Post copied from Networking forum, may still be a router/configuration issue though.

Original post text:
"
Ok. This is the second day straight that I've worked on this. I'm working on my gf's laptop.
Context: WinXP sp1, IE 6. Zonealarm. Netgear wgr614 router, wg511 network card.
Connection works.
Ping to ip and name work.
Ping to gateway works.
Excellent/very good signal.
DNS is set to auto on all systems, DHCP auto on all systems. Wired computer doesn't appear to have the same issues. Router spoofing MAC addy from wired system.
WEP secured, key shared.
Network card shares IRQ 11 with Cardbus controller. No conflicts.
Again, no problems connecting (and surfing to an extent.)

Problem: Frequent "page cannot be displayed" errors: f5, refreshing and/or selecting the address then (ctrl-c > ctrl-o > ctrl-v >enter) works to load the page, usually in one attempt. Particular websites refuse to load easily eg. Hotmail.com, Cosmopolitan.com (used to test for functionality).
Unusually long load time for each new address.
Extremely long, ~1 minute, load for IE. If the IE button is clicked while windows is still loading the other startup programs it opens in a snap, but doesn't load a page because the wireless isn't connected. If it is clicked after windows has loaded all it's startup programs, it takes around a minute to load. Seems like a hijack right? Read on.

Solutions sought:
System was restored to a point before recent installs but there was no affect on the connection errors. Prior to any virus scans Sys restore was disabled. Scans all made in safe mode first and again in normal.
AVG Virus Scan - 3 entries found and removed.
Trojan Downloader Small.34.l wmplayer.exe.tmp,
Generic.Qg. cmeae05.dll,
Generic.QG. dppndw30104lib.dll.
TrojanHunter - No entries.
CWShredder - No entries.
Stinger from McAfee - no entries.
Spybot S&D - Several cookies, few minor items all cleaned, Alexa related.
Adware - Several cookies removed.
Hijackthis - only roughly 15 items, none suspicious.
cmd>tasklist: yeilds nothing that isn't in taskmanager.
Accessibility option: Tools>Internet options>'General' - Accessibility>uncheck custom Style sheet. No affect.
Third party browsing: Tools>Internet Options>Advanced>Uncheck "Enable third party browser extensions." No affect.

As I fell asleep working on this thing this morning a window opened on the computer that went to "www.weeklycashincome.com." I can't be certain that I didn't click a link for it cuz I was dozing off, although i didn't see one anywhere that I could've clicked. Again, sp1 so pop-ups aren't blocked. As I started this post a window came up for blogger.com. Appeared to be a legit page access as though I'd typed in www.blogger.com, but I didn't.
Again, I think it's a hijack, but I have been unable to find any evidence of such. I am almost 100% positive all my network settings are configured properly.

Some extraneous, possibly irrelevant facts. Recently, this laptop could connect to a public wep secured network, but couldn't browse the internet. The MAC address had been given direct access to the network as well, but no internet sites could be viewed. Also, several windows errors occured when setting WMP10 properties, closing/opening one or more IE windows, etc. It was severe enough to prompt a system restore.
Some help would be greatly appreciated. Thanks. Citizenchan. PEACE >
"

Since adding this post I upgraded to sp2, problems persist. Perhaps more so though it's very inconsistent. I am also including an HJT log. The problem although inconsistent seems to occur when wired directly to the network as well. However, The wired desktop also exhibits similar behavior, albeit less severe. Makes me thing there may be an issue with the Router, though it has the most recent firmware. Secondly, that computer is not mine, and I suspect it's got it's own host of nasties doing their work on it. So I can be inconclusive about whether this problem is located on this machine or in the router/configuration. Regardless, all my work on the wireless system have been with the wired system off, so any nasties on it can't possibly be cluttering the network with traffic.

Logfile of HijackThis v1.99.1
Scan saved at 11:45:25 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Tita\My Documents\My Downloads\VIRUS SCANNERS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120197659492
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137985872306
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe


The omniform entry above is part of a service intended to be on the system, but that doesn't necessarily exclude it from investigation. Thanks a bunch. PEACE >

Forgot to add that I thought Zonealarm was causing the problems. Might've been my head after the third straight day of work, but I turned it off and 'thought' I saw a performance boost. So, I uninstalled it, the real uninstall not just Add/Remove Programs, and installed sp2 with windows firewall. Still no affect, not a trace of ZA on the system anymore.

EDIT: Sorry to keep adding to my already long post. This may or may not mean something. I usually ctrl-n, ctrl-o to open a new page. I did that just now and went to gmail. It gave me "page cannot be..." error, IE then proceeded to load roughly 40 more windows all pointed at gmail, and all giving the same error. Very odd.

I don't see any malicious entries in your log, but what you describe (slow program start, delayed page loads, going to odd sites, etc.) does sound fishy. A couple of things to try:

1. Download Firefox and see if it exhibits any of the same browsing problems.

2. Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning" which might be related to the problems. Double-clicking on such an entry will open a properties window with more detailed information on the error; post that info here. To do so:

In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

Thanks for the suggestion. Unfortunately, I can only see my girlfriend again this weekend, so I'll have to wait until then to try it out. I will be back to this thread at the end of the week when I can get in front of her computer again. Thanks DMR. PEACE >

OK- we'll be here...

Hey. Ok, at long last I am back at the trouble comp. I am taking a look at the event viewer and see a lot of errors. I don't think I'll post all the error details here, I'll wait to see if you want to see any particular one. Under 'System' there are a few dozen "Errors" for DHCP, DCOM, and W32Time. A few for Tcpip, a few for IRevents. There are "Warnings" for tcpip and DHCP as well. The laptop does have an infrared data transfer port that may be related to the irevent, but I don't know. Also, there are errors from last week for atapi, but those haven't recurred since. Below is the log details for the most recent Dhcp error. Application log shows several hangs for explorer and trojanhunter. The majority of all these errors are from last week when I was working on the comp.

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 1/28/2006
Time: 9:54:43 PM
User: N/A
Computer: CLAUDIA
Description:
The IP address lease 192.168.1.2 for the Network Card with network address 00095BC2A166 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

repairing/troubleshooting this stuff is beyond me, so whatever suggestions you have would be great. Thanks.

Well, I've restarted the system several times since my last post and as of yet haven't gotten any new errors. I think the errors I had from before are from when I was actually setting up the network. The weirdest things happen with this thing. I was using it today and the battery is perma dead, so I was moving from one spot to another in the house and it died before I could plug it back in. When I restarted, twice IE didn't even open when I clicked it. I tried to run the Control panel and it didn't open either. So I shutdown and it had two "end task/wait" dialogs for iexplorer. I wonder if somehow IE got messed up with all the updates..? Additionally, the computer crashes randomly, but seem to be isolated to when playing dvd's through media player 10 with xpack installed. Although, this wasn't a problem until these other problems arose. I've run "nasties" scans galore with not a single result since the first set posted above. Getting rather frustrated now as the symptoms seem to multiply upon and already elusive problem. I dl'd firefox and I can't say for sure if the problems occur with it as well. They appear not to, however, the symptoms themselves are seemingly random for the most part, so it's tough to say. Thanks for the help.

That could certainly be the case, at least for the DHCP and TCP/IP errors. The W32 Time messages are just the Windows Time service telling you that it can't reach a network time server to synchronize your computer's clock to, which could be due to Windows attempting to reach a time server at a point when you aren't connected to the 'Net, or to the fact that you haven't specified the address of a valid time server. The DCOM errors could relate to a number of things; posting the details of a couple of those might not hurt.

IE might be damaged in some way, but considering that you said the computer had just crashed because of the dead battery, it might only have been a "one-time confusion" caused by the crash; it's hard for me to say for sure, as I'm not sitting in front of the system.

If you can determine anything more definitive on that, please let us know; WMP has many issues of its own which have nothing to do with malicious infections.

Use FF a little longer and see if you can make a better determination on that; knowing whether or not the website access issues are isolated to IE or not would be helpful.

Hey DMR. Thanks for getting back to me. Yes, Firefox seems to run faster than IE, though I suspect that's part of the appeal. As for the page errors, they occur in firefox as well. More often than I'd expect on a wireless->cable network at 2:45 in the afternoon. The crash after dying probably was isolated, nothing like that has happened since. I'll watch a dvd to see if it crashes again while awaiting your next post. The DCOM errors are telling me "These services cannot be started in safe mode" from when I was running the virus scans and such. I think that makes them inconsequential but I'll throw the logs up here anyway. I got a2free scanner today and ran that, only found cookies. I also ran winsockxpfix after creating a restore point and backing up the registry. That seemed to make ie open and run faster for particular sites, but the errors still occur on others. I am finding the errors occur on certain sites, gmail, hotmail, google on occasion, though not limited to those sites. Generally msn.com, the homepage, takes a while, but loads the first time with only a few images missing. That could be because it's cached though. But on the same token, I can visit gmail over and over and sometimes I'll get the "Page..." error, others I wont. Thanks again.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 1/23/2006
Time: 6:30:19 AM
User: NT AUTHORITY\SYSTEM
Computer: CLAUDIA
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


There are other errors mingled with the DCOM errors, that I presume occured when I was in safe mode, but may be illuminating in some way for you:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 1/23/2006
Time: 6:13:40 AM
User: N/A
Computer: CLAUDIA
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
P3
RasAcd
Rdbss
Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 1/23/2006
Time: 6:13:40 AM
User: N/A
Computer: CLAUDIA
Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 1/23/2006
Time: 6:13:40 AM
User: N/A
Computer: CLAUDIA
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 1/23/2006
Time: 6:12:52 AM
User: CLAUDIA\Tita
Computer: CLAUDIA
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
This last one occurs twice 3 seconds apart.

Ok. I finally got a chance to talk to the roommate who's comp is the wired system in the network. She says her internet is not as functional as it used to be. So I'm going to assume there is an issue with the router. It's had problems before with functionality, and netgear I hear isn't quite as good as Linksys. So I'm going to run to bestbuy and buy a linksys and see if that made a difference. I'll be back.