Corrupt XP? Crashing Hardware? Other?

respun

On Saturday, I replaced my wireless mouse batteries and also made an online purchase using a credit card. Innocuous. Since then, a confluence of bad things: 1) AOL spyware has popped up two dozen times to tell me that "Command Services" has been detected and blocked (I have shut off this popup); 2) my computer began randomly shutting itself down and will not restart except in "Last Known Good Configuration"; 3) the system will not let me create a restore point; 4) on restart, I get a Microsoft message that I have recovered from a serious error -- one error report indicated driver issue and a later one say the error report was corrupted; 5) today, I got an AOL spyware scan message saying that my hard disk was too full (5.6 GB free out of a total of 35.8 GB); 6) I tried to run Windows disk error checking tool but it would not work.

My computer is under extended hardware warranty (IBM). When I called IBM, they said that my Windows XP had been corrupted and to reinstall XP (and lose all installed programs and saved data). They said that none of the symtoms suggested a hardware problem since my system is "working," albeit with lots of deficiencies. Any help that you can offer would be very much appreciated. If you agree that I need to reinstall Windows, is there a preferred method (less time consuming) for saving my installed programs, photos, documents, and AOL email filing cabinet? Sorry to be such a novice. :sad2: Respun

mtrox

1. I am 99.9% sure your data is safe. There are ways to get it off.
2. IBM doesn't want to take you through all the steps to fix your problem....and they don't care about your data. I'd go to the SVT forum, read the stickies and post a HiJackThis log and see what they can see.
3. If you can't fix your problems there, come back here and several of us will tell you how to connect your hard drive to another computer so you can copy off all the data you care about.

Thrax

For your data:
http://icrontic.com/articles/easy_data_recovery

If that doesn't work:
http://icrontic.com/articles/advanced_data_recovery

respun

mtrox wrote:

1. I am 99.9% sure your data is safe. There are ways to get it off.
2. IBM doesn't want to take you through all the steps to fix your problem....and they don't care about your data. I'd go to the SVT forum, read the stickies and post a HiJackThis log and see what they can see.
3. If you can't fix your problems there, come back here and several of us will tell you how to connect your hard drive to another computer so you can copy off all the data you care about.

Wow! Fast reply. Many thanks. I will follow your instructions and try not to panic (very tempting to panic...). Respun

respun

Dear Thrax -- This is embarrassing to type because it reveals my ignorance. My computer is working at this moment. So my dumb question goes like this: can I backup/download all my documents and photos to cd's or other media (instead of opening my case and trying to remove the hard drive -- I have a NetVista 42 small form and everything is VERY tight and squished inside the box)? If I can try to do these backups, what is the quickest way? Write to CD? Buy and copy onto portable flash drive? Something else. Needless to say, I have never backed up anything. Sigh. Respun

Thrax

Yes, you can back it up to flash drives or CDs and whatnot. Fastest is a large flash drive, but there's limited storage space.

I would follow Mtrox's advice to hit up our SVT forum; something is amiss.

respun

Thanks again. I'm working my way through the sticky messages and instructions on your SVT forum. Deep breath. Respun

trisha

Did you get this resolved? I have been having the same exact problem. What error message are you getting on BSoD? Mine was the 7E. However, keeping fingers crossed, I think mine has been resolved. I emphasize "Think"!! It's only been one day and so far I can start and shut down without problems. I tried many different things, but after talking to AOL live chat and having been given directions for removing their old spyware removal program and reinstalling their new one, no problems! But, like I said, I ran SpyBot, AdAware, a registry cleaner, so who knows what, if anything fixed it. But I'm betting it was an AOL problem. I will let you know if shutdown tonight and start up tomorrow are problem free! Also, I can email you the directions that the tech gave me for removal of their old spyware product.

respun

To Trisha: I reposted as recommended in the Virus Removal forum and have not had a reply. I can see via Google search on "Command Services" that others are also having this problem. After four days of my dilemma (alst the while removing programs and old documents in the event of a full on crash), I did a Quick Restore of my AOL software. My computer restarted normally. I am keeping my fingers crossed like you. But I am also hoping for the opinions of the pros in this forum! I have not tried to restart again since the one successful logon. Too nervous about what may happen. Thanks for chiming in.

trisha

Ok! Good luck! I've had another successful shutdown and restart. AOL has new Mcafee security and it conflicts with their old spyware program. They told me it conflicts with their new one. Wish I had known that before I spent hours trying to figure out what was wrong and before I thought to contact AOL.

respun

I just had to restart following an uninstall and update of Java. I could not restart except in Last Known Good Configuration. Ouch!! Help!!

Any advice about how to reconfigure AOL or other issues would be most welcome. I don't know about BSoD. Here's my latest HijackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 8:27:26 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\PELMICED.EXE
C:\Program Files\Common Files\AOL\1109028282\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1109028282\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP
Scheduler.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed
Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
sas.we1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
*.attbb.net
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32
\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109028282
\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare
Live\winssnotify.exe"
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [RF Receiver Daemon] RAKSPOSD.EXE /ShowIcon
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32
\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {0B23D603-24E2-43E5-848B-24D9372F7D2B} -
http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {7AD0B041-1752-4418-9126-8981BB8673FD} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {C201111F-63FB-4A47-A7F8-0866FEC74EE1} -
http://www.comcastsupport.com (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {26BFFB87-5B07-4611-82BB-AF3947013FDD} - http://www.lexis.com/dl/IEDAP.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) -
http://o.aolcdn.com/pictures/ap/Resources/2.0.5.78/cab/aolpPlugins.10.5.0.4.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) -
http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?
1182654429828
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-
307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-
img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-
3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common
Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program
Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner -
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

trisha

The experts will have to analyze your HiJack log..but if you trust me with your email address I would be more than happy to send you my aol tech support email with instructions on how to delete the spyware program. I am getting more convinced that is was that program causing my difficulties. Also,
BSoD is the "Blue Screen of Death"..meaning the blue screen that you get when you can't start up...you are getting that, right? And there are error messages on that screen. There are so many things that it can be, I guess..on my part, it was trial and error! As I said before, I ran a few spyware and malware removers, and also purchased a registry cleaner. I have had my HiJack log analyzed in the past but not for my most recent problem and it is helpful is getting problems fixed.

respun

Trisha -- How do I provide my email address to you?

Your-Amish-Daddy

By posting it.

mtrox

Your Amish Daddy wrote:

By posting it.

Only post your email addy if you want more SPAM. If you're like me, you don't need more v1uGra emails so send her a Private Message (PM). Just click on Trisha's name like the screen shot shows and send a PM.

GHoosdum

As mtrox said, your best bet for exchanging e-mail addresses is via PM. I would definitely shy away from posting my e-mail address on the forum. Address harvester bots routinely spider the entire web looking for e-mail addresses that are written out in the clear so that the spammers can have more fuel.

respun

Thanks for the tips. Trisha, I have sent you a private message with my email address! :bigggrin:

mtrox

By the way respun, I don't know if anyone's gotten back to you over in the Spyware forum, but looking at your HJT log, I see AOL anti-virus and anti-spyware, some Symantec stuff and Webroot Spysweeper though it looks like that isn't running. AOL anti-spy means it take forever to boot up, and too many security processes can clog your computer as bad as the crud they are keeping out.

respun

Thanks Mtrox. Over the years, I've used Symantec, then Webroot, then AOL, now Windows Live OneCare. Somehow, the remnants stay on the system after the program is uninstalled. All deletion advice welcome. I'm still waiting to hear back from the Spyware forum. Their sticky recommends SpywareBlaster and a choice between listed Firewalls and AntiVirus programs. I am waiting until my system is willing to reboot normally (and not just in Last Known Good Config) to take those install steps. Maybe I should not be waiting?

respun

AOL users beware. This takes the cake. Today, I followed the instructions from Trisha on how to uninstall my AOL security software. I used Add/Remove programs. I clicked on Uninstall AOL. Then, AOL scanned my system and populated a list of installed AOL items. I chose to uninstall only their security protection services. I rebooted normally for the first time in more than a week -- I could reboot without using Last Known Good Configuration and I could also set a System Restore point. Thank you Trisha.

P.S. I also Googled AOL "spy zapper" to learn how to turn off that added unwanted annoyance. Go to keyword "spy zapper" and uncheck everything on the menu that pops up -- in other words, choose "do not check my computer."

I can tell from Googling AOL and "command services" that many other AOL users are experiencing my same syndrome. This syndrome caused the lazy dopes at IBM to instruct me to reinstall Windows XP (and lose all my data, programs, etc.). Why doesn't AOL send its users a mass email advising when it causes systemwide problems? It is happy to send a mass email advertising the AOL Visa card. URGH!