Hi. Um. I’ve been A LOT of ads from firefox. I did many virus scans and it keeps coming back… rundll32.exe has been showing up on my windows task manager everytime I start my computer and a little popup error saying something about an error… And about 2 hours ago I spotted iexplorer.exe in my task manager… Any help?
Also, what’s McSACore.exe?
Please and thank you (:

Here are the lastest logs:

Malwarebytes’ Anti-Malware 1.30
Database version: 1391
Windows 5.1.2600 Service Pack 3

3/10/2009 9:07:05 PM
mbam-log-2009-03-10 (21-07-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 166415
Time elapsed: 4 hour(s), 15 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\rulepadima (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP223\A0091913.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/10/2009 at 09:13 PM

Application Version : 4.25.1014

Core Rules Database Version : 3790
Trace Rules Database Version: 1746

Scan type : Complete Scan
Total Scan Time : 04:35:52

Memory items scanned : 479
Memory threats detected : 2
Registry items scanned : 7032
Registry threats detected : 11
File items scanned : 112582
File threats detected : 8

Adware.Vundo/Variant-ACE
C:\WINDOWS\SYSTEM32\LTJVIV.DLL
C:\WINDOWS\SYSTEM32\LTJVIV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{63e3e836-ffcd-4f72-bd21-d3dd7a339c66}
HKCR\CLSID\{63E3E836-FFCD-4F72-BD21-D3DD7A339C66}
HKCR\CLSID\{63E3E836-FFCD-4F72-BD21-D3DD7A339C66}\InprocServer32
HKCR\CLSID\{63E3E836-FFCD-4F72-BD21-D3DD7A339C66}\InprocServer32#ThreadingModel
HKU\S-1-5-21-2816858146-948546017-1474086262-500\Software\Microsoft\Windows\CurrentVersion\Ext\ Stats\{63E3E836-FFCD-4F72-BD21-D3DD7A339C66}

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\FAPAVIFA.DLL
C:\WINDOWS\SYSTEM32\FAPAVIFA.DLL

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{063b6ff4-63a8-459f-bf6e-3753a33e190a}
HKCR\CLSID\{063B6FF4-63A8-459F-BF6E-3753A33E190A}
HKCR\CLSID\{063B6FF4-63A8-459F-BF6E-3753A33E190A}\InprocServer32
HKCR\CLSID\{063B6FF4-63A8-459F-BF6E-3753A33E190A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\TORELIRE.DLL
HKU\S-1-5-21-2816858146-948546017-1474086262-500\Software\Microsoft\Windows\CurrentVersion\Ext\ Stats\{063B6FF4-63A8-459F-BF6E-3753A33E190A}

Rogue.Component/Trace
HKU\S-1-5-21-2816858146-948546017-1474086262-500\Software\Microsoft\FIAS4052N

Adware.Vundo Variant/ACE
C:\WINDOWS\SYSTEM32\GEHOTIMI.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1WYVFCXS\l.s.bg1z[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KUUBHZIT\l.s.bg2z[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2HOAU13U\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2HOAU13U\indexsg[1].htm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:31 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phoenix.cox.net/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 – BHO: (no name) – {063b6ff4-63a8-459f-bf6e-3753a33e190a} – C:\WINDOWS\system32\torelire.dll (file missing)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: {66c933a7-dd3d-12db-27f4-dcff638e3e36} – {63e3e836-ffcd-4f72-bd21-d3dd7a339c66} – C:\WINDOWS\system32\ltjviv.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: McAfee SiteAdvisor BHO – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: McAfee SiteAdvisor Toolbar – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 – HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 – HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 – HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 – HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 – HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 – HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 – HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 – HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 – HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 – HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [atwtusb] atwtusb.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 – HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 – HKLM\..\Run: [rulepadima] Rundll32.exe "C:\WINDOWS\system32\bozujeyi.dll",s
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 – HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 – HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 – HKUS\S-1-5-19\..\Run: [rulepadima] Rundll32.exe "C:\WINDOWS\system32\bozujeyi.dll",s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [rulepadima] Rundll32.exe "C:\WINDOWS\system32\bozujeyi.dll",s (User ‘NETWORK SERVICE’)
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 – Extra button: MUSICMATCH MX Web Player – {d81ca86b-ef63-42af-bee3-4502d9a03c2d} – http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 – DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) – http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} – http://download.divx.com/player/DivXBrowserPlugin.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/ge…sh/swflash.cab
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 – AppInit_DLLs: C:\WINDOWS\system32\fapavifa.dll ltjviv.dll
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 – Service: McAfee Application Installer Cleanup (0198281233961505) (0198281233961505mcinstcleanup) – Unknown owner – C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp19828~1.EXE (file missing)
O23 – Service: Adobe LM Service – Unknown owner – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: McAfee SiteAdvisor Service – Unknown owner – C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SAVRoam (SavRoam) – symantec – C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: ScsiAccess – Unknown owner – C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe

–
End of file – 10129 bytes