Open HijackThis and select
Do a system scan only then place a check mark next to:
O4 - HKLM\..\Run: [c00b8f7b] rundll32.exe "C:\WINDOWS\system32\sdfdbxxf.dll",b
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\
Close all windows except for HijackThis and click
Fix checked
----------
Now download
The Avenger By Swandog46, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the
Input script manually box.
* Click on the Magnifying Glass Icon which will open a new window titled
View/edit script
* Copy everything in the Quote box below, and paste it in the box that opens:
Files to delete:
C:\WINDOWS\system32\IEDFix.exe
C:\Program Files\Ycejjkfg
C:\Program Files\Zfwsksos
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\sdfdbxxf.dll
Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system
* Now click the '
Done' button.
* Click on the
Green Light and
OK the prompt.
* You will be prompted to restart, click
OK at the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at
C:\avenger.txt
The Avenger will automatically do the following:
* It will
Restart your computer. (In cases where the code to execute contains
"Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly
open a black command window on your desktop, this is normal.
* After the restart, it
creates a log file that should open with the results of Avenger's actions. This log file will be located at
C:\avenger.txt
* The Avenger will also have
backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please
attach the
C:\avenger.txt in your next post.
----------
Download
SDFix.exe and save it to your Desktop.
Double click
SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in
Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press
Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click
RunThis.bat to start the script.
* Type
Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display
Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as
Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the
Report.txt in your next post as an
Attachment with a new
HijackThis log
----------
Next post
avenger.txt
Report.txt
New HijackThis log