Infected!!! I have restored my Windows Vista system at least 6 times. THe problem is that no services can be stopped or started. Everything is grayed out with passwords, that I did not create. Once restored I create a admin password then a standard password. Once thats done I am locked out of the admin account that I created. I have Norton Antivirus 2008, which is not catching this what ever this is. Once logged on at start up a black screen appears for about 2 seconds then flickers then a blue circle starts twirling around. I get a message thats says"Configuring Updates" but cant download updates. When I look back at the updates everyone has failed. Something is wrong here. Also, I downloaded Avira Antivirus software and it told me that I had 2 virus found (1) c:\HP\HPQWARE\BTBHOST\SETACL.exe (2) c:\HP\BIN\KILLIt.exe., couldnt remove, so then I decided to download spybot search and destroy didn't find anything but cookies. But told me that a launcher is starting up with system: %WINDIR\SMINST\launcher.exe tried to remove but to no avail. Cant restore system because there are not restore points avaible for me. I am doing everything in safe mode with networking. Not sure this is good but this is the only way, I can get to anything. Please someone help. I have hijack logs and a deckard scan log. I have tried everything but just dont know what to do. I have already downloaded combofix to my desktop in safemode but have not ran the program until I can get some professional help. I am getting a lot of views but no replies?! On this website. Why!

Hello is it possible for you to run a scan with malwarebytes?
Run from normal Mode and as Administrator

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

I was able to download this program. Once download it told me that the program was corrupt. Then I tried to run a scan and it found nothing. Dont believe this. Something is shutting my computer down when it gets ready.
Malwarebytes' Anti-Malware 1.22
Database version: 972
Windows 6.0.6000

07:41:34 7/22/2008
mbam-log-7-22-2008 (07-41-34).txt

Scan type: Quick Scan
Objects scanned: 34726
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Your computer shutting down may not be a malware problem.

In Windows XP, the default setting is for the computer to reboot automatically when a fatal error occurs. An alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message (which is also known as the Blue Screen Of Death (BSOD)).

To change the recovery settings and Disable Automatic Rebooting, right-click on My Computer and select Properties > Advanced tab. Under "Startup and Recovery", click on the "Settings" button and go to "System failure". Make sure that "Write an event to the system log" is checked and that "Automatically restart" is unchecked. Click "OK" and reboot for the changes to take effect.

This will not cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with information displayed that will allow you to better trace your problem. Next time your computer crashes copy down the entire error message (including all the numbers) and post it back here.

Also, you could run a full system scan with SuperAntiSpyware in Safe Mode as a double check for malware.

How to start Windows in Safe Mode

Malwarebytes' Anti-Malware 1.22
Database version: 972
Windows 6.0.6000

07:41:34 7/22/2008
mbam-log-7-22-2008 (07-41-34).txt

Scan type: Quick Scan
Objects scanned: 34726
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Corrupt file one finally got downloaded but it let me run this scan. Scan looks suspicious two me.

Its not just my computer shutting down its among other things. Read first post please. I have downloaded the superantispyware but wont let me update it. I running a complete scan anyway.

Its not just my computer shutting down its among other things. Read first post please. I have downloaded the superantispyware but wont let me update it. I running a complete scan anyway.

I merged the last topic you started with this one.
Starting 2 topics, about the same problem, is called double posting, and is not allowed on this board.
Please keep all of your replies in this one topic.
The members helping you, will be looking for your responses to their questions, in the topic they replied to.
Posting it elsewhere, will cause a delay in the help you receive, and neither one of us, wants that. smile.gif
When you start several topics, for the same problem, it becomes very confusing to follow, for all of those involved.

ok, thanks

You could try running a scan with Dr.Web CureIt! in Safe Mode. This tool does not require updating. You can download it on another computer and transfer it to the problem one on a CD or pen drive if required.

ok, will try this in safe mode

Can you update the Malware bytes??

Ran Dr. Cure It in safe mode and it found several things will post here. I could not cure it or delete anything. It was grayed out were I couldnt. Please inform me on what to do here.
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\Desktop;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\DoctorWeb\Quarantine\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
ACSSETUP.EXE\data008;C:\Program Files\Online Services\Aolus\COMPS\ACS\ACSSETUP.EXE;Probably BACKDOOR.Trojan;;
ACSSETUP.EXE;C:\Program Files\Online Services\Aolus\COMPS\ACS;Archive contains infected objects;Moved.;

As boopme asked, can you now update Malwarebytes (in Normal Mode)?

should i try to boot in normal mode know. Has these items been deleted yet from my computer?

The log said those items have been moved, so they will be in a quarantine now.

Yes, reboot into normal mode and try to update Malwarebytes. If the update is successful, run a full system scan and post the log back here.

Not able to update. but I was able to update in safe mode. I am running a scan in the normal mode. I have tried adding malawarebytes to my trusted sites and that still did not let me update, gave me an update error. I will post just as soon as this finish running. My hi-jack this contains a launcher, what is that?Spybot says its a virus: %\WINDIR\SMINSt\launcher.exe. It didnt detect that either. Will post in a minute. Thanks for all of your help!!!!!!!!!!!

I ran a full scan but it found nothing, which I still cant get updates for a lot of things. System is still very slow, and after I log on to system and put in password get a black screen and it stays that way for about 3-4 seconds so something is not right still
Malwarebytes' Anti-Malware 1.22
Database version: 980
Windows 6.0.6000

13:04:30 7/22/2008
mbam-log-7-22-2008 (13-04-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 136154
Time elapsed: 1 hour(s), 51 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

can any one give me more suggestions. Show I log my hijack this with your deparment or not. I am in safe mode again. Because when I get in normal mode and start up screen goes black @ start up and is very slow. Any suggestions would help!!!

Yes,you must have a hiiden or protected malware.
Please follow the instructions in this tutorial for posting a HijackThis Log.
Preparation Guide for use before posting a HijackThis Log

After you have created it,post the log here HijackThis Logs and Malware Removal and NOT in this topic,thanks.

Click on New Topic and copy/paste the entire log into the reply. Give it a relevant title.
Once you have posted the log DO NOT reply to it or change it until contacted or advised to do so by the HJT Team tech.
Should you have any other questions about this ask those here.

I read the topic you directed me to and its askn me to run several programs such deckard scan and kaspery. Can I do this in safe mode ?