smitfraud and pup

My computer was infected with these about a month ago. I could not even get windows to load right. So, I took my computer to a professional. They removed smitfraud and pup supposedly. I have always had all the things suggested on my computer. Adaware, Norton anti-virus, spybot, spyblaster and even a firewall. Well my son late at night went to an objectional site and my computer got highly infected. I paid to get it fixed. It is running like a top. However, everytime I run spybot 37 entries in the registry show up for smitfraud-c that it cannot fix. Pup shows up and it fixes it. However, pup keeps coming back. I ran a Hijack this log and had it analyzed online. Absolutely everything is green. It did not find anything wrong. Spybot suggested running the program at restart. It keeps saying that it cannot fix the smitfraud-c values in the registry. Something about them being used or in memory. All 37 entries look about the same. What do you suggest I do?

Here is an example of what one of entries say:

Smitfraud C: User Settings (registry change, nothing done)
HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZineMap\Domains\awmdavest.com\*!=W=4

Other then the .com they are the same.

Pup read:

pup: Autorun settings (devldr16.exe) (registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft Windows\Current Version\Run\devldr16.exe

 

I am still working on all the processes. I am typing this on another computer.

I could not boot in safe mode "with networking support". I had four options to pick from. There was only one which said safe mode. I am working on ME. I did the scan in normal mode. Although it gave me issues until I turned my firewall off. I just wanted to make sure there wasn't something I was missing on how to boot in safe mode "with networking support". Do some computers not have this option?

I guess I wasted my 135.00 having a professional fix this. It doesn't appear he got everything out of here.

 

I have done all the thing you have suggested. The 37 items still show up in spybot. When it tries to fix it, I get this message.

Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory) This could be fixed after a restart.

Same things happen when I restart. Could the computer Tech place have made a back up of my registry or something that these are showing up. I am not having computer problems other than Spybot cannot remove these entries.

Here are the problems I ran into when running your instructions:

I am current using ME. I could not find an option to run in safe mode "with networking support". The four options I got were. Normal, logged, safe mode and step-by-step confirmation. I had to run Bitdefender and RavAntivirus in normal mode.

I copied and pasted the results from bitdefender. It had 1 virus it could not remove but I could not figure out what it was.
RavAntivirus had no problems.
Adaware quarantined three things (mru list, malware.psguard and whenu.desktop toolbar.
I could not copy and paste the 37 entries from spybot. However, I have printed them and could try and scan them and attach them.
I have attached the new hijack this log.

 

Yes I do have a soundblaster card. It came with the computer at the time.

I have uninstalled weather bug. I haven't used it for years. I found it annoying.

I think I found the log and attached it from spybot.

Sorry about the word document.

 

I have had different spywares and key logger to see what the kids were doing. I don't remember that paticular name. My son has been going places he is not supposed to. He has been forbidden to use the computer since this last episode. I now have it password protected, but it was not before. I think the software I got was called key key by mikotech. It came with other software. I only use the programs you recommended now. It doesn't mean that someone else didn't install it though. I did a search for files and folders called spyad and nothing came up.

 

I am sorry Chaslang. I thought I did answer it when I said I password protected it so the kids could not get on since this happened. I am the only user.

I downloaded the tool. It worked perfect. Now the only thing that Spybot finds is pup which you said that is related to the soundblaster card.

Thanks so much. You are the best. I think you need a raise!

 

Here is the file. Here I thought I was all done. That's what I get for thinking.

 

Thanks Chaslang. Your help is greatly appreciated. I have all the things in your post. I read that already. You guys are definately the best. At least that is my opinion for what that is worth. Depends on who you talk to my kids or my spouse.

 

Chaslang,

I was following the other post that seemed to have a similar problem. I think I saw another one that might have been showing similar items. I noticed your comment that an application may have done this. I wanted to give you this information on what I had done prior to this happening.

Someone had installed the yahoo toolbar in my family. I always use the google toobar and it was gone. I uninstalled yahoo and reinstalled google.

I had just upgraded my version of adaware and spyblaster. I had the current version of spybot and just updated it.

I have the following on my machine and have had for some time.
Norton firewall and antivirus
Google tool bar
Spybot search and destroy
spyblaster
adaware by lavasoft.

I just thought I would give you any additional information in case this keeps happening to people. That way maybe you can nail down where it is coming from.