Pepsi1, thanks for the help but I'm going to wait for instructions from Bobbye.
Bobbye, do you want me to try what Pepsi1 suggested?
I sent to VirSCAN.org and you can't do a copy paste there, or even type in your files, only a browse. Just mentioning that because if it's not just me that is getting that result you might want to edit your cut/paste instructions to reflect that.
This is the scan for system32/userinit.ext
VirSCAN.org Scanned Report :
Scanned time : 2010/02/11 13:50:11 (PST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report :
http://virscan.org/report/659b60da7f1a1cc9310b1e0be69d6c06.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100212010812 2010-02-12 4.25 -
AhnLab V3 2010.02.12.00 2010.02.12 2010-02-12 1.00 -
AntiVir 8.2.1.160 7.10.4.41 2010-02-11 0.22 -
Antiy 2.0.18 20100211.3837291 2010-02-11 0.12 -
Arcavir 2009 201002101845 2010-02-10 0.03 -
Authentium 5.1.1 201002112035 2010-02-11 1.25 -
AVAST! 4.7.4 100211-0 2010-02-11 0.01 -
AVG 8.5.720 271.1.1/2660 2010-02-01 0.22 -
BitDefender 7.81008.5035082 7.30333 2010-02-12 5.08 -
ClamAV 0.95.3 10380 2010-02-11 0.01 -
Comodo 3.13.579 3409 2010-02-11 0.89 -
CP Secure 1.3.0.5 2010.02.11 2010-02-11 0.04 -
Dr.Web 5.0.1.12222 2010.02.12 2010-02-12 5.33 -
F-Prot 4.4.4.56 20100211 2010-02-11 1.25 -
F-Secure 7.02.73807 2010.02.11.11 2010-02-11 9.67 -
Fortinet 11.485- 11.485 2010-02-11 0.24 -
GData 19.10448/19.744 20100211 2010-02-11 5.93 -
ViRobot 20100211 2010.02.11 2010-02-11 0.41 -
Ikarus T3.1.01.80 2010.02.11.75166 2010-02-11 4.46 -
JiangMin 13.0.900 2010.02.08 2010-02-08 4.67 -
Kaspersky 5.5.10 2010.02.11 2010-02-11 0.11 -
KingSoft 2009.2.5.15 2010.2.11.7 2010-02-11 0.54 -
McAfee 5.3.00 5889 2010-02-11 3.50 -
Microsoft 1.5406 2010.02.11 2010-02-11 6.46 -
Norman 6.01.09 6.01.00 2010-02-10 6.00 -
Panda 9.05.01 2010.02.09 2010-02-09 1.80 -
Trend Micro 9.120-1004 6.842.04 2010-02-11 0.03 -
Quick Heal 10.00 2010.02.11 2010-02-11 1.33 -
Rising 20.0 22.34.01.03 2010-02-09 0.99 -
Sophos 3.04.1 4.50 2010-02-12 3.18 -
Sunbelt 3.9.2398.2 5671 2010-02-11 2.61 -
Symantec 1.3.0.24 20100211.002 2010-02-11 0.05 -
nProtect 20100212.01 7200620 2010-02-12 4.39 -
The Hacker 6.5.1.1 v00189 2010-02-11 0.38 -
VBA32 3.12.12.2 20100210.2233 2010-02-10 2.66 -
VirusBuster 4.5.11.10 10.119.51/2011380 2010-02-11 2.37 -
Other 2 scans to follow in another message.