Hi theladyupstairs,
Read this:
http://searchtasks.answersthatwork.com/tasklist.php?File=DaemonManual removal:
To recognize this infestation:
Files
1a) Copies itself to the following files in the default Windows\location:
daemon.exe
Infect.drv
Infectate.reg
Muerte.drv
N.B. location: location C:\Windows or C:\Windows\System
These are the standard installation locations , depends on type and version:
C:\Windows for (Windows 95/98/Me/XP) of C:\Winnt bij (Windows NT/2000).
C:\Windows\System for Win95/98/Me & c:\Windows\System32 bij Win2000, XP en NT)
Registry
2a) Adaptation of the registry-key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
With the value:
"Daemon" = "%Windir%\daemon.exe c daemon2.exe"
2b) Adaptation of the registry-key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "0x00000000"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "0x00000001"
polonus