Hi. I need some suggestions, because I'm running out of ideas. I'm cleaning an infected laptop. The laptop has Vista Home Premium SP1. The infection took place after a crack was executed. VirusTotal showed only 5/33 detections, and mainly "Packed.Themida". I executed it sandboxed on my laptop. It created "stsystra.exe" and executed it. This is a copy of the original executable (same MD5), wich took the name of a legit exe on my system. Reboot and Returnil took charge. But on the infected computer, it took the name of "apoint.exe" (another legit executable). After each reboot another service was disabled: -No access to hosts file -No internet connection -No windows firewall -No windows defender -AV can't run I could run CureIt, but it found nothing (it also scanned VERY slow). SAS no success installing, BSOD MBAM: installs, but hangs when it gets to the heuristic scan Kaspersky AVP tool: succesful install, unable to execute Tried VundoFix, WinsockFix and others--> explorer.exe hangs. HJT log looks clean, and hijackthis.de's automated analysis also shows nothing wrong. The USB stick I was using to transfer files to my laptop, now has a "nideitect.com" file in it, which is launched by an autorun.inf This file shows the same 5/33 dtections from VirusTotal. (EDIT: this file has the same MD5 than the original crack) So, I'm posting here asking for ideas. If I can't get rid of it, in exactly 20 hours the computer will be reformated. EDIT2: I scanned the USB stick with SAS, it DOESN'T detect it... Nick, I can send you the sample. Haven't tried with MBAM yet.