Solved

corrupt files, missing pics, deleted programs and networking errors all start at the first boot of new PC's

Posted on 2008-06-25
16
1,710 Views
Last Modified: 2013-11-09
I have had more new computers in the last year,than the average person woudl ever have in a lifetime. I will get a new HP desktop and set it up and instantly I have at least 1000 errors in my event viewer. This is before I even hook up to the internet. The errors that it starts up with are usually all update errors and them failing to complete the process of changing update# from package into staging state. Along with this comes almost 2900 warnings. Then the PC's go down from there. I get alot of failed to conect to server, application hangs ,stopped responding and was closed. The machines run like they are 100 years old. I get registry hive recovered it was corrupted some data may have been lost. I have alot of networking errors about browsers fighting over who is the master browser,IP address not renewed, timeouts from services not responding within the required time, I get alot of domain name errors and i am not a server or run a business with employees. I have 4 computers and they are not all on at the same time I have security right at start up , I put my updates in as soon as possible, And no matter what I do or who I ask to help no one has a clue. The registry has hundreds of invalid paths or contains no data or due to errors the file will no data. Settings change all over the computer and things that would start at startup  just stop and then later on (months ) they will start to appear like the sounds when you start Windows. The event viewer is just about full with errors thousands and thousands by day 2. Then something stops working like the DVD player or the speakers and when Ive done a couple of recoveries with tech support they have me send it in for repair . When I get it back they say that all the drivers , the OS were corrupt and usually some piece of hardware is replaced. Even if I don't have any problems that I know of yet .It is returned reformatted with usually a new motherboard ,hard drive ,CD/DVD or the CPU replaced. When I start fresh with a just like a brand new computer the smae thing starts all over again. Then after aweek or two when the new system is corrupted and I usually cant do  much on the computer I call again and then they replace it. This has happened 15 times in the last year with HP. The first 9 I had purchased at a retail store and they just kept giving me a new computer and asked no questions. I am so tired of new computers I just want one that will run and not get corrupted in the first week. I did notice that something was not right and I suspected it was power related and it was I had a loose neutral and getting surges over and over all day and night and a lightbulb never blinked. It did ruin everything in the house but I was so happy to finally find the answer. Since finding out I have had everything replaced ,the subpanel ,the wiring , the outlets I had dedicated lines put in for the PC's I bought battery backups for each computer and I have repalced all the computers and started out fresh.  So last New Years eve I started up my new everything and ti just happened again. HP sent a software specialist over to put a new motherboard in and he even came over to my house when I got a brand new PC and watched to see if it was something that I was doing , but he said I did it right. So now here I am with 3 pretty new computers and they are all a mess. I have even worked with Microsoft to see if there were any kinds of infections and after a couple of months they gave up and said they didn't have any idea either. The ocmputer is always getting errors about my domain name and conductor sid doesn't match the other sid?I just got htis one today "File system filter manager warning" file system filter "bdfsfltr"failed to attach to volume\device\CD Rom0 The filter returned a non standard final status of 0x0000013. This filter and /orits supporting applications should handle this condition. If the condition persists contact the vendor.and I always am getting :windows detected your registry is still in use by other applications or services the file will be unloaded now the applications or services that hold your registry file may not funtion properly afterwards. registry files leaked.
I could go on and on but it has something to do with the registry and doing a complete recovery or reinstall does not set my computer back to factory ther eare always some files still lett in there even when I get it back from repair.The computer starts out with critical errors .Please help
0
Comment
Question by:suzannegrgry
  • 9
  • 4
  • 3
16 Comments
 
LVL 32

Expert Comment

by:Mark
ID: 21867616
If this occurs with every computer then it is an environmental issue. The electrical being one in particular, but you seem to have that one in order. The next would be the network cable, it may also be carrying surges.
I would remove the computer to another location outside your residence and restore it,(the damage may be already done to it though) and see if it will work properly.
What type of battery backup are you using. There are different types of UPS's(uninteruptable power supply)but the best would be a Line Interactive type that can protect the computer properly from surges.
0
 

Author Comment

by:suzannegrgry
ID: 21868601
I am using a Belkin 1500 VA 830 Watts, Dual Form Factor :tower or horizontal with Auto Voltage Regulation for clean, even power. 8 outlets with surge and battery backup to all outlets. Up to 120 min. back up time. shutdown software with USB, serial and telephone cables .easy fast usb/serial/ethernet plug and play set up
I have been going around and around for over a year on this and I have checked out the power situation and I bought a Watts up this last weekend and my power company doesn't want anymore to do with me after 15 electricians and no one found the loose neutral  I had been calling the power company but they refused to comeout for a complaint on a computer because they have 99 calls a day blaming them and they said that this was the first time that they have seen anyone with this bad of problem and still have lights working in ttheir house but the loose connection was right at the point where they say their responsibility ends and mine begins. So I am trying to get some money out of them to pay for all the electricial that was ruined (that is another story ) but out of the 15 electricians all of them said it was on SDG&E side and so our homeowners insurance wont pay either. I have spent close to 15,000 dollars getting all the electric replaced in this house . But they say it is fixed and they wont even take phone calls from me anymore. WE did have a bad brown out last week but SDG&E is telling me I am causing my own power problems .
TH battery backup said it went on during the problem so I haven't had any kind of problems that would be like it was before when I knew it was electrical. I know it has to be inviromental or could it be something in the way that i am setting my PC's up? I don't think so I have went over it 100 times in real life. MY ISP cant figure it out either and told me to find out if I had a hacker. I have asked and the symptoms that I have described to them are the same as here and they told me no. I get alot of different errors now that the electricity is fixed these are wierd ones because I set each of my computers up to be stand alones after I started having these bowser fights and my IP address is not getting renewed and I get this one that says Audit events have been dropped by the transport the real time back up file was corrupt due to improper shutdown.This is the newest one in my event viewer WMI event 10  says"Event filter with query "SELECT*FROM_InstanceModioficationEvent WITHIN 60 WHERE TargetInstance ISDA "Win 32_processor "AND TargetInstance.load percentage>99"could not be reactivated in namespace"//,/root//CIMV2' because of error 0x8004100 Events cannot bwe delivered through this filter until the problwem is fixed.
All my services look to me as though they would be set up for a business. They are always changing too.different ones that i have never seen before . And I get a message from my  computer all the time when I click on a program the file you requested is either not installed or it is corrupt, So I ran this registry test last night and i had 308 errors in my registry and most of them were Active x items and they all started out with HKEY-LOCAL-Machine\software\classes\CLSID 111 of these all say that they reference an invalid identifier ADD/REMOVE I have 8 items and they are missing or contain no data and 179 file assoc are invalid alot of them are the games from HP and I have never opened a game from the computers yet. and alot of the files that are important are not installed or invalid. These things are this way when I turn it on. There are 2 renters I have that tell me that they dont have any problems and there is one other computer in this house that has the same problems  that mine do .
0
 
LVL 32

Expert Comment

by:Mark
ID: 21869387
After reading some of your other questions, I don't think I can add much more. That UPS with AVR should do the job.
At this point you should isolate the PC and unplug all peripheral equipment including network cable and then try to restore the OS.
If the same happens with the network removed then its hardware in the computer.
The other computer that is being effected in the house, do they have the same internet provider, telephone company etc...
0
 

Author Comment

by:suzannegrgry
ID: 21870984
I have done so many recoveries on my computers and they go kind of back to factory (there is always some settings that are still in there though) But I can register and do it just like it was brand new and the same thing happens. Yes every computer in this house is on the same router and have all the same Network provider. All 4 of mine do this and 2 of these are brand new and one is just a few months old and the other one that has lasted the longest is an old HP small form factor that my girlfriend sold to me for 40.00. The others are not cheap computers . I thought that maybe it was my ISP but they continually  say it could not be them . They recently just took the 2wire gateways out of the house and gave me their netopia router that they say is more safer as they only give it to businesses. I havent seen any difference. Then they told me to check out and see if I had a hacker. I have asked around and no one seems to think tha it is possible but from what Ive read there is a chance that it could be. What other reason that to get bank information would a hacker screw up my computers? If it is jsut to have fun How much fun could it be if they cant even see how mad the people get when they do it? Someone told me that there are  alot of bored very smart 13 year oilds with nothing better to do . I dont know much about this kind of thing but I was hoping that someone could let me know what thing s that I would experience if it was someone getting into my settings and screwing everything up. Or I have thougnt that maybe the data line wires are all fried from the loose neutral and the huge surges that Ihad last year  but ATT tells me that isnt possible because the wires do not run together. But what if someone had done that would it be able to creatre such corruption? The only other thing that I could think of would be a virus or somew really sneaky spyware that none of the scans I have ran would be able to detect it? I will ry almost anything I am at the end of my rope. The sony Vaio is going to repair today so when I get it back it will of been reformatted and shoudl be just like new. The hP desk top I just got a new one from HP another replacement. These are really nice computers and I dont think tha HP would be replaceing all of these computers if they knew that there was something that I could of done to protect it. I havent found one person who has even heard of this let alone expierenced it. Ther has to be someone out ther that has the solution.
If I had some spyeware or a virus could it be living in the ethernet cable or the phone line to hte data that Icould be just trans ferring back and forht to my computers ? That is why I have tried time and time again to find the answer myself. But now I am ready to  find someone that I can hire to find out by the process of eliminstion. I have every possible test that i could have taken, and the only one that gives me any indidcatction and that there is anything wrong  is a registry scan and I can see why I get alot of my errors they are all includede with my shipped operating  system . I have tried different brands and the samething happens also . Tha is why I got the sony Vaio I figured that if it was a power problem then I would hook up wireless and use the battery and it still happens. At times like now the keyboard will feel really wierd and become unruly and it is really hard to push around (I mean that physically jsut like someone else has it remotely and they are trying to go the other way) The folders and programs on my desktop are somehting else  One of htem says Yahoo mail and when I open it it is a list of all of my mail and who it is from and what each peice of mail says . It is in the kind of format that would be a document that is either corrupted or invalid. I will send some of the screen shots of these things that just appear on my desktop
Mini061408-01-blue-screen.txt
hijackthis-6-24-02008.txt
0
 
LVL 9

Expert Comment

by:Press2Esc
ID: 21873096
A quick check of the HJT did not reveal anything major problems...  What type of internet connection (e.g., cable, dsl, frame, T1, etc) do you have?
0
 

Author Comment

by:suzannegrgry
ID: 21874691
I have DSL  with the elite speed. just need to find the cause and I will be happy but no one has seemed to of heard of such a thing happening before. The only other people I can look at would be my ISP and they dont seem to think that the disconnections have anything to do with it .
0
 
LVL 32

Assisted Solution

by:Mark
Mark earned 200 total points
ID: 21876203
Hence the suggestion to isolate the PC from all peripherals including the internet connection and do a restore to factory settings to see if any weird things occur to it. You must do these things in a logical pattern to either rule it out or not. If this is done then the only outside influence is the power.
0
 
LVL 9

Expert Comment

by:Press2Esc
ID: 21876824
when your run a full anti-virus, anti-spyware scan, does/has it find anything?  Have you checked the log files of your firewall (software & hardware)??
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:suzannegrgry
ID: 21885359
I have been working on your question and yes lately it has been blocking  Bloodhound.Exploit.13 in the last few weeks ,or since I did the recovery on this computer I have had 13 attempts. Norton says that they have all been blocked. So I have been reading up on it and it doesn't say anything about it being in Vista computers . But it did say that it has something to do with jpeg and in the last few weeks that I have tried to send you snips of any errors or files they are in my pics and several times when I tried to do it , Expert Exchange would not let me do it , it always said it was not a supported file type. And I was getting mad at the copmputer because it said jpeg right there on my files. Then I started thinking about some pics on my computer that I didn't put there. They wer some emblems of google and some kids skateboarding. The infection that this bloodhound .exploit.13 says it is low but my norton scan said it was high . And to click on this MS page to read more aobut it and when I tried it , the information bar would come up and tell me it blocked this file from downloading for my security. I wasn't trying to download a file I just was trying to review what microsoft had to say about this infection and all the ways you get it. And mostly it was in pics. So does that mean that i cant even click on a trusted site? "Symantec?" or Microsoft? It says to scan and deliver to Norton and it tells how to send your scan but only in wiundows 2006 or earlier. So I am guessing that this threat hasn't been  a big problem lately.  II will call Norton right now and ask them what to do. I have so many of the symptoms of this infection and I dont know if it could of been passed on and on to all computers in my house or not (for over a year undetected?)but I had a few changes in my security settings and in the restricted sites (instead of being default on all sites it was set at custom) where there are all the addresses are they the ones you want to let through, or the ones to block? Could I have had this, and it do all this damage to corrupt the computer and be scanned daily 3 times daily on a schedule ? That restricited sites thing has been empty everytime I have ever looked at it before except one and that was way back when my sister and her husband gave me their old XP computer and all it had in it was 1,000's of restricted sites. They were all gambling sites ,strippers ,sex,x-rated etc. How do the sites get put on there besides manually? Does someone have to enter them or just find that someone was on those sites and block them all? Could this be my problem?
0
 

Author Comment

by:suzannegrgry
ID: 21885477
Answer to the earlier question Yes the computers have been sent to Hp repair and Sony repair and everytime that they send them back they tell me that they did a reformatting and that all my drivers and OS were corrupted. But only one time HP said that I had a Virus , but they didn't tell me what it was. And there was always at least one computer at home that didn't  get a restore or reformat and was just left like it was . The reason was because the 2 computers that didn't ever go to repair were out of warranty and I didn't know any better. The first 2 computers that I ever owned were given to me from family members and I know  they didn't even clean them out before they gave them to me . The first two are long gone they died soon after I got them. I think they just crashed one too many times and they just wouldn't start anymore. But not one computer in this house has ever started out here alone without an old one still in use. And the 2 renters that I have using my internet connection are wireless and I know that the guy goes to porno sites all the time. Could he have brought some more problems with him? I dont share anything with them as in file or media sharing but they use the same internet connection. Can I get it that way?
0
 
LVL 9

Accepted Solution

by:
Press2Esc earned 300 total points
ID: 21890170
Based on all the unsuccessful system restores and reinstalls you have done, I suspect your malware/virus is registry initiated and spreads thru the network...  if you havent already, dload/install cclearner and run the various tests - esp registry and see what you find
- http://www.ccleaner.com/
- http://forum.piriform.com/index.php?showtopic=1504

if you havent already, dload/install Hijackthis and have your results checked for malware
- http://www.whatthetech.com/hijackthis/

if you havent already, run msconfig and check the startup items for malware
- sysinfo.org

if you havent already, install the latest OS patches
- http://windowsupdate.microsoft.com/

Once you feel like you are making progresss, keep the PC(s) isolated from the net/network by removing the ethernet cable.  This will minimize the opportunity to get reinfected.

0
 

Author Comment

by:suzannegrgry
ID: 21893819
This seems to be the only thing left to diagnose this problem. I did as you said and the computers  still did not detect anything. Norton just found a tracking cookie If I understand you right, the name of this virus is sysinfo.org?  I went and got a registry cleaner (error smart) before I read your post and it told me that I had 375 missing ,corrupted ,invalid path ect... and I took them out. But ccleaner found 37 more when I did this scan. Now there are two things that I installed on my computer and they were both in this corrupted or empty . So whatever this thing is it is moving faster to corrupt my system . I now have my own data line and I will not be sharing with anyone else . As I was going through my internet options  yesterday on the security tab the levels for the intenet were changed from default to custom and I never did that. The 6 programs or address that were  there didn't seem harmful to me but I am not into  But on one of the custom sites tabs, on the permit list that address was there sysinfo.org but  I didnt think anything of it. Until last night when I saw that address today that you listed. Am I thinking the right way? So I went back to find it and it was not there. Is this what viruses do can they just move all over to hide from my security? So I think it knows that I know. I did the deep full system scans offline and they still didn't detect anything but Norton came back with a tracking cookie. The other security  Bit Defenfer wont even let me put ccleanerf in because of my security setting do not alow me to do alot of stuff now that it did an hour or so ago. So If you have any suggestions I would love to hear them now  MY screen was flashing on and off and  I need to try some more scans maybe? Bit defender told me to call them back and they will do a scan remotely . Norton told me that they wont help unless I  use there paid service for 99.00 for virus removal. I guess that is not included in my antivirus protection. One more wierd thing that happens all the time, the keyboard gets really hard to type on and the words come out all screwy . Sometimes it goies right away after a few mins, but today it is just getting worse. It is really bungy ,springy like but really hard to push and the wrong letters come out. or it takes over 30 secs for the word I typed to come out on the screen. Here are some files that are appearring on my desktop and i didn't do it . I see more and more settings changing every day. How can I get rid of this corrupter?
Mini061408-01-blue-screen.txt
0
 

Author Comment

by:suzannegrgry
ID: 21893834
I am sorry everytime I would get something written down I will try to add a file that is listed on your allowed types of files to download, but you keep to telling me that this file is not on the list. So more and more junk is happening. and then the whole page disappears and gone ,so I come back and try it agian and as long as I dont try to add an attachment. I really need help to get rid of this
0
 

Author Closing Comment

by:suzannegrgry
ID: 31470633
Thank you it was 5 infections in my registry 4 keys and 1value. 3 Rouge registry bots and 2 trojan BHO
0
 
LVL 9

Expert Comment

by:Press2Esc
ID: 21898144
whew, what a friggin' nightmare.  i am glad your finally making progress.  you were definitely beginning to run low on options...
0
 

Author Comment

by:suzannegrgry
ID: 21901648
Thanks I still have a few glitches to figure out but it will be another post. Thank you I tried and tried before but the way you showed me worked for the scan to work.
                                                                          Thanks Suzanne
mbam-log-6-30-2008--02-34-02-.txt
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Upper back Pain: My back hurt for months. Upper back, mostly my neck, spine and across my shoulder blades. I was getting headaches too, that felt like they were caused by tension in my shoulders, but now I feel fine! I'm sharing this hoping someone…
This is about my first experience with programming Arduino.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now