MeRK .... Is the work machine on a network ? If it is, can you isolate it from the network if necessary?

Please d/l ..... Stinger v3.4.9 from ..... http://vil.nai.com/vil/stinger/
I would suggest downloading it from a machine that is free of viruses and save it onto either a floppy disk or a cd.

Then from your work machine, d/l Spybot ........ http://www.spybot.info/en/
Once it is installed, get the latest updates........ Don't run it yet.

Now using the floppy disk or the cd (the one you d/l on a non infected machine) run it on your work machine and delete anything it finds (record what it found)

Next, run Spybot on your work machine and fix anything it finds (again record what was found)


Now then on to the hijack logfile..........

O2 - BHO: NoPhishing - {D3B071BE-7C15-43f6-8348-01EFC6092591} - C:\Progra~1\SoftRun\NoPhishing\NoPhishing.dll ...... Do you know if this is something that has been installed for sometime or is it something new ?

---------------------------------------------------------------------------------------------

016 ENTRIES....... Do you recognize these entries and know them to be ok ?
---------------------------------------------------------------------------------------------

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

This one looks nasty ...... and should be marked for removal using highjackthis.
npkcsvc.exe - npkcsvc - Process Information
Process File: npkcsvc.exe or npkcsvc
Process Name: Trojan-Downloader.Win32.Agent

Description:
npkcsvc.exe is a process which is registered as the Trojan-Downloader.Win32.Agent Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Sorry to be a little unsure re the removals, but most of the info I get is in Korean and when I translate it into english some of the meaning is lost in transltion.

Let us know the RESULTS of above.

DL65




will do thanks.And remove your internet cabledl65,

Whatever you do keep kool, please, . . .

I have a, (isass.exe), listed under processes in Task Manager.

Excepting it is spelled lsass.exe, does this mean I am infected ?

JpJp ... .lsass is the correct legit file. The other is not. Looks like you should be OK.

If you are having problems start your own new topic in this forum. Please do not piggy back on this thread.

***************

MeRK ... DAFT usually fixes file associations. No PROMISES but try it and report back.

Get it here ....

http://www.techsupportforum.com/sectools/Deckard/daft.exe

Download DAFT and save it to your desktop:

1. Double-click the daft.exe icon. Read the disclaimer and click OK.
2. Click on the Scan button.
3. Save a logfile. By default, it will save as daft.txt.

Post the resulting log here. If everything is in order again it should display the "all associations OK message".

Let us know what happens.

By the way if this is a work computer why isn't your IT manager fixing your problems? He's paid to do it. We're not.


OJOJ,

Thanks,

No this is not a work computer, . .But, . . .

Has CH tried excepting donations ? You'd probably be surprised at how thankful some people can be, . . I'm strapped for the time being, however,
I'd still shell-out waht I could, to know your ambitions and dreams wouldn't fade away in misery.

Yep, I'll tale a look at what you said and get back to you, . . .

JP
MeRK ........ I assumed you had tried this......
You can restore individual associations pretty easily from the Open With dialog box. To get there in Windows XP, right-click a file of the associated type and select Properties, click the Change button across from 'Opens with', and then, if necessary, choose Select the program from a list.

If you haven't tried this give it a try.
If that fails to help you, give the link "oddjob" supplied a go, his advice is usually sound. Please follow his instructions to the letter.

dl65
MeRK .... following on your PM to me, yes, you may have a file association problem that DAFT will fix. If not there's no problem running DAFT. If your file associations are all OK then DAFT won't cause problems.

All my own file associations are fine and I have run DAFT a couple of times without problems.

I still suggest you run DAFT on your machine and let us know what happens.

I am in touch with the program's developer and he is always interested in feedback, good or bad, as this is a fairly new program. Feedback helps him improve the program.


OJ

PS... thanks for the vote of confidence, dl65 To answer the first question of why my IT guy is not handling this.... there isn't one. I work for a lame *censored* computer illiterate %$#@%#$ boss who is a penny [emailprotected]#$##@[emailprotected]## who has no idea how anything works..he doesn't even have firewalls up, but thats besides the point. I currently work in South Korea and it seems like most smaller COMPANIES here just think viruses are a normal thing and not worry about it too much. Secondly.. I would love to try the daft thing or anything else that was posted from you guys (Much much much thanks by the way) but my co worker.. has just reformated everything, without telling me.... I Love where I work.. I swear if I wasn't making decent money..I would go back to the states right now. So much thanks guys. Now that I know this formum exsist, I will be back more often to learn more and maybe help where I can. Again much thanks.Quote from: MeRK on May 21, 2007, 04:43:29 PM

I will be back more often