New threat. I have a virus, help.

[Eddy]

HERE is the online analyses of the log. And this is what my analyzer says about it:

--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
 

--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\web_rebates\webrebates1.exe
\program files\web_rebates\webrebates0.exe
r3 - default urlsearchhook is missing
o2 - bho: clear search - {00000000-0000-0000-0000-000000000240} - c:\program files\clearsearch\ie_clrsch.dll (file missing)
o2 - bho: (no name) - {bdf3e430-b101-42ad-a544-fadc6b084872} - (no file)
o3 - toolbar: (no name) - {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - (no file)
o4 - hklm\..\run: [webrebates0] "c:\program files\web_rebates\webrebates0.exe"
o4 - global startup: microsoft works calendar reminders.lnk = ?
o9 - extra button: messenger - {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o16 - dpf: yahoo! chat - http://cs7.chat.yahoo.com/c381/chat.cab
o16 - dpf: {01020304-0506-0708-090a-0b0c0d0e0f08} - http://messenger.yahoo.com/maintenance/patch.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=48c347740e8f5c90be38175e52b8a764f9088180cf867b07efef0da67587cbcfe07d5eda93b070b3e1f5f4b23f7ec81a88639e10093bff8917f19d0c3b2daa1576:9088c9d39de8432b43b6edf749c9050f o16 - dpf: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - http://ak.imgfarm.com/images/nocache/funwebproducts/smileycentralinitialsetup1.0.0.6.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {40c83af8-fea7-4a6a-a470-431ee84a0886} (secureobjectfactory class) - http://enu.vs.mcafeeasap.com/vs2/bin/mycioagt.cab
o16 - dpf: {49dec3c0-c71a-11d4-ba38-000102621b9b} - http://store.yahoo.net/lib/cursorskins1/mousemagiccs.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {8714912e-380d-11d5-b8aa-00d0b78f3d48} (yahoo! webcam upload wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security.symantec.com/ssc/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {ce28d5d2-60cf-4c7d-9fe8-0f47a3308078} (activedatainfo class) - https://www-secure.symantec.com/techsupp/activedata/symadata.cab
o16 - dpf: {e77c0d62-882a-456f-ad8f-7c6c9569b8c7} (activedataobj class) - https://www-secure.symantec.com/techsupp/activedata/activedata.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (yahoo! companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab

[yaz]

Thanks Eddy- I'll get on that now. I do have Norton security and it sometimes
catches the trojans .. is it possibly not detected cuz they disconnected it,
hackers or trojans? I'm confused. I must be infected right?

HERE
is the online analyses of the log. And this is what my analyzer says about it:

--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
 

--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\web_rebates\webrebates1.exe
\program files\web_rebates\webrebates0.exe
r3 - default urlsearchhook is missing
o2 - bho: clear search - {00000000-0000-0000-0000-000000000240} - c:\program files\clearsearch\ie_clrsch.dll (file missing)
o2 - bho: (no name) - {bdf3e430-b101-42ad-a544-fadc6b084872} - (no file)
o3 - toolbar: (no name) - {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - (no file)
o4 - hklm\..\run: [webrebates0] "c:\program files\web_rebates\webrebates0.exe"
o4 - global startup: microsoft works calendar reminders.lnk = ?
o9 - extra button: messenger - {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o16 - dpf: yahoo! chat - http://cs7.chat.yahoo.com/c381/chat.cab
o16 - dpf: {01020304-0506-0708-090a-0b0c0d0e0f08} - http://messenger.yahoo.com/maintenance/patch.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=48c347740e8f5c90be38175e52b8a764f9088180cf867b07efef0da67587cbcfe07d5eda93b070b3e1f5f4b23f7ec81a88639e10093bff8917f19d0c3b2daa1576:9088c9d39de8432b43b6edf749c9050f o16 - dpf: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - http://ak.imgfarm.com/images/nocache/funwebproducts/smileycentralinitialsetup1.0.0.6.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {40c83af8-fea7-4a6a-a470-431ee84a0886} (secureobjectfactory class) - http://enu.vs.mcafeeasap.com/vs2/bin/mycioagt.cab
o16 - dpf: {49dec3c0-c71a-11d4-ba38-000102621b9b} - http://store.yahoo.net/lib/cursorskins1/mousemagiccs.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {8714912e-380d-11d5-b8aa-00d0b78f3d48} (yahoo! webcam upload wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security.symantec.com/ssc/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {ce28d5d2-60cf-4c7d-9fe8-0f47a3308078} (activedatainfo class) - https://www-secure.symantec.com/techsupp/activedata/symadata.cab
o16 - dpf: {e77c0d62-882a-456f-ad8f-7c6c9569b8c7} (activedataobj class) - https://www-secure.symantec.com/techsupp/activedata/activedata.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (yahoo! companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab

[yaz]

  webrebates won't delete, it says 'access denied' do any of the tools remove these for me??

HERE is the online analyses of the log. And this is what my analyzer says about it:

--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
 

--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\web_rebates\webrebates1.exe
\program files\web_rebates\webrebates0.exe
r3 - default urlsearchhook is missing
o2 - bho: clear search - {00000000-0000-0000-0000-000000000240} - c:\program files\clearsearch\ie_clrsch.dll (file missing)
o2 - bho: (no name) - {bdf3e430-b101-42ad-a544-fadc6b084872} - (no file)
o3 - toolbar: (no name) - {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - (no file)
o4 - hklm\..\run: [webrebates0] "c:\program files\web_rebates\webrebates0.exe"
o4 - global startup: microsoft works calendar reminders.lnk = ?
o9 - extra button: messenger - {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o16 - dpf: yahoo! chat - http://cs7.chat.yahoo.com/c381/chat.cab
o16 - dpf: {01020304-0506-0708-090a-0b0c0d0e0f08} - http://messenger.yahoo.com/maintenance/patch.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=48c347740e8f5c90be38175e52b8a764f9088180cf867b07efef0da67587cbcfe07d5eda93b070b3e1f5f4b23f7ec81a88639e10093bff8917f19d0c3b2daa1576:9088c9d39de8432b43b6edf749c9050f o16 - dpf: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - http://ak.imgfarm.com/images/nocache/funwebproducts/smileycentralinitialsetup1.0.0.6.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {40c83af8-fea7-4a6a-a470-431ee84a0886} (secureobjectfactory class) - http://enu.vs.mcafeeasap.com/vs2/bin/mycioagt.cab
o16 - dpf: {49dec3c0-c71a-11d4-ba38-000102621b9b} - http://store.yahoo.net/lib/cursorskins1/mousemagiccs.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {8714912e-380d-11d5-b8aa-00d0b78f3d48} (yahoo! webcam upload wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security.symantec.com/ssc/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {ce28d5d2-60cf-4c7d-9fe8-0f47a3308078} (activedatainfo class) - https://www-secure.symantec.com/techsupp/activedata/symadata.cab
o16 - dpf: {e77c0d62-882a-456f-ad8f-7c6c9569b8c7} (activedataobj class) - https://www-secure.symantec.com/techsupp/activedata/activedata.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (yahoo! companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab

[Eddy]

Since you don't have the security patches/updates installed, your system will stay very vulnarable to infections. I suggest you visit the page in my signature and follow ALL steps there.

[yaz]

I'm not having an easy time by no means. I haven't been able to locate some of those cuz the files really are missing and the cpl I did see won't allow me to delete them. Access denied. I am running MIE6.0 according to what my toolbar say when I click the properties but the old one could be stuck in here. Does this appear to be a true mess? lol
I am going to check into those other tools mentioned now. thanks. yaz

[yaz]

Whocares~ Thanks for the help.   I didn't get anything when
I ran the SFC /scannow. The black creen poped up once and
nothing then left. I hope that is good neews??
Thanks for your help too.
yaz

- and go start -> run, then enter:
SFC /scannow
if the file was changed/infected you should get an alert there

 

P.S.: The update VPTNfile.212 from Housecall definitely doesn't contain
BKDR_Agent.CZ
How about an Update & rescan ?

[Eddy]

Almost right, it should be:
start > run > cmd > (on the command prompt) sfc /scannow

[yaz]

I haven't finished that command run  yet.
The last time I tried, it was successful however it took forever
so it will probablly await behind a few more things I am now
retrying the trend micro and the Bit defender.

I have found  my Spybot (Thanks to Biit defender, I now know
 it was revealed) was badly infected and the rebates that were
revealed by Hijack Logger ..  they before hand wouldn't delete.
I since have removed all of them including the folder/files
relating to them. I did also notice another person with a spybot
complaint. They were attacked the same day as I was
 (initially last Sunday) so I plan to look into that more before I
re-download another Spybot.  I had it for about 16months though
and it was an updated version.
Also I now have the update 2pack windows security package it
seem to be running okay but was cautioned by an online friend
to first remove the other firewall cuz with the MS one it would
cause problems; so I have done that. I am using I.E 6.0 -
I believe by what I saw that is the most up to date I can
 get and now my Lavasoft is coming up with 0 bugs!! Which
 is a first!!
I believe I'm up to date on all the Microsoft updates etc.

The original file that was found to be infected 'smss.exe' no
longer is coming up bad with TrendMicro. There is so much to
learn and I wanna let you know I appreciate everything!!  
Thanks guys, you guys are terrific!!
yaz

Almost right, it should be:
start > run > cmd > (on the command prompt) sfc /scannow

[yaz]

I have a ? Eddy?? I am going to run that command run but
first need to know about how long does it take. I'm asking
 in case it stands there for too long, I don't know what to
expect. thankz. BTW ty for all your assitance. My puter
appears to be all good now. The final scanner Scanning
said 'successful. No viral code found.'.   I'd kiss you but
I have a real virus, lol can I hug ya!!  
yaz

Almost right, it should be:
start > run > cmd > (on the command prompt) sfc /scannow