If you are not getting a virus warning that you believe is an undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem, the fact that you believe it to be a new/undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
You could also check the offending/suspect file at:
Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
First formatting and reinstalling is way over the top as a resolution to this problem. It is a physical impossibility for the problem to remain after a format and reinstall of XP, etc. a format wipes the whole disk. This is likely coming back because of either an unpatched vulnerability or the same way he got infected in the first place (same browsing habits, etc.), rather than it persists. So I would question how he did the format?
If your friend hasn't already got this software (freeware), download, install, update and run it.
1.
Ad-Aware2.
Spybot Search and Destroy3.
SpywareblasterAlso useful as a diagnostic tool - Download
HiJackThis.zip - HJT Information
HiJackThis TutorialFor an on-line analysis -
HiJackThis Log file - On-line AnalysisIgnore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.