it's baaaack. Downloader.exe back with friends.

No. Don't run the avenger on PMP1.
I'm looking through a CF log of PMP1.
Don't touch PMP2 for now, we've fixed that.

Can you submit this file below
c:\windows\system32\spmsg2.dll
to here for a scan.
http://virusscan.jotti.org/

Press the browse button to find the file, then double click it and hit the submit button to upload it.

PMP1

Scanner Malware name
A-Squared Trojan-Spy.Win32.Banker.JU!IK
AntiVir SPR/Tool.HideProc.O.1
ArcaVir X
Avast Win32:Trojan-gen {Other}
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus Trojan-Spy.Win32.Banker.JU
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X

Okay, it's come back as showing malware.

Delete this file.
c:\windows\system32\spmsg2.dll

Any better?

sorry, hung up for a sec personally, i'll know soon!

I'll hope for the best.
Going offline, won't be back till tomorrow night, so we can continue this then.

ok, thanks man. I'll be here PMP1 started in normal mode, seemingly quick, but it did not want to connect to the internet and timed out

Hello.
At college and I can logon here, usually can't.

Glad to here it booted, an adware banker variant stopped the boot? Wow, I think someone is out to get me.
Try winsock fix to repaid net connection?

PMP 1 - I ran WinsockFix on it and let it open it normal mode. It opened but seemed to not want to connect to the internet. I just left it alone and about a half hour later the page finally loaded. Then, same thing for a page change. So...it's connecting, just running at a snails pace!

PMP 2- keeps running fine, with good speed, on the internet. Then all of a sudden it will just stop and nothing will load. As soon as I run Winsock Fix and reboot, it starts up great, with Internet, and then the same thing happens, I run Winsock......this happens over and over again. WInsock Fixes it, goes down alone.

PMP1 - I ran something called VundoFix that I saw on another blog and it found 8 corrupted files. I removed those, did a winsock fix, rebooted and Windows loads still but hasn't connected to Internet after 20 mins...finally connected but same thing with a page change.

I don't know why Vundofix found files, there was no presence of vundo in either of your logs.
From my point, it sounds like just your net connection is unstable.
I will talk to colleague and see what he thinks.

they were audio files or something

Hello.
I've asked Digitalocksmith to take a look, because I don't know what the next step is.
No matter what we do, things get worse. =/

Please stand by.

Thank you, I'm getting pretty nervous here also. Not looking good for me! I will be here for another half hour, if we need to try something quick, (10am US Eastern) then I have some shoots today and will be back at 5:00 US E

ok I'm back here...any luck?

Nope, no PM back from digital yet.
To tell you the truth, i'm thinking format.

k

when i run combo fix it says there is a newer version...but I can't get it w/o internet. Should I try to run it again in safe mode and get the newer version if I have internet in safe mode?

You can try, but I doubt a new version will do anything.

what are your thoughts on PMP2 - it's working fine, on the internet with good speed, works for a bit, stops suddenly, I run WinsockFix, reboot, it works great for a short time, over and over....(that is exactly what PMP1 does in safe mode...in normal mode internet loads in about 30 mins)

Lets not run combofix on PMP2. I don't want it to change anything.
Do this instead.

Download OTViewIt to your desktop.

• Close all windows and open it
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  
• You may need to use two posts to get it all on the forum
  

OTViewIt Extras logfile created on: 11/11/2008 6:20:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 415.11 Mb Available Physical Memory | 40.93% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 85.87 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
Drive D: | 0.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 178.30 Gb Total Space | 31.22 Gb Free Space | 17.51% Space Free | Partition Type: NTFS

Computer Name: PMP2
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/10 09:18:02 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/10 09:18:02 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/10/29 18:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/10 09:18:02 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])
ipp: [HKLM - No CLSID value]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/10/29 18:39:36 | 01,942,824 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}"=Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{16480125-0428-4097-9A2A-74464004D169}"=EOS Capture 1.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe Extendscript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}"=Skype™ Beta 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}"=Canon Camera WIA Driver
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5D346AB1-7910-4115-B61B-468237D86C6B}"=Adobe Setup
"{6444D9D9-CD6C-4464-B970-55C606C944DC}"=Logitech QuickCam
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{652C4ADF-0A29-4B02-9211-EE61675847DE}"=Canon Camera WIA Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}"=Canon Camera WIA Driver
"{C614ED97-4594-4BE7-B6A4-471CDB77E8E0}"=Adobe Flash CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}"=Nero 7 Essentials
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe Extendscript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"Adobe_aef45239e3987fdf2a5e406d559eb22"=Adobe Flash CS3 Professional
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"CSCLIB"=Canon Camera Support Core Library
"DPP"=Canon Utilities Digital Photo Professional 2.1
"EOS Utility"=Canon Utilities EOS Utility
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}"=Canon Utilities EOS Capture 1.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}"=Canon EOS-1D Mark II N WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}"=Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}"=Canon EOS 5D WIA Driver
"lvdrivers_11.70"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSNINST"=MSN
"NAV"=Norton AntiVirus
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotomatixPro3_is1"=Photomatix Pro version 3.1
"PhotoStitch"=Canon Utilities PhotoStitch
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2008 9:03:30 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 983581070.

Error - 11/5/2008 4:52:12 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotomatixPro.exe, version 3.0.3218.18819, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2008 4:52:16 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 983581070.

Error - 11/7/2008 6:40:21 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2008 9:05:14 PM | Computer Name = PMP2 | Source = Application Error | ID = 1000
Description = Faulting application psexec.cfexe, version 1.71.0.0, faulting module
psexec.cfexe, version 1.71.0.0, fault address 0x00001b8d.

Error - 11/9/2008 9:05:56 PM | Computer Name = PMP2 | Source = Application Error | ID = 1000
Description = Faulting application psexec.cfexe, version 1.71.0.0, faulting module
psexec.cfexe, version 1.71.0.0, fault address 0x00001b8d.

Error - 11/10/2008 6:36:49 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2008 6:36:53 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2008 6:37:01 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

Error - 11/10/2008 6:37:02 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

[ System Events ]
Error - 11/11/2008 6:53:33 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 6:58:39 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 6:58:57 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:01:05 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:05:46 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:10:53 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:11:11 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:16:21 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:18:00 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:20:01 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.


< End of report >

Why didn't I think that before?
Give me a few minutes to research what these mean.

do your thing dude, you have been great.

Hello.
Your internet dropping could be coming from your router.

Are you using a normal router? the router is rejecting your router IP: 192.168.1.x

Are you using ICS (internet connection sharing?)

no I have Verizon FIOS and do not have a static IP

according to Verizon right now PMP2 is 192.168.1.3...each are set to 'obtain automatically'

Last edited by raif on 11th November 2008, 11:52 pm; edited 1 time in total

PMP1 is 192.168.1.4

Obtain DNS automatically?

So PMP1 is 1.4. And PMP2 is 1.3

What's 1.1 and 1.2?

I have a little network set up and my latptop is involved (i'm on internet now with it) Laptop is PMP3

Device Name: IP-STB2
Connection Type: Ethernet

IP Address: 192.168.1.100
Status: Inactive



PC Name: PMP3
Connection Type: Wireless

IP Address: 192.168.1.2
Status: Active
Remote Access: Enabled



PC Name: PMP2
Connection Type: Ethernet

IP Address: 192.168.1.3
Status: Active
Remote Access: Enabled



PC Name: PMP1
Connection Type: Ethernet

IP Address: 192.168.1.4
Status: Active
Remote Access: Enabled



Device Name: IP-STB1
Connection Type: Coax

IP Address: 192.168.1.103
Status: Inactive



Device Name: IP-STB4
Connection Type: Coax

IP Address: 192.168.1.104
Status: Inactive



PC Name: L00D18011185
Connection Type: Ethernet

IP Address: 192.168.1.5
Status: Inactive



PC Name:
Connection Type: Ethernet

IP Address: 192.168.1.40
Status: Active

Your laptop is the problem. Figure the laptop doesn't like the other machines?

Simply put: Your laptop is not allowing PMP2 to keep a connection. I'll do alittle more research.

by obtain automatically I meant in the TPC/IP properties, I have checked 'obtain automatically', rather than 'use this IP' (since it changes sometimes..I was told to leave it there by Verizon)

this is not the same problem with PMP1 I assume?

No, PMP1 is different,

I just remembered that I made recovery discs for this computer a while back...they are all numbered...would this help us with PMP1?

Hello. I've heard back from digitalocksmith.

Sorry to inform you, but I would rather you format. By time we clean one machine, the next one is infected because your on a LAN.
See these links, they'll help.

When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Hey man, just wanted to thank you for all of your help...you spent a lot of time with me and I appreciate it. So, as a last resort before formatting, I called Microsoft and mentioned to them that they are running commercials that say they don't get viruses anymore, I have a virus, and can't get back up...why should I not buy a Mac? They transferred me to all sorts of levels of tech support and they had me download the new Microsoft One Live Care. I ran it with the tech on the phone we cleaned up a few areas and I'm back up and running! He felt like it was a Nortons issue and said this new one live care is the way to go for their techs to fix things instantly...it worked. Thanks again for everything on PMP1

Any new thoughts on how PMP2 is getting affected by the laptop? -again, it works fine, then needs a winsock fix to get back online.

NORTON???!?!


Glad that fixed PMP1. I have no idea why the laptop doesn't like PMP2.

Tried rebooting your router?

Digitalocksmith, if your watching, any ideas?

he said you and I got rid of all of the issues but it was Norton that was stopping it all from going back up. I even had Norton disabled and then I removed it from the control panel but it wasn't until he said to use the disc to uninstall other files completely that it started working.

Well, I'm glad that fixed it.

even with my laptop off for a day, PMP2 is still needing a winsock fix everyonce in while to get reconnected to the internet. Would the laptop still be affecting the connection if it wasn't on?

It shouldn't do.
Did you try rebooting your router?

Rebooting it should get your machines a new 192.168.1.x IP and maybe sort itself out.

raif wrote:

even with my laptop off for a day, PMP2 is still needing a winsock fix everyonce in while to get reconnected to the internet. Would the laptop still be affecting the connection if it wasn't on?

I would guess the malware infection has caused a registry corruption which is creating damage to the TCP/IP stack on PMP2.

You could have a look here and try to see if these will help http://www.cexx.org/lspfix.htm, however if your going to format and clean install the OS, this will see you good!


Regards

when I click that link, it says dead link. My computer is still having the same issues even after rebooting the router...nevermind, I took the comma off the end

I think DL was trying to link to this.
http://www.downloads.subratam.org/lspfix.zip

Unzip > Run it > tick "I know what I'm doing" > hit finish.

I ran LSP fix but it didn't help. The computer runs great, just loses connection once in a while and I have to run WinsockFix to get back online...let me know if you have any more ideas. Something that we did on PMP2 changed something. Thanks man!