Thank you for your replies.
The OS on the notebook is XP..with 1GB RAM. It is a HP Pavilion 6000. The account was an administrator account. When initially looking at the system, there was a program shortcut on the desktop called reg scrubber and another called Ccleaner.
I am relatively advanced as a user goes, maybe a bit more than a power user but not quite an MCSE..ha ha ha..anyway, the original complaint was that when she used the MLS (she is a Realtor), explorer kept clearing the search fields when the back button was used to return to the search criteria page. this is unusual so i decided to take a look at it..she was running explorer 6.0 so I decided to upgrade to IE7..this is when the probs manifested themselves and I noticed that there were more sinister issues at hand.
I tried connecting after restarting and found the browser kept defaulting to msn.autosearch....I tried changing the home page and found the issue still remained. IE7 kept saying that the web page could not be opened...there was an active connection to the internet as well...I ran adaware albeit without being able to update it first and it alerted me to a browser hijack attempt..as suspected. I could actually connect to the net when starting Windows in safe mode, but updates could not be successful in that mode...
I backed up crucial data and ran a non destructive recovery from the recovery partition. All was great when I re-started and even when I installed IE7 again the connection worked. However, when attempting to install adaware 07, an error occured when it attempted to start the service..the message was to make sure I had sufficient privelages etc. I went directly to the services and tried to start the adaware service but got a message that suggested the service did not respond in a timely manner.
I allowed xp to download and install the 79 updates but this was no help either. I wrote a report for the woman suggesting that there were still possibilites that the system was infected. She was not charged for the repair, but my wife is pushing me to charge her for future repair work..that's another story...anyway, I had assumed that there was still malware on the system and made this evident in the report that she would require a destructive recovery..to do this I will use active killdisk to write 0's to the hard drive and then re-install.
if there are any other suggestions, please do not hesitate to let me know of them. thank you so much for your time and suggestions, have a great holiday and a fantastic new year.
Edited by Darren De Wilde, 21 December 2007 - 06:50 PM.