Virus detected - how to remove

[Pondus]

Thanks Pondus -  I use CCleaner - is that OK?

I also have Last Pass - any potential for conflicts with Avast?

What is your input on that crazy "This copy of Windows is not genuine"?

AdwCleaner is a special tool for browser/toolbar crap

http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
http://www.softpedia.com/progScreenshots/AdwCleaner-Screenshot-212632.html

first click "Search"   a log pop up when done... then click delete...it removes the crap and restart your machine....done

a log opens..... you may post that log here

[REDACTED]

Thanks Pondus -  now running malwarebytes and then I'll remove the crap, after which I'll run AdwCleaner, them I'll post the logs.

[REDACTED]

Pondus and David R --

Did a full scan with malwarebytes and looks like we got everything.

Now running AdwCleaner.

Will post that log when done.




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421


Protection: Enabled

8/18/2012 9:38:41 AM
mbam-log-2012-08-18 (09-38-41).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 620844
Time elapsed: 5 hour(s), 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCR\Smart-Shopper.HbInfoBand (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCR\Smart-Shopper.HbInfoBand.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Data: 2 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (PUP.MyWebSearch) -> No action taken.
C:\Users\nawt\Documents\wirelesskeyview[1]\WirelessKeyView.exe (PUP.WirelessKeyView) -> No action taken.
C:\Users\nawt\Favorites\Online Security Test 2.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\nawt\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

(end)