I am having the worst luck with computers at the minute, i have formatted and reinstalled XP over 15 times in the last month due to different problems.

First it wouldn't install anything, and had a limited page file memory error when i created the user accounts. Then i tried over 5 formats but still nothing, then i put 98 on for a few weeks, ok but soon yearned for XP again as its much quicker when it works. Then a couple of times XP just refused to install. Again back to 98 for 2-3 weeks, but it was excrutiatingly slow. XP on again 4-5 times, various problems. Yesterday i format again, install XP (all goes well), create users (fine), and restart a few times, all is perfect, never been faster UNTIL.

I install BT Broadband and hook up to the internet, i contract the Sasser worm, upload 811 worm, upload 17100 worm, wrksvr worm, and several others, including that stupid NT authority shutdown ****e. Of course i can't update windows as im getting error messages saying explorer has to close etc, which upsets the clock settings. Now when i boot XP, its seems ok until i try and run anything, the process runs in the background *you can see them listed in control panel* (eg. Btbroadband.exe) but nothing is displayed, then suddenly i get an error message saying explorer has to close. Ok, explorer loads again and now i can run programs fine! Its weird.

What i do is i install AVG, Adaware, Spybot S&D, and Kerio and battle my way through to the Windows update, get all security updates, install and restart. Scan everything, found so many worms, took most off (the Sasser wouldnt move, so i used cyberscrub) and they seem to be all gone, but im still getting the error message on startup. I keep running S&D and its finding these files:
Double click - 1 entry
Avenue A, inc - 1 entry
DSO exlploit - 5 entries I remove them, but each boot up they're still there!

Please help, ill attach an example of the error message.

This XP seems to be more trouble than any other OS!

Pics are too big.

Ok sorry it was my firewall, im a bit worked up here, can hardly breathe

Hi,

Have you tried this removal tool to get rid of Sasser ? http://securityresponse.symantec.com...oval.tool.html

You are in need to a firewall. Turn on the XP one now - Right-click your dial-up connection go to properties and set it to protect your connection. Also maybe think about Kerio Personal Firewall or similar free firewall - www.kerio.com

David, he mentioned that he has Kerio already .

DazzaP, please post a HijackThis log to the forum.

Launch HijackThis, then press Scan, and press Save Log.

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Open that file.
Go to Edit | Select all
Now click Edit | copy to copy it.

Do not change anything just yet.
Come back to the forum, Right Click and paste its contents here.

Logfile of HijackThis v1.97.7
Scan saved at 00:07:51, on 05/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\TBPanel.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Illustrate\dBpowerAMP\Amp.exe
C:\PROGRAM FILES\ILLUSTRATE\DBPOWERAMP\editor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\Hijack This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btbroadbandstart.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\sjbfhkn.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...140.6280555556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/co...20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAE446F0-3ABC-44D7-B283-462C221E9E73}: NameServer = 194.74.65.69 194.72.9.34


Ive got a copy of Linspire now too (non Microsoft) so if this cant be resolved (which i doubt) ill install it instead

Ive already downloaded the MS removal tool, and it was completely useless, all it did was tell me i had it (which i knew) and tell me it couldnt be removed as it was in use, so i had to cyberscrub it. My guess is it created enough damage on its way out to warrant a full format AGAIN (over 15 times in 2-3months )

Ive also notcied that the second i connect to the net, my firewall tells me that theres an incoming request for printer/file sharing, you think that this is how they are accessing my files? Ive blocked them to be safe.

O.K. Before you go online:

1. On the Desktop, right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. Check Turn off System Restore.
5. Click Apply, and then click OK.
6. Restart the computer.

All data, including your virus, will be purged from the restore folder.

7. Run your antivirus once more.

AVG should then be able to clean up. Go to Windows Update and scan then download ALL of the critical updates. This is the reason you were infected in the first place. Post back with results as there is more to do.

Originally Posted by Nirvana

David, he mentioned that he has Kerio already .

Ooops! I have been on the PC far too long recently!

Cheers Nirvana