* Please download
F2T (Files To Text)- *Doubleclick F2Ts.exe to start the program.
*Next to Path on top, copy and paste next line:
*
C:\Program Files\fnbyyff\DscSmartSrv.dll
*When done, press the GO button next to it.
*Then click the Select F2T-list button below to select the results.
*Right-click the selected text
*Click on "copy"
*Paste the copied text into your next reply.
Repeat for this one;
C:\Program Files\ouemijb\AppProcSmart.dll
And also for the ones in the two .security folders.
==============
1. Please
open Notepad- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now
copy/paste the entire content of the codebox below into the Notepad window:
KillAll::
File::
C:\ProgramData\hchefwvk
C:\Users\All Users\hchefwvk
C:\Windows\System32\afkzcjwf.exe
C:\ProgramData\hchefwvk\rutonsfy.exe
C:\Users\All Users\hchefwvk\rutonsfy.exe
C:\Windows\System32\uryxmnyd.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3.
Save the above as
CFScript.txt
4. Physically disconnect from the internet.
5. Now
STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then
drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
CFScript.gif
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you
re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
- A new HijackThis log.
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.