Solved Help me remove Security Suite please.

My laptop is infected with this virus, I have tried the solution from How to remove AV Security Suite (Uninstall Guide) but it wouldn't let me open Internet Explorer even in "Safe Mode with Networking".
I also tried this tool(Remove AV Security Suite: AV SecuritySuite removal tool & guide) downloaded on to a flash drive but the flash drive got blocked as well.
It's getting late and will look into it tomorrow, Thanks in advance for any advice and suggestions.

awww nuts, brummyfan

Download and Run RKill
Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
Link 1
Link 2
Link 3
Link 4

• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply

Now download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

Note: this will only work with 32Bit version of Windows

Hi Jacee, Thanks for the quick response. I'm unable to use Internet Explorer at all, do I down load using another PC and run those in safe mode.
I have to uncheck "Use a proxy server for your LAN" to use the Internet and down load the Links you provided.
I'm unable to do step3 of these instructions:How to remove AV Security Suite (Uninstall Guide)
I'm going to follow your instructions down loading those links in my desktop and see whether I'm able to run in Safe mode.

EDIT:
I have tried burning RKill and Combofix but this virus blocks everything, USB ports,DVD drive and unable to do anything as it reboots continuously.

Have you disconnected from your modem? You don't want to be on the net at all.

Flush your DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

If you can get into the registry, here is a list of files to delete, then you should be able to run the above tools.

Associated AV Security Suite Windows Registry Information:
Let me know what you are able to do.

Also take a look at this link http://www.vistax64.com/system-security/282260-av-security-suite-trojan.html

Hi Jacee,
I'm currently scanning with F-Secure Rescue CD and has found 8 items of infected Avira/Antivirus Desktop in ProgramData.
ProgramData/VistaCodecs/{9C3B6A53-...........}
AppData/Local/Temp/ewnmcoxrsa.exe: Infected: Gen:Variant
AppData/Local/Temp/ooflgt.exe:Infected: Gen: Variant
AppData/Roaming/Mikufo/alyf.exe: Infected: Gen: Variant
Windows/System32/drivers/hmanh.sys: Infected: Gen: Variant.Bubnix
I'll flush the DNS and try other instructions you have posted as soon as the scanning finishes(27% to go).
I don't know how effective this F-Secure Rescue will be but out of desperation I'm willing to try anything, I've also disconnected the Internet cable.
Thanks for the help and much appreciated.

Windows/System32/drivers/hmanh.sys: Infected: Gen: Variant.Bubnix

Click to expand...

Signs of a rootkit :eek:

Phew...that was close, I'm glad to say that I have taken control of my laptop:D. I ran Malwarebytes and it found one item "Rouge Security Reg Key HKey_Current_user\Software\wnx..., I have also flushed DNS with your script and feeling much relieved to say the least.
I'm ever so thankful to you Jacee for your help and excellent guidance.

Can you give me the log that Combofix provided? Small details are important

Hi Jacee,
ComboFix log attached.

1. Close any open browsers. Disconnect from the Internet

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\vignes\AppData\Local\saqxsqepo
c:\users\vignes\AppData\Roaming\Mikufo
c:\users\vignes\AppData\Roaming\Ibqat
c:\windows\system32\drivers\hmanh.sys.virus

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Click to expand...

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Next thing I'd like you to do is .....

Open notepad and copy and paste next bold in it:

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch should look after you created it: It will look a bit different in Vista.

Rightclick on look.bat and choose to run as administrator. Please post the log that's produced.

These are the logs,Thanks.

Please download Rootkit Unhooker and save it on your desktop.

• Disable your security programs
• Double click RKUnhookerLE.exe to run it
• Click the Report tab, then click Scan
• Check Drivers, Stealth Code, Files, and Code Hooks
• Uncheck the rest, then click OK
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
• Wait till the scanner has finished then go File > Save Report
• Save the report somewhere you can find it. Click Close
• Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it:

Please include the following in your next post:

• Rootkit Unhooker log

Hi Jacee,
Here's the report:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C600000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8224C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8224C000 PnpManager 3903488 bytes
0x8224C000 RAW 3903488 bytes
0x8224C000 WMIxWDM 3903488 bytes
0x8D20F000 C:\Windows\system32\drivers\RTKVHDA.sys 3108864 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x93A20000 Win32k 2109440 bytes
0x93A20000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88403000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8327D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D095000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88202000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAFA09000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D802000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8DCA0000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CCBD000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8CD68000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CE06000 C:\Windows\system32\DRIVERS\bcmwl6.sys 548864 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8320C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x83008000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8060E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAC40E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAC57E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x83123000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D96D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x83087000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80697000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8CF8D000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8833B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D558000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8D198000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x833B3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAC506000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88513000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8CF00000 C:\Windows\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8D04F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82219000 ACPI_HAL 208896 bytes
0x82219000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807B8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D9BA000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CF5E000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8318F000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8D506000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83388000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D00E000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8DD60000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8DC0B000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0x8857F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x830DE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAC557000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D533000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D5BE000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 151552 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x88399000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x885BC000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAC4C6000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D8E6000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAC4E7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x831D4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAC47B000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x882EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DC6B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8CE9C000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAC498000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8CF44000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAC53F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DC86000 C:\Windows\system32\drivers\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)
0x8D1D4000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CFD9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAC5E1000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D595000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D939000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAC4B1000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x883DF000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88554000 C:\Windows\system32\DRIVERS\snapman.sys 86016 bytes (Acronis, Acronis Snapshot API)
0x883CB000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D959000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8CEB6000 C:\Windows\system32\DRIVERS\ESM7SK.sys 77824 bytes (ENE Technology Inc., ENE PCI SmartMedia / XD Card Reader Driver)
0x8CED8000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8DD94000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D5AB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88388000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x885AB000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xAC5D0000 C:\Windows\system32\drivers\int15.sys 69632 bytes
0x8D084000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8CE8C000 C:\Windows\system32\DRIVERS\EMS7SK.sys 65536 bytes (ENE Technology Inc., ENE PCI Memory Stick Card Reader Driver)
0x807EA000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8DD50000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x831BC000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x833EE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88323000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8DC5C000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88570000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x83105000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x883BC000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x88379000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83114000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x93C60000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D9EC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D922000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83174000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x83079000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8DC32000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D8B6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D042000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xAFAF1000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D8DA000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CD5C000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DC3F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CEC9000 C:\Windows\system32\DRIVERS\ESD7SK.sys 45056 bytes (ENE Technology Inc., ENE PCI Secure Digital / MMC Card Reader Driver)
0x8CEF5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CF39000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D917000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CFF0000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CFCE000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8830F000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CDF5000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8D94F000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0x83185000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8CEEB000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8DC52000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D038000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DD8A000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D5E3000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAFAE7000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8DDA7000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x885DD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D8C3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAFB05000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8D930000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x93C40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8831A000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88332000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x830CD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x831CC000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8068F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8DC4A000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x830D6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D907000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D90F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8854C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAFAFD000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D8D3000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8316D000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80607000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D8CC000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88569000 C:\Windows\system32\DRIVERS\pssnap.sys 28672 bytes (Macrium Software, Backup image protection)
0x8D9FA000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8D9B5000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0x885A6000 C:\Windows\system32\drivers\hotcore3.sys 20480 bytes (Paragon Software Group, A part of Paragon System Utilities)
0x8CED4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAC5CC000 C:\Windows\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0x8D5ED000 C:\Program Files\Launch Manager\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)
0xAC5F7000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8DC9D000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0x83182000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CF5C000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8CFFB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8CF37000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x009B0000 Hidden Image-->eLock.Serv.Library.dll [ EPROCESS 0x86E4F598 ] PID: 2348, 110592 bytes
0x00B30000 Hidden Image-->esettings.model.computer.dll [ EPROCESS 0x87430C70 ] PID: 3092, 126976 bytes
0x00E90000 Hidden Image-->log4net.dll [ EPROCESS 0x86E4F598 ] PID: 2348, 258048 bytes
0x00A70000 Hidden Image-->log4net.dll [ EPROCESS 0x87430C70 ] PID: 3092, 282624 bytes
0x009A0000 Hidden Image-->eLock.Serv.Interface.dll [ EPROCESS 0x86E4F598 ] PID: 2348, 28672 bytes
0x00A50000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x8765E310 ] PID: 3052, 28672 bytes
0x00A60000 Hidden Image-->IERYETF.dll [ EPROCESS 0x8765E310 ] PID: 3052, 28672 bytes
0x00AF0000 Hidden Image-->eNetServiceInterface.dll [ EPROCESS 0x86DDED90 ] PID: 2556, 45056 bytes
0x00950000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0x86F43CD8 ] PID: 2700, 45056 bytes
0x009B0000 Hidden Image-->esettings.model.computerinterfaces.dll [ EPROCESS 0x87430C70 ] PID: 3092, 45056 bytes
0x00920000 Hidden Image-->WMIInterface.dll [ EPROCESS 0x86FBF5C8 ] PID: 3156, 45056 bytes
0x01770000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86DDED90 ] PID: 2556, 507904 bytes
0x03DE0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86F43CD8 ] PID: 2700, 507904 bytes
0x04300000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86FBF5C8 ] PID: 3156, 507904 bytes
0x00960000 Hidden Image-->eLock.Serv.Main.dll [ EPROCESS 0x86E4F598 ] PID: 2348, 69632 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x822F47AA-->822F47B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x824DD90A-->8DC20BA0 [aswSP.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x8247D905-->8DC209C4 [aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x823B7DF0-->8DC20AFE [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8247C063-->8DC1DF6C [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8242328F-->8DC1C5B4 [aswSP.SYS]

I don't know where to look for "Rootkit Unhooker log" you mentioned in your post, could you please let me know where to get it to post here. Thanks.

You just posted the 'report log' :D

Go into safe mode and delete these folders (unless you know for sure what they are)....
c:\users\vignes\AppData\Local\saqxsqepo
c:\users\vignes\AppData\Roaming\Mikufo
c:\users\vignes\AppData\Roaming\Ibqat

upload this one c:\users\vignes\AppData\Roaming\8DC07CB44E4C699E594654F5A8D8590A to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!
Save the results and post them back here.

Also, in your startups (msconfig)... do you have a clue as to what this is?
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\捁牥吠畯⁲敒業摮牥]

I've deleted those 3 folders in safemode, unable to upload c:\users\vignes\AppData\Roaming\8DC07CB44E4C699E594654F5A8D8590A
as it says it's empty.
The Chinese characters were there since I bought this Acer laptop which was made in China and the translation is "Jiao you shen fang bark ao fang industry".

Delete this ...c:\users\vignes\AppData\Roaming\8DC07CB44E4C699E594654F5A8D8590A
But!! leave it in the recycle bin for a couple of days to see if it affects anything. If it doesn't then go ahead and empty the recycle bin.

Thanks for clarifying the Chinese msconfig item.

Deleted the file, Thanks again for all your help.

You're welcome! :D