i think i might have deleted My Web Search (Smiley Central or FWP product as applicable)
off of my internet expolorer but not sure. I have any programs like those in my control panel so didnt delete any. I did the hjk scan and tick marked all the files except O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE as this one wasnt there, then clicked fix as asked. I then check the file and got the log below from it.

AhnLab-V3 2008.3.14.0 2008.03.13 -
AntiVir 7.6.0.73 2008.03.13 -
Authentium 4.93.8 2008.03.13 -
Avast 4.7.1098.0 2008.03.13 -
AVG 7.5.0.516 2008.03.13 -
BitDefender 7.2 2008.03.14 -
CAT-QuickHeal 9.50 2008.03.13 -
ClamAV 0.92.1 2008.03.13 -
DrWeb 4.44.0.09170 2008.03.13 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5613 2008.03.13 -
Ewido 4.0 2008.03.13 -
FileAdvisor 1 2008.03.14 -
Fortinet 3.14.0.0 2008.03.13 -
F-Prot 4.4.2.54 2008.03.13 -
F-Secure 6.70.13260.0 2008.03.14 -
Ikarus T3.1.1.20 2008.03.13 -
Kaspersky 7.0.0.125 2008.03.14 -
McAfee 5251 2008.03.13 -
Microsoft 1.3301 2008.03.13 -
NOD32v2 2946 2008.03.14 archive damaged
Norman 5.80.02 2008.03.13 -
Panda 9.0.0.4 2008.03.13 -
Prevx1 V2 2008.03.14 -
Rising 20.35.32.00 2008.03.13 -
Sophos 4.27.0 2008.03.14 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.14 -
TheHacker 6.2.92.245 2008.03.14 -
VBA32 3.12.6.2 2008.03.13 -
VirusBuster 4.3.26:9 2008.03.13 -
Webwasher-Gateway 6.6.2 2008.03.13 -
Additional information
File size: 720224 bytes
MD5: f928aa4e510a7736b076ab8cbca99d28
SHA1: 99780317c0472b101bc4f395f233bce3bad877ca
PEiD: WinZip 32-bit SFX v8.x module
packers: PackWord
packers: ZIP, MSLZ
packers: PE_Patch

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

HELLLLP !!! I dont seem to have a combo fix icon on my desk top

I have just found where Mywebsearch toolbar went to. I had disabled all my spyware and stuff to do the combofix and when i couldnt find the combofix icon i went in to enable them all again and found mywebsearch in Spyware terminator, application guard, block list.

mywbsearch is considered spyware, which is why Spyware terminator nabded it. Did you find combofix?

I just click on your link in another post to download to desk top so now i have it. : :

Ok, do the fix. post the log, we’ll have a look.

here you go my lovely dear

Did you copy and paste the combofix script? The script didn’t look right when I reviewed the log.

Let’s see if the files are really gone.

Please download
OTMoveIt2 by OldTimer.

Save it to your desktop.

Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\hbeyfc.exe
C:\WINDOWS\system32\jf.exe

Return to OTMoveIt2, right click in the “Paste List of Files/Folders to be Moved” window (under the light blue bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:_OTMoveIt\MovedFiles**_.log
(where “**_” is the “date_time”)

Hi Old man sorry its been so long i my wee one has been ill so have been able to get back on. here is my move it result. Thanks again for all your help your a star :-* :-*

File/Folder C:\WINDOWS\system32\hbeyfc.exe not found.
File/Folder C:\WINDOWS\system32\jf.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03182008_021454

Does this mean my the bad ones are all gone now?

Hope your wee one is feeling better.

We have a service to remove.

Click the start button, click run. In the run box copy and paste this line

services.msc

(see images)[

2. In the Services (Local) list, find and right click ce6wkazgas4sfa, (look carefully the name will be in one of the sevices), then click Properties.
3. In the Startup type drop-down list set it to a value of Disable, click OK.
4. Click the File menu, and then click Exit

Open HJT, click the misc tools button, click open process manager. Find C:\WINDOWS\system32\hbeyfc.exe and C:\WINDOWS\system32\jf.exe

click on then one at a time and click Kill process. Refresh and look again.

Close HJT

And some spyware to get rid of. It can also install rogue security applications and display false alert on compromised computer.

We’ll use combofix for this.

Please follow all previous instructions regarding security programs.

Open a new Notepad session (Do not use a Word Processor or WordPad). Click “Format” and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as…, and set the location to your Desktop, and enter (including quotation marks) as the filename: “CFscript.txt” . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

KillAll::

File::
C:\WINDOWS\system32\jf.exe
C:\WINDOWS\system32\hbeyfc.exe
C:\Program Files\Winamp Toolbar\winamptb.dll

Folder::
C:\Program Files\Winamp Toolbar

Registry::
[-HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
[-HKEY_LOCAL_MACHINE~\Browser Helper Objects{E8249E69-A809-4544-832F-64EB65747A92}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”=-
[-HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[-HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”=-

This will start ComboFix again.Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HJT log.

Note: Do not mouseclick combofix’s window while it’s running. That may cause it to stall

I will need the combofix log and a new HJT log taken after combofix.

I havgot as far as the services list but for the life of me i cannot find that file. do i got ahead with the rest of my instructions. :-\

yes

here is the logs

Okay this is getting a little wierd. Did you delete C:\WINDOWS\system32\hbeyfc.exe or C:\WINDOWS\system32\jf.exe? Did avast nab them?

You said you couldn’t find the service, it doesn’t show in the last HJT log. Both combofix and OTMOVEIT couldn’t find either file. We did nothing to remove the service. If nothing else it should have showed up file missing.

One thing that did reappear is C:\WINDOWS\system32\jf.exe.

We’ll remove the tools we used, then have another look.

double-click OTMoveIt.exe to run it, then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

Please download Malwarebytes’ Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Hereis the report requested

Just a little adware found. So it loks like you are done.

I would like to see one more HJT log though

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop

Do a system scan and post the log, please.

• Go to Add or Remove Programs and uninstall

[b]MBAM
all versions of java except Java™ 6 Update 5

[/b]

• in windows explorer mavigate to this folder C:\Program Files\Java <=this folder. Delete any subfolders except the subfolder jre1.6.0_05. This is the newest version.

Do not delete C:\Program Files\JavaVM <=this folder, if found

• Clear the java cache

http://www.java.com/en/download/help/5000020300.xml

Reboot

• Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

• Remove old restore points

• Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

• Download and run this clean up utility. You can use it regularly. When it’s first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp by Steven Gould

http://www.stevengould.org/downloads/cleanup/

• If you are using windows firewall, please note that it doesn’t provide outbound protection. A third party firewall will.

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0

or

http://forum.avast.com/index.php?topic=33530.0

• Check if you have insecure applications with Secunia Software Inspector[color=blue]

Take care and keep safe.

Heres the hjt log and will now proceed with the rest of you instructions.

I would just like to say a MASSIVE THANK YOU for all your very kind help, i look up to people like you as i would love to be able to do all this kind of stuff myself. Maybe in years to come i will get my finger out and do something about it instead of just dreaming lol. But as i have said i am so glad of your help you are a very nice Kind Old Man. :-* :-* :-* :-*

From Sharon xx

Ooops i forgot to post the log lol : : :

oops forgot to post the log lol : : :

That one line bugs me. If you don’t mind, I’d like to look deeper.

Before starting this scan tool, please set both fields to () days.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:

Reg - BotCheck

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and attach the log.

Here it goes