huwyngr,
Excellent suggestion to submit it to Symantec. Everything else is just an educated guess.
However, the entries would have to be removed from the Avira quarantine first - correct?
getridofspyware, you can submit the items to Symantec here.
<< However, the entries would have to be removed from the Avira quarantine first - correct? >>
To be honest I've never submitted anything so I don't know what one would have to do or how to do it.
In my simple-minded way I was just thinking of Searching for the file and attaching a copy to a form or email to Symantec.
The form you link to has a browse button which fits in with that concept but I've never tried browsing to the quarantine folder ...
I note the form says you can also use something called:
You may also submit the files directly from the product via Scan and Deliver. I think this assumes that you have scanned and detected the file in Norton AV which rather cuts across the fact that one wants to submit a file that NAV has not detected .....
I'll read with interest how one should go about it -- obviously I lead to pure a life <GDR>
If you suspect that the "nasties" are embeded in the restore point, I would suggest to make sure that restore point is being scanned (by default in NIS 2008 and earlier restore points are excluded).
From the Main NIS or NAV UI, click Optionis (on the left side) and select "Norton Internet Security" ("Norton AntiVirus" if you have NAV). Select "Exclusions" | "Scans" and remove "\System Volume Information" from the scan exclusions (the list on the top). Click "Apply" button.
When you done with that, do full system scan (in a safe mode as suggested).
In case something is found in and removed from the "\System Volume Information" folder, the affected restore point and all later restore points will be corrupted. If you need to use that corrupted restore point later on you may fix it by restoring removed file from the quarantine.
Please, let me know if full system scan found anything when "\System Volume Information" is not excluded from the scan.
Thanks,
Victor
My system has suffered the blue screen of death! I have f8 & f10 until I'm blue. I have several things still going on here. I will try to stay on the point as much as I can. Once I finally got system to running again before I could even get to my desktop there's a blue circle twirling around with a message "PLEASE WAIT" that stays on for awhile then I can finally access my desktop. My virus or trojan is loading then. Ok, get another message "YOU MAY BE A VICTIM OF SOFTWARE COUNTERFEITING". Really dont know what this means. Ok, %WINDIR/SMINST/launcher.exe is starting up per spybot search and destroy but cant be delete or anything. Ok, since tryng to restore system cant because there are not restore points once you try. Ok, service host is high and services are grayed out and cant be stopped or started. There is something thats called "TRUSTED INSTALLER" that has most of the privileges on my system whatever that means. I downloaded Avira and ran a scan a month ago and it identified: C:/HP/HPQWARE/BTBHOST/SETACL.exe and C:/HPBIN/KILLIT.exe as a virus but couldnt be deleted was quarantine. Since then I dont have that on my system anymore so it was deleted when restore system. Avira AntiVir Personal Report file date: Sunday, July 20, 2008 15:09 Scanning for 1165085 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Save mode Username: kkkkkkkkkkkkkkkkkkkk Computer name: KKKKKKKKKKKK-PC Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 22:08:58 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 3/21/2008 04:12:34 ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 3/25/2008 17:27:50 Engineversion : 8.1.0.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21 AESCRIPT.DLL : 8.1.0.19 229754 Bytes 4/8/2008 00:34:44 AESCN.DLL : 8.1.0.12 115060 Bytes 4/8/2008 00:34:44 AERDL.DLL : 8.1.0.19 418164 Bytes 4/8/2008 00:34:44 AEPACK.DLL : 8.1.1.0 364918 Bytes 3/18/2008 20:20:42 AEOFFICE.DLL : 8.1.0.15 192889 Bytes 4/8/2008 00:34:44 AEHEUR.DLL : 8.1.0.15 1147253 Bytes 4/8/2008 00:34:44 AEHELP.DLL : 8.1.0.11 115061 Bytes 4/8/2008 00:34:43 AEGEN.DLL : 8.1.0.15 299379 Bytes 4/8/2008 00:34:43 AEEMU.DLL : 8.1.0.5 430450 Bytes 4/8/2008 00:34:43 AECORE.DLL : 8.1.0.25 168309 Bytes 4/8/2008 18:58:32 AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Sunday, July 20, 2008 15:09 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 20 processes with 20 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '18' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\HP\BIN\KillIt.exe [DETECTION] Contains detection pattern of the application APPL/KillApp.A [NOTE] The file was moved to '48efb816.qua'! C:\HP\HPQWare\BTBHost\SetACL.exe [DETECTION] Contains detection pattern of the application APPL/ACLSet [NOTE] The file was moved to '48f7b81a.qua'! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! The device is not ready. End of the scan: Sunday, July 20, 2008 16:14 Used time: 1:05:21 min The scan has been done completely. 12642 Scanning directories 252645 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 252643 Files not concerned 1638 Archives were scanned 1 Warnings 2 Notes
getridofspyware,
Wow! Sorry to hear your problem has escalated to this point.
I'm not sure how much functionality you still have, but turn off System Restore. If you have any restore points left, I'm sure they are corrupted.
Before this BSOD, were you able to run any of the previously suggested scans such as NIS Full System Scan in Safe Mode and were you able to run Malwarebytes? If so, what were the results?
When did the BSOD start? Was it after C:/HP/HPQWARE/BTBHOST/SETACL.exe and C:/HPBIN/KILLIT.exe were deleted?
I asked this before, but it is important: Are you running an HP computer?
I hope you are able to get back to us soon; and please don't post the results of the Avira scan again - we can refer back to the original if needed.
Yes, I have a HP Pavilion Wireless Laptop. I back again in safe mode with networking again after restoring. I will try to download malawarebytes and run scan again and post here if possible. If i purchase wipe drive will that get rid of this problem and install with original disk again? This is just a suggesstion that I was told to do, not sure if I know how.
I dont believe this but, here is the malwarebytes scan. I believe this system has been comprised by something. If you can go into regular mode and the svchost is high as all out doors then something is wMalwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 6.0.6000
3:43:00 PM 8/5/2008
mbam-log-8-5-2008 (15-43-00).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 147015
Time elapsed: 17 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
rong.
I 4got too mention that once I restore system (f8 or f10) and get admin password, and then setup a second account to keep from using admin account on daily basis. I am locked out of the admin account this has happen on two occasions, so to keep from being locked out of computer I am always in safe mode w/networking and admin account.
I am not familiar with "wipe drive", but if you are contemplating reformatting Windows, additional programs would not be required as reformatting (reinstalling) your operating system will "wipe" the drive. BUT... let's not jump to that step quite yet.
I really think you have to stop "restoring" as I believe those files to be infected and every time you restore, you are propagating the malware / virus.
This is what has worked for me in the past when cleaning other people's computers:
Once you have done this, tell us what the scans found, but it not necessary to post the entire scan results. Just tell us what "nasties" were found.
Good luck.
I will download spybot. How do you turn off safe mode with windows vista. I click start and type system and then came system restore. I then click that and nothing was found about turning anything off. It states no restore points have been be created on your system. So no what? How do you report “nasties”? I am not sure on what nasties too look for?
If you meant turn off system restore, go here for a full tutorial on system restore. Go to "How to disable System Restore". And please, don't be tempted by the ads on this page for spyware removal!
By "nasties" I meant any item that the scans may determine to be malware or viruses. Just make a note of them and let us know.
When you use Spybot, it will also report "tracking cookies" - at this point, I'd get rid of them also just to be safe.
I should have mentioned to you earlier that when downloading and installing Spybot, you will be given the option for "Tea Timer / Resident". This is a protection process which will warn you of any attempts to make changes to your registry. Normally I don't run this portion of the program, but in your case it may alert you to any malware which is attempting to change your registry. If warnings come up when you restart the computer, and you don't recognize the program, you will have the option to not allow the registry change. This can help in the cleaning process.
Good Luck!
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-05 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-07-22 Includes\Adware.sbi
2008-07-15 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-07-29 Includes\DialerC.sbi
2008-07-22 Includes\HeavyDuty.sbi
2008-07-10 Includes\Hijackers.sbi
2008-07-08 Includes\HijackersC.sbi
2008-07-29 Includes\Keyloggers.sbi
2008-07-29 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-07-23 Includes\Malware.sbi
2008-07-29 Includes\MalwareC.sbi
2008-07-23 Includes\PUPS.sbi
2008-07-29 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-07-29 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-07-22 Includes\Spyware.sbi
2008-07-29 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-07-30 Includes\Trojans.sbi
2008-07-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
Located: HK_LM:Run, ccApp
command: "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: c:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 107112
MD5: D12509C433C20D2818E8C03C401A256F
Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 106496
MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376
Located: HK_LM:Run, HP Health Check Scheduler
command: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 46704
MD5: 7C1A45DA07D669AC4BB4678E53D0D1E2
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
Located: HK_LM:Run, hpWirelessAssistant
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472800
MD5: F3C9ADCBF74090552EDC76F81A553D81
Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 98304
MD5: 1C64DD02FDE078608549C62398DE2FEF
Located: HK_LM:Run, IS CfgWiz
command: "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
file: c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
size: 46728
MD5: 27EEF4C593CDC316ABC20F7BA8F882D1
Located: HK_LM:Run, osCheck
command: "c:\Program Files\Norton Internet Security\osCheck.exe"
file: c:\Program Files\Norton Internet Security\osCheck.exe
size: 22696
MD5: 9F9169BA9B0E44B6C86A5247CEC2CDEE
Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 81920
MD5: 8E899A1A7C4670CE4EC1337CBF989787
Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 159744
MD5: 20321CA0F49D143FDB4CEF926A05E10A
Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 167936
MD5: F4810C2DC4F2E92E1B5EBCA2173DBBCE
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0\bin\jusched.exe
size: 77824
MD5: 8F5E772B91A10AC97415B760FF21A94F
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: 4695807930579DF3C042FF60873E6E82
Located: HK_LM:Run, WAWifiMessage
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317152
MD5: 6006C370B18A345203D26038518F5F86
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1004136
MD5: 10B5BFBDB6717B58EEAB927CFD1CED25
Located: HK_LM:RunOnce, GrpConv
command: grpconv -o
file: grpconv -o
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, Launcher
command: %WINDIR%\SMINST\launcher.exe
file: C:\Windows\SMINST\launcher.exe
size: 44128
MD5: 50ECAA360582260ACC5E1495CC34A22E
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2159104
MD5: 736A6F5FF321AAAAB140B1100E345F04
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2159104
MD5: 736A6F5FF321AAAAB140B1100E345F04
Located: HK_CU:Run, HPAdvisor
where: S-1-5-21-3946395294-380859476-2844657239-1000...
command: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
file: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1474560
MD5: DE70EAC84BC43DC15D6E3890A38A5C37
Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
size: 40048
MD5: 54C88BFBD055621E2306534F445C0C8D
Located: Startup (common), Adobe Reader Synchronizer.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
file: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
size: 734872
MD5: 169C293CE9460A05646D17DC6AA2FB2C
Located: Startup (common), HP Connections.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
file: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
size: 34520
MD5: 3754F4C688BFD04BC886112BD6566A9B
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
PLEASE PAY CLOSE ATTENTION TO (%WINDIR%/SMINST/launcher.exe)
You may not be aware of forum etiquette, but posting in such bold font is the equivalent of shouting. I can read normal text perfectly well.
You have posted another lengthy log on this issue, but what did Spybot tell you about this entry?
Please just report in your own words any problems the scan found and what the recommended action is.
It states that not required virus, spyware or malware or hog resources. Value:Launcher, filename: launcher.exe, current filename:%\WINDIR%\SMINST\launcher.exe
By the way I have downloaded this program a million times and try to get rid of this, it aint happening.
I did not understand your last post. Which program have you downloaded a million times to try to get rid of it?
Can you search for the file %WINDIR%\SMINST\launcher.exe - then right click on it to check it's properties? It may tell you the publisher.
What type of results did you get running the NIS 2008 scan, Malwarebytes scan and Spybot scan while being disconnected from the internet?
I have dowloaded spybot search and destroy a million times but it does not get rid of this. It gives you an option to uncheck thats about all. I have uncheck this item for it not to start but that doesnt work. I did not disconnect the power from internet connection but will try that and see what I get. When I go to start and type in %WINDIR%/SMINST/launcher.exe it finds not result which I think is hidden or something. Will post back in a moment while disconnected from internet.
My mistake, you wouldn't find it in a search because its the registry entry.
I'm not convinced that %WINDIR%/SMINST/launcher.exe is the problem. Spybot does not seem to be too concerned about it according your post which said "It states that not required virus, spyware or malware or hog resources. Value:Launcher, filename: launcher.exe, current filename:%\WINDIR%\SMINST\launcher.exe " Check out This Post in the Spybot Forums.
You could go to C:\Windows\SMINST\launcher.exe and right click launcher.exe, then select properties. What does it say on the Details tab? Any chance it’s an HP entry?
Also, can you confirm that you have run all the suggested scans while disconnected from the internet? Were they clean?
I keep getting message after I have typed in all my information and scans to you: A script on this page is causing Internet Explorer to run slow? To stop press yes or no, once that is done my post is no where to be found. Can someone please help!