For close to 6 months I have been running Spybot and I keep getting Smitfraud
every time I run a scan. I know my computer is pretty jacked up at this point and I'm sure you guys have answered this question a thousand times but any help you can give me would be greatly appreciated. Thanks.........

I have a previous post concerning smitfraud showing up everytime I run S&D.
I am by no means a computer expert but was referred to this site for possible answers. My other post was actually the only one of many that was never responded to in the last hour. Sorry if I'm lacking the correct terminology and lingo but it seems to be keeping me from answers. Anyhow, I guess I will look elsewhere for answers. Thanks for your time.............

BEFORE you POST
(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) ;)


Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Here are the results from my Hijackthis scan. I'm by no means an expert on this but if you can help me through it I would be a huge help. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:20, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60049
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {373A118A-DC3F-DBB9-4F61-F98DB053D7B9} - C:\WINDOWS\system32\ffx.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66691388-8564-84BE-1C61-F98DB052D0BA} - C:\WINDOWS\system32\dxexnmj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {E8782D4C-BEAD-B229-DFA8-95ABA20400B4} - C:\WINDOWS\system32\rzntelf.dll (file missing)
O2 - BHO: (no name) - {EF97F022-639A-3F48-EE2E-4D761F1F53B4} - C:\WINDOWS\system32\qbcmr.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8242] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC573] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9615] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1584] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7715] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC758] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9644] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7328] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7073] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4527] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB30] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3001] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3984] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8786] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB209] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5708] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7946] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9381] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6027] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7519] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5248] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8597] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3163] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4590] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = canadiancounty.org
O17 - HKLM\Software\..\Telephony: DomainName = canadiancounty.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{63469C34-CF5F-4B0B-8126-588AC241DD8B}: NameServer = 10.0.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = canadiancounty.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{63469C34-CF5F-4B0B-8126-588AC241DD8B}: NameServer = 10.0.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = canadiancounty.org
O17 - HKLM\System\CS2\Services\Tcpip\..\{63469C34-CF5F-4B0B-8126-588AC241DD8B}: NameServer = 10.0.1.10
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: qomkhgh - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 9799 bytes

Hi

Did you read post #5 (http://forums.spybot.info/showpost.php?p=25712&postcount=5) of Before You Post -sticky?

Is that your personal system or workplace computer? I see canadiancounty.org domain meantioned there.

Never mind, guess I'm screwed. Our IT people told me that they can't fix the problem and I was welcome to look for help. Thanks for trying, cheers......

Hi

Since the system is government property we volunteers can't try to clean it. Does your company have a corporate license to Spybot? If yes, please contact Spybot office support so they may provide direct assistance for your needs.

Spybot S&D Corporate-Small Business Editions (http://www.safer-networking.ie/en/index.html)
For more information, please send an email to licenses(at)spybot.info

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.