The Bamital-AE detection that avast is calling is particular in this case, and likely parallels a few closely similar detections that have been posted recently to virus and worms topics. But the general Bamital indicators will also be common across a range of infection cases, notably rootkit like character, with backdoor trojans, attempt to control key system files, boot process, network connection, compromise winlogon and explorer, grows worse over time but can be thwarted by intervention at an early stage. That said we haven't really had a decisive rule on this Bamital-AE call just as yet. Essexboy can write specific fixes for particular cases, but there so far from what I can gather nothing in the logs generated in this case that direct to obvious fix. Another OTL scan as requested by essexboy would be helpful.
In Bamital-AE detections, the following entry has popped up under services
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
But in XP, which is this case, Hidserv can be disabled
- and yet the dll should ordinarily be found, so needs resolving.
In this case, and as yet i found only in this this case, the following entry
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
With the amount of apps running and others seemingly no longer installed but still carrying records, I would think some kind of app management in installation services would be pressing. The OP would be advised to follow up on the missing dll file, perhaps the file is corrupted, or the the service is now manipulated by malware.
from users point of view, some of these systems posted to the forum need to be tidied up through uninstall of old or surplus programs, and running of a single antivirus as resident, use ccleaner, mbam, virustotal to provide for different calls on suspect files can be useful, HijackThis is easy to use and can be helpful to tidy up removing of surface rubbish, and really some housework on the client desktops would make the log files generated by OTL a lot less time consuming to work through. And importantly allow Essexboy get the root of any infection a lot quicker and more comfortable to write fixes.