Trojan worm

Hi, I am not the most computer literate person in the world, so I need help with my Laptop that is infected with some type of Trojan horse worm virus. It starts up as normal, but I cant click on any program. I tried to do the Ctrl Alt Del thing but nothing works. I'm running it on safe mode to get internet, but not all my programs work, Its been hell!! Please help me out!!! Oh and my laptop has also been very, very Hot underneath, and I don't think its dust, because it was cleaned not to long ago. Could it be the virus making it so hot???? Please help, this is my last resort!

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:48 PM, on 9/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=13110&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4963 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I downloaded this program, but it wont launch....maybe because I'm in safe mode????

Unlikely, I bet a rootkit is hiding.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

vGMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-21 13:17:29
Windows 6.0.6001 Service Pack 1
Running: cbhhrtmt.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kweyruod.sys


---- System - GMER 1.0.15 ----

Code 835B63B8 ZwEnumerateKey
Code 835D5330 ZwFlushInstructionCache
Code 835B73FD IofCallDriver
Code 835D236E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81A49FE2 5 Bytes JMP 835D2373
.text ntkrnlpa.exe!IofCallDriver 81ACBF6F 5 Bytes JMP 835B7402
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81BC230B 5 Bytes JMP 835D5334
PAGE ntkrnlpa.exe!ZwEnumerateKey 81C17BA2 5 Bytes JMP 835B63BC

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!closesocket 76AB330C 5 Bytes JMP 100129A0 \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!connect 76AB40D9 5 Bytes JMP 100127E0 \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!send 76AB659B 5 Bytes JMP 100127C0 \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [700] 0x01390000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [780] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [812] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [908] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [936] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [964] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1016] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1040] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1268] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1500] 0x10000000
Library \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1588] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\UACyeilbbrcju.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcpynivsapk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmxvicnnpwf.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcrvsyksoeq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcpynivsapk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmxvicnnpwf.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcrvsyksoeq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcpynivsapk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmxvicnnpwf.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcrvsyksoeq.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyeilbbrcju.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcpynivsapk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChtwlqpxreb.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmxvicnnpwf.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcrvsyksoeq.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Administrator\AppData\Local\Temp\UACe41f.tmp 680448 bytes executable
File C:\Windows\Temp\UACc6e9.tmp 74240 bytes executable
File C:\Windows\System32\drivers\UACyeilbbrcju.sys 50176 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\UACcpynivsapk.dll 24064 bytes executable
File C:\Windows\System32\UACcrvsyksoeq.dll 19968 bytes executable
File C:\Windows\System32\UAChtwlqpxreb.dll 74240 bytes executable
File C:\Windows\System32\uacinit.dll 6563 bytes
File C:\Windows\System32\UACmxvicnnpwf.dat 174 bytes

---- EOF - GMER 1.0.15 ----

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
UACd.sys

Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UACyeilbbrcju.sys
C:\Windows\System32\UACcpynivsapk.dll
C:\Windows\System32\UACcrvsyksoeq.dll
C:\Windows\System32\UAChtwlqpxreb.dll
C:\Windows\System32\uacinit.dll
C:\Windows\System32\UACmxvicnnpwf.dat

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
HKLM\SYSTEM\ControlSet002\Services\UACd.sys
HKLM\SYSTEM\ControlSet003\Services\UACd.sys
HKLM\SYSTEM\ControlSet004\Services\UACd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Driver "UACd.sys" deleted successfully.

Error: could not delete file "C:\WINDOWS\system32\drivers\UACyeilbbrcju.sys"
Deletion of file "C:\WINDOWS\system32\drivers\UACyeilbbrcju.sys" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\UACcpynivsapk.dll"
Deletion of file "C:\Windows\System32\UACcpynivsapk.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\UACcrvsyksoeq.dll"
Deletion of file "C:\Windows\System32\UACcrvsyksoeq.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\UAChtwlqpxreb.dll"
Deletion of file "C:\Windows\System32\UAChtwlqpxreb.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\uacinit.dll"
Deletion of file "C:\Windows\System32\uacinit.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\UACmxvicnnpwf.dat"
Deletion of file "C:\Windows\System32\UACmxvicnnpwf.dat" failed!
Status: 0xc0000156


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet002\Services\UACd.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet003\Services\UACd.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet004\Services\UACd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hello.
A tough guy eh? okay, we can play like that too.

Go to Start > Run. In the Run box, copy/paste in the following.

notepad "C:\WINDOWS\system32\drivers\UACyeilbbrcju.sys"

Hit enter.
A notepad will open with lots of unreadable characters inside - this is normal!
Highlight everything (Pressing the ctrl key + A), then hit backspace or the delete key, so this will empty the file and leave it blank.

Go to the File menu, hit save.

Now try my avenger script again.

Ok, so I was able to log on without safe mode , but on the lower right hand corner of my laptop, there's a little window that says my computer is still infected with Trojan.win32.agent.azsy. Should I be concerned?

No, just ignore the warning. The rootkit is holding us back. Once we kill the rootkit, then we can blast the rest down in one shot.