Expert: Brian Benosky - 2/24/2009

Question
QUESTION: My issue is similar to the one described here:http://en.allexperts.com/q/Computer-Security-Viruses-1737/2009/1/windows-xp-wont but I cannot solve it the way you described.

One day I went to use the computer and about 20 spam sites were open on both IE and Mozilla. I closed them all. Soon after I got a blue screen. I restarted the computer and everything was fine. Over the next couple weeks when I would use the internet with Mozilla, random spam sites would pop up in separate windows. This had never happened with Mozilla before. Additionally, I would have repeated trouble logging into the computer. I would type in my password at the welcome screen and then all I would see is my wallpaper. I could then restart it and try again. After a few attempts it would eventually login and everything would be fine. I recieved a couple non-consective blue screens over the course of about 3 weeks. Over that time the computer would freeze more often and I would have more trouble logging in.

As soon as the incident happened I scanned for viruses. I was able to find a few and some trojans as well. I did a few more sweeps and I even downloaded some free anti-virus software to try and fix the problem. Though I found some things, it didn't get any better.

At this point, I cannot log into the computer. It boots up normal, but at the welcome/login screen I get a variety of error messages. They are all the same format with an option for OK to terminate the program or CANCEL to debug. The error messages all relate to .exe files including svchost, ctsvccda, mspmspsv, and more. Different ones come up at different restarts. Once I enter the password and log in, it takes much longer than normal to load, then it shows my wallpaper and nothing more. No taskbar or icons. There is an error message saying Windows Operating System has encountered a problem and needs to close. I can select debug, send error report, or don't send. I have tried safe mode and the same thing happens except I get a black screen with safe mode in the corners. I have tried to run IE and that does not work. I have not been able to run any programs from this point.

Any help would be appreciated. I can include more information about the error messages if necessary. Thanks.

ANSWER: Hi Dan

In my answer to the mentioned question, I stated the problem could be malware.  It could also have been Windows or hardware related, but the questioner did not follow-up.  In your case, it seems the Windows file system has become corrupt.  The cause of this could be malware, but I think more likely it is a problem with the hard drive.  Using the Windows Repair Console, you may be able to restore function, but if the cause is hardware, then repairing won't do much good.  Neither would a Repair Install of Windows, since files would continue to get corrupted.  My advice is, on another computer, to download and burn Hiren's Boot CD from here:
http://www.givemesolution.org/my-software-collection/36-my-software-collection/4
Take the CD to the affected computer, and boot to the CD.  There are many tools on the disc, but you should concentrate on running Hard Disk Diagnostic Utilities.  If things check out OK with the hardware, then go ahead and run Windows Repair Console and run chkdsk.  Instructions are here:
http://support.microsoft.com/kb/314058
The last resort is to do a repair install or complete install of Windows.  Instructions are here:
http://www.michaelstevenstech.com/XPrepairinstall.htm
Please let me know if you need clarification or further instructions on any of the above methods.  

Brian

---------- FOLLOW-UP ----------

QUESTION: I burned and attempted to use Hiren's Boot CD to diagnose problems with my hard drive. Frankly, there are more tools than I know what to do with. I ran a few different tests and found a variety of errors on my hard disk. I don't know what to do or how to focus in and properly discover this problem. Any advice? Thanks.

ANSWER: Hi Dan

Even I am overwhelmed by some of the tools on that disk!  Tell me what programs you ran and what kind of errors were found.  I'll try to point you in the right direction.

Brian

---------- FOLLOW-UP ----------

QUESTION: I ran the tests under Troubleshooter-Hard Drive Diagnostics. There I found one error in Cylinder 54 Head 248-Uncorrectable ECC or CRC error. The Data Transfer Test also failed in that group.

I ran a stress test on the hard disk and that failed.

There was a test that produced a large number of read failures (I would guess around 30) and the all looked like this:
Read failure at sector 00000000:04E76F5A

Finally I ran some type of scan that took a few hours. In the end it found over 2500 errors. I didn't know what to make of this test though.

Does any of this information help? Is there other stuff I should run?

Answer
Hi Dan

All the test results are indicators of a failing hard drive.  You will need to backup your documents to a CD, DVD, or thumb drive and transfer to a new hard drive.  Hiren's has a program called COPYR.DMA Build013, which is a tool for making copies of hard disks with bad sectors, so you may be able to recover most of the drive.  First step is to stop using the computer until you have a replacement hard drive at the ready.  Three things to remember:
1. Backup your most important data immediately.
2. Disregard your program files and other software as it can be reinstalled from your original discs.
3. Save the data that cannot be replaced first.
I'll help you as best I can if you have questions along the way.  You can email me at numbersix6@yahoo.com if you wish.  Good luck.

Brian