Inactive [InActive] Run a DLL as an APP problem

well ****, after restarting the computer and logging in my account, i keep getting this message
"to help protect your computer, windows has closed this program : userinit logon application "

and then a second message that says userinit a problem and needs to be closed.


and then the message goes away and then it doesnt do anything, just my desktop image with nothing else.

im starting to panic =[

 

Restart once again.
If you get the same behavior, press Ctrl+Alt+Del to open the Task Manager and see if explorer.exe is running.
If not, click File>New Task then type explorer and hit Enter.
If that does not produce any results, click File>New Task>Browse
Navigate via the Browse dialog to your desktop, locate the CFSCript.txt and see if you can drag it to and drop it on ComboFix.exe (all within the Browse dialog).

 

alright, that was successful, yay!

here's the log for the combofix-

ComboFix 08-09-27.06 - User 2008-09-30 0:48:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-62823691
C:\Documents and Settings\All Users\hash.dat
C:\Documents and Settings\LocalService\Application Data\twain_32
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds
C:\gmrv.exe
C:\nhfjlb.exe
C:\vxqh.exe
C:\WINDOWS\@@desktop.dat
C:\WINDOWS\@desktop@.dat
C:\WINDOWS\system32\can.sdr
C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys
C:\WINDOWS\system32\ffcty.sp
C:\WINDOWS\system32\io.e18
C:\WINDOWS\system32\mnax.help
C:\WINDOWS\system32\OLD3.tmp
C:\WINDOWS\system32\OLD8.tmp
C:\WINDOWS\system32\onmac.frv
C:\WINDOWS\system32\twain_32
C:\WINDOWS\system32\twain_32\local.ds
C:\WINDOWS\system32\twain_32\user.ds
C:\WINDOWS\system32\twext.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_REMNDKRDN
-------\Service_3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9
-------\Service_remndkrdn


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-30 00:51 . 2008-04-13 20:12 65,536 --a------ C:\WINDOWS\system32\OLDC.tmp
2008-09-30 00:50 . 2008-04-13 20:12 65,536 --a------ C:\WINDOWS\system32\OLDA.tmp
2008-09-30 00:00 . 2008-04-13 20:12 33,792 --a------ C:\WINDOWS\system32\userinit.exe
2008-09-28 23:21 . 2008-09-28 23:21 <DIR> d-------- C:\rsit
2008-09-28 23:21 . 2008-09-28 23:22 <DIR> d-------- C:\Program Files\trend micro
2008-09-28 22:25 . 2008-09-28 22:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 22:25 . 2008-09-28 22:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-28 22:25 . 2008-09-28 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 22:25 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 22:25 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 22:17 . 2008-09-27 22:17 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll.old
2008-09-27 22:17 . 2008-04-13 20:12 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-16 23:35 . 2008-09-16 23:35 <DIR> d-------- C:\WINDOWS\BBSTORE
2008-09-16 23:35 . 2008-09-16 23:35 <DIR> d-------- C:\Program Files\The Learning Company
2008-09-16 23:34 . 2008-09-16 23:34 0 --a------ C:\WINDOWS\SETUP32.INI
2008-09-06 22:24 . 2008-09-06 22:24 0 --a------ C:\WINDOWS\PCFriend.INI
2008-09-06 22:22 . 1996-10-15 14:40 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-09-06 22:21 . 2008-09-07 13:25 <DIR> d-------- C:\Program Files\PCFriendly
2008-09-06 16:20 . 2008-09-06 16:20 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 16:20 . 2008-09-07 14:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-09-06 16:05 . 2008-09-06 16:05 <DIR> d-------- C:\Documents and Settings\User\Application Data\Anonymizer
2008-09-06 16:04 . 2008-09-06 16:04 <DIR> d-------- C:\Program Files\Anonymizer
2008-09-06 16:04 . 2008-09-06 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-09-06 15:50 . 2008-09-06 16:04 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
2008-09-06 11:22 . 2008-09-06 11:25 <DIR> d-------- C:\Program Files\Sophos
2008-09-05 12:20 . 2008-09-05 12:20 <DIR> d-------- C:\savinstall
2008-09-03 23:02 . 2008-09-03 23:02 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-09-03 23:02 . 2008-09-28 19:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\U3
2008-08-31 21:14 . 2008-08-31 21:14 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\CiscoCAA
2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Program Files\Cisco Systems
2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\CiscoCAA
2008-08-28 19:36 . 2008-08-28 19:36 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-28 19:36 . 2008-08-28 19:36 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-28 19:36 . 2008-08-28 19:36 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 19:36 . 2008-08-28 19:36 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-28 19:33 . 2008-08-28 19:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-28 19:24 . 2008-08-28 19:24 <DIR> d-------- C:\WINDOWS\EHome
2008-08-28 19:16 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-28 19:15 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-14 22:33 . 2008-09-28 00:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\gtk-2.0
2008-08-14 22:33 . 2008-08-14 22:33 <DIR> d-------- C:\Documents and Settings\User\.thumbnails
2008-08-14 00:08 . 2008-09-27 22:09 <DIR> d-------- C:\Documents and Settings\User\.gimp-2.4
2008-08-14 00:07 . 2008-09-27 22:30 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-12 22:11 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 19:50 . 2008-08-12 19:50 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.bmp
2008-08-12 19:50 . 2008-08-12 19:50 2,545 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
2008-08-12 19:40 . 2008-08-12 20:00 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.bmp
2008-08-12 19:40 . 2008-08-12 20:01 2,656 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2008-08-12 19:37 . 2008-08-12 19:37 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.bmp
2008-08-12 19:37 . 2008-08-12 19:37 2,218 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
2008-08-12 19:25 . 2008-08-12 19:25 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-08-12 19:25 . 2008-08-12 19:25 17,871 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-08-09 23:37 . 2008-08-09 23:37 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2008-08-05 16:35 . 2008-09-22 00:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-05 16:35 . 2008-08-05 16:35 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 18:42 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-09-29 03:00 --------- d-----w C:\Program Files\Viewpoint
2008-09-29 03:00 --------- d-----w C:\Program Files\Three Rings Design
2008-09-29 03:00 --------- d-----w C:\Documents and Settings\User\Application Data\Viewpoint
2008-09-29 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-29 02:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-22 20:34 --------- d-----w C:\Documents and Settings\User\Application Data\yoclient
2008-09-20 03:31 --------- d-----w C:\Program Files\mIRC
2008-09-06 18:45 --------- d-----w C:\Program Files\Google
2008-08-31 12:21 --------- d-----w C:\Program Files\Amazon
2008-08-31 12:21 --------- d-----w C:\Documents and Settings\User\Application Data\Amazon
2008-08-10 03:52 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 03:52 --------- d-----w C:\Program Files\Windows Live
2008-08-10 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-06 04:57 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-08-04 22:42 --------- d-----w C:\Program Files\Java
2007-04-12 01:54 8 --sh--r C:\WINDOWS\system32\9F8D75C525.sys
2008-01-18 01:03 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 1041408 87afccea473b904d02e39aed51075ebe C:\WINDOWS\explorer.exe
2007-06-13 07:26 1040896 3c0608125c98df502fc4a3fff5719158 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1040896 826a71868cdcc9f22e600414659fa14d C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 01:00 1039872 777fe645b920bddd7a13eba45664a980 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1041408 dc5da6bd48cc843e60584e7041bb49da C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 20:12 1041408 795b813992caf2d612acbc8a0f216b14 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 01:00 23040 06c7801fd4aafad90fa86636e12020f3 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 20:12 23040 0e2ea8666bfbab1f71dee444e2eb3f86 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 20:12 23040 9cfa5b065d435037228900c71908a3ce C:\WINDOWS\system32\ctfmon.exe
2008-04-13 20:12 23040 e011b9735000858886ad1a6550507884 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 01:00 32256 8ecf95a0cf39ade919845bbdb477af93 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 33792 1e6def4fc0d4a7c0b13c15daf3247584 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 33792 1e6def4fc0d4a7c0b13c15daf3247584 C:\WINDOWS\system32\userinit.exe
2008-04-13 20:12 33792 1e6def4fc0d4a7c0b13c15daf3247584 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-09-29_14.25.17.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 174,592 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2004-08-04 05:00:00 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2004-08-04 05:00:00 217,144 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
- 2003-05-06 00:30:22 65,536 ------w C:\WINDOWS\system32\Brmfrmps.exe
+ 2003-05-06 00:30:22 73,728 ------w C:\WINDOWS\system32\Brmfrmps.exe
- 2008-04-14 00:12:14 389,120 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2008-04-14 00:12:14 396,800 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2008-04-14 00:12:14 396,800 ----a-w C:\WINDOWS\system32\cmd.exe.tmp
- 2008-09-29 18:20:03 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-30 04:52:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-29 18:20:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-30 04:52:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-29 18:20:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 04:52:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-07 09:07:23 143,360 ------w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-04-14 00:12:36 57,856 ----a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2008-04-14 00:12:20 27,136 ----a-w C:\WINDOWS\system32\findstr.exe
+ 2008-04-14 00:12:20 34,816 ----a-w C:\WINDOWS\system32\findstr.exe
+ 2008-04-14 00:12:20 34,816 ----a-w C:\WINDOWS\system32\findstr.exe.tmp
- 2008-04-14 00:12:21 267,776 ----a-w C:\WINDOWS\system32\fxssvc.exe
+ 2008-04-14 00:12:21 275,456 ----a-w C:\WINDOWS\system32\fxssvc.exe
+ 2008-04-14 00:12:21 275,456 ----a-w C:\WINDOWS\system32\fxssvc.exe.tmp
- 2008-04-14 00:12:22 150,528 ----a-w C:\WINDOWS\system32\imapi.exe
+ 2008-04-14 00:12:22 158,208 ----a-w C:\WINDOWS\system32\imapi.exe
+ 2008-04-14 00:12:22 158,208 ----a-w C:\WINDOWS\system32\imapi.exe.tmp
- 2004-08-04 05:00:00 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
+ 2004-08-04 05:00:00 74,680 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
- 2004-08-04 05:00:00 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
+ 2004-08-04 05:00:00 462,848 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
- 2008-04-14 00:12:22 55,808 ----a-w C:\WINDOWS\system32\ipconfig.exe
+ 2008-04-14 00:12:22 63,488 ----a-w C:\WINDOWS\system32\ipconfig.exe
+ 2008-04-14 00:12:22 63,488 ----a-w C:\WINDOWS\system32\ipconfig.exe.tmp
- 2006-11-03 00:40:12 174,656 ----a-w C:\WINDOWS\system32\PSIService.exe
+ 2006-11-03 00:40:12 182,848 ----a-w C:\WINDOWS\system32\PSIService.exe
- 2008-04-14 00:12:36 24,576 ----a-w C:\WINDOWS\system32\sort.exe
+ 2008-04-14 00:12:36 32,256 ----a-w C:\WINDOWS\system32\sort.exe
+ 2008-04-14 00:12:36 32,256 ----a-w C:\WINDOWS\system32\sort.exe.tmp
- 2008-09-28 02:17:13 578,560 ----a-w C:\WINDOWS\system32\user32.DLL
+ 2008-04-14 00:12:08 578,560 ----a-w C:\WINDOWS\system32\user32.dll
- 2005-05-13 12:57:00 53,248 ----a-w C:\WINDOWS\system32\VTTimer.exe
+ 2005-05-13 12:57:00 61,440 ----a-w C:\WINDOWS\system32\VTTimer.exe
- 2005-05-13 12:57:00 143,360 ----a-w C:\WINDOWS\system32\VTTrayp.exe
+ 2005-05-13 12:57:00 151,552 ----a-w C:\WINDOWS\system32\VTTrayp.exe
- 2008-04-14 00:12:41 13,824 ----a-w C:\WINDOWS\system32\wscntfy.exe
+ 2008-04-14 00:12:41 21,504 ----a-w C:\WINDOWS\system32\wscntfy.exe
- 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 163,840 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-09-30 04:52:38 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23040]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1702912]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 217144]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 74680]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 462848]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 462848]
"AspireService "= "C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 122880]
"MediaSync "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 434176]
"eRecoveryService "= "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 405504]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 163840]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 65585]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 49152]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 57344]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 860160]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 294912]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3747840]
"SoundMan "= "SOUNDMAN.EXE" [2005-09-21 C:\WINDOWS\soundman.exe]
"VTTimer "= "VTTimer.exe" [2005-05-13 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp "= "VTtrayp.exe" [2005-05-13 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 2064458]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-12-02 122880]
Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\mIRC\\mirc.exe "=
"C:\\Program Files\\Soulseek\\slsk.exe "=
"C:\\Program Files\\Azureus\\Azureus.exe "=
"C:\\Program Files\\Trillian\\trillian.exe "=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe "=
"C:\\Program Files\\Last.fm\\LastFM.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\AIM6\\aim6.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Documents and Settings\\User\\Desktop\\Open Canvas.exe "=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe "=
"C:\\Program Files\\Last.fm\\unins000.exe "=
"C:\\WINDOWS\\system32\\services.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21642:TCP "= 21642:TCP:utorrent
"21642:UDP "= 21642:UDP:utorrent
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2006-07-10 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7afb773-79bf-11dd-bd76-000fea43c793}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - INT15.SYS
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 00:53:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-30 0:58:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 04:58:08
ComboFix2.txt 2008-09-29 18:26:23
ComboFix3.txt 2008-09-29 03:14:51

Pre-Run: 31,934,164,992 bytes free
Post-Run: 31,798,960,128 bytes free

293 --- E O F --- 2008-09-12 03:08:01

 

oh, and the fresh hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:35 AM, on 9/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

I suspect a file infector onboard and feel we might be fighting a losing battle. Lets check.

Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on Folder under the green Scan bar to the left.
• Browse to and select the C:\Windows folder to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

Post the Kaspersky log here.

 

Just so you know, what I'm looking at is the snapshot section of the CF log. See how the exe files are removed (marked with a minus sign) at one size, and added back (marked with a plus sign) with a larger size?

- 2004-08-04 05:00:00 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2004-08-04 05:00:00 217,144 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
- 2003-05-06 00:30:22 65,536 ------w C:\WINDOWS\system32\Brmfrmps.exe
+ 2003-05-06 00:30:22 73,728 ------w C:\WINDOWS\system32\Brmfrmps.exe
- 2008-04-14 00:12:14 389,120 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2008-04-14 00:12:14 396,800 ----a-w C:\WINDOWS\system32\cmd.exe

That suggests there is a file infector injecting code into them. If it continues to spread, it will attempt to inject code into every exe on your hard drive. If you saved any exe files to an external source as backup, I suggest you scan them prior to using them, or just play it safe and delete them.

 

everything i saved on my external hard drive was done a long time before this happened, so it's safe.

(and forget what i said about this scan taking hours, it just stayed forever on one percent and now is at 70% so its almost done)

Yikes! it's found 114 (and counting!) infected objects so far! at 80%

 

i stopped the scan at 81%, it showed over 200 infected objects...

here's the log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 30, 2008 06:22:05
Records in database: 1275817
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 48141
Threat name: 1
Infected objects: 214
Suspicious objects: 0
Duration of the scan: 00:51:37


File name / Threat name / Threats count
C:\Acer\Empowering Technology\eRecovery\catply.exe Infected: Virus.Win32.Virut.br 1
C:\Acer\Empowering Technology\eRecovery\eRecovery.exe Infected: Virus.Win32.Virut.br 1
C:\Acer\Empowering Technology\eRecovery\MBRwrWin.exe Infected: Virus.Win32.Virut.br 1
C:\Acer\Empowering Technology\eRecovery\Monitor.exe Infected: Virus.Win32.Virut.br 1
C:\Acer\Empowering Technology\eRecovery\OSCDIMG.EXE Infected: Virus.Win32.Virut.br 1
C:\Brother\BrDriver\MfcXP\BRQIKMON.EXE Infected: Virus.Win32.Virut.br 1
C:\Brother\BrDriver\MfcXP\brss01a.exe Infected: Virus.Win32.Virut.br 1
C:\Brother\BrDriver\MfcXP\brsvc01a.exe Infected: Virus.Win32.Virut.br 1
C:\Brother\BrDriver\MfcXP\bsplmf01.exe Infected: Virus.Win32.Virut.br 1
C:\Brother\BrNetScn\NetScn32.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Application Data\U3\temp\cleanup.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Desktop\converting stuff\lame\lame.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Desktop\HijackThis.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Desktop\Open Canvas.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Local Settings\Application Data\Last.fm\Client\Updaterd.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Local Settings\Application Data\Last.fm\Client\UpTemp.exe Infected: Virus.Win32.Virut.br 1
C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\ScanningProcess.exe Infected: Virus.Win32.Virut.br 1
C:\dotnetfx\DELTEMP.EXE Infected: Virus.Win32.Virut.br 1
C:\dotnetfx\REBOOTST.EXE Infected: Virus.Win32.Virut.br 1
C:\drv\LAN1\gSetXP.exe Infected: Virus.Win32.Virut.br 1
C:\drv\Modem0\agrsmdel.exe Infected: Virus.Win32.Virut.br 1
C:\drv\Modem0\setup.exe Infected: Virus.Win32.Virut.br 1
C:\drv\Modem1\sm56hlpr.exe Infected: Virus.Win32.Virut.br 1
C:\drv\Modem1\sm56unst.exe Infected: Virus.Win32.Virut.br 1
C:\drv\VGA0\s3minset.exe Infected: Virus.Win32.Virut.br 1
C:\drv\VGA0\VTTimer.exe Infected: Virus.Win32.Virut.br 1
C:\drv\VGA0\VTTrayP.exe Infected: Virus.Win32.Virut.br 1
C:\drv\VGA2\nvudisp.exe Infected: Virus.Win32.Virut.br 1
C:\i386\EXPAND.EXE Infected: Virus.Win32.Virut.br 1
C:\i386\NTSD.EXE Infected: Virus.Win32.Virut.br 1
C:\i386\SYSPARSE.EXE Infected: Virus.Win32.Virut.br 1
C:\i386\WINNT32.EXE Infected: Virus.Win32.Virut.br 1
C:\Program Files\7-Zip\7z.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\7-Zip\7zFM.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\7-Zip\7zG.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eConsole\eConsole.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eConsole\MediaSync.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eConsole\sc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eConsole\UpdateRadioList2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eConsole\videoi.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eConsole\xCreateDB.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\Acer eMode Management.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\Aspire Option.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\AspireMsg.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\AspireService.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\BurnDataAudio.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\MCBLaunch.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Acer\Acer eMode Management\SlideVideo\BurnSlideVideo.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Adobe Bridge\Bridge.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\AOD\AolAod.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Audible\Bin\Upgrade.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\AvRack\rtlrack.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\AddrBook.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\address.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\Brinstck.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\Brolink\Brolink0.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\BrPcapd9.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\BrScUtil.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\brtwsw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\BrWiEvRg.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\BR_collect.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\BR_DRV_LOG_OFF.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\PCfxDial.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\PCfxSet.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\Brmfl04a\rms2csv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\ControlCenter2\BrCCStoFix.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Brother\ControlCenter2\brctrcen.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\AOL\uninstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService(2).exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\WebUpdate\Iftw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\InstallShield\WebUpdate\WebUpdate.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\zipper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\zipper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\zipper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\zipper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\launcher.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\zipper.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\ProxyConfig.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\Uninstall.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Common Files\ScanSoft Shared\vizprint.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Creative Zen Vision M\Auto Tag Cleaner\CTCleanU.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Creative Zen Vision M\Auto Tag Cleaner\CTRegSvu.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Creative Zen Vision M\Manual\CTPdfErr.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Creative Zen Vision M\Manual\CTPdflnk.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Creative Zen Vision M\Video Converter\CtConvU.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\DiskManager\ctpdemgr.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Media Toolbox\CTMedTBu.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Media Toolbox\CTRegSvu.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Media Toolbox\CTTagCu.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Media Toolbox\CTTagu.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Product Registration\English\InetReg.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Shared Files\CTRegSvr.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Shared Files\OpaQManU.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Shared Files\VFSvrU.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Creative\Support\System Information\CTSI.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\CLDMA.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\cltest.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\ddtester.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRStateCheck.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\DivX\DivX\config.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\DivX\DivX\DivX EKG.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Google\Google Talk\googletalk.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\illiminable\oggcodecs\OOOggCommentDump.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\illiminable\oggcodecs\OOOggDump.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\illiminable\oggcodecs\OOOggStat.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\illiminable\oggcodecs\OOOggValidate.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Illustrate\dBpoweramp\CDGrab.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Illustrate\dBpoweramp\GetPopupInfo.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Illustrate\dBpoweramp\MusicConverter.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InstallShield Installation Information\{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}\ORSetup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InterActual\InterActual Player\inuninst.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\InterActual\InterActual Player\iPlayer.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\iedw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Internet Explorer\iexplore.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\IrfanView\iv_uninstall.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\IrfanView\i_view32.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\IrfanView\Plugins\Slideshow.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\java.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\javacpl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\keytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\kinit.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\klist.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\ktab.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\orbd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\pack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\policytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\rmid.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\rmiregistry.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\servertool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\tnameserv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_09\bin\unpack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\java.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\javacpl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\javaws.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\keytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\kinit.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\klist.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\ktab.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\orbd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\pack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\policytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\rmid.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\rmiregistry.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\servertool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\tnameserv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_10\bin\unpack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\java.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\javacpl.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\javaws.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\keytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\kinit.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\klist.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\ktab.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\orbd.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\pack200.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\policytool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\rmid.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\rmiregistry.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\servertool.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\tnameserv.exe Infected: Virus.Win32.Virut.br 1
C:\Program Files\Java\jre1.5.0_11\bin\unpack200.exe Infected: Virus.Win32.Virut.br 1

The scan was stopped by the user.

 

Give this virut removal tool a try.

http://www.avg.com/virus-removal.ndi-67762

Be prepared to do a factory restore if it fails.

 

what would i have to do to get it back to factory settings? i dont have the operating system disc, so would i just have to send it back to the store i originally bought it from?

i have a feeling that this is what i want to do anyways at this point...

 

If it didn't come with an operating system disk, it likely has a recovery partition. Generally the recovery partition is accessed via an F? key at system startup. Refer to the documentation that came with it for specifics, or check the manufacturers website for your make and model.

 

ok, sorry it took so long to reply to this. i ended up not being able to log on my computer after i rebooted after the virus removing thing. i tried logging on my friends computer to write about it, but for some reason it wouldn't let me stay logged on (she has a mac, if that explains anything?). I sent my computer to get reformated. and now it's back again, and things are running fine.

thanks for the help!

 

Thanks for the update.