Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #91  
Old August 5th, 2009, 04:40 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
This situation is being reviewed with others. There seems to have been some indications in logs of anomalies - log results that may reflect important services not working correctly. Let's get some information and assess these issues further. Correcting them may also correct these problems you have been experiencing as well.


Go to Start -> Run -> type regedit (and OK).

In the Registry Editor, navigate to the following key (use the "+" symbols in the left panel to expand the tree entries):

Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
Right click that SvcHost key, and select Export, then save that to your desktop as shost.reg. Then just zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -carmenmaribel/cth/svch" as the email Subject.

-------------

Go to Start - Run, type services.msc (and OK).

On the list locate and double-click on the following item.

Windows Management Instrumentation

Make sure the Startup type is set to Automatic. If it isn't, use the dropdown box to change it to that.

Also under Service Status, make sure it is Started. If it isn't, click the Start button and allow the service to be started. Then click pply/OK and exit.
Reply With Quote


  #92  
Old August 6th, 2009, 01:56 AM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
windows IP Configuration

Host Name . . . . . . . . . . . . : LAPTOP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled . . . . . . . : No
WINS Poxy Enabled . . . . . . : No

Ethernet adapter wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : D-Link Xtreme N
Physical Address . . . . . . . . : 00-1c-F0-6E-4C-4E

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel (R) PRO/100 P Mobile Combo Adapter
Physical Address . . . . . . . . : 00-D0-59-80-89-52
Reply With Quote
  #93  
Old August 6th, 2009, 02:15 AM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
I manually typed the ipconfig.txt result i got in my laptop after doing what u told me to from cmd.exe . I am on my mother-in-laws computer and just to inform you that there is one wireless network around here from a neighbor with no password and i tried connecting but it still wont let me connect wirelessly on any network i try connecting to. Also the computer i am using right now has a Local Area Connection i think its called. The connection where you hook it up directly to the box and pc using an ethernet cable. Her's is working fine and i connected it to my laptop and it didnt work. Its just there saying its trying to acquire a network address or something. It never connects. I hit the "repair" option and it says "Windows could not finish repairing the problem because the following action cannot be completed:
Disabling the wireless network adapter
Make sure your network adapter is properly installed. "

It says that when i hit "repair". If i go to Status Support tab, it says "Limited or no connectivity- You might not be able to access the internet or some network resources. This problem occurred because the network did not assign a network addresss to the computer." Then if i go into "details" under that, it says,
"Physical Address --------- 00-1C-F0-6E-4C-4E
IP Address --------------- 0.0.0.0
Subnet Mask ------------- 0.0.0.0
Default Gateway
DNS Servers ------------- 24.93.41.127
24.93.41.128
WINS Server "

Then under "Activity" it shows Packets: Sent-210,897 Received- 0
Reply With Quote
  #94  
Old August 6th, 2009, 02:34 AM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
I also did what you told me on the last post u sent me, I will send you the zipped file of the shost.reg tomorrow by email cuz i need to go buy a floppy diskett so that i can save the file into the diskett and then email it to you from this other computer with internet. I'm not really sure how exactly to do that, but i dont think it will be so difficult. Thats the only way i can come up with transfering a file from my laptop to this computer with internet. um.. i also checked the Windows Management Instrumentation and they were already set up correctly as u said they should be. So that's fine. So then tonite i'll buy the floppy diskett and tomorrow i'll come to this house again to catch up with you and send you that file to ur email u left me. Thanx alot!
Reply With Quote
  #95  
Old August 6th, 2009, 03:01 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
As long as the laptop actually has a floppy drive - not very common lately.



Since it is small enough to transfer like you will do, also download Old Timer's OTS from here and transfer that.


On the problem laptop click that OTS.exe file to open the tool display.

Place a check next to "Scan All Users".

Then also under Additional Scans place checks in all those boxes.

And click Run Scan. Once that scan completes Notepad will open with the log. Close that, then transfer and send me that new OTS.txt log. It will be located in the same place as you have OTS itself.
Reply With Quote
  #96  
Old August 6th, 2009, 09:49 PM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
I have sent you the email u requested of the zipped file of shost.reg to the email address u told me to. Did i have to double click on that shost.reg icon in my laptops desktop to "merge" it? or i just leave it there? maybe u just needed the copy of it and didnt need me to double click on it and unzip it.
Reply With Quote
  #97  
Old August 6th, 2009, 10:14 PM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
Hi. I was able to save the ots.exe on to the diskette and tried passing it on to my laptop but it kept taking a long time and i think its not gonna work and i wont be able to transfer it to my laptop. i tried opening it anyways by opening it directly from the floppy A: drive but it didnt work either. it just stays there like its doing it but i think its too much for the floppy disk. :/ is that bad?
Reply With Quote
  #98  
Old August 6th, 2009, 10:59 PM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
ok nevermind the last post. i was able to open up OTS in my laptop. BUT... when i hit RUN SCAN, it stopped when it was scanning HKEY_LOCAL_MACHINE\ Internet Explorer settings..." (it doesnt show me more) and i get an error message with a red circle and a white X inside saying "Access violation at address 00521A5C in module 'OTS.exe'. Read of address 00000000." then an OK button below that... Then it just stops there and doesnt continue scanning. Im off for today. Read ya 2morrow.
Reply With Quote
  #99  
Old August 7th, 2009, 01:06 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
I received the file, thanks. There are some missing value data items between your copy and the known XP SP2 defaults, so let's make a correction and see if that brings improvements there.

Click here and download sUBs' Beta/XPSP2_netsvcs.zip.

Unzip that, and in the folder that creates locate and transfer the XPSP2_netsvcs.reg to the problem computer. Then right click that XPSP2_netsvcs.reg, and select Merge, and allow it to be added to your Registry.

Then reboot, and try the OTS scan again please. Also check for improvements.
Reply With Quote
  #100  
Old August 13th, 2009, 03:12 AM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
ok i've transfered the XPSP2_netsvcs.reg . then the OTS scan did the same thing again with that error message saying "Access violation at address 00537000 in module 'OTS.exe'. Read of address 00000000." so its still the same i guess.
Reply With Quote
  #101  
Old August 13th, 2009, 04:21 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
It may be the OTS's functions being blocked. Delete any existing copies of ComboFix.exe, and download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 234now.com, then click the renamed 234now.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #102  
Old August 13th, 2009, 10:34 PM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
sorry, cant pass that on to a diskette. the file is too big. but thanx for helping me out. hopefully i get a good paycheck and maybe take it to a tech once and for all so they can just fix whatever it is my laptop has. cuz i've gone too long without internet and well, im still paying the monthly fee so its best to fix now. lol
Reply With Quote
  #103  
Old August 13th, 2009, 11:59 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
Sure would like us to correct issues and save you the expenses. I do sense you calling it a day on our repairs here, but if you would, check this one item and post back on it.

Go to Start - Run, type msconfig and press OK. Under the Services tab, are there many of those listed items that are unchecked - no checkmark next to them?


To save you from having to post and await my reply, if there are many items unchecked there, place checks next to all of them, then Apply/OK and allow the reboot. If you did that, also post back if any improvements were seen after. May need to reboot twice to ensure all changes were made.
Reply With Quote
  #104  
Old August 15th, 2009, 12:49 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
You wold not be aware of it, but as your issues have unfolded here I have been reviewing what we have been doing with others. I just wanted to post here that there is a fairly strong feeling the XPSP2_netsvcs.reg procedure, had it been done correctly, would have corrected many of the problems there. If you have not yet turned the computer over to someone for local repairs, I can surely follow up with you here about how to make sure that reg file merge succeeds.
Reply With Quote
  #105  
Old August 17th, 2009, 03:50 AM
carmenmaribel carmenmaribel is offline
Member
 
Join Date: Feb 2009
Posts: 70
hey jintan. yea, i know it would had saved me money if i would had continued ur procedures, because im sure that you would had eventually fixed the problem. Because you always have fixed my errors and bug issues. My computer was a mess before I started doing the downloads and corrections and scans that you told me to do. It improved alot. As you can see, my main problem at the beginning was that my computer kept on rerouting the websites to another unwanted page. And that was fixed way long ago. I just kept on following ur procedures because along the way, you would find a few errors on registrys and stuff. so i kept by ur side to be on the safe side. And so, to make things shorter, i decided to take my pc over with a friend at the end cuz he said he'd fix it for way less than a real tech. turns out all he did was erase all my info and reinstal the window's xp program by just popping in a cd he had. i thought he would actually go in and manually fix the problem. but what do u think? now all is like new... is that bad? sorry i didnt keep following ur procedures. its cuz it was very difficult for me to keep driving over to some other house that was 25-30 mins away. and having to get there just to ask them if i could borrow their pc again. i felt like i was being a bother maybe. they said i wasnt but still. you know what i mean? oh well, i have my laptop back and the internet works perfectly. any recommendations?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:00 PM.