Originally Posted by
CalamityJane
We have a number things to consider here.
1. The prior state of this computer and the information that is contained on it - obviously belongs to a former user and has not been wiped. Meanwhile it was infected with a information stealing trojan...compromised - hacked. Owned by someone else. This computer may have other people's data on it and that needs to be addressed (the compromise is a past event that has happened already.) Information may have been stolen from it and passed on to malicious strangers for use in data theft, identify theft, etc. That info may have ended up in the hands of a malicious attacker - do you understand that? I'm concerned if these machines are being auctioned without being wiped first, especially if they came from a government office. Is there government data still on there. The profile certainly is and that may likely be compromised as well.
2. The current state of the machine. You need to keep this off the net as much as possible and only where necessary. Do you have a clean computer from which you can connect to the net to get instructions?
3. I'm going to have to back through these logs posted to see what all has been done to it by the malware authors and what might be able to be fixed, some of which we may never know. It doesn't sound like you can do a reinstall unless you have recovery disks from Dell somewhere and it may be difficult to replace system files if they were totally wiped out.
4. Does this machine even validate as genuine Windows? If not, we won't be able to get you the SP2 update that it needs (and subsequent windows critical security updates). Even if we can clean this up, operating at your current level of XP SP1 is a security risk and certainly is vulnerable to future attack. Do you understand the importance of the fact it does not have Windows SP2 at all.