mombi.log

[JimC2000]

I've noticed a file on my C drive called: mombi.log
I deleted it many times but it keeps coming back.
My PC is running a legal copy of Microsoft Windows XP with all the updates & Internet Explorer is at version 8.

My PC is also running Norton Internet Security 2009 & has all the updates.
My PC is also running Ad-Aware the free Anniversary Edition.

I tried several procedures from Symantec/Norton & the file mombi.log was still on my C drive.
The folks at Symantec/Norton told me the mombi.log file is associated with a virus called VIRTUEMONDE.

I've looked at the search results on Google & it appears this mombi.log file is a bad thing.

I came across this TECH SUPPORT FORUM site and have followed the instructions as best I could to run the DDS file & the gmer.zip.
I will paste the DDS.txt here and have attached the Attach.txt file as a "zip" file, as well as the ark.txt file as a "zip" file.

Any help is appreciated.



DDS (Ver_09-03-16.01) - NTFSx86
Run by J at 0:21:53.20 on Tue 04/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.105 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOAST.net\Accelerator\toastcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TOAST.net\Accelerator\toastgui.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TOAST.net\dialer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\J\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=tomstewart1&login=2b96b4dc01da34df232b5175046fef2e/tomstewart1:netzero.net/1179888573/30/sss.8.87963/&ts=4653abbd&A=602159860000009&B=1120719600000&C=1120719600000&D=1091257200000&I=8.NH4&N=PL&O=A&UT=
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5400;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/ser...00096.000001da
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SlipStream] "c:\program files\toast.net\accelerator\toastcore.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\toastn~1.lnk - c:\program files\toast.net\accelerator\toastgui.exe
IE: Show All Original Images - c:\program files\toast.net\accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\toast.net\accelerator\gui_resource.dll/328
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180500024502
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {2110EEFB-6D0D-432F-BF68-D7DD534193EC} = 198.6.100.125 198.6.1.125
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-28 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-10 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-10 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090420.001\IDSXpx86.sys [2009-4-24 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-10 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-10 101936]
R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\es198xdl.sys [2002-6-20 414400]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090427.036\NAVENG.SYS [2009-4-27 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090427.036\NAVEX15.SYS [2009-4-27 876144]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]

=============== Created Last 30 ================

2009-04-26 16:57 <DIR> --d--r-- c:\program files\Norton Support
2009-04-22 15:15 <DIR> --d----- c:\docume~1\j\applic~1\Windows Search
2009-04-18 02:26 <DIR> --d----- c:\windows\ie8updates
2009-04-18 02:24 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-17 15:59 <DIR> --dsh--- c:\documents and settings\j\IECompatCache
2009-04-17 13:51 <DIR> --dsh--- c:\documents and settings\j\PrivacIE
2009-04-17 13:47 <DIR> --dsh--- c:\documents and settings\j\IETldCache
2009-04-17 13:32 <DIR> -cd-h--- c:\windows\ie8
2009-04-17 13:29 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-17 00:28 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:27 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:27 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 00:27 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:27 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:27 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:27 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:27 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:27 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 21:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 21:32 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 21:32 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 12:46 114,688 a------- c:\windows\sliprt.dll
2009-04-10 15:42 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-04-10 15:42 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-10 15:42 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-10 15:42 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-10 15:42 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-10 15:42 <DIR> --d----- c:\program files\Symantec
2009-04-10 15:39 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-04-10 15:39 <DIR> --d----- c:\program files\Norton Internet Security
2009-04-10 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-04-10 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-10 15:27 <DIR> --d----- c:\program files\NortonInstaller
2009-04-10 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-09 18:42 <DIR> --d----- c:\program files\Norton Security Scan
2009-03-29 22:19 0 a------- c:\windows\hpqEmlSz.INI
2009-03-29 21:43 1,071 a------- c:\windows\AWMODEM.INF

==================== Find3M ====================

2009-04-23 22:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-24 01:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 00:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-28 09:13 34,543,112 a------- c:\program files\Ad-AwareAE.exe
2008-12-30 20:18 27,288,880 a------- c:\program files\QuickTimeInstaller.exe
2008-07-25 21:49 7,499,056 a------- c:\program files\Firefox Setup 3.0.1.exe
2008-01-20 14:29 32,279,040 a------- c:\program files\dell_support_center.msi
2007-07-11 20:44 1,090,872 a------- c:\program files\TOASTnet setup.exe
2008-05-26 22:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052620080527\index.dat

============= FINISH: 0:22:43.45 ===============

[amateur]

Hello and welcome to TSF.

Apologies for the late response.

If you still require assistance, please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply, as we need to see the latest state of your system and it has been a while since you posted.

[JimC2000]

Ok.
So you're saying the "first steps" I followed are outdated & now you want me to download "Spyware Doctor with AntiVirus", is that correct?

[amateur]

Quote:

Originally Posted by JimC2000

Ok.
So you're saying the "first steps" I followed are outdated & now you want me to download "Spyware Doctor with AntiVirus", is that correct?

No, I am not asking you to download Spyware Doctor. How did you conclude that? The steps are not outdated, your logs are.

I would like to see fresh logs from DDS and GMER.

[JimC2000]

Your message at 3:49PM showed:
Re: mombi.log
________________________________________
Hello and welcome to TSF.

Apologies for the late response.

If you still require assistance, please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply, as we need to see the latest state of your system and it has been a while since you posted.

When I clicked on the link: "New Instructions - Read This Before Posting for Malware Removal Help" It took me to:Malware & Trojan Remover
Free Malware Scan. Multiple Winner of Best Anti-Malware. Rated 5 Stars
www.pctools.com
Which is Spyware Doctor Free download.

Now that you're saying you just want a current copy of the original data I'll re-run the original stuff and re-post it here.

[amateur]

Hi,


I see how that happened now. I am afraid you are talking about the Google Ad for Spyware Doctor at the space above the instructions. Please ignore them and scroll down to the instructions.

[JimC2000]

Here are the current results:
DDS (Ver_09-03-16.01) - NTFSx86
Run by J at 23:35:45.43 on Thu 05/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.180 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOAST.net\Accelerator\toastcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TOAST.net\Accelerator\toastgui.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TOAST.net\dialer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\J\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=tomstewart1&login=2b96b4dc01da34df232b5175046fef2e/tomstewart1:netzero.net/1179888573/30/sss.8.87963/&ts=4653abbd&A=602159860000009&B=1120719600000&C=1120719600000&D=1091257200000&I=8.NH4&N=PL&O=A&UT=
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5400;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\toast.net\accelerator\components\NOWImaging.dll
BHO: Prefetch: {a66aa08a-9bf0-4e87-99e6-6972731d6b99} - c:\program files\toast.net\accelerator\Prefetch.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: TOAST.net Accelerator: {8b79ee88-e62d-4aa8-b530-cc357ba112b7} - c:\program files\toast.net\accelerator\Toolband.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/ser...00096.000001da
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SlipStream] "c:\program files\toast.net\accelerator\toastcore.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\toastn~1.lnk - c:\program files\toast.net\accelerator\toastgui.exe
IE: Show All Original Images - c:\program files\toast.net\accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\toast.net\accelerator\gui_resource.dll/328
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180500024502
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j\applic~1\mozilla\firefox\profiles\tomstewart1@toast.net\
FF - prefs.js: browser.startup.homepage - hxxp://www.toast.net/start/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\j\application data\mozilla\firefox\profiles\tomstewart1@toast.net\extensions\{41697025-ca0b-4687-99de-abc82c5a630b}\components\NOWImaging_Moz.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-28 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-10 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-10 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090501.001\IDSXpx86.sys [2009-5-1 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-10 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-10 101936]
R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\es198xdl.sys [2002-6-20 414400]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090507.036\NAVENG.SYS [2009-5-7 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090507.036\NAVEX15.SYS [2009-5-7 876144]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]

=============== Created Last 30 ================

2009-04-26 16:57 <DIR> --d--r-- c:\program files\Norton Support
2009-04-22 15:15 <DIR> --d----- c:\docume~1\j\applic~1\Windows Search
2009-04-18 02:26 <DIR> --d----- c:\windows\ie8updates
2009-04-18 02:24 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-17 15:59 <DIR> --dsh--- c:\documents and settings\j\IECompatCache
2009-04-17 13:51 <DIR> --dsh--- c:\documents and settings\j\PrivacIE
2009-04-17 13:47 <DIR> --dsh--- c:\documents and settings\j\IETldCache
2009-04-17 13:32 <DIR> -cd-h--- c:\windows\ie8
2009-04-17 13:29 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-17 00:28 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:27 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:27 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 00:27 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:27 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:27 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:27 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:27 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:27 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 21:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 21:32 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 21:32 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 12:46 114,688 a------- c:\windows\sliprt.dll
2009-04-10 15:42 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-04-10 15:42 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-10 15:42 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-10 15:42 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-10 15:42 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-10 15:42 <DIR> --d----- c:\program files\Symantec
2009-04-10 15:39 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-04-10 15:39 <DIR> --d----- c:\program files\Norton Internet Security
2009-04-10 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-04-10 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-10 15:27 <DIR> --d----- c:\program files\NortonInstaller
2009-04-10 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-09 18:42 <DIR> --d----- c:\program files\Norton Security Scan

==================== Find3M ====================

2009-04-23 22:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-24 01:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-28 09:13 34,543,112 a------- c:\program files\Ad AwareAE.exe
2008-12-30 20:18 27,288,880 a------- c:\program files\QuickTimeInstaller.exe
2008-07-25 21:49 7,499,056 a------- c:\program files\Firefox Setup 3.0.1.exe
2008-01-20 14:29 32,279,040 a------- c:\program files\dell_support_center.msi
2007-07-11 20:44 1,090,872 a------- c:\program files\TOASTnet setup.exe
2008-05-26 22:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052620080527\index.dat

============= FINISH: 23:37:22.43 ===============

[amateur]

Hi,

I don't see any malware in the logs. With regards to mombi.log, I don't think you have anything to worry about. It appears to be an installation log created by your HP Officejet Pro All-InOne Series and harmless.

Just to make sure, go to Start>Run and type C:\mombi.log. It should open the mombi.log file. Copy/paste the contents in your next reply.

Was that the only issue you had?

I noticed that you have RegCure 1.5.2.7 and Registry Mechanic 8.0 installed. I would like you to read this link about the registry cleaners and boosters:

http://miekiemoes.blogspot.com/2008/...eaking_13.html

and also this one:

http://aumha.net/viewtopic.php?t=28099

==========================

These are old versions of Java. Older versions have vulnerabilities that malware can use to infect your system. Please go to Start>Control Panel>Add or Remove Programs and and remove these old versions of java::

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Leave Java(TM) 6 Update 12 alone. It can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

[JimC2000]

Thank you for your reply.
Here is the information from the mombi.log file:
MAY07PM 03:09:39.591> ConvertTicket >>
MAY07PM 03:09:42.986> CHPEsprit::LoadDMC - UnregisterServer>>
MAY07PM 03:09:44.038> CHPEsprit::LoadDMC - UnregisterServer<<
MAY07PM 03:09:44.048> CHPEsprit::LoadDMC - RegisterServer>>
MAY07PM 03:09:48.384> CHPEsprit::LoadDMC - RegisterServer<<
MAY07PM 03:09:48.414> ConvertTicket - Calling BDMCReadCfgVal()>>
MAY07PM 03:09:48.414> CHPEsprit::BDMCReadCfgVal>>
MAY07PM 03:09:50.317> CHPEsprit::BDMCReadCfgVal<<
MAY07PM 03:09:50.457> ConvertTicket - Done with BDMCReadCfgVal()<<
MAY07PM 03:09:50.467> ConvertTicket - Calling Doc Properties
MAY07PM 03:09:50.467> BCallDocProperties - Calling PrinterProperties()>>
MAY07PM 03:09:50.537> BCallDocProperties - Done with PrinterProperties()<<
MAY07PM 03:10:00.571> ConvertTicket - Done with Doc Properties
MAY07PM 03:10:00.591> ConvertTicket<<
MAY08AM 10:34:32.070> ConvertTicket >>
MAY08AM 10:34:38.479> CHPEsprit::LoadDMC - UnregisterServer>>
MAY08AM 10:34:38.619> CHPEsprit::LoadDMC - UnregisterServer<<
MAY08AM 10:34:38.629> CHPEsprit::LoadDMC - RegisterServer>>
MAY08AM 10:34:44.428> CHPEsprit::LoadDMC - RegisterServer<<
MAY08AM 10:34:44.488> ConvertTicket - Calling BDMCReadCfgVal()>>
MAY08AM 10:34:44.508> CHPEsprit::BDMCReadCfgVal>>
MAY08AM 10:34:46.791> CHPEsprit::BDMCReadCfgVal<<
MAY08AM 10:34:47.071> ConvertTicket - Done with BDMCReadCfgVal()<<
MAY08AM 10:34:47.081> ConvertTicket - Calling Doc Properties
MAY08AM 10:34:47.101> BCallDocProperties - Calling PrinterProperties()>>
MAY08AM 10:34:47.202> BCallDocProperties - Done with PrinterProperties()<<
MAY08AM 10:34:51.287> ConvertTicket - Done with Doc Properties
MAY08AM 10:34:51.307> ConvertTicket<<

I am looking into the the rest of the items you mentioned & will let you know status. Thanks again.

[amateur]

Hi,

Yes, that confirms that it is the installation log for HP Officejet Pro All-InOne Series.

[amateur]

Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Surf Safely, and Think Prevention!