Hi arath,

Upon checking the HJT log file, I noticed that there's a malicious file that's running on the machine:  C:\Documents and Settings\Vicky\Local Settings\Application Data\av.exe

You can manually stop this process via the Task Manager then manually delete the file.  You can also run a scan using Housecall or any Trend Micro product and it should be caught as TROJ_NOSECUR.MCS.

I did the Task Manager and I think I manually deleted the trojan, but I am still having trouble with the XP Guardian.  However, it is now called XP Antivirus Pro.  It changed sometime ago.

Hello arath,

Try running a scan using Housecall and check if the FakeAV infection will be fixed.  If not, attach a new copy of the HJT log here so that we can check it again.

arath, have you read removal instructions at bleepingcomputer.com? If not, then i think you should.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

And slightly different removal instructions in this blog post: how to remove XP Guardian. 

I hope this will help you. Good luck!

This batch of FAKEAV uses the same binary but changes the presented GUI, its one more way for the bad guys to confuse cleanup. Try the instructions here, then post your new HijackThis results.