0

Post copied from Networking forum, may still be a router/configuration issue though.

Original post text:
"
Ok. This is the second day straight that I've worked on this. I'm working on my gf's laptop.
Context: WinXP sp1, IE 6. Zonealarm. Netgear wgr614 router, wg511 network card.
Connection works.
Ping to ip and name work.
Ping to gateway works.
Excellent/very good signal.
DNS is set to auto on all systems, DHCP auto on all systems. Wired computer doesn't appear to have the same issues. Router spoofing MAC addy from wired system.
WEP secured, key shared.
Network card shares IRQ 11 with Cardbus controller. No conflicts.
Again, no problems connecting (and surfing to an extent.)

Problem: Frequent "page cannot be displayed" errors: f5, refreshing and/or selecting the address then (ctrl-c > ctrl-o > ctrl-v >enter) works to load the page, usually in one attempt. Particular websites refuse to load easily eg. Hotmail.com, Cosmopolitan.com (used to test for functionality).
Unusually long load time for each new address.
Extremely long, ~1 minute, load for IE. If the IE button is clicked while windows is still loading the other startup programs it opens in a snap, but doesn't load a page because the wireless isn't connected. If it is clicked after windows has loaded all it's startup programs, it takes around a minute to load. Seems like a hijack right? Read on.

Solutions sought:
System was restored to a point before recent installs but there was no affect on the connection errors. Prior to any virus scans Sys restore was disabled. Scans all made in safe mode first and again in normal.
AVG Virus Scan - 3 entries found and removed.
Trojan Downloader Small.34.l wmplayer.exe.tmp,
Generic.Qg. cmeae05.dll,
Generic.QG. dppndw30104lib.dll.
TrojanHunter - No entries.
CWShredder - No entries.
Stinger from McAfee - no entries.
Spybot S&D - Several cookies, few minor items all cleaned, Alexa related.
Adware - Several cookies removed.
Hijackthis - only roughly 15 items, none suspicious.
cmd>tasklist: yeilds nothing that isn't in taskmanager.
Accessibility option: Tools>Internet options>'General' - Accessibility>uncheck custom Style sheet. No affect.
Third party browsing: Tools>Internet Options>Advanced>Uncheck "Enable third party browser extensions." No affect.

As I fell asleep working on this thing this morning a window opened on the computer that went to "www.weeklycashincome.com." I can't be certain that I didn't click a link for it cuz I was dozing off, although i didn't see one anywhere that I could've clicked. Again, sp1 so pop-ups aren't blocked. As I started this post a window came up for blogger.com. Appeared to be a legit page access as though I'd typed in www.blogger.com, but I didn't.
Again, I think it's a hijack, but I have been unable to find any evidence of such. I am almost 100% positive all my network settings are configured properly.

Some extraneous, possibly irrelevant facts. Recently, this laptop could connect to a public wep secured network, but couldn't browse the internet. The MAC address had been given direct access to the network as well, but no internet sites could be viewed. Also, several windows errors occured when setting WMP10 properties, closing/opening one or more IE windows, etc. It was severe enough to prompt a system restore.
Some help would be greatly appreciated. Thanks. Citizenchan. PEACE >
"

Since adding this post I upgraded to sp2, problems persist. Perhaps more so though it's very inconsistent. I am also including an HJT log. The problem although inconsistent seems to occur when wired directly to the network as well. However, The wired desktop also exhibits similar behavior, albeit less severe. Makes me thing there may be an issue with the Router, though it has the most recent firmware. Secondly, that computer is not mine, and I suspect it's got it's own host of nasties doing their work on it. So I can be inconclusive about whether this problem is located on this machine or in the router/configuration. Regardless, all my work on the wireless system have been with the wired system off, so any nasties on it can't possibly be cluttering the network with traffic.

Logfile of HijackThis v1.99.1
Scan saved at 11:45:25 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Tita\My Documents\My Downloads\VIRUS SCANNERS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120197659492
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137985872306
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe


The omniform entry above is part of a service intended to be on the system, but that doesn't necessarily exclude it from investigation. Thanks a bunch. PEACE >

2
Contributors
17
Replies
18
Views
11 Years
Discussion Span
Last Post by citizenchan
0

Forgot to add that I thought Zonealarm was causing the problems. Might've been my head after the third straight day of work, but I turned it off and 'thought' I saw a performance boost. So, I uninstalled it, the real uninstall not just Add/Remove Programs, and installed sp2 with windows firewall. Still no affect, not a trace of ZA on the system anymore.

EDIT: Sorry to keep adding to my already long post. This may or may not mean something. I usually ctrl-n, ctrl-o to open a new page. I did that just now and went to gmail. It gave me "page cannot be..." error, IE then proceeded to load roughly 40 more windows all pointed at gmail, and all giving the same error. Very odd.

0

I don't see any malicious entries in your log, but what you describe (slow program start, delayed page loads, going to odd sites, etc.) does sound fishy. A couple of things to try:

1. Download Firefox and see if it exhibits any of the same browsing problems.

2. Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning" which might be related to the problems. Double-clicking on such an entry will open a properties window with more detailed information on the error; post that info here. To do so:

In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

0

Thanks for the suggestion. Unfortunately, I can only see my girlfriend again this weekend, so I'll have to wait until then to try it out. I will be back to this thread at the end of the week when I can get in front of her computer again. Thanks DMR. PEACE >

0

Hey. Ok, at long last I am back at the trouble comp. I am taking a look at the event viewer and see a lot of errors. I don't think I'll post all the error details here, I'll wait to see if you want to see any particular one. Under 'System' there are a few dozen "Errors" for DHCP, DCOM, and W32Time. A few for Tcpip, a few for IRevents. There are "Warnings" for tcpip and DHCP as well. The laptop does have an infrared data transfer port that may be related to the irevent, but I don't know. Also, there are errors from last week for atapi, but those haven't recurred since. Below is the log details for the most recent Dhcp error. Application log shows several hangs for explorer and trojanhunter. The majority of all these errors are from last week when I was working on the comp.

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 1/28/2006
Time: 9:54:43 PM
User: N/A
Computer: CLAUDIA
Description:
The IP address lease 192.168.1.2 for the Network Card with network address 00095BC2A166 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

repairing/troubleshooting this stuff is beyond me, so whatever suggestions you have would be great. Thanks.

0

Well, I've restarted the system several times since my last post and as of yet haven't gotten any new errors. I think the errors I had from before are from when I was actually setting up the network. The weirdest things happen with this thing. I was using it today and the battery is perma dead, so I was moving from one spot to another in the house and it died before I could plug it back in. When I restarted, twice IE didn't even open when I clicked it. I tried to run the Control panel and it didn't open either. So I shutdown and it had two "end task/wait" dialogs for iexplorer. I wonder if somehow IE got messed up with all the updates..? Additionally, the computer crashes randomly, but seem to be isolated to when playing dvd's through media player 10 with xpack installed. Although, this wasn't a problem until these other problems arose. I've run "nasties" scans galore with not a single result since the first set posted above. Getting rather frustrated now as the symptoms seem to multiply upon and already elusive problem. I dl'd firefox and I can't say for sure if the problems occur with it as well. They appear not to, however, the symptoms themselves are seemingly random for the most part, so it's tough to say. Thanks for the help.

0

Well, I've restarted the system several times since my last post and as of yet haven't gotten any new errors. I think the errors I had from before are from when I was actually setting up the network.

That could certainly be the case, at least for the DHCP and TCP/IP errors. The W32 Time messages are just the Windows Time service telling you that it can't reach a network time server to synchronize your computer's clock to, which could be due to Windows attempting to reach a time server at a point when you aren't connected to the 'Net, or to the fact that you haven't specified the address of a valid time server. The DCOM errors could relate to a number of things; posting the details of a couple of those might not hurt.

...the battery is perma dead, so I was moving from one spot to another in the house and it died before I could plug it back in. When I restarted, twice IE didn't even open when I clicked it. I tried to run the Control panel and it didn't open either. So I shutdown and it had two "end task/wait" dialogs for iexplorer. I wonder if somehow IE got messed up with all the updates..?

IE might be damaged in some way, but considering that you said the computer had just crashed because of the dead battery, it might only have been a "one-time confusion" caused by the crash; it's hard for me to say for sure, as I'm not sitting in front of the system.

Additionally, the computer crashes randomly, but seem to be isolated to when playing dvd's through media player 10 with xpack installed.

If you can determine anything more definitive on that, please let us know; WMP has many issues of its own which have nothing to do with malicious infections.

... I dl'd firefox and I can't say for sure if the problems occur with it as well...

Use FF a little longer and see if you can make a better determination on that; knowing whether or not the website access issues are isolated to IE or not would be helpful.

0

Hey DMR. Thanks for getting back to me. Yes, Firefox seems to run faster than IE, though I suspect that's part of the appeal. As for the page errors, they occur in firefox as well. More often than I'd expect on a wireless->cable network at 2:45 in the afternoon. The crash after dying probably was isolated, nothing like that has happened since. I'll watch a dvd to see if it crashes again while awaiting your next post. The DCOM errors are telling me "These services cannot be started in safe mode" from when I was running the virus scans and such. I think that makes them inconsequential but I'll throw the logs up here anyway. I got a2free scanner today and ran that, only found cookies. I also ran winsockxpfix after creating a restore point and backing up the registry. That seemed to make ie open and run faster for particular sites, but the errors still occur on others. I am finding the errors occur on certain sites, gmail, hotmail, google on occasion, though not limited to those sites. Generally msn.com, the homepage, takes a while, but loads the first time with only a few images missing. That could be because it's cached though. But on the same token, I can visit gmail over and over and sometimes I'll get the "Page..." error, others I wont. Thanks again.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 1/23/2006
Time: 6:30:19 AM
User: NT AUTHORITY\SYSTEM
Computer: CLAUDIA
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


There are other errors mingled with the DCOM errors, that I presume occured when I was in safe mode, but may be illuminating in some way for you:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 1/23/2006
Time: 6:13:40 AM
User: N/A
Computer: CLAUDIA
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
P3
RasAcd
Rdbss
Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 1/23/2006
Time: 6:13:40 AM
User: N/A
Computer: CLAUDIA
Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 1/23/2006
Time: 6:13:40 AM
User: N/A
Computer: CLAUDIA
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 1/23/2006
Time: 6:12:52 AM
User: CLAUDIA\Tita
Computer: CLAUDIA
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
This last one occurs twice 3 seconds apart.

0

Ok. I finally got a chance to talk to the roommate who's comp is the wired system in the network. She says her internet is not as functional as it used to be. So I'm going to assume there is an issue with the router. It's had problems before with functionality, and netgear I hear isn't quite as good as Linksys. So I'm going to run to bestbuy and buy a linksys and see if that made a difference. I'll be back.

0

1. I think you're right- the DCOM errors are most likely just a result of the Safe Mode bootups.

2. Concerning the router: I used to prefer Netgear equipment, but I've honestly had better experiences with Linksys gear in the last few years, especially when it comes to wireless devices. If it really is an issue related to the router, trying a Linksys might very well clear things up.

Good luck; let us know how it goes...

0

OK, initial success followed by further perturbitude, if that's a word. I setup the linksys, wireless g wkpc54g. It ran like a bat out of hell on the wired system. So I configured it for wep and mac filtering, with the new mac addy for the laptop. I saved the settings, and went to the back to the laptop. I didn't however cycle the router. The laptop couldn't connect, it was stuck in a cycle of "Acquiring Network address" and failing and retrying the address. I went back to the wired system and it could no longer open any websites. After 15 minutes of messing with the settings. I reset and cycled the router, left it on factory settings and once again have internet on the wired system, it runs well. Now the laptop has wireless working too. Where before it either simply wouldn't connect, or got stuck acquiring network addy, it now runs fine. So my question is. Assuming the netgear was creating problems, the new ones are likely to be me just being too anxious and not giving the system the proper time and cycling to get all the settings working.booted/running? It's 12am now so, though I want to fiddle with the router settings, I can't go into the roommate's room to cycle it and see if it worked. I leave for home again tomorrow and I don't want to mess with it more and possibly down the connection again and either have to stay to fix it or just not fix it for a week. I think I will stick with this linksys, because from teh start it's better than the netgear. I think I've got it basically taken care of. I will still be setting wep and mac filtering which is what appears to be creating the problem. However, I will know for sure if that's the problem or simply me not cycling the system properly. Thanks. Till next week.

0

...So I configured it for wep and mac filtering,...The laptop couldn't connect, it was stuck in a cycle of "Acquiring Network address" ... I reset and cycled the router, left it on factory settings... Now the laptop has wireless working too.

That was probably due to enabling WEP; I've had the same thing happen with Linksys WiFi setups I've configured. Sometimes you have to "experiment" with the Wireless DHCP and WEP configuration settings (especially the order in which you enable/apply the settings) of the router/access point and the computers until they talk to each other properly. One particular "gotcha" I've encountered is that settings for a computer's wireless card in Windows' built-in network configuration can conflict with the settings in the configuration software that gets installed with the network card. Odd things happen, such as Windows thinking that it should be using a static IP address while the WiFi card software thinks it should be using DHCP.

0

A! it mite just be that ure router sucks!!

Well, that was most likely the case for the first one. Think this new one is ok though.

DMR: Ah, ok. By default the Linksys config tool has "Use XP Zero Config" Enabled. I guess I should disable that and do my fiddling. If that doesn't work, I suppose for safe measure, I could leave it enabled, configure them both the same way, then disable the Zero Config option to try and cement it in the proper configuration. That's one thing I noticed. Even though the "Use XP Zero Config" option is selected, after I open the Zero config once and try to connect, or open the Linksys tool and try to connect, I can't use Zero Config again. It tells me it's not set as the network connection manager or whatever - even though I just used it. So it sounds like you're right. Whatever the actual conflict may be, there seems to be a conflict none-the-less. Again, won't be able to do anything till this weekend, but I'll let you know. Think we've got this one hooked, just a matter of reeling it in. Thanks.

0

Even though the "Use XP Zero Config" option is selected, after I open the Zero config once and try to connect, or open the Linksys tool and try to connect, I can't use Zero Config again. It tells me it's not set as the network connection manager or whatever - even though I just used it.

Yup- exactly the conflicts I've run across. What makes things more frustrating is that there isn't one "right" way to configure WiFi cards. The instructions for some wireless devices explicitly say not to let Wireless Zero configure the card, while others say that you should let WZ configure the card; some devices are supposed to be connected to the computer before installing the associated software, while other cards have it the other way around. Go figure... [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/dunno.gif[/img]

Ah, ok. By default the Linksys config tool has "Use XP Zero Config" Enabled. I guess I should disable that and do my fiddling. If that doesn't work, I suppose for safe measure, I could leave it enabled, configure them both the same way, then disable the Zero Config option to try and cement it in the proper configuration.

Sounds like you've got the idea; those are the kinds of dances I've had to go through to resolve the problems when I've encountered them.

0

SUCCESS!!1one! Finally man. Think the last router was kinda mangled, time for ebay. haha. Just kidding. Linksys works well. Disabled the zero config, enabled wep and mac filtering seperately and with complete power cycling after each change. Things seem to be working well now. Anyway, thanks so much for the help. Hopefully, this is the end of the problem. Take care. See you around. Citizenchan PEACE >

0

Well DMR, 3 weeks ago. That computer died. It started beeping from the bios, restarting, flickering, etc, etc. It got replaced, happily, with a HP Pavilion with Turion, and all the gizmos for 1300, which is well worth it. Thanks for all the help way back.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.