HJT log with some viruses

[ElmntEarth1]

Hey, I feel bad when I make these topics, but my family just doesn't grasp the concept of internet security yet and, long story short, theres a bunch of ad junk and who knows what else on there.  Symptoms I've seen on here are these sounds in the background that sound like a web page being accessed, then the sound of an ad will play, but nothing happens onscreen.  Sometimes I'll hear the firefox popup blocker activate.  CPU usage has some spikes, but it generally stays under 10%   Computer is running Windows XP 32bit SP3.

Steps I've taken so far:
Ran avast on startup: picked up a bunch of files, some in system32, and moved them all to chest
Ran Malwarebits once: picked up a bunch of stuff that I deleted.  Ran another scan, nothing was detected
Ran ccleaner to clear out temp internet folders

I also have some questions.  The computer here is running four Windows XP accounts, so say I scan malwarebytes on my mom's account, will it pick up crap on my sister's?  Is the malware on my sister's account a threat to the rest of the computer?
Also, the HJT log I included is while logged onto my sister's account.  Will that include all the information of stuff starting up across all accounts?

If you need anymore information, let me know.  Thank you

[YoKenny]

The computer here is running four Windows XP accounts, so say I scan malwarebytes on my mom's account, will it pick up crap on my sister's?

Malwarebytes MBAM stores its information in a common area that all accounts can access but unless it is run on each account there is no guarantee that each account is free of malware so it is best to browse for the answer in Malwarebytes forum then ask how to insure each account is safe:
http://www.malwarebytes.org/forums/index.php?showforum=41
A Quick scan after an update of the definitions is good as it detects 99.9% of the infections

Is the malware on my sister's account a threat to the rest of the computer?

Probably but ask in the Malwarebytes forum.

Also, the HJT log I included is while logged onto my sister's account.  Will that include all the information of stuff starting up across all accounts?

No.
Each account will have its own differences.

[micky77]

Yokenny, since when did any security forum, advise running HJT on each user account. Or did i misunderstand you

[mojako_2you]

C:\Program Files\Windows NT\rteqehdace.html

looks weird...

[polonus]

Hi

Minor cleanup - HJT scan. Tick & Fix. Restart the computer.

Code: [Select]

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
polonus

[CharleyO]

***

An analysis of your HJT log shows the following :

We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.


O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Related to Real.com/Real player. Unnecessary (deactivated) entry that can be fixed.

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
Unnecessary (deactivated) entry that can be fixed. No file association.


***