How/where is the smitrem log? The prevx files don't seem to like being uploaded.. but here's a brief excerpt from the full-on prevx log I found

[08/05/2006 21:14:48][ WKCOM] - >>> QUERY: Type(NXD) Pid(200014000) QueryId(335) ActionToTake(BLOCKED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - QueryResponse( QueryId=335, policyId=200014000, Allow=0)
[08/05/2006 21:14:48][ PAWS] - PAWS alert queued
[08/05/2006 21:14:48][ WKCOM] - >>>>>>>>>>>>> Multiple events detected.
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(NXD) Pid(200014000) QueryId(335) ActionTaken(DENIED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(NXD) Pid(200009000) QueryId(335) ActionTaken(DENIED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - >>>>>>>>>>>>> Multiple events detected.
[08/05/2006 21:14:48][ PAWS] - PAWS alert queued
[08/05/2006 21:14:48][ PAWS] - PAWS alert queued
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(NO) Pid(320001000) QueryId(0) ActionTaken(ALLOWED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(NO) Pid(320001000) QueryId(0) ActionTaken(ALLOWED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - >>> QUERY: Type(NXD) Pid(200014000) QueryId(336) ActionToTake(BLOCKED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - QueryResponse( QueryId=336, policyId=200014000, Allow=0)
[08/05/2006 21:14:48][ PAWS] - PAWS alert queued
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(NO) Pid(320001000) QueryId(0) ActionTaken(ALLOWED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ PAWS] - PAWS alert queued
[08/05/2006 21:14:48][ WKCOM] - >>>>>>>>>>>>> Multiple events detected.
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(PT) Pid(220000000) QueryId(0) ActionTaken(ALLOWED) Actor(STUB_EXE_WIN32GUI.BIN)
[08/05/2006 21:14:48][ PAWS] - PAWS alert queued
[08/05/2006 21:14:48][ WKCOM] - >>>>>>>>>>>>> Multiple events detected.
[08/05/2006 21:14:48][ WKCOM] - >>> EVENT: Type(NXD) Pid(200014000) QueryId(336) ActionTaken(DENIED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - >>> QUERY: Type(NXD) Pid(200014000) QueryId(337) ActionToTake(BLOCKED) Actor(WINLOGON.EXE)
[08/05/2006 21:14:48][ WKCOM] - QueryResponse( QueryId=337, policyId=200014000, Allow=0)

That is not like what you posted in youre first post , does that activity also still continues?

So in youre case that would be I:\smitfiles.txt it seems.

Yeah, I know. What I posted previously is the Prevx pop-up window alerting me that it has blocked something from working. The log I found seems to be the action-to-action log that Prevx makes, located in the Program Files folder. Here's the smitrem log, thanks for reminding me where it was.

And yes, the activity continues, although the prevx "px-log" is a 1.5 megabyte file, but here's another sampling from the past few minutes:

[09/05/2006 22:03:38][ PAWS] - queueing paws alert...
[09/05/2006 22:03:38][ PAWS] - PAWS alert skipped
[09/05/2006 22:03:38][ PAWS] - queueing paws alert...
[09/05/2006 22:03:38][ PAWS] - PAWS alert skipped
[09/05/2006 22:03:38][ PAWS] - queueing paws alert...
[09/05/2006 22:03:38][ PAWS] - PAWS alert skipped
[09/05/2006 22:03:38][ PAWS] - queueing paws alert...
[09/05/2006 22:03:38][ PAWS] - PAWS alert skipped
[09/05/2006 22:03:38][ PAWS] - queueing paws alert...
[09/05/2006 22:03:38][ PAWS] - PAWS alert skipped
[09/05/2006 22:03:38][ PAWS] - queueing paws alert...
[09/05/2006 22:03:38][ PAWS] - PAWS alert skipped
[09/05/2006 22:03:38][ WKCOM] - >>> EVENT: Type(TDI) Pid(109000) QueryId(0) ActionTaken(ALLOWED) Actor(EMULE.EXE)
[09/05/2006 22:03:38][ WKCOM] - >>> EVENT: Type(TDI) Pid(109000) QueryId(0) ActionTaken(ALLOWED) Actor(EMULE.EXE)
[09/05/2006 22:03:38][ PAWS] - PAWS alert queued
[09/05/2006 22:03:38][ PAWS] - PAWS alert queued
[09/05/2006 22:03:38][ WKCOM] - >>> QUERY: Type(NXD) Pid(200009000) QueryId(282) ActionToTake(QUERY) Actor(EXPLORER.EXE)
[09/05/2006 22:03:38][ WKCOM] - QueryResponse( QueryId=282, policyId=200009000, Allow=1)
[09/05/2006 22:03:38][ WKCOM] - >>> EVENT: Type(NXD) Pid(200009000) QueryId(282) ActionTaken(ALLOWED) Actor(EXPLORER.EXE)
[09/05/2006 22:03:38][ PAWS] - PAWS alert queued

Hhmm.. it keeps coming back but it is not one of the latest version that needs special removal instructions.. It should just stay gone , and be able to be removed with smitrem..

Download and run the Smitfraud fix from here:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

And post back with the C:\rapport.txt log please.

OK here's the smitfraud log, it seems it got a hold of something, and so far, nothing has popped up yet...

Yup , it has indeed deleted acouple of things. Some the same as the smitrem tool deleted everytime but keep coming back , and also some other files from the system32 folder.

Lets run another smitrem scan to see if that still finds anything now.

And what are the remaining problems atm , if any?

There are no problems now! here's a new smitrem log.