bubbletea

Thank you for your assistance. I followed the steps and Google search has returned to normal operation and I have been able to update Malwarebytes.

**RESULTS from VirusTotal** File name: 17479511.sys Submission date: 2011-03-25 09:21:18 (UTC) Result: 0/ 41 (0.0%) File name: FwLnk.sys Submission date: 2011-03-25 09:12:59 (UTC) Result: 0/ 42 (0.0%) File name: startup.exe Submission date: 2011-03-25 09:11:22 (UTC) Result: 0/ 43 (0.0%) File name: 17479512.sys Submission date: 2011-03-25 09:17:25 (UTC) Result: 0/ 43 (0.0%) **RESULTS from ESET Online Scanner** I have a slow internet connection and I am unable to get this online scanner to work. Results of screen317's Security Check version 0.99.10 Windows Vista Service Pack 2 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Java SE Runtime Environment 6 Adobe Flash Player Adobe Reader 7.0.8 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` Thank you for your assistance. The redirect issue in Google seems to have gone. However, I am now having an issue with Malwarebytes. To ensure I have access rights, I run as Administrator. However, when I attempt to update Malwarebytes I receive the following error: PROGRAM_ERROR_UPDATING (5,0, CreateFile) Access Denied.

Thank you There were some delays due to the Windows Blue popping up, however, I was able to run ComboFix in the end! Below is the log, with the new DDS log underneath. ComboFix 11-03-24.03 - liz 25/03/2011 19:10:13.1.2 - x86 Microsoft

Oops - here you go. . DDS (Ver_11-03-05.01) - NTFSx86 Run by liz at 17:52:51.39 on Fri 25/03/2011 Internet Explorer: 8.0.6001.19019 Microsoft

Apologies, I forgot to include the Malwarebytes log. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6153 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 25/03/2011 4:54:57 PM mbam-log-2011-03-25 (16-54-57).txt Scan type: Full scan (C:\|) Objects scanned: 253858 Time elapsed: 1 hour(s), 4 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I am attempting to repair a computer that has been infected with 'Windows Recovery' and the search engine redirect malware. After reading some forum posts, I have tried the following attempts to clean the computer. Initially, Avira AntiVir alerted the following: Virus or unwanted program 'TR/Rootkit.Gen [trojan]' C:\Windows\System32\spool\prtprocs\w32x86\625F93F.tmp. C:\Windows\System32\spool\prtprocs\w32x86\2162F.tmp C:\Windows\System32\drivers\579711D.sys. C:\Windows\System32\drivers\6263E8.tmp. C:\Windows\System32\drivers\1324E9C.sys C:\Windows\System32\drivers\2233E8.tmp C:\Users\liz\AppData\Local\Temp\ldr2220.tmp C:\Users\liz\AppData\Local\Temp\ldr3e4a.tmp C:\Users\liz\AppData\Local\Temp\-213E8.tmp C:\Users\liz\AppData\Local\Temp\ldr3e3b.tmp The files 'C:\Users\liz\AppData\Local\Temp\ldr3e4a.tmp' & C:\Users\liz\AppData\Local\Temp\ldr224f.tm contained a virus or unwanted program 'TR/Alureon.CD.6' [trojan] In attempt to stop the 'Windows Recovery' malware, I performed a Systems Restore. The google redirect issue seems to persist, so I attempted the following: Started in Safe Mode. Ran 'CleanUp!' to clean up files. Scanned with: SUPERAntiSpyware - cleared some cookies. Malwarebytes' Anti-Malware - cleared some cookies. SpyBot Search & Destroy - cleared some cookies. HijackThis - log file attached* Restarted computer, in normal mode, redirect malware still exists. Followed instructions on this forum: Ran DDS - log file attached* Ran GMER - log file attached* RKill iExplore - the following process was stopped (C:\Windows\System32\grpconv.exe) Hitman Pro 3.5 - cleared some cookies. Avira AntiVir scan - log file attached* Downloaded TDSSKiller. Extracted to desktop, clicked 'run as administrator' - though nothing happens. Any help would be greatly appreciated. attach.zip