, it don’t shows the message that the instruction shows but only two button–“Scan Vundo” and “Remove Vundo”. It seems that the version isn’t match, the one I download is v6.7.7 but in the instruction it is v2.15 .

The jkhfg.dll entry has gone from your log now, so you don’t need those instructions.

jkhfg.dll was a Vundo infection, so you can hit the “scan Vundo” button just to check that Vundo has gone.

If VundoFix finds any traces, run again and hit the “Remove Vundo” button.

Logs look clean to me

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

I figured you were Chinese because you had a Chinese speech to text software program installed on your computer. I hope your infection is clear and everything runs okay

Is that already clean…? Seems not as fast as before…
I have run the VundoFix and find this

C:\WINDOW\system32\RGSS100J.dll

And also there are something left in the quarantine of a-squared and SUPERAntiSpyware, do I need to clear them all?

Yes you can empty the quarantine… I will search for stray files if you wish

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

The log is attached.

Looks good nothing worth talking about in there

Hi TFL :

  Once you are "clean", I recommend you do the following :

 1) Your Hijackthis log shows a slightly outdated version of Sun Java,
     which can be a Source of getting a "Vundo" infection, which you had;
     therefore, uninstall ALL Versions of this program you have, then go to
     www.java.com to get the latest version .
 2) To reduce the possibilities of "boy" going to Porn Sites, install the
     very good & FREE "SpywareBlaster" from www.javacoolsoftware.com ;
     there is a "Tutorial" on this program at
     www.bleepingcomputer.com/tutorials/tutorial49.html .
     I would not bother using the "System Snapshot" Section .

It is much better than before…thanks all for your kind help !