Smitfraud+Yazzle+Purityscan = Help!

...logs continued...

Here is the combofix log:
Jean-Pierre Hall‚ - 06-11-11 13:59:41,31 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Jean-Pierre Hall‚\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\ICROSO~1.NET\d?xplore.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-11 13:41 106,496 --a------ C:\WINDOWS\SYSTEM32\impgsje.dll
2006-11-11 11:56 101,888 --a------ C:\WINDOWS\SYSTEM32\drvmoc.dll
2006-11-11 11:54 40,973 ---hs---- C:\WINDOWS\SYSTEM32\xxyvwww.dll
2006-11-11 11:45 674,187 ---hs---- C:\WINDOWS\SYSTEM32\npqss.bak2
2006-11-05 19:44 602,245 ---hs---- C:\WINDOWS\SYSTEM32\npqss.bak1
2006-11-05 19:43 692,276 ---hs---- C:\WINDOWS\SYSTEM32\ssqpn.dll
2006-11-05 19:42 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-05 19:36 40,973 ---hs---- C:\WINDOWS\SYSTEM32\mljgheb.dll
2006-11-05 16:24 2 --a------ C:\WINDOWS\SYSTEM32\wapiit.exe
2006-11-05 16:22 40,973 ---hs---- C:\WINDOWS\SYSTEM32\ljjjghg.dll
2006-11-05 16:22 15,872 --------- C:\WINDOWS\SYSTEM32\wintfj32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 13:53 -------- d-------- C:\Program Files\SAM
2006-11-11 13:53 -------- d-------- C:\Documents and Settings\Jean-Pierre Hall‚\Application Data\Skype
2006-11-11 13:05 -------- d-------- C:\Program Files\Fichiers communs
2006-11-06 05:43 -------- d-------- C:\Program Files\Hijackthis
2006-11-05 19:44 -------- d-------- C:\Program Files\VSAdd-in
2006-11-05 19:42 -------- d-------- C:\Program Files\Grisoft
2006-11-05 18:09 -------- d-------- C:\Program Files\NavNT
2006-10-24 11:08 -------- d-------- C:\Program Files\Morpheus
2006-10-14 13:00 -------- d-------- C:\Program Files\Fichiers communs\SWF Studio
2006-10-11 11:24 58880 --a------ C:\WINDOWS\SYSTEM32\pnrpnsp.dll
2006-10-11 11:24 553984 --a------ C:\WINDOWS\SYSTEM32\p2psvc.dll
2006-10-11 11:24 313344 --a------ C:\WINDOWS\SYSTEM32\p2pgraph.dll
2006-10-11 11:24 153088 --a------ C:\WINDOWS\SYSTEM32\p2p.dll
2006-10-11 11:24 116224 --a------ C:\WINDOWS\SYSTEM32\p2pnetsh.dll
2006-10-11 11:24 104960 --a------ C:\WINDOWS\SYSTEM32\p2pgasvc.dll
2006-09-29 20:35 67896 --a------ C:\Documents and Settings\Jean-Pierre Hall‚\Application Data\GDIPFONTCACHEV1.DAT
2006-09-29 20:06 -------- d-------- C:\Program Files\Fichiers communs\HP
2006-09-29 20:04 -------- d-------- C:\Program Files\HP
2006-09-29 20:04 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-29 20:03 -------- d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2006-09-29 19:07 -------- d--h----- C:\Documents and Settings\Jean-Pierre Hall‚\Application Data\GTek
2006-09-23 10:54 -------- d-------- C:\Program Files\Adobe
2006-09-13 00:03 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:51 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 07:26 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 06:59 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sonic RecordNow!"=""
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"StorageGuard"="\"C:\\Program Files\\Fichiers communs\\Sonic\\Update Manager\\sgtray.exe\" /r"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"nwiz"="nwiz.exe /install"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"vptray"="C:\\PROGRA~1\\NavNT\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"HP Software Update"="\"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"archenteric"="{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvwww

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061111-135106-248
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
backup-20061111-135106-504
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
backup-20061111-135105-693
O4 - HKCU\..\Run: [Rwtt] "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt ndrv
backup-20061111-135105-415
R3 - URLSearchHook: (no name) - {6A945B63-BCA0-B626-868E-CD6937A68EC1} - C:\WINDOWS\system32\bfdoeg.dll (file missing)
backup-20061111-135105-494
O4 - HKCU\..\Run: [Fqafyaz] C:\Program Files\?icrosoft.NET\d?xplore.exe
backup-20061111-135105-590
O4 - HKLM\..\Run: [beep regs about start] C:\Documents and Settings\All Users\Application Data\Meta data beep regs\chicnoun.exe
backup-20061111-135105-404
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061111-135105-227
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmoc.dll,startup
backup-20061111-135105-195
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
backup-20061111-135105-435
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AC49A83B90A25E4B.job

Completion time: 06-11-11 14:03:38.85
C:\ComboFix.txt ... 06-11-11 14:03

Hope this helps.... Last note... Internet Explorer is REALLY slow today...

thanks for your help!
 
Please download VundoFix.exe
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\impgsje.dll

do the same for each of these files
C:\WINDOWS\SYSTEM32\drvmoc.dll
C:\WINDOWS\SYSTEM32\xxyvwww.dll
C:\WINDOWS\SYSTEM32\ssqpn.dll
C:\WINDOWS\SYSTEM32\mljgheb.dll
C:\WINDOWS\SYSTEM32\ljjjghg.dll
C:\WINDOWS\SYSTEM32\wintfj32.dll

Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.




C:\WINDOWS\SYSTEM32\wapiit.exe < Delete file
C:\Program Files\VSAdd-in delete folder
C:\Documents and Settings\All Users\Application Data\Meta data beep regs\ < delete folder if present
Post a new hijackthis log

You have more than one antivirus, nav and avg, choose one uninstall the other, I suggest keeping avg.


http://forums.spybot.info/showpost.php?p=52424&postcount=20
Both your smithfraudfix report's were from running option 1, You still didnt choose the fix option !!
Here are the instruction again http://forums.spybot.info/showthread.php?t=4015

Post that smithfraudfix report after running option 2
The C:\vundofix.txt and a new hijackthis log, no others are needed yet
 
I will be applying your solutions tonite, which is approx. at 7:00 pm eastern time.

Thank you very much for all your help.
 
I have followed your instructions, here are the results

In the next few lines, I have copied your instructions, and put DONE besides all that I have done.

**************************
Please download VundoFix.exe >DONE
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\impgsje.dll >DONE

do the same for each of these files
C:\WINDOWS\SYSTEM32\drvmoc.dll >DONE
C:\WINDOWS\SYSTEM32\xxyvwww.dll >DONE
C:\WINDOWS\SYSTEM32\ssqpn.dll >DONE
C:\WINDOWS\SYSTEM32\mljgheb.dll >DONE
C:\WINDOWS\SYSTEM32\ljjjghg.dll >DONE
C:\WINDOWS\SYSTEM32\wintfj32.dll >DONE

Click the Remove Vundo button. >DONE
You will receive a prompt asking if you want to remove the files, click YES >DONE
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on. >DONE




C:\WINDOWS\SYSTEM32\wapiit.exe < Delete file > DONE
C:\Program Files\VSAdd-in delete folder >DONE
C:\Documents and Settings\All Users\Application Data\Meta data beep regs\ < delete folder if present >FOLDER WAS NOT THERE
Post a new hijackthis log > I POSTED THIS LOG BELOW

You have more than one antivirus, nav and avg, choose one uninstall the other, I suggest keeping avg.
> DONE . REMOVED NAV, KEPT AVG


Both your smithfraudfix report's were from running option 1, You still didnt choose the fix option !!
Here are the instruction again http://forums.spybot.info/showthread.php?t=4015
> DOUBLE OUPS! SORRY :-(
Post that smithfraudfix report after running option 2 >DONE (SEE REPORT BELOW)
The C:\vundofix.txt and a new hijackthis log, no others are needed yet
>DONE. THE 2 LOGS ARE BELOW.

***********************************
...logs in my next reply...
 
the 2 logs now...

First, the vundofix.txt log... hope I got it right this time...

VundoFix V6.2.8

Checking Java version...

Scan started at 19:19:13 2006-11-13

Listing files found while scanning....

C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.bak2 Has been deleted!

Attempting to delete c:\windows\system32\impgsje.dll
c:\windows\system32\impgsje.dll Has been deleted!

Attempting to delete c:\windows\system32\drvmoc.dll
c:\windows\system32\drvmoc.dll Has been deleted!

Attempting to delete c:\windows\system32\xxyvwww.dll
c:\windows\system32\xxyvwww.dll Has been deleted!

Attempting to delete c:\windows\system32\mljgheb.dll
c:\windows\system32\mljgheb.dll Has been deleted!

Attempting to delete c:\windows\system32\ljjjghg.dll
c:\windows\system32\ljjjghg.dll Has been deleted!

Attempting to delete c:\windows\system32\wintfj32.dll
c:\windows\system32\wintfj32.dll Has been deleted!

Performing Repairs to the registry.
Done!

... more to come...
 
...now the Smitfraudfix log...

Hope I got this one right as well...

SmitFraudFix v2.119

Rapport fait à 20:34:18,40, 2006-11-13
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-P~1\Favoris

C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

...more to come...
 
... now the HJT log...

Here goes:

Logfile of HijackThis v1.99.1
Scan saved at 20:10:49, on 2006-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\hijackthis_061111\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B93D27F-5E6A-26AD-06D7-871367A21376} - C:\PROGRA~1\playsize\axis setup.exe (file missing)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A945B63-BCA0-B626-868E-CD6937A68EC1} - C:\WINDOWS\system32\bfdoeg.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BC289594-FE2E-4956-92F7-BB3CB849E470} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\xxyvwww.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\whqxopqa.dll (file missing)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnod.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Rwtt] "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt yazb
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119620227656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

P.S. Internet explorer speed is back to normal. The only weird icon left in the lower-right corner of my screen is a red circle with a yellow exclamation point in the middle that displays the following on a mouseover: "Security warning: your computer may be infected by harmful or unwanted software".

Let me know what's next, I awair your next instructions. Thanks a lot for your help in this!
 
The smitfraudfix log...

I have run option 2 in safe mode, and it gives me the log below... Let me detail exactly what I do... maybe I'm doing something wrong, but I swear I am trying real hard...ok, here goes...
1- while in normal Windows mode, I double-click on the smitfraudfix folder on my desktop;
2- then, double-click on the smitfraudfix.cmd, which bring up a DOS-like window, with a message from the authoer where I hit ENTER, and I then get the menu;
3- I choose option #1 to run the SCAN, which produces a log that I save on my desktop;
4- I then reboot my computer in SAFE mode (hitting F8, etc...)
5- Then, I follow the process in thread #4015 to clean out my temporary internet files (I do every step described in step #7 of thread #4015)
6- then I do step #8 in thread #4015... in other words, while still in SAFE mode, I double-click my smitfraudfix folder on my desktop again, and then double-click the smitfraudfix.cmd, which brings up the same window from the author on which I hit ENTER to access the menu;
7- I type 2, and press ENTER (so I AM running option #2 here), which runs very fast and displays a log in NOTEPAD that I save under a different name n my desktop to make sure I can track it....

the log in item #7 above is the log that I am posting on this thread... I am either doing something wrong, or this is the right log...

One last note, since in your last post you mentioned that only needed a vundo.txt and a new hijackthis log, I am doing steps #9, 10 or 11 in thread #4015, i.e. NOT running a complete AVG scan of my system, nor a Spybot report, nor the HJT step there.

I am really trying... and again I am running option #2 in smitfraudfix... :-(
 
so here is the log again...

SmitFraudFix v2.119

Rapport fait à 21:25:57,54, 2006-11-13
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-P~1\Favoris

C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


By the way, right on the first few lines of this log, it says FIX in SAFE mode in French... right under the OS line (line #7 if counting the blank line after line #1).

Just thought I would mention that, cause I am trying to help, not trying to be playing smart, cause you are obviously a lot more knowledgeable than me.
 
It appears your not typeing y when at the prompt to clean the registry
See hilighted below

For now do exactly as written, no safe mode no other scans.
#2 - SmitfraudFix Clean
Re-download smithfraudfix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Desktop. A folder named SmitfraudFix will be created there.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process.

Post the txt that will open when the tool is finished.
 
a new smitfraudfix log

You seem to have found the problem. All the other times when I was running smitfraudfix, I was NOT getting the question asking me if I wanted to clean the registry, nor was the system doing a cleanup. So I did as you asked, and redownloaded smitfraudfix using the link you provided in your last post, extracted to my desktop, ran option 2, and, oh surprise, I got the REGISTRY question and the disk cleanup ran.

So here is the txt file that was output after it ran:

SmitFraudFix v2.121

Rapport fait à 8:32:25,10, 2006-11-15
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé
C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Anything else I should be doing? Or do you think my computer is now clean?

P.S. You have been very patient. Thanks again :-)
 
Good

Apparently there was a minor bug in it that coused the problem, which was fixed in latest version, so not your fault at all.

Hows that PC running ?
 
As far as I can tell, all appears to be back to normal 100%!!! Hurrah!!!!!

No flashing icons, speed back to normal, no redirection to other pages in Internet Explorer, no anti-virus messages from AVG... I think I'm doing just fine, but is there one last precaution I should take to make sure all is really well? Like run a Spybot check, a last AVG scan, etc?
 
Problem solved. THANK YOU VERY MUCH!!!!!

My expert was LonnieRJones... knowledgeable, patient, available. REALLY appreciate your time and efforts. Thanks to the whole Spybot Team!

From a happy camper, (surfer)
 
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).
 
You must log in or register to reply here.
Back
Top