Posts by DMR

I see no signs of infections in that log :)

Rusty?! Oil thyself! :D

The only obvious sign of nasties that I see in the log is:
O23 - Service: Microsoft Networks DN (msndn) - Unknown owner - C:\WINDOWS\msndn.exe (file missing)

msndn.exe is a component of one of the SDBOT variants. ewido can detect and clean the file (and it looks like it may have already), but you might need to manually disable and then delete the "Microsoft Networks DN" service.

I understand..its really tough these days not to fall prey to the online viruses, precuation is the best measure.

Yes, exactly.

Once again thanks a lot and I am sure there are many others who think the same.

The thanks are definitely appreciated; glad we could help. :)

Glad you got it fixed, regardless of the method... :)
Do you suspect that the version of "vsmon.exe" on your computer was not the valid Zone Alarm file, but the version created by one of the RBOT worms?

There are always risks involved with electronic communications, but there's obviously no way to predict whether you will have any problems with it. I personally try to keep sensitive electronic transactions to a minimum.

Good work- there are no longer any signs of the infection in your log. :)

1. Not related to the infection, but you have the Windows messaging service (which is not MSN Messenger) running. The service is non-critical, and can be exploited by malware.
*Download and run Shoot the Messenger to disable the Messenger service.
* Run another HJT scan and fix the following entry if it is still present:
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

2. Just for verification, please do the following:

* Reboot your computer into Safe Mode again.
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Search for the following files/folders and delete them if found:

D:\WINNT\system32\atmclk.exe
D:\WINNT\system32\dcomcfg.exe
D:\WINNT\system32\hp???.tmp
D:\WINNT\system32\ld????.tmp
D:\WINNT\system32\ot.ico
D:\WINNT\system32\regperf.exe
D:\WINNT\system32\simpole.tlb
D:\WINNT\system32\stdole3.tlb
D:\WINNT\system32\ts.ico
D:\WINNT\system32\1024\
(The question marks in the two files above are placeholders for what will really be random letters and/or numbers; "hp100.tmp", for example)

* Empty your Recycle Bin and reboot normally.

I take it that you would rather I attach the logs from what you said in your last reply so, thats what I'm gonna do.

I'm not sure where I gave you that impression, but no- we'd rather have logs pasted directly into the posts; they're more accessible that way.
(I edited your last post to include the logs you attached)

And finally... the infections no longer appear in your log! :)

Have HijackThis fix the following "loose ends"; other than that you look good to go:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - Disabled:AutorunsDisabled - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

Here we go, then; let's start with the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

* Download ewido Anti-Spyware (30-day trial) - http://www.ewido.net/en/download/

Install and configure ewido:

• Close all other Applications and run hte ewido installer.
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen. (It is very important to get the updates)
• Don't run a scan with ewido yet; just close the program when the updating has finished.

* Download ATF Cleaner by Atribune. Save the folder to your desktop or to another convenient location, but do not run it yet.

* Run HijackThis again, put a check mark in the boxes to the left of the following entries, and then click the "Fix checked" button. close HJT once the fixes are completed:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - D:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\byxxwtr.dll
O20 - Winlogon …

The ieframe.dll file is a component of IE7, so yes- it's IE7 that you would need to install. Note that I've read threads where people had to uninstall/reinstall Messenger as well (after uninstalling IE7) to totally resolve the problem.

Hi BTfreek- wlecome to DaniWeb :)

You've definitely got the infection, but you are also using a very old version of HijackThis. Please throw away the version you're currently using, download and run the latest version, and post the log that the new version generates.

Well this was one of those thinking out of the box problems, now wasn't it.

Yeah, it sure was. I don't know about you, but I like one of these every once in a while- keeps things lively... :mrgreen:

Me too slow as usual :D.

We were both being our usual slow selves at the same time... :mrgreen:

Do I need to do something to System Restore now?

Yes. Since your log is now clean, it might be a good idea to:

Disable System Restore

1. Log in as a user with Administrator privileges.

2. Right-click on the My Computer icon on your desktop and choose the "Properties" option.

3. In the System Properties window, click on the System Restore tab and then put a check in the box next to the "Turn off System Restore" option and hit the "OK" button.

4. Click "Yes" in the resulting confirmation box. You may experience a slight delay as your change is applied; the Properties window will close automatically when the operation is complete.

and then...

Reactivate System Restore

In the System Restore tab, uncheck the box next to the "Turn off System Restore" option, and hit the "OK" button. There will be a slight delay as Restore reactivates; the Properties window will automatically close when the operation is complete.

The above steps will clear out your Restore folders, the contents of which could include infected files.

Good work- Your latest log is clean :)
Do things seem to be running smoothly now, or are there still Gremlins lurking about?

While it's true that you did have in infection, you are also experiencing a known bug with IE7 components (ieframe.dll, specifically) which is not related to malicious infections. You need to uninstall IE7, as it is known to cause exactly the error with Messaenger that you are reporting.

Remember that IE7 and new Live Messenger are beta releases; they are not stable, and should be avoided until the official public release versions are made available.
Translation: You use beta software at your own risk!

-

An infection is still present, as indicated by this entry in your latest log:
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll

ewido should have flagged the winrge32.dll file; let's try again, this time with the correct, updated ewido instructions:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open ewido, click on the Update menu icon, and then click on the "Start Updates" button. Close ewido once the latest updates are installed.

* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the fixes complete:
O2 - BHO: (no name) - {11359F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll

* Reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site:

I get the 404 errors as well as DNS and others at random sites....The only I can remember going back to several times with the same results...this the link...
http://www.justrealmail.com/affiliate/link.php?ref=4&productid=2

Yes, that is a dead link. The problem is on the webserver, not your computer. That's probably the case with most of the sites where you encounter the error; expired or "orphaned" links are pretty common.

except Norton Antivirus won't run in safe mode. Maybe it's because its part of NIS???

Right- some verisons of Norton AV don't run in Safe Mode, but I thought it was worth a try.

Ewido ( it's not called Anti Malware anymore, it's Anti Spyware and it's not free anymore...30 day trial. Just thought I'd let you know.

Yeah, thanks- I cut-n-pasted those instructions from an outdated file. My bad.

Oh, after all this, I opened Manage Addons and ds3m32.dll was still there as a browser helper. I disabled it and after I closed and reopened IE it was gone. :)

Cool... but unfortunately, your log still shows signs of infections. That's not surprising, given the number of Nasties that ewido found on your system.

Now after going thru all that I went to this site:
http://www.imageshack.us/v_images.php

and clicked on this link:
http://img2.imageshack.us/click_trac...images_txt_lnk

That link isn't available to me, probably because I'm not a registered member of that site.

I think you did it crunchie!!

And so did you, by the looks of it; good work. :)

There is just one "loose end" in your log that we need to clean up. Run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix checked" button:
O2 - BHO: (no name) - {9F0651AC-3A49-4873-8392-B84CF465910E} - C:\WINDOWS\system32\sstts.dll (file missing)

Once the fix has completed, reboot your computer, run HiajckThis again, and post the new log.

-

there is a version of Vundo that causes hijackthis to not display the 02 and the 020 entry...

Ahhh.... I was wondering why nothing was showing in the log.
Thanks for that info, Chris!
:)

1. Open your Add/Remove Programs control panel and look for an Avast! entry. If you find Avast! listed there, hilight it, click the Change/Remove button, and uninstall the program. Once done, close the A/R P control panel and:

* Run HijackThis again, put a check in the box to the left of the following entry, and then click the "Fix checked" button:
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

* Close HijackThis and then double-click on your My Computer icon. Navigate to C:\Program Files, and delete the "Alwil Software" folder if it still exists.

2. There may be other infected files hiding in your System Volume Restore folders. Please do the following to delete the contents of those folders:

Disable System Restore

1. Log in as a user with Administrator privileges.

2. Right-click on the My Computer icon on your desktop and choose the "Properties" option.

3. In the System Properties window, click on the System Restore tab and then put a check in the box next to the "Turn off System Restore" option and hit the "OK" button.

4. Click "Yes" in the resulting confirmation box. You may experience a slight delay as your change is applied; the Properties window will close automatically when the operation is complete.

Reactivate System Restore

In the System Restore tab, uncheck the box next to the "Turn off System Restore" option, and hit the "OK" button. There will be a slight delay …

Sorry CasMax, but something in your last post corrupted this thread; I had to delete the post.

The good (?) news, though: I was able to read one thing that you posted which stood out. You said:

Under Threads, one is using about 97%:
sstts.dll!CreateProtectProc+0xae0

sstts.dll is a filename associated with the Vundo family of infections, and its presence on your computer would be a likely explanation for the abnormal CPU usage.

* Open Process Explorer again. Click on the "View" menu item, make sure that the "Show Lower pane" option is checked, and click "Dlls" under the "Lower Pane View" submenu option.

* Locate sstts.dll in the lower pane and tell us the full path to the file's location. I'd expect the location to be C:\Windows\System32, but it could live elsewhere.

Hey guys. I'm sorry about reviving a dead thread, but...

Hi ness151,

First of all- welcome to DaniWeb :)

We do ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Given that, I've moved your post into a new thread of its own, which you can find here. We'll follow up with you in that thread.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

OK- keep us posted...

* How often are you getting the 404 errors?
* Do they happen only at certain sites, or do they happen at random times on sites which usually work for you?

Keep in mind that unless you're getting consistent page errors on sites that you know should be functioning, it's likely that the problems are not with your computer but with the servers on which the web pages you are trying to reach reside.
_________________________________________________________________________________

The file you scanned is part of a known family of infections; please perform the removal procedures below:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Use Norton's Live Update feature to install the latest virus definitions for the antivirus program. Don't actually run a scan with Norton yet; just close the program once it has updated.

* Please download Ewido Anti-Malware it is a free version of the program.

1. Install Ewido Anti-Malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start …

No problem; it's a very common mistake.
Most tech support forums, including ours, have a "one member's problem per thread" posting guideline, because it just gets too confusing to follow a thread when mulitple people are trying to solve multiple problems within it.

If you can follow up on my request regarding the ds3m32.dll file, we can continue with a fix.

OK- the next steps:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Please download Ewido Anti-Malware it is a free version of the program.

1. Install Ewido Anti-Malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
6. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful")

Don't actually run a scan with ewido yet, just close it for now.

* Please download ATF Cleaner by Atribune. Save the file to your desktop or any other convenient locaiton. Again- don't run hte program yet.

* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the fixes complete:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - …

Which version is right for me, XP SP2?

This one.

What do I do with it?

The download is in .zip format. Save the download to your desktop, right-click on it, and choose "Extract all.." frome the resulting menu. Follow the file-extraction wizard's prompts to extract the actual "procexp.exe" program file.
Once you've done that, click on procexp.exe to run it.
There is a good help file available under the program's Help menu item; a full description of the program's usage isn't something I can post here.

What would I be looking for?

As with Task Manager, you are looking for a specific process with a consistently high CPU usage (disregard the "System Idle Process").

1. Please describe the exact symptoms you are experiencing in as much detail as possible.

2. I'm suspicious of the C:\WINDOWS\SYSTEM32\ds3m32.dll file listed in your HijackThis log, but I can't find any information on the file at all (one of the reasons for my suspicion). Please go to this site and submit the file for analysis.
To submit the file, click on the "Browse..." button at the top of page I linked to above; a "File Upload" window will open. In that window, browse to your C:\WINDOWS\SYSTEM32 folder, hilight the ds3m32.dll file, and then click the "OK" button.
Post the results of the filescan in your next post here.

Thanks- that did the trick. :)
Your log indicates that you still have startup entries in your Registry which reference NVidia files.

*Run HijackThis again, put a check next to the following entries, and then click the "Fix Checked" button:

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

* Close HJT once it has finished the fixes, reboot, and see if you still receive the error messages.

-

kylethedarkn-

Ping.exe is a valid process

Not when it's running from a folder named " C:\WINDOWS\system32\CROSOF~1", it isn't. :mrgreen: The entire "CROSOF~1" folder is bogus.
(Besides, the ping command normally sends only 4 ping requests and then quits; it's not a persistent process.)

I've got to log off and get some sleep right now, but from what I can see, you've dealing with PurityScan/OIN infection there.

-

The free Process Explorer utility is a much more powerful "task manager" than the Windows built-in utility; it may help you shed more light on the subject.

Post your HijackThis log here; not only will it give us an indication of whether or not infections are present, but it may also show us where the nvmctray.dll and nvcpl.dll errors are coming from.

1. Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

2. Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

3. Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

1. Open your Add/Remove Programs control panel and uninstall all programs related to "My Way", "My Search", "My WebSearch" "MyWay Search Bar", "My Bar".

2. You have a SpywareQuake infection, which requires a specific removal procedure. The most up-to-date version of the procedure is posted here; please follow the instructions in the "Automated Removal" section of the link fully and carefully.

Once you've completed the SpywareQuake removal steps, post a new HijackThis log here, along with contents of the C:\Program Files\RoguesScanFix\task.txt file (which will be created during the removal process). We will work on removing any possible "loose ends" at that point.

-

the stratup i couldnt find in the hijackthis program.

That's OK- if you deleted the "csrss" shortcut file in your Start menu before you ran HijackThis, HJT won't list the
"O4 - Startup: csrss.lnk = ?", because you had already deleted it.

1. Your HijackThis logs aren't showing as many signs of the infection as I would expect, although that could be due to the fact that the infection tries to hide itself by making modifications to your Registry.
Let's see if a few of the antivirus/antispyware programs can turn up the hidden pieces:

* Visit at least two of the following sites for an online virus scan (if the scanners find any malicious items, note their names and include that information in your next post):

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner: TrojanScan
* Visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro

* 3 actual files; the others are local shortcuts and web shortcuts.

* I really need to log off and get some sleep right now. Please do the following, and I'll come back to this tomorrow:

1. Delete the C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\csrss file

2. Run HijackThis again, put a check in the boxes to the left of the following entries, and then click the "Fix checked" button:
O4 - HKLM\..\Run: [csrss] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: csrss.lnk = ?

3. Empty your Recycle Bin and reboot.

4. Run HijackThis again and post the new log.

-

Hi ajinkya0124, welcome to DaniWeb :)

To begin with, please do the following:

Download the (free) HijackThis utility. Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Hi- sorry for the delayed response.

I don't see any obvious nasties in your log, but the log's header info indicates that you are using a fairly outdated version (1.99.0) of HijackThis. Please download the latest version (1.99.1) and post the log generated by a scan with that version.

Hi carminae7,

Thanks for starting your own thread on this and submitting the HJT log; the log does show a couple of signs of the "Chod" MSN worm.

The worm uses random file and folder names, so I'd like to see if we can find out exactly where it lives before we start the removal process. Please do the following:

1:
* Click on your "Start" button and navigate to the Programs->Startup->csrss file.
* Right-click on the csrss.lnk file and then click the Properties option in the resulting drop-down menu.
* In the Properties window that opens, click on the "Shortcut" tab.
* Give us the full and exact path listed in the "Target:" box.

2:
* Double-click on your My Computer icon to open Windows Explorer. In the Folder Options->View settings under Explorer's Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Click on the "Search" button.
* In the "All or part of the file name" box, type csrss
* In the "Look in" drop-down menu, select your "C:" drive.
* Click on "More Advanced Options.
* In the "Type of file" menu, select "All files and folders".
* Put checkmarks in the Search System, Hidden, and Subfolders options.
* Click the Search button; wait for the search to finish.
* Post the full names of the files found, …

Thanks for understanding- any progress on the problem?

Hello, yodro,

Please keep in mind that we are all volunteers here, and that we do have our own "real life" schedules and commitments which we need to attend to before dedicating any of our free time to this site.
Also keep in mind that a wait of 12 hours or more is not at all uncommon on any free tech support site, and that "bumping" your thread after only 1 or 2 hours is, quite honestly, considered to be a bit rude.

That said, your Internet access problem is most likely not a question of the compatibility of one modem over the other, but of the correct configuration of the new device. First of all- is your Sparkcom model one that has Ethernet ports in addition to a USB port, and does your computer have an Ethernet port on it? If so, it is often more reliable to connect the modem/router and computer via Ethernet instead of USB. If connected by Ethernet you would need no special drivers to access the Sparkcom's setup utility and configure it with the correct username/password/etc. authentication settings required by your ISP.

As for why the USB driver CD doesn't work, I have no idea. Can you even browse the contents of the CD, or does it seem to be totally unreadable by your system?

Nevermind then with that HJT log.

Yeah, it's (thankfully) not a malicious thing. :)

There probably aren't ATI files in that driver package; X10 isn't an ATI technology. ATI is just one of the video card companies that use the x10 remote control technology with some of their multimedia products.

Single 512MB memory modules didn't exist when mobos of that vintage were released. :eek:

I would stick (no pun intended) with what the manual specifies. Win 2K will actually run pretty well on the machine if you populate it with two 256MB modules.

The message is perfectly normal- it is indicating that the files in question have metadata stored in Alternate Data Streams (ADS). The NTFS filesystem supports ADS, but they will be lost/stripped when transferred to media formatted with another filesystem (the files themselves will remain intact, however).

This needs to be in the python forum.

Moving thread now...

Welcome to DaniWeb :)

I'm moving this post into our Viruses, Spyware and other Nasties forum so that you can some "expert eyeballs" on your problem.
In the mean time though, I notice that you are running an outdated version (1.99.0) of HijackThis.
Please download the latest version of HijackThis (1.99.1), run a scan with it, and post the new log.
When you download the new version, please be sure to do the following:

Create a new, separate folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder before running the program. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

You're welcome.

It really sounds like you've either knocked something loose or plugged something in incorrectly. Open the case again and very carefully reseat all connectors, memory modules, and peripheral cards.

Right-click on My Computer. Go to Properties->Advanced->Performance->Settings->Advanced->Virtual Memory->Change

I have purchased a genuine copy of Windows and would like to install it again as I think that this may rectify any problems that I'm currently having

Yes, and there are other obvious good reasons for installing a legit version of Windows, aside from it perhaps rectifying the problems.

I have tries installing Windows in Safe Mode but it won't let me.

You don't install/reinstall Windows from within Safe Mode; you boot directly from the installation CD and perform the install from there.
Insert the CD and restart your computer; the computer should either boot right from the CD or ask you if you want to boot from the CD (the answer is obviously "yes"). If it does not, you need to enter the BIOS setup utility, locate the boot device order configuration menu, and make sure that the CD drive is listed before the hard drive.