Pondus and David R --
Did a full scan with malwarebytes and looks like we got everything.
Now running AdwCleaner.
Will post that log when done.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.orgDatabase version: v2012.08.18.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Protection: Enabled
8/18/2012 9:38:41 AM
mbam-log-2012-08-18 (09-38-41).txt
Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 620844
Time elapsed: 5 hour(s), 11 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCR\Smart-Shopper.HbInfoBand (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCR\Smart-Shopper.HbInfoBand.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Data: 2 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data:
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (PUP.MyWebSearch) -> No action taken.
C:\Users\nawt\Documents\wirelesskeyview[1]\WirelessKeyView.exe (PUP.WirelessKeyView) -> No action taken.
C:\Users\nawt\Favorites\Online Security Test 2.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\nawt\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
(end)