Atapi.sys ~ redirection of all browser searches.

Not trying to undermind you in any way, just trying to be absolutely sure, did you definately properly reset your router to defaults or did you just do a soft reset?

Don't recall if I asked, what make/model router are you using there?

 

Actually, what I would recommend doing is to temporarily, completely bypass the router and plug this PC directly into your cable or DSL modem to see what happens.

 

Almost forgot what I was thinking about last night. Please also do the below to prepare for another fix I want to perform.

Please run this >> Resetting Registry and File Permissions

Make sure that you reboot after running the above before doing the below.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

No! It is still there. If bypassing the router does not work, and doing a full system recovery does not work, then your problem is likley in your cable or DSL modem which either needs to be replaced or find out how it can be restored to full defaults from your ISP. Perhaps they can do it.

 

Have you checked with your ISP about getting your modem reset or getting a new one? It could be the source of your problem since you say even when your router is bypassed you still have a problem. Those registry entries are likely just returning because the modem is reinfecting your PC.

 

Exactly what do you mean by this? Are you talking about a reimage to factory ship state? Exactly what are you doing. If you are truly reimaging your PC then the problem is not in your PC because a reimage would remove the infection evenif it was in the MBR because the MBR is rewritten while reimaging too. If you are just doing a system restore, that would not necessarily fix the problem.

Also note, how do you know that the problem is not being restored to your PC from this WIFI connection you are using? Their network could be infected and if you have been using it, perhaps that is where your problems came from and keep coming back from.


If you want to see if the problem is with your router and or your modem, have a friend who is not having hijack problems on their own network, plug their PC/laptop into your router/cable modem network and see if they get redirections. It may take an hour or so or a reboot or two to show up. I'm not sure where you meant your boyfriend connected with no problem ( at your home or at McDonalds ) but it could take a little while to show.

 

Oh and one more comment about this. If you are reimaging, what else are you reinstalling afterwards and where are you connecting to afterwards? You should just reimage to get the Windows OS installed, then you should install all your protection, and then you should reconnect to the internet. DO NOT reconnect until protection is installed and DO NOT install any other software from backups they could be causing you to get reinfected. Just reimage and install your protection only and see what happens.

 

Than it would appear that one of the below is the problem:

• You are somehow reinstalling the infection
• The problem is deeper rooted in your hard disk and you need to low level format it to get rid of it
• Your infection is in your system BIOS and you need to reflash it.

 

At McDonalds???? How do you know their network is not infected and reinfecting you.

You never really described what you mean by desstructive recovery. As I have been saying, you MUST delete your partitions, and then recreate partitions from scratch, and then you must format and reinstall. And you should not be doing any of this from any network other than your own. And in fact you should not even be online at all during this. After you have totally done this, only Windows, and your protection software should be reinstalled and this must be done before ever going online.

Okay but the network you are on could be reinfecting you.

McDonalds wifi network could be the source of he problem. Stop using it.

Okay then maybe your router is not infected but as stated above, McDonalds may well be.

As I keep saying.... I don't really know what you mean by destructive recovery but it you are not doing a delete of partitions (ALL OF THEM ) and the repartitioning, formatting and reinstalling from scratch, you may well be just starting out with an infected boot record each time. A proper clean install ( which is what I'm ) describing will remove any infection unless it is in your BIOS.

Okay this explains it more and this may be why you still have a problem. This is not a clean install and you may have an infection that has gotten into both your Recover Partition and it is reinfecting you. Or as I said, above, your BIOS is infected. You need to do a total clean reinstall. You may need to get HP to send you a proper Windows Installation CD to do this.

If your PC is up and running right now, please do the below:

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

Be sure to attach your log from TDSSKiller


Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

Notice what MBRCheck shows:

This supports what I have been saying all along. When you are doing what you call a "destructive system recovery" you are not fixing the MBR which is infected.

You need to boot from a Windows XP Boot CD and get into the Recovery Console to run fixmbr to remove the infection that is in your Master Boot Record. Since you say you do not have a Windows XP Boot CD, you will have to try something like below.


See what was posted in message # 12 of the below thread and see if you can get this CD to run.

whistler/black internet@mbr again!

 

No! The CD does not care?

 

Yes the Desktop of a clean computer.