bsod: attempt made to write to read only memory = rootkit

First time came across this curious blue screen of death, on startup, before
windows logon, creating a reboot cycle. Did the obvious, checked memory,
checked hard drive, no joy, checked google, which suggested checking hard
drive and checking memory.

Thought i would just give a check to see if any rootkit activity was going
on (on questioning, it seems that a redirector was causing problems before
reboot cycle, sending users to different web addresses), loaded up mini xp
boot disk, went to system32/drivers noticed two recently changed *.sys
files, a random named file and an atapi.sys.

An infected atapi.sys it seems has been very busy of late, it is responsible
for a google redirector which is missed by both combofix and malwarebytes.
Did a search for previous copies of atapi.sys, got the most recent one,
deleted both the system32/drivers one and the one laying around in the dll
cache folder waiting to reinfect, and copied over the one from the sp
install folder.

Problem sorted, can get into windows and continue cleaning up system.

I was fortunate in picking up on the problem quite quickly, but you could
easily spend a long time trying to trace this little sod down, thought i
would give a heads up...

[MacIntel]

Well, I do not feel qualified to deal with BSOD in Windows 7 yet, but I will be happy at least see your BSOD and see what I can see. I have no idea to analyze dump Windows 7 yet (XP crash dumps I can understand) and it would take to send some of the crash dumps and would be able to point you in a better direction. The two RAM sticks are identical, as purchasing a matched pair. Because RAM is usually the case, I've tried to pull a rope and run memtest. I also tested the RAM in a different computer.