All Security Scanners Have Been Rendered Ineffective

I have had Eusing Free Registry Cleaner, Adaware (Free Edition), SuperAntiSpyware, Spybot Search & Destroy, McAfee AntiVirus 2010, and CCleaner installed on my computer. Recently all of the scan functions except CCleaner have been made useless. By that I mean that when I try to do a scan, the scan starts but after a brief time the screen goes black and I'm back on my desktop. Consequently, I can't identify whatever has infected my system and also can't get rid of it. It seems that I've picked up some unwanted software that protects itself better than anything that I've previously encountered. I am running Windows XP Home Edition Version 2002 with Service Pack 2. I found this website when doing a search using the names of the products listed above and adding "scan disabled". Also two names to which Windows has alerted me are Worm.Win32.NetSky and TrojanSPM/LX. I would appreciate any help. Thank you.

Edited by dmcmaster, 17 December 2009 - 07:15 AM.

Id suggest booting into safe mode with networking and running Malwarebytes.
let us know if this works

by anychance has Task manager also been disabled?

MATTSPCHELP

Yes, it is. When I try to use it I get an "Application cannot be executed. File is infected. Please activate your antivirus software." message. I also cannot get into safe mode, so the suggestion from the post before yours cannot be tried. Immediately after windows loads, I get a screen warning from windows that I've been infected with the Worm.Win32.NetSky virus and later on another screen comes on telling me that I have also gotten the TrojanSPM/LX virus. It seems like anytime I try to do any type of virus scan, something causes it to shut down. I also have had my background theme changed to a general warning that I've been infected with a virus. I was able to get the following from a program called GMER.exe

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-18 05:41:31
Windows 5.1.2600 Service Pack 2
Running: gmer_1.exe; Driver: C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\agldapod.sys


---- System - GMER 1.0.15 ----

Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwCreateKey [0xF749AC8E]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwEnumerateKey [0xF749AD13]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwOpenKey [0xF749AC10]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) ZwQueryDirectoryFile [0xF749A999]
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) IoCreateFile
Code 4ac6d28a3cbbc27057cba00b20c92ea2.sys (ckmd/Noves Inc) NtQueryDirectoryFile
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [416] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [592] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [880] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [948] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1020] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1112] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1348] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1580] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1804] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [2476] 0x35670000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys (*** hidden *** ) [BOOT] 4ac6d28a3cbbc27057cba00b20c92ea2 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\4ac6d28a3cbbc27057cba00b20c92ea2&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=4ac6d28a3cbbc27057cba00b20c92ea2&path=system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys&wmid=03003&idate=2009-12-13 23:02:52:546&last_download_time=2009-12-13 23:5:52.953&first_skip=1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ImagePath system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@DisplayName 4ac6d28a3cbbc27057cba00b20c92ea2
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Group szldgp
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\4ac6d28a3cbbc27057cba00b20c92ea2&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=4ac6d28a3cbbc27057cba00b20c92ea2&path=system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys&wmid=03003&idate=2009-12-13 23:02:52:546&last_download_time=2009-12-13 23:5:52.953&first_skip=1
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Tag 1
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@ImagePath system32\4ac6d28a3cbbc27057cba00b20c92ea2.sys
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@DisplayName 4ac6d28a3cbbc27057cba00b20c92ea2
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2@Group szldgp
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4ac6d28a3cbbc27057cba00b20c92ea2\Security@Security 0x01 0x00 0x14 0x80 ...

Ok , heres what you do , go to C:\Windows\System32 and copy tskmanager.exe to your my documents

you then rename it to explorer.exe and then you look for program thats may be all numbers

eg :

1324437254.exe

if you find it you want to end the proccess and try and open malware bytes again ,

if however you didnt find the 1324437254.exe file dont worry , we can always attack it from another angle

Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [416] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [592] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [880] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [948] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1020] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1112] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1348] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1580] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1804] 0x35670000
Library \\?\globalroot\Device\__max++>\9493839C.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [2476] 0x35670000

You have a very persistent rootkit

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

You will also be instructed to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck

Edited by garmanma, 18 December 2009 - 03:45 PM.

MATTSPCH

Taskmanager has been disabled. The message says it can't be executed, file infected, activate your antivirus.

To MATTSPCHELP and all others who have contributed,

I have been advised by tetonbob at TechSupportForm that it is not wise to have a problem worked on by more than one help center and that I should choose among those that I may be using. I appreciate all of your help, however, at TechSupportForm, success is starting to show and all of the things that I have been advised to try on this forum have been blocked by the virus. I have to follow the trail of progress, however, that is certainly not to say anything against the quality of your forum. I understand that these viruses are many and varied and can be attacked from a multitude of angles, some which are successful and others which are not successful. Thank you very much for your help.