MATTSPCHELP
Yes, it is. When I try to use it I get an "Application cannot be executed. File is infected. Please activate your antivirus software." message. I also cannot get into safe mode, so the suggestion from the post before yours cannot be tried. Immediately after windows loads, I get a screen warning from windows that I've been infected with the Worm.Win32.NetSky virus and later on another screen comes on telling me that I have also gotten the TrojanSPM/LX virus. It seems like anytime I try to do any type of virus scan, something causes it to shut down. I also have had my background theme changed to a general warning that I've been infected with a virus. I was able to get the following from a program called GMER.exe
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2009-12-18 05:41:31
Windows 5.1.2600 Service Pack 2
Running: gmer_1.exe; Driver: C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\agldapod.sys
---- System - GMER 1.0.15 ----
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwCreateKey [0xF749AC8E]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwEnumerateKey [0xF749AD13]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwOpenKey [0xF749AC10]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwQueryDirectoryFile [0xF749A999]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) IoCreateFile
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) NtQueryDirectoryFile
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [416] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [592] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [880] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [948] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1020] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1112] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1348] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1580] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1804] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [2476] 0x35670000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys (*** hidden *** ) [BOOT] 4ac6d28a3cbbc27057cba00b20c92ea2 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@c ®istry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\4ac6d28a3cbbc27057cba00b20c92ea2&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=4ac6d28a3cbbc27057cba00b20c92ea2&path=system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys&wmid=03003&idate=2009-12-13 23:02:52:546&last_download_time=2009-12-13 23:5:52.953&first_skip=1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ImagePath system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@DisplayName 4ac6d28a3cbbc27057cba00b20c92ea2
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Group szldgp
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@c ®istry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\4ac6d28a3cbbc27057cba00b20c92ea2&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=4ac6d28a3cbbc27057cba00b20c92ea2&path=system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys&wmid=03003&idate=2009-12-13 23:02:52:546&last_download_time=2009-12-13 23:5:52.953&first_skip=1
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Tag 1
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ImagePath system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@DisplayName 4ac6d28a3cbbc27057cba00b20c92ea2
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Group szldgp
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security@Security 0x01 0x00 0x14 0x80 ...