i have been pulling out my hair figuring out the last couple month's dealing with bsods on my desktop,all sorts of different STOP codes,i took it to a tech they told me it was my motherboard,i got it back i know they were wrong so i did some research and to make a long story short i have pretty much got the random reboots/error events to stop coming up using ATF cleaner and Combo Fix..Im still getting error events for "at(random number here).job ...im posting my combofix log from right now..thanks for your help guys!


ComboFix 08-03-01 - testing 2008-02-29 21:45:49.1 - NTFSx86
Running from: C:\Documents and Settings\testing\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\kozz.won\Application Data\ICROSO~1
C:\Documents and Settings\kozz.won\Application Data\ICROSO~1\m?dtc.exe
C:\Documents and Settings\kozz.won\Local Settings\Application Data\n.ini
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\poolsv
C:\Program Files\svhost
C:\Program Files\VirusProtectPro 3.7
C:\Program Files\VirusProtectPro 3.7\ignored.lst
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\abW9
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\itpb_11.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F5
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa16yy
C:\WINDOWS\system32\wapisvsu.exe
C:\WINDOWS\system32\win
C:\WINDOWS\xmlhelper.dll
C:\WINDOWS\xmlhelper2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_VRUR65
-------\RpcApi


((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-28 22:38 . 2008-02-29 16:16 <DIR> d-------- C:\Documents and Settings\testing\Application Data\AVG7
2008-02-28 17:19 . 2008-02-28 17:19 <DIR> d--h----- C:\Documents and Settings\testing\Application Data\GTek
2008-02-28 13:18 . 2008-02-28 13:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 03:29 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-29 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-29 03:28 --------- d-----w C:\Program Files\McAfee
2008-02-29 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-29 01:30 --------- d-----w C:\Documents and Settings\kozz.won\Application Data\AVG7
2008-02-28 17:54 --------- d-----w C:\Program Files\VirtualDJ
2008-01-12 03:57 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-26 09:14 5,120 --sha-w C:\Program Files\Common Files\Thumbs.db
2007-12-12 04:19 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-11-03 23:53 110 ----a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-06-14 19:55 143 ----a-w C:\Program Files\Common Files\progyrta.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64361286-D668-8198-1C63-8B8DC92582E9}]
2007-06-20 09:49 60928 --a------ C:\WINDOWS\system32\dyzr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"RegistryMechanic"="" []
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 08:22 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-24 21:52 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdede]
hggdede.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0289191185428086mcinstcleanup"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-02-14 23:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2006-02-14 22:17]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2006-02-15 00:34]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2006-02-15 00:34]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-04 02:56]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys [2007-12-11 23:19]
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys [2007-12-11 23:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Launch.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 22:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-14 05:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 14:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 15:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 16:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 17:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-28 18:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-28 19:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-28 20:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-27 21:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-29 22:00:01 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-29 23:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-11 06:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-03-01 00:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-03-01 01:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-03-01 02:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 03:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 04:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 08:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 09:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 10:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 11:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 12:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\LESl45kU.exe
"2008-02-14 13:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\LESl45kU.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 21:53:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2008-02-29 21:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 02:56:28
.
2007-12-23 02:39:17 --- E O F ---

can someone help me?

Hello kozzwon,

Welcome to the Whatthetech Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.



Download Trendmicros Hijackthis to your desktop.

• Double click it to install
• Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
• Open HJT Scan and Save a Log File, it will open in Notepad
• Go to Format and make sure Wordwrap is Unchecked
• Go to Edit> Select All/Edit > Copy and Paste the new log into this thread
  DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a Hijackthis log.

Post the Malwarebytes log and a HJT log please

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log