BleepingComputer.com: Partially removed a virus, now Malware Bytes is constantly blocking it accessing the web

I came home last night and logged into my laptop and got a virus from one of the websites I had been sitting on. I didn't take time to look at the details of what it was, it was one of those trying to say my computer was infected and needed to buy their software.

I rebooted into safemode and updated and ran Malwarebytes. Malware bytes found 7 problems that it removed the 1st time and then 1 problem the 2nd time I ran it. The 3rd time I ran Malware bytes in Safe Mode without networking and it found nothing.

Once I enter in the password to login into my computer it takes about 10 minutes for my settings to load.

Malware bytes is constantly popping up that it's blocking something from accessing a potentially malicious site. I have a long list of IP's that are trying to be accessed. I'm sure there are other IP's that I haven't been fast enough to write down.

63.223.106.17
83.133.119.155
83.133.121.147
83.133.121.156
83.133.121.55
83.133.124.196
83.133.124.250
89.28.105.113
91.207.60.22
106.161.121.126
148.185.250.210
206.161.121.100

I've also gotten a couple of notes from Malware bytes that a program was trying to be run that was stopped:

c:\Windows\Temp\JshQO\setup.exe (trojan.email)
c:\Windows\Temp\O.371307276174338.exe (Trojan.fakealert)

Can someone help me get rid of this virus for good? I have Windows XP.

Here are my logs:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Brea at 15:30:24 on 2011-11-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1992.1059 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\brea\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pidgin~1.lnk - c:\program files\pidgin\pidgin.exe
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://webdeposit.ensenta.com/eztwainx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
TCP: Interfaces\{2028C34C-4F76-4D0C-9DB9-A8347AF0492D} : DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
Notify: igfxcui - igfxdev.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brea\application data\mozilla\firefox\profiles\m3dkrqom.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2011-3-16 152576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-25 366152]
R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\neatworks\exec\NeatWorksDatabaseController.exe [2011-3-2 351384]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2011-10-10 243856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-25 22216]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-10-9 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-10-9 11104]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]
.
=============== Created Last 30 ================
.
2011-11-26 16:50:29 -------- d-----w- c:\windows\pss
2011-11-26 04:50:33 -------- d-----w- c:\documents and settings\brea\application data\Malwarebytes
2011-11-26 04:50:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-26 04:50:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:50:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 23:11:38 20120 ----a-w- c:\windows\system32\dopdfmn6.dll
2011-11-19 23:11:38 18072 ----a-w- c:\windows\system32\dopdfmi6.dll
2011-11-19 23:11:36 -------- d-----w- c:\program files\Softland
2011-11-06 19:45:05 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-11-06 19:45:05 -------- d-----w- c:\documents and settings\brea\application data\Catalina Marketing Corp
2011-10-29 14:29:55 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-29 14:29:47 -------- d-----w- c:\program files\Coupons
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 08:25:19 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2011-10-10 08:24:57 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-10-10 08:19:58 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 04:29:42 910920 ----a-w- c:\windows\system32\pwNative.exe
2011-09-03 04:29:40 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-09-03 04:29:36 11104 ------w- c:\windows\system32\pwdspio.sys
.
============= FINISH: 15:31:03.92 ===============

This post has been edited by mommyinzion: 27 November 2011 - 10:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

I ran Combo Fix and it created a log, but my computer can no longer connect to the internet. Combo Fix said that might happen and to run Combo fix a 2nd time. I ran Combo Fix a 2nd time, but I still can't connect to the internet. I'm using a different computer to respond. Can you help me fix the internet issue, so I can send you the log?

Hello

lets try this to get you back online, let me know if it works

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.

• Double click on WinsockXPFix.exe to open.
  
• On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  
• On the ERDNT Welcome screen, click "OK".
  
• On the Backup to: screen, click "OK".
  
• On the Folder does not exist question screen click "Yes".
  
• You will see a status screen as your registry is being backed up.
  
• On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  
• On the Winsock and TCP Repair Utility screen, click "Fix".
  
• On the Apply the VB_Winsock fix? screen click "Yes".
  
• The screen will display a status message "repair completed please reboot."
  
• On the Repair Completed screen click "OK" to reboot your computer.
  
• If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  
• You should have connectivity restored.

If you have internet back come back and let me know if not go to next step

Download LSPFix and save to your desktop.
alternate download site
alternate download site

• Disconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.
  
• Open the lspfix folder and double-click on LSPFix.exe to start the program.
  
• Check the "I know what I am doing" checkbox.
  
• Click "Finish" and LSPfix will restore the chain numbers.
  
• restart the computer

Gringo

I'm a bit confused. How am I supposed to download those things, when the computer that needs them, won't connect to the internet?

I downloaded them to a flash drive and copied them to my computer.

The 1st program didn't fix it. I'm trying to run the 2nd program. It has a black window open, with a cursor flashing around the screen. It's been 20+ minutes and it seems to be still running, or hung.

Any advice?

stop it and retry it



gringo

Finally got LSP fix to run. Trying to download a zip to a Mac didn't work. I had to download it to a Win computer and then copy it to my computer.

So, it ran and said nothing needed to be fixed. But I'm still unable to connect to my wireless network. And I've tried repair.

Hello


if it is just the wireless - try and go into device manager and uninstall the wireless adapter and let it reinstall


gringo

I uninstalled my wireless driver and reinstalled it, and nothing is fixed. It still says "Not Connected"

please run the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  
  

  :filefind
  NetBT.sys
  afd.sys
  ipsec.sys
  
  :reg
  HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd /s
  HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt /s
  HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec /s
  
  

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

I'm trying to post log and forum isn't letting me

SystemLook 30.07.11 by jpshortstuff
Log created at 12:54 on 28/11/2011 by Brea
Administrator - Elevation successful

========== filefind ==========

Searching for "NetBT.sys"
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [22:49 21/07/2008] [12:00 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [09:10 10/10/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [15:33 13/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [13:30 10/10/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138112 bytes [13:25 10/10/2011] [12:00 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [14:15 15/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\system32\dllcache\afd.sys -----c- 138496 bytes [14:43 16/10/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [22:49 21/07/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

Searching for "ipsec.sys"
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [22:49 21/07/2008] [12:00 14/04/2008] A279CD19E9502F67F8ED51DA8BE3B0F3

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd]
"DisplayName"="AFD"
"Description"="AFD Networking Support Environment"
"Group"="TDI"
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
"Type"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
"Tag"= 0x0000000005 (5)
"ImagePath"="system32\DRIVERS\netbt.sys"
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"="Tcpip"
"DependOnGroup"=" "
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage]
"OtherDependencies"="Tcpip"
"Bind"="\Device\Tcpip_{D6CDB2AF-113F-4DF3-83DC-767AD979C33C} \Device\Tcpip_{49030499-E683-4CF3-BC2C-D2F4E6319135} \Device\Tcpip_{2028C34C-4F76-4D0C-9DB9-A8347AF0492D} \Device\Tcpip_{FE6BADC2-8128-4FAB-88A5-04A14EB62CDE} \Device\Tcpip_{2DA7235A-DAD1-44EC-88A4-1D9AD12901E0}"
"Route"=""Tcpip" "{D6CDB2AF-113F-4DF3-83DC-767AD979C33C}" "Tcpip" "{49030499-E683-4CF3-BC2C-D2F4E6319135}" "Tcpip" "{2028C34C-4F76-4D0C-9DB9-A8347AF0492D}" "Tcpip" "NdisWanIp""
"Export"="\Device\NetBT_Tcpip_{D6CDB2AF-113F-4DF3-83DC-767AD979C33C} \Device\NetBT_Tcpip_{49030499-E683-4CF3-BC2C-D2F4E6319135} \Device\NetBT_Tcpip_{2028C34C-4F76-4D0C-9DB9-A8347AF0492D} \Device\NetBT_Tcpip_{FE6BADC2-8128-4FAB-88A5-04A14EB62CDE} \Device\NetBT_Tcpip_{2DA7235A-DAD1-44EC-88A4-1D9AD12901E0}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]
"NbProvider"="_tcp"
"NameServerPort"= 0x0000000089 (137)
"CacheTimeout"= 0x00000927c0 (600000)
"BcastNameQueryCount"= 0x0000000003 (3)
"BcastQueryTimeout"= 0x00000002ee (750)
"NameSrvQueryCount"= 0x0000000003 (3)
"NameSrvQueryTimeout"= 0x00000005dc (1500)
"Size/Small/Medium/Large"= 0x0000000001 (1)
"SessionKeepAlive"= 0x000036ee80 (3600000)
"TransportBindName"="\Device\"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{2028C34C-4F76-4D0C-9DB9-A8347AF0492D}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{2DA7235A-DAD1-44EC-88A4-1D9AD12901E0}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{49030499-E683-4CF3-BC2C-D2F4E6319135}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{D6CDB2AF-113F-4DF3-83DC-767AD979C33C}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{FE6BADC2-8128-4FAB-88A5-04A14EB62CDE}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security]
"Security"=01 00 14 80 e8 00 00 00 f4 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 b8 00 08 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]
"0"="Root\LEGACY_NETBT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec]
"Type"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
"Tag"= 0x0000000004 (4)
"ImagePath"="system32\DRIVERS\ipsec.sys"
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec\Enum]
"0"="Root\LEGACY_IPSEC\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


-= EOF =-

I could post the log when I went to a Windows computer. I know almost nothing about Macs and have nothing but problems when I try to use my husband's. I'm really confused why people are in love with the Mac's.

• Go to Start ==> Run (or Windows key+R)
  • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
    (note that there is space after notepad)
    
  • A file opens in the notepad. Under TCP/IP Primary Install section find the following: Characteristics = 0xA0
    
  • Edit 0xA0 and replace it with 0x80 (replace A with 8)
    
  • Under File menu click Save and close the notepad.
  
  
• Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
    
  • Select Protocol from the list and then click Add.
    
  • A new window opens, click Have Disk....
    
  • In the browse... box type c:\windows\inf
    
  • Click OK.
    
  • Select Internet Protocol (TCP/IP), and then click OK.
    
  • On the Local Area Connection Properties screen select Internet Protocol (TCP/IP) and click Uninstall, and then click Yes.
    
  • Wait until it asks to restart, confirm restarting.
  
  
• Go to Start ==> Run (or Windows key+R)
  • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
    (note that there is space after notepad)
    
  • A file opens in the notepad. Under TCP/IP Primary Install section find the following: Characteristics = 0x80
    
  • Edit 0x80 and replace it with 0xA0 (replace 8 with A)
    
  • Under File menu click Save and close the notepad.
  
  
• Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install
    
  • A popup window opens. Select Protocol.
    
  • A new popup window opens. Select Internet Protocol (TCP/IP), and then click OK.
    
  • Wait until it asks to restart, confirm restarting.