here are my logs as requested

[punky]

thank you in advance for your help!



[Saving space, attachment deleted by admin]

[Dr Jay]

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[punky]

thanks for helping me...here yougo!

[Saving space, attachment deleted by admin]

[Dr Jay]

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
• Double-click on Cheetah-Anti-Rogue.cmd to start.
• It will finish quickly and launch a log.
• Post the contents of it in your next reply.

===

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



  IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

[punky]

here you go

[Saving space, attachment deleted by admin]

[punky]

heres the GSI parser URL

http://www.getsysteminfo.com/read.php?file=4e4c894ae5800dce43b32955ddd3d175

[Dr Jay]

Open a run line by clicking start -> run

Copy and paste the following bolded text into the Open: box and click OK

cmd /k cd\ && dir c:\atapi.sys /a /s > atapi.txt && notepad atapi.txt

Paste back the contents of the atapi.txt

===

[punky]

 Volume in drive C has no label.
 Volume Serial Number is 00CF-C567

 Directory of c:\WINDOWS\ServicePackFiles\i386

04/13/2008  02:40 PM            96,512 atapi.sys
               1 File(s)         96,512 bytes

 Directory of c:\WINDOWS\system32\drivers

01/31/2010  10:19 PM            95,360 atapi.sys
               1 File(s)         95,360 bytes

 Directory of c:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386

08/04/2004  08:00 PM            95,360 atapi.sys
               1 File(s)         95,360 bytes

 Directory of c:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386

08/03/2004  10:59 PM            95,360 atapi.sys
               1 File(s)         95,360 bytes

     Total Files Listed:
               4 File(s)        382,592 bytes
               0 Dir(s)  33,185,346,048 bytes free

[Dr Jay]

Jotti File Submission:

• Please go to Jotti's malware scan
  
  
• Copy and paste the following file path into  the  "File to upload & scan"box on the top of the page:
  
  
  • C:\WINDOWS\SYSTEM32\drivers\atapi.sys
• Click on the submit button
• Please post the results (URL) in your next reply.

NOTE: re-scan the file. Please do not get a past result.

[punky]

says it found nothing

http://virusscan.jotti.org/en/scanresult/875c16c3403d418b84e6bb5e79d2de57524f8e1f


i keep getting a redirect called Searchclick8

[Dr Jay]

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.

Once the scan is complete, you may receive another notice about rootkit activity.

• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[punky]

i just ran GMER and it ended then shut down the PC....when the PC rebooted, after the MICROSOFT WINDOWS XP page , it went to a black screen and would not move to the page where I enter my password....so I restarted it and was able to get thru...I Rerun GMER and i get the blue screen of death, and it shuts the PC again....now what?

[Dr Jay]

It's being blocked by a rootkit.

Copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code: [Select]

@echo off
Copy /y gmer.exe ark.exe
Start ark.exe
Save it into the gmer folder as  File name: ark.cmd
Save as type: All Files

Once done, double click ark.cmd to run it.

This should start GMER, follow the steps I have outlined earlier to save a log file, then post me the contents in your next reply.

[punky]

still didnt work....same thing....runs for awhile, blue screen reboot, then Microsoft popup "The system has recovered from a serious error"

heres the data of the error
BCCode : 10000050     BCP1 : E4C84000     BCP2 : 00000000     BCP3 : B6F79C3E
BCP4 : 00000001     OSVer : 5_1_2600     SP : 3_0     Product : 256_1     

[Dr Jay]

Oh ok...

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0Save this as fix.bat Choose to "Save type as  - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says