How to get rid of XP Antivirus?

[alohaguy53]

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6344

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

4/12/2011 5:45:45 PM

mbam-log-2011-04-12 (17-45-45).txt

Scan type: Quick scan

Objects scanned: 180554

Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Larry, I have a feeling we might be getting close to having my problem solved...no idea really...you are the guy that will know. Anyway, whenever we get finished, please check back, because I have a few questions I need to ask.

[LDTate]

Are these scans done under your login?

[alohaguy53]

The are done on the Administrator2 user account that we set up last night.

[LDTate]

Try your account.

If your account still doesn't work and you have data you want from that account, I would create a new account like Dan2 with admin rights and move all the data you want to save there. Then use the Dan2 account.

[alohaguy53]

Okay, I will try it. If that is ends up being what I am going to have to do, then I will need some tutoring on how to move the data, cause i haveno idea.

[alohaguy53]

I logged off Admin2 and logged in to my account. Programs such as Outlook Express, Excell, Word still won't run. So, I am assuming I will need to follow your instructions and start a new user account. First question is can we use the Administrator2 account and just rename it?

Then the scary part for me...what kinds of data are we talking about moving? If I open a program such as Outlook Express in ADmin2 will all my emails and addresses still be there? If I open excel, will all my files still be there? Is there any way to tranfer my internet favorites to the new account? I'm sure there are a number of other things I need to know.

Kevin

[LDTate]

You may need to call support for all that if we can fix it with the tools we use.

Using the Admin2 account, run Combofix

[alohaguy53]

Okay, I am in Admin2 account and I downloaded Combofix.exe and started it. I will let it run for awhile, but it looks just like it did last night with one blinking dash down in the lower left corner and no prompts appearing.

[alohaguy53]

15 minutes in an still just one blinking dot in the lower left corner.

[alohaguy53]

40 minutes in and nothing happening.

[LDTate]

It's hung up again.

Try this:

Please download DDS and save it to your desktop.

• Disable any script blocking protection
  
• Double click dds.scr to run the tool.
  
• When done, DDS.txt will open.
  
• Click Yes at the next prompt for Optional Scan.
  
• Save both reports to your desktop.
  

---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt

[alohaguy53]

I ran it once, but did not have AVG turned off. I can't figure out how to disable AVG.

Logs with AVG on are as follows:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/12/2010 8:21:08 AM

System Uptime: 4/13/2011 10:12:55 AM (3 hours ago)

Motherboard: Hewlett-Packard | | 30C0

Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | U10 | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 76.382 GiB free.

D: is CDROM ()

E: is FIXED (FAT32) - 596 GiB total, 478.245 GiB free.

G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/25/2011 9:07:26 PM - System Checkpoint

RP2: 3/25/2011 11:08:44 PM - March 25,2011

RP3: 3/27/2011 11:52:17 AM - System Checkpoint

RP4: 3/28/2011 11:54:49 AM - System Checkpoint

RP5: 3/29/2011 12:14:42 PM - System Checkpoint

RP6: 3/30/2011 3:28:56 PM - System Checkpoint

RP7: 3/31/2011 6:31:59 PM - System Checkpoint

RP8: 4/1/2011 6:33:03 PM - System Checkpoint

RP9: 4/2/2011 6:54:21 PM - System Checkpoint

RP10: 4/3/2011 7:17:52 PM - System Checkpoint

RP11: 4/4/2011 8:58:52 PM - System Checkpoint

RP12: 4/5/2011 9:36:28 PM - System Checkpoint

RP13: 4/7/2011 1:07:36 AM - System Checkpoint

RP14: 4/8/2011 1:44:26 AM - System Checkpoint

RP15: 4/9/2011 2:22:22 AM - System Checkpoint

RP16: 4/10/2011 3:22:26 AM - System Checkpoint

RP17: 4/11/2011 4:05:11 PM - Restore Operation

RP18: 4/13/2011 12:28:14 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 9.20

Acrobat.com

ActivClient x86

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Photoshop CS

Adobe Reader 9.2

Agere Systems HDA Modem

American Greetings CreataCard

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Sensor Minimum Install

AVG Free 9.0

Barbie Fashion Show CD-ROM

Barbie In The 12 Dancing Princesses

BIOS Configuration for HP ProtectTools

Bonjour

Broadcom NetXtreme Ethernet Controller

Canon Camera Access Library

Canon Camera Support Core Library

Canon G.726 WMP-Decoder

Canon IJ Network Scan Utility

Canon IJ Network Tool

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 1.0

Canon MX700 series

Canon MX700 series User Registration

Canon My Printer

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint EX

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture DC

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner

Chinese Simplified Fonts Support For Adobe Reader 9

Cisco Connect

Credential Manager for HP ProtectTools

Device Access Manager for HP ProtectTools

DING!

Disney's Lilo & Stitch Trouble in Paradise

Drive Encryption for HP ProtectTools

Embedded Security for HP ProtectTools

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP 3D DriveGuard

HP PCMCIA Smart Card Reader

HP ProtectTools Security Manager

HP Wireless Assistant

Intel® Graphics Media Accelerator Driver

InterVideo DVD Check

InterVideo WinDVD

iTunes

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 21

K-Lite Codec Pack 6.8.0 (Full)

Logitech

[LDTate]

Delete this file

c:\windows\system32\drivers\nhwqg.sys

[alohaguy53]

Done

[LDTate]

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

[alohaguy53]

C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\6.0\1\3f128481-77a5b297 a variant of Java/TrojanDownloader.OpenStream.NAZ trojan deleted - quarantined

C:\Documents and Settings\Kevin\My Documents\Downloads\7zip_Bing.exe Win32/Toolbar.Zugo application deleted - quarantined

[LDTate]

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

[alohaguy53]

ok I think that worked

[LDTate]

I would like to get combofix to run but I think in order to get it to run you'll need to uninstall AVG.

Other than that I've done waht I could.

[alohaguy53]

1. Isn't there a AVG control panel somewhere that I can just turn it off for awhile.

2. Do you think the system is just about clean?

3. As I mentioned Larry, I am going to need some help transferring data to the new user account can I call your support guys to help with this? 4. What is the phone number

[alohaguy53]

if there is a phone number but you don't want to post it here, I can send you my e-mail address.

[LDTate]

1. We tried that and CF still didn't run. It should show the AVG Icon down on the taskbar by the time.

If it's there, Right Click on the Icon and select disable. Then try Combofix again.

[alohaguy53]

I right clicked on it but there is no disable option

[LDTate]

if there is a phone number but you don't want to post it here, I can send you my e-mail address.

you can contact the help desk at support@malwarebytes.org or here.

[LDTate]

I right clicked on it but there is no disable option

Only option is to uninstall it.

AVG > AVG Removal Tool (x86) -

AVG Identity Protection > AVGIDPUninstaller