Ok....time to give credit where it is due. Miekiemoes helped me finish getting my friend's laptop back to normal tonight. If you read her post about the VIRUS ALERT! next to your system clock, you will discover exactly how fix this issue...I mean exactly....no joke....seriously. This post is so detailed that I actually made a joke in my comment to her asking if she created the virus! I worked on this laptop for 4 hours last night where at least I was successful in removing the virus categorized as Trojan horse agent.zak from his AVG scan. But the Trojan does some very strange things as Miekiemoes touches upon:
1) After pressing the start menu, most of your normal options are gone (like control panel, my documents, log off, etc). Apparently, the Trojan disables these items in an attempt to stop you from being able to remove the Trojan.
2)It also disables the registry (regedit.exe). Fixing spyware/virus laden computer in the past, getting into the registry is a MUST. I was shocked when I got a message saying "Your administrator has disabled registry access". Uh, hello, I was logged on as the Administrator!
3) Adds VIRUS ALERT! after the clock down in the system tray. Also in the Computer Properties area.
4)But the most annoying issue is the fact that the Trojan actually manages to delete your Windows Product ID. This then causes Microsoft to determine that your PC now has an illegal copy of Windows XP!!! Incredible! I've never seen a virus/spyware do something like this before!
As stated above.....I fixed everything based on the instructions listed here in Miekiemoes blog. If this ever happens to you, be sure to check her blog first.