Autoruns Services Section filled with yellow entries

[IslandBoy77]

Hi all

A friend accidentally installed a virus on her computer when trying to update the latest Flash Player.  I helped her get the virus off, and the computer seems ok, but when I used the Sysinternals Autoruns program, the entire Services section is filled with yellow, and all the entries show as "file not found".  However, I've checked the registry entires AND the location of the files in Windows, and everything seems to be fine.  There are a few entries that Autoruns shows in the Services section that AREN'T in yellow, but when I click on the properties, Autoruns claims "file not found".  I tried deleting a few of the entries, but on reboot I got a BsOD, so had to use "last known good config".  So I don't get why Autoruns claims that all the stuff in the Services section is missing, yet the computer seems to work fine?  I run an SFC / SCANNOW - it found & fixed some problems but not all (haven't checked the log yet: I hate looking through that log!).  Chkdsk also was unremarkable.  All very weird.  Any tips on where to go from here appreciated.

Thanks
Peter

[recovering disk space, attachment deleted by admin]

[jason2074]

How Malware Hides As A Service

[IslandBoy77]

In the end it turned out that the 3 viruses that were initially found weren't all the viruses: there was a syshost.exe virus left lurking in the system32\drivers folder that I could only get out by entering the CMD via the W7 boot DVD and deleting with the DEL command - I also had to manually delete the Registry entries it left behind (there were 2).  After that, all the yellow entries were gone and everything showed up normally, and the PC operation returned to normal (including the USB ports, which I discovered along the way would allow a flash drive to connect once, then not again in any port without a reboot - that was weird).  I did some more checking with various scanners.  That's a new one for me...