|Go to the following link with internet explorer (not firefox) if possible, click on .exe file association fix> click run (no need to download it.|
Go to the following file association fix link:
You may need to download the to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer (this means both programs).
Please download Rkill from the following link.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next reply.
If that worked do the following:
Please save this file to your desktop.
Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.
Please run RSIT.exe by random/random and post its logs.
Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.
1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.
Please post the contents of both logs (in separate post) in your next reply.