Virus help please

tranmererovers

aliEnRIK wrote: »

Goto START and type out 'services' in the box

It should appear in a list above for you to select

Thanks, I can see it in the list but the only option I can find is to Start it which fails???

aliEnRIK

Sounds like the operating system might be partially broken

rerun combofix

Maybe I missed something

aliEnRIK

Try going the longer way too -
http://www.askvg.com/windows-7-services-that-can-be-safely-set-to-manual/

tranmererovers

aliEnRIK wrote: »

Sounds like the operating system might be partially broken

rerun combofix

Maybe I missed something

Ok thanks - will do. As I said in my first post it does think that windows is not genuine (although it it) and has a little message to that effect in the bottom right hand corner.

aliEnRIK wrote: »

Try going the longer way too -
http://www.askvg.com/windows-7-services-that-can-be-safely-set-to-manual/

Nope that's the same window as I got before with only the option to Start - the others are greyed out but there is no disable option??

aliEnRIK

I must have missed the original post about it not being genuine

Chances are youll be unable to run it properly soon

tranmererovers

tranmererovers wrote: »

Also some of the windows files seem to have been corrupted and it now thinks that the windows is not genuine and needs reinstalling. Any advice on how to proceed here also.

Message on startup saying windows is not genuine but a google seems to suggest it's not entirely true....

tranmererovers wrote: »

Have done a bit of googling and found this article? Any thoughts from you experts??

tranmererovers

Had a look on my laptop and there is only stop and start available on the services on here unless I am completely missing something

tranmererovers

Here is the combofix log...

ComboFix 11-03-22.09 - Eleanor 23/03/2011 15:56:36.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1918.1136 [GMT 0:00]
Running from: c:\users\Eleanor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 16:04 . 2011-03-23 16:04

---

d

---

w- c:\users\Default\AppData\Local\temp
2011-03-23 10:51 . 2011-03-23 16:04

---

d

---

w- c:\users\Eleanor\AppData\Local\temp
2011-03-23 08:16 . 2011-03-23 08:16

---

d

---

w- c:\program files\CCleaner
2011-03-22 21:56 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-22 21:56 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-22 21:56 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-22 21:56 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-22 21:56 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-22 21:56 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-22 21:55 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-22 21:55 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-22 21:55 . 2011-03-22 21:55

---

d

---

w- c:\programdata\AVAST Software
2011-03-22 21:55 . 2011-03-22 21:55

---

d

---

w- c:\program files\AVAST Software
2011-03-22 20:01 . 2011-03-22 20:01

---

d

---

w- c:\windows\system32\SPReview
2011-03-22 20:00 . 2011-03-22 20:01

---

d

---

w- C:\7245fdf55d97eb095d51f5
2011-03-22 19:57 . 2010-11-20 12:29 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-22 19:56 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-22 19:56 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-22 19:56 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-22 19:56 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-22 19:55 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-22 19:55 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-22 19:55 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-22 19:52 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-22 19:52 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-22 19:20 . 2011-03-22 19:21

---

d

---

w- c:\windows\system32\EventProviders
2011-03-22 18:21 . 2011-02-23 10:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21F0855F-8E4E-44CF-99F9-D657A60F7627}\mpengine.dll
2011-03-22 18:09 . 2011-03-22 18:09

---

d

---

w- c:\program files\Common Files\Java
2011-03-22 18:08 . 2011-02-02 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-22 18:06 . 2011-03-22 18:06 388096 ----a-r- c:\users\Eleanor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-22 18:06 . 2011-03-22 18:06

---

d

---

w- c:\program files\Trend Micro
2011-03-22 18:06 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-22 18:06 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-22 18:06 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-22 18:06 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-22 16:29 . 2011-03-22 16:29

---

d

---

w- c:\users\Eleanor\AppData\Roaming\Malwarebytes
2011-03-22 16:28 . 2011-03-22 16:28

---

d

---

w- c:\programdata\Malwarebytes
2011-03-22 16:28 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 16:28 . 2011-03-22 16:29

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2011-03-22 16:28 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 20:05 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-01-07 07:45 . 2011-02-09 17:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-09 19:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 17:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55 . 2011-02-09 18:03 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-09 18:03 2330624 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Eleanor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-12 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-11-03 680616]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
"Lexmark S300-S400 Series Fax Server"="c:\program files\Lexmark S300-S400 Series\fm3032.exe" [2010-01-18 316072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-14 193192]
R2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-27 594600]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-01-07 598696]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1066902532-3039705812-4222597690-1000Core.job
- c:\users\Eleanor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 23:06]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1066902532-3039705812-4222597690-1000UA.job
- c:\users\Eleanor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 23:06]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.

---

LOCKED REGISTRY KEYS

---

.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-23 16:07:46
ComboFix-quarantined-files.txt 2011-03-23 16:07
ComboFix2.txt 2011-03-23 10:54
.
Pre-Run: 119,861,309,440 bytes free
Post-Run: 119,811,481,600 bytes free
.
- - End Of File - - C4F79E280430BD6BB403F033ACCE0348

aliEnRIK

Open the PROGRAM FILES folder and remove the SMILEY folder

You never answered a question way back
Is there anything in here - C:\7245fdf55d97eb095d51f5

tranmererovers

aliEnRIK wrote: »

Open the PROGRAM FILES folder and remove the SMILEY folder

Will do

You never answered a question way back
Is there anything in here - C:\7245fdf55d97eb095d51f5

No it's empty (I did answer though - post 22 )