Clicky

This computer, running Windows 7 Ultimate, 32-bit, service pack 1; computer was recently infected with Win 7 AntiVirus 2012.

Using ComboFix and Kaspersky Internet Security 2012, I was able to eliminate the malware altogether.

Now, I'm having a bit of a different issue..  Seems that this machine will see other computers on the network, as can be viewed in the network map, but, I am unable to effectively connect to others to share files, printers, etc.  This has worked in the past, and I've already verified the file shares, etc.

Now, when I click on another system to connect, I'm getting "windows cannot access \\computername" and goes on to tell me to check spelling, etc.

Checking the TCP/IP NetBIOS Helper service shows that startup is automatic, but not started.  Manually starting results in an error that the dependency did not start.  Now, looking at the dependencies, I see that NetBT service needs to be started in order for this service to start.

NetBT is not listed in the Management Console/Services screen.  So, to attempt, I've gone to the command prompt (with administrative access), and issued the "net start netbt" command.  This returns an error "Start Service Failed 1058.  NetBT Service failed to start due to the following error.  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."

The network adapter is showing the following:
Client for Microsoft Networks
Kaspersky AntiVirus NDIS 6 Filter
QoS Packet Scheduler
File & Printer Sharing
TCP/IP 4 & 6
Link-Layer Topology Discovery Mapper I/O
Link-Layer Topology Discovery Responder

In an attempt to try to rebuild the NetBT service, I've removed each of the protocols (that could be removed) and re-installed.  I've also gone as far as removing the network adapter and re-installing with no success.

I've also attempted, from the DOS prompt to issue the netsh int ip reset and netsh winsock reset commands, after a restart, we still have no change.

I'm desperate to get this corrected ASAP.

Thanks for any and all suggestions.

asked 12/15/2011 01:00

TroysComputerClinic's gravatar image

TroysComputerClinic ♦♦


10 Answers:
The first thing I would try is the System File Checker tool.  It will check the integrity of your operating system files and replace them, as necessary.  Open an elevated (a.k.a. with admin rights) command prompt and enter sfc /scannow.

http://support.microsoft.com/kb/929833

If that doesn't fix the issue, I would check to see if you have a System Restore point that represents a snapshot of the operating system prior to the start of the problem:

How to Do a System Restore in Windows 7

link

answered

Run5k's gravatar image

Run5k

Run5k,

Thank you for the advice.  Unfortunately, the System Restore was not active on this computer.  Restore points are not available.

I did allow the computer to run the sfc /scannow overnight and we are continuing with the same symptoms as listed previously.

My apologies for neglecting to include those details in the original post.
link

answered 2011-12-15 at 09:15:53

TroysComputerClinic's gravatar image

TroysComputerClinic

That is unfortunate.  If you don't mind me saying so, with an environment of Windows 7 machines it is usually much more beneficial to have the System Protection settings configured so that the OS can utilize the System Restore function.  In addition to having the ability to drop back to various operating system snapshots, you also have the terrific Restore Previous Versions function that depends upon those settings:

Restore Previous Versions of Files in Every Edition of Windows 7

That being said, if you have cleaned the machine, run the System File Checker, don't have System Restore points, and significant problems still persist, to be perfectly honest I think it would be best to simply backup the important customer data files/folders and then completely wipe & reload it.  With your options rather limited, in the time that you will potentially devote towards extensive troubleshooting you could have them up and running again with a clean OS... preferably with a good security configuration and System Restore configured.  Just my 2¢-worth.
link

answered 2011-12-15 at 09:18:33

Run5k's gravatar image

Run5k

Run5k,

Unfortunately, I took over this customer from a previous technician that "dropped the ball" a few times, usually with situations such as the one I am seeing now.  The previous technician also took the installation discs as well as the product keys.  Along with having to repurchase the software, and the massive amount of data on this computer, I've been avoiding going as far as a system wipe and reload.

In the meantime, I am working on a full system backup and preparing for a wipe and reload.  And still holding onto hope that someone may have the "smoking gun" tip that will correct this issue.
link

answered 2011-12-15 at 09:36:44

TroysComputerClinic's gravatar image

TroysComputerClinic

If the time comes when you are ready to take that step and reload the system, I can help in that regard.  You can use a utility like the Magical Jelly Bean Keyfinder to recover the Windows 7 product key from that problematic system:

http://www.magicaljellybean.com/keyfinder/

Additionally, as long as you have your own legitimate product key you can legally download the Windows 7 ISO image from the Microsoft retail channel, Digital River:

Windows 7 Ultimate with SP1 32-bit
link

answered 2011-12-15 at 09:40:34

Run5k's gravatar image

Run5k

More than likley this key is missing in the registry.....

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT

If it is there, make sure the permissions are ok on it.

Also, if not present, export it from a working machine, and import to this one, and make sure that netbt.sys is present in the System32\Drivers path.....
link

answered 2011-12-15 at 10:19:06

johnb6767's gravatar image

johnb6767

I misread something as well..... (My full comment still applies though)....

You do not see it listed there, as thats normal.

Then, go to View and check "Show Hidden Devices".... It is (should be) listed under Non Plug and Play Drivers".....
link

answered 2011-12-15 at 10:19:14

johnb6767's gravatar image

johnb6767

Johnb, thanks for the tip regarding the registry key.  I did export from a working machine to this one, and no change.

A quick check of the Device Manager does not show the NetBT at all after revealing the hidden devices.

Looks like I am off to the full format and reload on these two.

Took Run5K's advice and took down the product keys to use during reinstall.
link

answered 2011-12-15 at 10:22:43

TroysComputerClinic's gravatar image

TroysComputerClinic

Rating as good.  Only because I was trying to fix the system in place rather than having to format and reinstall.
link

answered 2011-12-15 at 11:05:08

TroysComputerClinic's gravatar image

TroysComputerClinic

Wish we had more time to troubleshoot, as there were a few more reg keys we could ahve looked at......

Glad youre done though.....
link

answered 2011-12-15 at 11:10:18

johnb6767's gravatar image

johnb6767

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×1

Asked: 12/15/2011 01:00

Seen: 340 times

Last updated: 12/15/2011 03:10