OK. I am very new here but hopefully this is the right place top post this question, it seems to be from what I can see. Anyway...
I have what I think is a very basic question/confirmation request about using SDFix. I was following the usage instructions:http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
At step 11 (rebooting after the scan) nothing is mentioned about what mode to reboot in - still safe mode or not. I assumed sticking in safe mode was the way to go, but the items that the log claimed were removed "came back" and I seemed to never get screen 12 & 13. I was worried this was because the infection I have ("Rootkit.Win32.Agent.cku") is particularly tenacious, but then I happened to do a reboot in regular (i.e. not safe) mode and I saw screens 12 & 13 (from user guide linked above) which i had not seen before. After this all evidence of Rootkit.Win32.Agent.cku seems to have disappeared (there's no tdsserv.sys file any more searching in a dos screen) and running another SDFix scan revels nothing. So to me it seems all is fixed and I should have just reboot in regular (not safe) mode first of all. Checking back on the instructions though nothing is mentioned.
So really I just want to double check (at this point I'm at the end of over 2 days of tracking/destroying/updated/rebooting and I'm getting very paranoid) that I have now done the right thing with SDFix and I am (probably) as safe as I now seem. I am going to go thru updating, rerunning, rescanning with all the different tools I've been using, but for now before I start going thru all that (again) I want to check that at least I have done this part correctly now.
Thanks in advance.