It looks like there is a rootkit
variant on this machine. The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.
Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.
Download this Utility
and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit
, press any key to close the program.
It will save a .txt
file to your desktop automatically. Double-click on the Win32kDiag.txt
file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..
Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.
Let me know how that went.