I was hit by several malware problems as the same time. After several cycles using Spybot I received a clean report. However, I found that there were several problems resulting from the infection/fix.
1. I cannot see or access my C:\ drive using windows explorer, even though my username is an administrator. If I login as administrator then I can see and access the C:\ drive.
2. The time in the notification area of the start bar reads the time with the addition of VIRUS ALERT! to the right.
3. I have a noticable loss of performance when opening a program. If I double click on an icon I might wait several minutes for the program to start.

Eventhough the malware seems to have been removed I am hoping you can assist me in repairing the residual effects.
Thank you,
K. Foster

--------------------------------------------------------------------
The following is a list of the Spybot fix report:
--- Report generated: 2008-07-16 12:40 ---

Smitfraud-C.gp: [SBI $69E2C5E3] Link (File, fixed)
C:\Documents and Settings\Kit\Favorites\Error Cleaner.url

Smitfraud-C.gp: [SBI $180C14CB] Link (File, fixed)
C:\Documents and Settings\Kit\Favorites\Privacy Protector.url

Smitfraud-C.gp: [SBI $A580ABCE] Link (File, fixed)
C:\Documents and Settings\Kit\Favorites\Spyware&Malware Protection.url

Smitfraud-C.gp: [SBI $C40DD04E] Link (File, fixed)
C:\Documents and Settings\Kit\Desktop\Spyware&Malware Protection.url

Smitfraud-C.gp: [SBI $41764C70] Link (File, fixed)
C:\Documents and Settings\Kit\Desktop\Error Cleaner.url

VistaAntivirus2008: [SBI $EDBFAC2F] Executable (File, fixed)
C:\Program Files\VAV\vav.exe

VistaAntivirus2008: [SBI $B06AEDC8] Data (File, fixed)
C:\Program Files\VAV\vav0.dat

VistaAntivirus2008: [SBI $B06AEDC8] Data (File, fixed)
C:\Program Files\VAV\vav1.dat

VistaAntivirus2008: [SBI $8294D697] Program directory (Directory, fixed)
C:\Program Files\VAV\

Microsoft.Windows.Explorer: [SBI $4272AA01] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1004336348-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders

Microsoft.Windows.System: [SBI $8E2F7540] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1004336348-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1004336348-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1004336348-839522115-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

Microsoft.Windows.System: [SBI $38594624] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1004336348-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms

NNC.MGRS: [SBI $D7CE2F4E] IE start page (Registry change, fixed)
HKEY_USERSS-1-5-21-1004336348-839522115-1343024091-1004\Software\Microsoft\Internet Explorer\Main\Start Page=about:blank

Zlob.Downloader.rid: [SBI $A36DC7FF] Library (File, fixed)
C:\WINDOWS\qndsfmao.dll

Zlob.Downloader.vcd: [SBI $3A7819FB] Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo

Smitfraud-C.MSVPS: [SBI $117873AC] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4CC20AE-0E90-4837-B468-FFF9D938EF88}

Smitfraud-C.MSVPS: [SBI $117873AC] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4CC20AE-0E90-4837-B468-FFF9D938EF88}

Virtumonde: [SBI $BAC795A0] Picture (File, fixed)
C:\WINDOWS\system32\sex1.ico

Virtumonde: [SBI $BAC795A0] Picture (File, fixed)
C:\WINDOWS\system32\sex2.ico

Zlob.Downloader.bs: [SBI $0D9D15D5] Library (File, fixed)
C:\WINDOWS\kvxqmtre.dll

Zlob.Downloader.vcd: [SBI $E018B59A] Library (File, fixed)
C:\WINDOWS\evgratsm.dll


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe
2008-07-01 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll
2008-01-28 Tools.dll (2.1.3.3)
2008-07-15 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-07 Includes\DialerC.sbi (*)
2008-07-11 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-15 Includes\Keyloggers.sbi (*)
2008-07-15 Includes\KeyloggersC.sbi (*)
2008-07-16 Includes\Malware.sbi (*)
2008-07-16 Includes\MalwareC.sbi (*)
2008-07-15 Includes\PUPS.sbi (*)
2008-07-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-11 Includes\Spyware.sbi (*)
2008-07-15 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-07-15 Includes\Trojans.sbi (*)
2008-07-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll


THIS IS THE HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33: VIRUS ALERT!, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: qndsfmao - {99E682D3-1B1F-4593-9258-ABBFA9310025} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214853218369
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1215699940166&h=49e0276471e911b66683c4dcf416bc8e/&filename=jinstall-6u7-windows-i586-jc.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O21 - SSODL: kvxqmtre - {46122D08-99FB-468C-80C6-2385E292BFBF} - (no file)
O21 - SSODL: evgratsm - {12BFB181-45BB-480C-836F-C3A4631B6C9C} - (no file)
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11738 bytes

I imagine that I will continue to learn more of the negatives from this malware attack. I have now found that I cannot open MS Outlook, and I cannot open the windows task manager.

It is amazing to me how fast your backlog grows. Your services are indespensible.

Because of my immediate need to use my PC I began investigating the problems I was seeing. Of course, I reran Spybot in safe mode and again it reported the system clean. I found in the registry HKCU\software\vav which contained:
Key Name: HKEY_CURRENT_USER\Software\VAV
Class Name: <NO CLASS>
Last Write Time: 7/16/2008 - 16:11: VIRUS ALERT!
Value 0
Name: 004
Type: REG_DWORD
Data: 0x1
Value 1
Name: 111
Type: REG_DWORD
Data: 0x95218f
Value 2
Name: 546
Type: REG_SZ
Data: 0000004683

I deleted this key.

Then I found:
HKCU\software\microsoft\windows\currentversion\policies\explorer\NODRIVES with a value of c.
When I deleted this I was again able to access my c:\ drive.

Then I found:
HKCU\controlpanel\international\sTimeFormat with a value of HH:mm: VIRUS ALERT!
When I changed the value to HH:mm tt I eliminated the VIRUS ALERT! in the notification area, and again had the proper clock display.

Of course, I do not know which of the malware items created these problems but my system now seems to be working.

Two residual items I would ask an answers for.

1) Now that I can see my C:\ drive it seems that I have two new users under Documents and Settings that I cannot remember seeing before:
LOCALSERVICE and NETWORKSERVICE

Are these legitimate users?


2) I used a program called StartUpList.exe to display all of the processes and services activated on startup. Part of its report was the following:

[12:21:32] Skipping hosts file, because it is over 1000 lines long. (file is 8890 lines, totalling 247 kb)
[12:21:33] Skipping Zones for this user, since there are over 1000 domains in them. (4663 to be exact)
[12:21:33] Skipping Zones for all users, since there are over 1000 domains in them. (4664 to be exact)
[12:21:33] Skipping Zones for user Default user, since there are over 1000 domains in them. (4663 to be exact)
[12:21:33] Skipping Zones for user LOCAL SERVICE, since there are over 1000 domains in them. (1594 to be exact)
[12:21:34] Skipping Zones for user NETWORK SERVICE, since there are over 1000 domains in them. (1594 to be exact)
[12:21:34] Skipping Zones for user SYSTEM, since there are over 1000 domains in them. (4663 to be exact)

Do you know what these would be? Do you know where these reside on my system?

Thank you...

Well, it has been a long and arduous process but I think that my computer is finally cleaned of the devil.

I, and I am certain thousands of others, praise your willingness to share your time and knowledge. The previleance of crap that can be picked up on the internet is amazing.

I would like to pass on to you and to Spybot some of the things that have occurred. The first being most important to me and I am sure to you also. When I thought that my PC was clean I still experienced somewhat slow performance. Then I experienced what seemed to be general lock ups. I was even more troubled when I could not access my %user%/local settings/temporary internet files/ directory. Then I looked further. My investigation led me to learn of AVG Anti-Virus. I know that this program may compete with Spybot in the marketplace but I'm sure we are all interested in the bottom line... security of data and a better internet experience.

AVG Anti-Virus identified 27 occurrances of malware/virus that Spybot, Hijackthis, and my anti-virus software (Comodo) did not. When AVG cleaned these occurrances I was able to start the update process with Microsoft. Microsoft and its Malicious Software tool continued to clean the problems that were in active memory and after a couple of re-boots and re-trys actually cleaned the last of the buggers out (at least I hope so). I have now re-booted several times and have not experienced any lockups and my PC seems as fast as ever.

My system now runs fast and without lockups or stalls. Auto updates from Microsoft are no longer aborted, and I can see and access all of my user directories.

Again, I wish to pass on some praise for your honorable endevors. Your services are inumerably valuable to PC users. I have maintained some logs if they are of interest. Thank you.

Hello,

Because of the volume of posts to your own topic, it may have appeared you were already being assisted. :eek:

For people waiting who have not resolved their problem, we have a sticky topic:
Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/forumdisplay.php?f=37)
However if members waiting for assistance do not post to flag a helper, their topic may be archived.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

Best regards.