Why is Windows reporting multiple anti-virus when I un-installed them all?

[DG]

Hi,

I am worried that my mom's computer may be compromised.

Windows Security repot that multiple anti-virus apps are running, one of which is up-to-date. But I uninstalled them all 
Is the system compromised by someting pretending to be an antivirus application?
Should I worry?
How can I tell what anti-virus apps are running?

Background
She complained comp was slow, and that she got a virus warning (malicious pdf)
1) I updated AVira (the anti-virus app), ran a scan, and found a malicious pdf file which I removed.
2) System was still slow, so I downloaded Ad-Aware and tried to run it - but system was so slow I could not work on it.
3) I noticed there was constant harddrive activity even when not running any programs (including scans) - I thought perhaps someting had failed in the anti-virus / malware apps, so I uninstalled them, intending to reboot and reinstall.
4) On reboot hardrive activity and system response seemed normal / better. I noticed the little windows warning shield icon (lower right) was not red as I expected (since I removed anti-virus). When I checked Windows Secirity it reported multiple anti-virus runnig and at least one being up-to-date.

I am worried something is hiding as an antivirus app…and confused.

I did a complete windows update (IE8, XP service pack 3, multiple security updates, hoping this would correct problem – no dice. And why was Widows so out of date? Auto update is on?

Any help / suggestions would be appreciated.

DG

[Mister2]

Hi DG, and Welcome to SpywareHammer ;D

I think one of two scenarios are possible here.

You may have been (or are still) running more than one antivirus application, which would result in Windows showing you had AV protection but would also slow your system down (the applications would fight with each other, consuming all your processing resources).

It is also possible that you have an infection that fools Windows into thinking it is protected when in fact it isn't.

In the first case, the results are annoying and may be harmful due to each AV application not being allowed to do its job properly.  In the second case, immediate action is called for to prevent further infection and possible damage.  There are various ways of identifying what programs and processes are running but, in your case, I don't think it advisable to wait while we check them out.

In view of your symptoms I recommend you submit a HiJackThis log so our experts can advise you.  Follow the instructions in this post - http://spywarehammer.com/simplemachinesforum/index.php?topic=88.0 - and start a new topic here - http://spywarehammer.com/simplemachinesforum/index.php?board=10.0 - briefly outlining the problem and the steps you have taken to remove the infections - juct copy the text from the box below and paste it into your HJT post to save retyping it all).

Code: [Select]

http://spywarehammer.com/simplemachinesforum/index.php?topic=5263.msg37553#msg37553
Then paste your HJT log into your post.  Someone will be along shortly to advise you and check for any signs of further problems.

Please be patient as the guys over there are kept busy, but be assured you will receive a reply as soon as someone becomes available.

Whatever the case, our experts will advise you to do whatever is necessary to clean your system up and make sure it stays that way.  If it turns out your computer is not infected then you may well be passed back here and we will sort things out. :)

Good luck!

[DG]

Thanks Mister2 - I thought it seemed suspicious.
I'll do log ASAP and post

DG

[Mister2]

You're welcome - good luck with the cleaning :)