Ok, for the services, follow these instructions which you will be just fine.

Change these to DISABLED:
WebClient
mdm.exe
Application Layer Gateway Service
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)

Change these to MANUAL:
inetinfo.exe (IIS Admin Server Helper)
sqlservr.exe (SQL Server)


You will do the following in Autoruns:

~ Also and more importantly, yes your system was infected indeed (right-click and delete this entry):

Quote:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
+ wininet.dll File not found: dfrgsrv.exe
Afterwards, enable displaying hidden files and folder from the Tools > Folder Options > View > Show hidden files and folders.

Then click Start > Run > cmd > OK when the Command Line window appears, type (pay attention to the spaces):

del /f /s /q C:\Windows\dfrgsrv.exe


~ Another highly suspicious, possibly malware related entry (just uncheck its box, do not delete just yet):

Quote:
HKLM\System\CurrentControlSet\Services
+ SVKP SVKP driver for NT AntiCracking c:\windows\system32\svkp.sys
~ This one you will also need to delete:


Quote:
+ VClone File not found: System32\DRIVERS\VClone.sys
^ VClone.sys appears to be missing, it is not spyware not would really have anything to do with your problem but removing it would make sense as it is an invalid driver entry that could cause other problems.

The file is a part of Elaborate Bytes VirtualCloneCD program. If you still have the program installed then it is likely that it might be corrupted but I think you have either uninstalled it or never used it and the file previously for removed somehow.


Download the tools I mentioned in my last post, then reboot in safe mode to run them and also to do all of the above steps while in Safe Mode.

Then reboot your system in normal mode to see if the problem is gone or not.


~TL