Redirecting rootkit Solved, but a few more Problems...

Hi,

 

Recently I have been dealing with a redirecting virus and or rootkit that would nonstop redirect my search engine search results to various random sites, some of which dangerous.

 

After much searching, I found an article explaining a similar situation, and a recent one at that, about a system file that is infected with a rootkit.  That system file is a driver called atapi.sys.

 

I first noticed the truth of it when I scanned with a program called GMER.  It listed atapi.sys as a "suspicious modification".  Right after scanning, Norton 2010 immediately came up with a message stating it needed a restart to complete the deletion of dangerous files.

 

Restarted, and the computer was running VERY slow.  Turns out Norton flat out deleted the atapi.sys driver file!  As well as two others that I regret not writing down at this moment (they were in all capital letters and I think began with 'S').  I ran the GMER scan again, and it listed three files as "not found", one of them being atapi.sys.  The other two I recall were most likely system files.

 

After this I rebooted, and Windows failed to start.  BSOD Stop error.  From there I proceeded to boot into DOS from a Windows 98 floppy and copy a backup copy of the atapi.sys file from a backup location in windows.  Rebooted again, this time attempting safe mode.  However the computer froze on loading the list of files.

 

I can boot into Windows normally, however things seem a bit laggy and slow.  I have a feeling it has to do with the two other files that were possibly removed.  I am currently unable to boot into safe mode. 

 

Here is the activity log right around when it happened (notice it doesn't show the other two files):

 

c:\windows\system32\drivers\atapi.sys
____________________________
____________________________
On computer as of
12/6/2009 at 12:03:01 AM
Last Used:
1/18/2010 at 5:42:50 PM
Startup Item: Yes
Launched: No
____________________________
____________________________
Many Users
Millions of users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin

Downloaded from  Not Available
____________________________
URL Not Available
UNTESTED

Source
atapi.sys
____________________________
File Actions
File: C:\Documents and Settings\...\Desktop\Casino.url
Failed
File: C:\resycled\boot.com
Delete Failed
File: C:\WINDOWS\system32\dll.dll
Delete Failed
File: C:\Documents and Settings\...\Desktop\Casino.url
Failed
File: C:\resycled\boot.com
Delete Failed
File: C:\WINDOWS\system32\dll.dll
Delete Failed
Infected file: c:\WINDOWS\system32\drivers\ATAPI.SYS
Removed
____________________________
Suspicious Actions
Automatically run service: spooler
Terminated
____________________________
File Thumbprint:
Not Available
____________________________

 

The redirects have stopped, however my computer is running slower than normal and I cannot enter safe mode.  Is it possible there may be more threats still on my system?  Or are there files missing that Norton deleted that are required for Saffe Mode to load?

 

Thanks.