Hello, I have been trying to remove this by myself, Mainly because it stops all clicking action, So I couldn’t get any =Z I’ve done a bit

I found it was a process called ntndis.exe I looked for it in hijackthis and found it, I fixed it but it hasn’t solved it. On startup, I couldn’t get to the desktop because it froze, I managed to fix that through hijackthis, but I can get on now but anywhere I click doesn’t do anything unless in safe mode 80% of the time. I turned off system restore

This is my hijackthis log and Picture of SuperAntiSpyware scan.

I’m gonna do a scan on avast at some point. It did find something once but I couldn’t see the message, but I couldn’t click. But I don’t know

Hi…

You might want to try the following if you have a legal copy of your operating system or a restore partition on your hard drive…

http://support.microsoft.com/kb/315265

http://support.microsoft.com/kb/187941

The latter link is an explanation of the different options or “switches” that are available using chkdsk.

Let us know if this helps.

May God Bless you!

Will this work in safe mode?

While not being well versed in the interpretation of HJT logs, a couple of things seem odd to me.

1. you are running it from the desktop. It should be normally run from the program files, where it should have been installed.
2. The 04 item WIN32APIH.exe has no Googel reference, is similar in name to a valid Ms file (win32api.exe) and is thus suspicious.

I don’t know about the checkdisk routines suggested above, even having skimmed through the KB articles linked.

What I would do is schedule a boot scan with Avast. If that fails to address the issue, look to run some rootkit scans.
Trend Micro make a free download called rootkit buster, Sophos have an anti rootkit tool, have a look here http://andymanchesta.com/ for a choice of scanners.
SAS is highly regarded, so is MBAM. I’d try it. I think you can update it and run it in safe mode, with networking. Don’t know if it can be installed in safe.

Hi…

Possibly, I’m not sure since I’ve never tried it in safe mode.

Best Regards…

One problem I have though.

I have no internet access so I can’t download anything.

And the 04 thing… Should I fix in HJT?

When I tried to chest some trojan called

PWstealer-u, The chest said it could not connect to some server…

And… I can’t open task manager because ‘Administrator has disabled it’ Probably by the virus >.<

And I can no longer run normally, it freezes

Here’s an updated HJT log

Also, Chkdsk in cmd doesn’t work

And what is sas? Sophos?

i would say SAS is Super Anti Spyware
and MBAM is MalwareBytes Anti Malware

yours
onlysomeone

Ok, thanks someone >.< I have sas, I think I stil have MBAM, I’ll run a scan with it

and sophos doesn’t work in safe mode =Z

Here’s the MBAM results

Should I delete them or what?

The first one shown is disabletaskmgr or something. But that’s why it’s gone

i know how to restore the task manager, but I don’t know where the HKEY path is

Hi…

Do you get any kind of error message? ???

Also, here are a couple of specific anti-rootkit tools that may be of help…

F-Secure’s Blacklight…

http://www.f-secure.com/security_center/

(scroll down to “downloads.”)

Trend Micro Rootkit-Buster…

http://www.trendmicro.com/download/rbuster.asp

If none of these utilities are able to help and if chkdsk is unable to work, I think you may be looking at a reinstall.

EDIT: Yes, delete them and rescan upon reboot.

Best Regards…

I think I was doing that wrong >.< I kept putting in chkdsk volume:/f which did nothing.

chkdsk works though

Hi…

Ok, just type in exactly —> chkdsk /r

You can copy and paste this into the run box.

I’d be happy to build you a computer… you would need to cover labor, parts and shipping.

Best Regards…

Hi...

Ok, just type in exactly —> chkdsk /r

You can copy and paste this into the run box.

I’ll do that

I'd be happy to build you a computer... you would need to cover labor, parts and shipping. ;)

Best Regards…

Or You can be really nice =P I’m too young to buy anything

blacklight in safe mode, doesn’t work
Trend Micro, Tcomm is installed but doesn’t work, so that’s out

Hi…

Let us know the results.

I think your hardware is fine, it’s just the OS that needs repaired or reinstalled.

Ok, how about Trend Micro’s Rootkit-Buster?

Best Regards…

Sorry, was waiting for a reply, But I only just saw the second page ;D

I don’t think Trend Micro works, Tcomm service doesn’t work >.^?!?!

Hi…

Not a problem.

Ok, we’ll see if MalwareBytes will delete it. We have to get rid of the infection first before running chkdsk, otherwise it will do no good.

Best Regards…

ok ardvark, thanks. It better go :-\ Or I gotta wipe it

Tried this one? Good reputation for removal. Occasional FP’s I’ve seen reported in the past. http://www.freedrweb.com/cureit/