The computer is a windows xp home sp3 desktop. I've fixed an infection of "Antivirius 2009" (The rogue2008 one) using a combination of combofix and malwalrebytes. plus spybot for good measure.
Computer got infected a second time, and I did the same.
Then last week it was infected for a third time. AVG 8 resident shield kept complaining about
avg resident shield alert
accessed file is infected
file name: c:\windows\system32\userinit.exe
process name: c:\windows\system32\winlogon.exe
Client was running malwarebytes to no avail. I did an updated malwarebytes quick scan and then a combofix. Afterward when I rebooted I no longer got the resident shield alert. I wanted to do updated full mbam scans, spybot scan, adaware scans, and also update windows xp completely But to save him money I told the guy how do those himself, and I rebooted several times, and got no AVG resident shield alerts. I left.
AT that point, when I left, I did a hijackthis log, which is attached as HJT-b.txt
Now (the next day) he says he's getting the same infection notice from AVG Resident Shield regarding userinit.exe.
Can you guys look at the last HJT log I did (HJT-b.txt) and see if you can spot anything?
Obviously I'll try to get the guy to send me a current mbam log to add to this.
(He has teenage kids who might be reinfecting the computer, but if it's my failure to clean it I feel bad)