Hi
Now (read carefully) If you have Spybot S&D uninstall it.
Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.
1. Download Avenger to your desktop,
Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/
Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop
2. Click to run "Avenger.exe" (right click "Run as Administrator" if using Vista)
3. In the "Input script here:" copy and paste the script between the lines
Drivers to disable:
UACd.sys
Drivers to delete:
UACd.sys
Files to delete:
C:\Autorun.inf
D:\Autorun.inf
C:\WINDOWS\system32\drivers\UACkuxgyujcut.sys
C:\WINDOWS\system32\uacinit.dll
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\UACd.sys
Here is a screenshot (script updated since shot)
Make sure the "Automatically disable any rootkits found" is NOT selected
4. Click "Execute"
You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.
Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find. C:\Avenger.txt
Then download, install, update definitions and run a Full Scan with Malwarebytes http://www.filehippo.com/download_malwarebytes_anti_malware/
Quads