Search Engine Hijacker

Hi all thanks for your time,
I have an XPS 1530 running Windows 7. A couple weeks ago, my laptop was infected by a bunch of spyware. Using Avast Antivirus, I removed everything but when I used a search engine a couple days later, I found that I still had a search engine Hijacker which always redirects me to a some advertisement site. Nothing in my system seems to be affected except for search engines. I have run every test which Avast and Malwarebytes' Anti-malware(which I downloaded a few days after the infection) have but they always come back saying the system is clean. If I enable Malwarebyte's system protection, it blocks the hijacker and I regain control of my search engine. While this makes my system run normally, the spyware is obviously still on my system and will hijack my search engine if Malwarebytes' protection is not enabled. I don't feel comfortable knowing that this is somewhere embedded on my system. I have researched and tried to find the spyware but I can't so this is my last attempt to get help before I wipe my system and reinstall my OS. I have basic computer knowledge but complicated tasks may go over my head. Any help would be greatly appreciated.

The IP which Malwarebytes blocks when I use a browser is 78.159.112.184

Here's my most recent Malwarebytes' scan log:

Malwarebytes' Anti-Malware 1.44
Database version: 3699
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/7/2010 9:23:02 AM
mbam-log-2010-02-07 (09-23-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 251199
Time elapsed: 52 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

You likely have a rootkit.

Download
gmer
http://www.gmer.net/


The one I have been seeing a lot is an infected atapi.sys file

 

Thanks for the tip but even gmer can't find any threats. I would be tempted to think the system is clean except the search engine keeps getting hijacked if I try disabling Malwarebyte's protection.

 

I would suggest you run a scan with Hitman Pro.

 

It sounds like you might have the latest ATAPI.SYS rootkit.

Try pulling out your original Windows installation CD and replacing this file from the recovery tool's command line interface:
C:\windows\system32\driver\atapi.sys

 

That is what I was thinking...gmer usually flags atapi.sys, though if it detects it..

 

Wow that sounds very serious indeed!

I highly suggest reformatting you computer. Root kits are very scary indeed!

 

Na, he should just try Greg's fix and see if that fixes it.

 

superstopper. I highly suggest you reformat your computer! rootkits are the worst when it comes to security problems my friend. Definately fabrication. Good luck in your endeavors!

 

Which means, what exactly?

 

Thanks for the suggestions all. I finally seem to have gotten rid of the root kit. Sorry about the delay but I wanted to be sure it didn't come back. After running many scans without result, I fixed the problem with UnHackMe Monitor. It ran a scan during boot up which apparently found the malware before it could hide itself. :b It's possible that other programs suggested above run pre-boot scans as well but if so I didn't know how to use them and UnHackMe was very simple and straightforward. I certainly recommend it for anyone having a similar issue. Again, thanks allot for all your input I greatly appreciate it