Posts by dlh6213

Thank you very much for the reply. I don't have my infected laptop with me at the moment, but as I mentioned in the original post, I did use CWShredder (v.1.591) a few times both in normal mode and in safe mode. So the HJT log I posted is the one scanned after I had used CWShredder (as well as AdAare and SpyBot).

Did you update CWShredder before running it?

There is more to fix, but it is beyond my capability. Can one of the experts here take a look? This is what's left that I see that may (or may not) be problems:

1800SearchAssistant installed and would not allow uninstall without going to the internet
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
C:\WINDOWS\system32\odgcsu.exe
O4 - HKLM\..\Run: [txngtklho] C:\WINDOWS\system32\odgcsu.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\topMoxie\TEMP\upromise_script0.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
One user had a file called "CONTENT.IE5" which would not entirely delete.

Sorry I couldn't be of more help.

I'm running v4.02 of XoftSpy, as was recommended ina similar thread to this one.

I've emptied my Temp & TempInternet folders; does this thing leave any rogue entries in the Registry or StartUp files?

This is all I could find:

Troj/Dloader-EP may create the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
atiupdate
"Windows system"\msshed32.exe

HKCU\Software\xjado
fr
"random value"

Post a new log when you get a chance so we can make sure you're clean.

The latest version is 1.98.2 and you can get it here:
http://www.softpedia.com/progDownload/x-Download-5034.html

You can do this now or after you update HJT:
Close all browser windows, scan with HJT, and have it fix the following entries:
C:\WINDOWS\msru.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rasjl.dll/sp.html#37049
O2 - BHO: (no name) - {21165088-A6A7-77FF-067A-CE5B83F27AC4} - C:\WINDOWS\system32\ipbd32.dll
O4 - HKLM\..\Run: [msru.exe] C:\WINDOWS\msru.exe
O13 - WWW. Prefix: http://
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...d2d77a7a5939d3e

Reboot into Safe Mode and delete the following files:
C:\WINDOWS\msru.exe
C:\WINDOWS\system32\rasjl.dll
C:\WINDOWS\system32\ipbd32.dll

Reboot normally, after you've updated HJT, close all browser windows, scan with HJT, and post a new log.

... And Hijackthis needs to be in it's own permanent folder so it can safely save backups in case something goes wrong (like c:\hjt\hijackthis.exe or C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE). Right now you have it in a Temp folder.

Is Ad-Aware SE different than Ad-Aware 6.0. I have 6.0, but I do not see all of the options to select that you indicate. I changed some of the options as you indicated and ran the scan again. I usually run both Ad-Aware and Spybot S&D weekly, but I still seem to get this message when surfing that "explorer has caused an error in osmim.dll..."

I did not find a download for Ad-Aware SE using the link you provided. Also, is Spybot S&D 1.3 a newer version than Spybot S&D. Thanks for your help.

SE is a newer version of Ad-Aware then 6.0. I couldn't find it on the CastleCops website either, but you can get it here:
http://www.lavasoftusa.com/software/adaware/

And 1.3 is the latest version of Spybot.

There is a link to a Hijackthis turorial in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
You can also do a search and find more.

I need to get some sleep so I can't do a thorough review right now. Anyone else out there that wants to, go right ahead :)

Close all windows, scan with HJT, and have it fix the following entries:

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
    -Transponder parasite variant (LOCALNRD.DLL)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    -IEPlugin variant (SYSTB.DLL)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
    -eXact Advertising (MSBE.DLL)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

Then post a new log.

...i dont know how to post a new thread sooo... another question. is it important to have this hijack log.. thing. coz i am really confused now...

To start a new thread, just go to the forum most appropriate for the question you want to ask, or for the problem you're having, and look for the rectangle button near the top that says New Thread, and click on it.

Hijackthis is not required at all, it is just a useful tool for finding problems -- and should only be used with the assistance of someone who has used it.

Xoftspy version 4.0 may be safe now (personally, I'd stick with Spybot). You can see the latest review here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
This is a good site to check before getting any anti-spyware programs.

You have a CWS infection, please download and run CWShredder from here:
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

Then close all browser windows, scan with HJT, and post a new log.

What version of Xoftspy do you have? If it's prior to 4.0 you shouldn't use it. Personally I don't know if I would even trust the 4.0 version, but you can read the review for yourself here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#xos_note
Spybot is the best alternative, and it's free.

If you empty your Temp folder you should get rid of msshed32.exe
(http://startup.iamnotageek.com/srch-msshed32.exe.html)
While your at it, you may as well empty all Temp, Temporary Internet folders for all users on the computer, and the C:\Windows\Temp folder. Empty the Recycle Bin afterwards.

Then, close all browser windows, scan with HJT, and post a new log.

What you need to do:

Get the latest version of Hijackthis (v.1.98.2)

Put it in it's own folder so it can put the backups in a safe place. Like C:\Documents and Settings\Peter\Desktop\HJT\HijackThis.exe (instead of C:\Documents and Settings\Peter\Desktop\HijackThis.exe)

Close all browser windows before scanning with HJT.

Post the new log from the updated HJT in the Viruses forum.

no, but
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} -
is back again as well.

Didn't notice that, that is odd. Coincidence?

By the way, where I said C\Temp before, I meant C\Windows\Temp.

Norton is as good as any of the other antivirus programs.

Go ahead and post a HJT log, that is the best way for us to see what you have.

MSN browser isn't one that DMR suggested (it is still Microsoft, after all). Try Firefox or Opera. In any case, you will still need IE to get your Windows Updates (can't get them with other browsers).

Winterac, you need to do a couple of things before fixing anything with HJT. First you need to get the latest version (1.98.2), and then you need to put it in a permanent folder, like c:\hjt\hijackthis.exe, so it can safely save backups (you have it in a temp folder now).

When you scan with HJT, you need to have all browser windows closed in order to it fix things properly.

Remove the contents of the Temp and Temporary Internet folders for all users on the computer.

Go to Add/Remove Programs in the Control Panel and remove WebRebates. Go to C:\Program Files and delete the Web_Rebates folder.

Close all browser windows, scan with the new HJT, and post a new log.

Question:
In one of the threads, DMR, you said: For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:
1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

1) Should I do this a lot? I already do:
Start/Control Panel/Network and Internet Connections/Internet Options/Delete Files/Delete All Ofline Content/Delete Cookies/Clear History
everytime before I shut my comp down for the night. Is that enough or should I do what you said above more often?

I do the same as you each time I log off IE, then I do as DMR suggests about once a week. I put shortcuts on my destop (all in one folder) to make it easier. In addition to that, I clean out C\Temp, use Disk Cleanup, and do a search for *.tmp and delete all those as well.

Now for the latest in log cleaning:
Have HJT fix the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

…

The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings.

This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.):
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

On a different note, HijackThis is a program that shows what's running on your system, good and bad. It can help determine where problems lie. There is more info on it in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

And... I just realized that this thread has diverted from it's original poster. Anastacia, if you (or anyone else) has …

Unfortunately, these days it seems anti-adware and anti-spyware programs are required. They used to be just irritating, but now they're getting downright harmful.

Spybot and Ad-Aware both work by comparing the files on your system to a known database of adware and/or spyware. The reason for frequent updates, as DeOnna recommended, is to keep your database up to date with all the known files. Neither of them is complete, that's why you need both. Even with both, they won't find everything, but you'll be better off then you would be without them!

SpywareBlaster is another good thing to have; it works in a different way then the other two. It takes known malware sites and adds them to the Restricted Zone of your browser, thereby keeping the nasty stuff from ever getting to your system in the first place. This also needs to be updated frequently to provide the best protection. Links to these are also in DMR's signature.

Hey Geezer, you are seriously behind on your Critical Updates (Windows Update). Getting those patches may help fix your problem. I don't think you should get SP2 though until after you've got the problem fixed.

The log looks okay to me too, but you're using an older version. You should get v.1.98.2 and post another log. When you scan with HJT, make sure all browswer windows are closed. Also, it would be better if you posted the log rather then an attachment.

One more thing, CTHELPER.EXE should be disabled:
From sysinfo, Quote:
CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it.

hi there well i do know aby Xsoftspy. i have it on my pc but it is an unregistered copy. obviously i need to pay to get it registered 1 thing which i dont wanna do. so i can only scan my pc wothout the possibility of ever removiing those nasty spies. any body have any suggestions of A FREE SPYWARE AVAILABLE ON THE NET AND WHICH IS EASILY DOWNLOADABLE!!1
ALL SUGGESTIONS ARE WELCOME :p

You don't want to remove the things Xoftspy finds anyway, some of them are legitimate files (they do that just to make it look like you have more problems then you really do, I think). It would be best to just get it off your system entirely.

I would suggest using Hijackthis on one of the offending computers and post the log in the Viruses forum. With that information we should be able to help you fix the problem and you can then go about cleaning up the others the same way. You can get the latest version of Hijackthis from here:
http://www.softpedia.com/progDownload/x-Download-5034.html

Only fix these if you do not have Java Sun:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
Hijackthis has a bug that misinterprets some 09 entries.

Check this thread, post #6, to see if it will help with your IE crashes:
http://www.daniweb.com/techtalkforums/thread10656.html

It doesn't sound like this is your problem, but you can check this and see what you think:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en

this line seems odd:
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} -
Any one else have any opinions on it?

I agree, you should probably have HJT fix that. Other then that, it looks okay to me.
Now you can turn your System Restore back on :)
This would also be a good time to review this thread to help determine if you should get SP2 or not:
http://www.daniweb.com/techtalkforums/thread10031.html
And if you haven't done so already, get SpywareBlaster, have it enable all protection (and update it frequently).

Jefferyrobert, the Security section is now called "Viruses, Spyware, and other Nasties" so post your log there.

I don't know where you looked in ebay, but they have lots:
http://search.ebay.com/windows-3-1_W0QQbsZSearchQQcatrefZC6QQfromZR10QQsacategoryZQ2d1QQsatitleZwindowsQ203Q2e1QQsbrftogZ1QQsofocusZbsQQsonewuserZ1QQsosortpropertyZ1QQsotextsearchedZ1
But caperjack's deal sounds better :)

Caperjack is correct, don't waste your money on Xoftspy, free programs such as Ad-Aware and SpyBot are better.

I still have Windows Adcontrol, I see no reason why I should delete it.

Go to this website and check the "Status Key":
http://computercops.biz/startuplist-6126.html

Well Meredith, you're getting there slowly but surely. But tell me, what are you going to do for fun once you've got this cleaned? :)

Let's see if this can finish it up; first empty your Recycle Bin, and then reboot into Safe Mode.

Go to:
C:/WINDOWS/system32 -- delete svcnhost.exe
C:/WINDOWS/Prefetch -- delete svcnhost.exe

Empty the Recycle Bin

Do another search for svcnhost.exe and winssv.exe. Hopefully you won't find them this time, but if you do, go to their location, delete them, and empty the Recycle Bin.

Post the results along with another HJT log -- and the SpyBot folder as DMR requested.

I had this problem as well shortly after they enlarged my account. It went away on it's own after several days.

Ally, if Stinger (and the other suggestions in the Helping Yourself thread) don't work and you decide to reinstall Windows, you can find complete instructions here:
http://www.daniweb.com/techtalkforums/thread6632.html
(Yes Hexonflux, another link; maybe I just think 'outside the box' :) )

I only see a couple more things to fix in your log:
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8288ee59daa1811
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50186/QDow_AS2.cab

This isn't really a problem, but you can have HJT fix this:
R3 - Default URLSearchHook is missing

Other then that, your log looks okay to me. Anyone else see anything I missed?

Don't delete Windows/System32/lsass.exe, the worm should be gone, you can scan with Panda again to make sure. Not all AV programs find everything; unfortunately PC's don't like to run with more then one AV installed, that's why the free online scans (like Panda and TrendMicro) are so useful.

If you haven't done so already, get SpywareBlaster (link in DMR's signature), update it, and have it 'enable all protection.' This may help prevent reinfections.

Wait for advice from someone else before deleting the Spybot folder you mentioned -- I'm not sure how Spybot works, but this may be where it keeps it's 'Immunize' files.

Don't turn System Restore back on just yet -- almost there though :)

It may have just been a coincidence, but I tried Incredimail once and immediately after that started having problems. (Oddly enough, that's what eventually led me to DaniWeb.) I know there are people that have used it for a long time though with no problems so I'm not going to tell you it's not safe.

I see you got the spoolsv.exe back :)

You need to empty all the Temp and Temporary Internet folders for all users on the computer.

Now for your log. Close all browser windows, scan with HJT and have it fix the following entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\Run: [svcnhost] svcnhost.exe
O4 - HKLM\..\Run: [Win32 …

You should first follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
Then post a hijackthis log (link in that thread) in the Viruses forum.

Hey LTB, you got an even newer version of HJT than I suggested! I didn't know that was out :). You've got it running from a Temp folder though, it should be in a permanent folder (like you had before) so it can safely save backups.

As you mentioned in your first post, there is a lot of stuff in the log, but most of it is supposed to be there.

The only (minor) thing I see in your log is this:
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
You can have HJT fix that; maybe someone else can spot more.

Dave is right, AVG and AdAware are both good programs and you need to have an antivirus program installed. Spybot is a good program too, hopefully it'll get easier to use once your system gets cleaned up. I don't know why all that stuff came back; hopefully Dave's way will work.

As for SP2, do not install it until after your system has been cleaned up, it will only magnify the problems. You should, however, make sure you have all the other critical updates. After your computer is clean, check this thread to help you decide whether or not to upgrade to SP2:
http://www.daniweb.com/techtalkforums/thread10031.html

Also, SpywareBlaster is another good program to have.

i think my computer may have caught some sort of virus. Everytime i have internet explorer open, the continue to get a pop-up from a search site. i'll close it and then get it again, no matter what site im at. i've used my virus check, spyware and adware checks and nothing seems to get rid of it. if a hijack this log is needed please let me know. thanks

Follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

After that, post a HJT log; that's the best way for us to see what you've got going on.

You should update Hijackthis to the latest version (1.98.2); it may find something new. There's an update feature in hijackthis, or you can get it here:
http://www.softpedia.com/progDownload/x-Download-5034.html

CTHELPER.EXE is not really needed; it's not harmful but does use some system resources. You can get more info on it here:
http://www.liutilities.com/products/wintaskspro/processlibrary/cthelper/

You can find information on many processes and recommended settings here:
http://www.blackviper.com/WinXP/servicecfg.htm
and more info here:
http://www.liutilities.com/products/wintaskspro/processlibrary/

There's a link to a Hijackthis tutorial in this thread if your interested:
http://www.daniweb.com/techtalkforums/thread5690.html

After you update HJT, close all browser windows, scan with HJT, and post a new log.

You should probably boot into Safe Mode for this. Scan with HJT and have it fix the following entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [Windows Update 2] winupd.exe
O4 - HKLM\..\Run: [Winupdate Service] winxp2.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\Run: [svcload] svcload.exe
O4 - HKLM\..\RunServices: [Win32s USB Drivers] spoolcsv.exe
O4 - HKLM\..\RunServices: [Windows Update 2] winupd.exe
O4 - HKLM\..\RunServices: [Winupdate Service] winxp2.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\RunServices: [svcload] svcload.exe
O4 - HKLM\..\RunOnce: [Win32s USB Drivers] spoolcsv.exe
O4 - HKCU\..\Run: [Win32s USB Drivers] spoolcsv.exe
O4 - HKCU\..\Run: [Windows Update 2] winupd.exe
O4 - HKCU\..\RunOnce: [Win32s USB Drivers] spoolcsv.exe

After you've done that, go to C:\WINDOWS and delete:
GWMDMpi.exe

Then go to C:\WINDOWS\System32 and delete:
spoolcsv.exe
winxp2.exe
syswin32.exe
svcload.exe
NOTEPAD.EXE
winupd.exe

On the C drive, find this and delete it as well:
c:\gmsex.exe

Reboot normally, make sure all browser windows are closed, scan with HJT and post a new log.

You should probably get Hijackthis from here:
http://www.softpedia.com/progDownload/x-Download-5034.html
and post the log in the Virus forum.

The first thing you should do, if you haven't already, is find out the make and model of the motherboard and get the drivers for it.

My problem starts one (?) step before the "page cannot be displayed". In an effort to clean up some disk space, I think I may have gone too far! Now I always get the message "Cannot find server". A few months ago I invested in DSL through my local internet provider (the only one I can get w/ out paying long distance fees -?) Everything was fine until I tried to create more memory. I have no idea what I am suppose to look for - I've tried MANY things. Obviously I am not a wiz w/ computers!! Can you help or do you need more info?
waiting (im)patiently!
Zippy

Hi Zippy, you need to start your own new thread. In addition to describing the problem as you have, please include your operating system and what you did in your effort to 'clean up disk space' and 'create more memory.'

This is most likely due to a virus or worm. Follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
(Don't leave out the trend micro link in the last post of the thread)
Find the instructions for Hijackthis (also in that thread) and post the log you get when you scan with it in the Virus forum.
Also, try scanning with Stinger (http://vil.nai.com/vil/stinger/)

These have been asked before but not answered:
Has this printer ever worked with this particular computer?
How is it connected (USB or Parallel)?

According to Microsoft, drivers for this printer are included with Window XP so it should detect it automatically or the Wizard should be able to install it.
http://support.microsoft.com/default.aspx?scid=kb;en-us;293360

Did you delete the pagefile, or actually change the swap drive in memory options? If you delete the file, it comes right back, I do believe. If you need instructions on changing the paging drive, I can find some, or Google can help.

I changed it in the Memory options.

Cleanlava, there are some threads about Halo 2 in the Geeks Lounge, have a look there.

DaveSW -- No, that link wasn't the reason for the question, but now that I've read it, it's similar to the explaination my instructor gave.

DMR -- I know this was in the wrong forum, but the spyware forum is where people were recommending the use of msconfig so I thought they would respond and explain why. Didn't work out that way though.

Catweazle -- Do any of use really have enough computing power???
Seriously though, there are some things that I only use once or twice a year that don't need to be running all the time, things like quicktime and musicmatch come to mind (I think those are the correct names), but I know there are others as well.