trouble with wireless connection HJTlog

My machine:
Dell Inspiron 5100
P4 2.4Ghz
384 Mb RAM
Windows XP Pro SP2

I am having problems that seem to center around my wireless internet connection that I have via pcmcia card. When I boot my machine with the card in the slot, Windows experiences an error that looks like a memory access error so now I cannot boot my machine with the card in the slot.

Also, once the machine boots, another error is created at the logon prompt that says Windows has a problem with svchost.exe.

After I login, my windows taskbar is in classic style, then eventually switches over to the xp style. Then Windows gives me popups saying that Generic Win32 processes are not functioning as well as other errors.

Now when I try to use my wireless card, it is never able to find an IP address unless I run WinsockXPFix.exe and this seems to solve the problem. Everything runs beautifully (as it is right now) until my next reboot when I have to go through this process all over again! Here is my hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 5:57:46 PM, on 10/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\SlickRun\sr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
e:\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
E:\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Andrew\Application Data\Mozilla\Profiles\default\jdedr0y2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://e%3A%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Andrew\Application Data\Mozilla\Profiles\default\jdedr0y2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - (no file)
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.nova-dataonline.com/admin/FileManager/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

Any thoughts?

PS I have already run antivirus, Adaware, Spybot

Hi indy_jones,

Your HijackThis log is actually quite clean...

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

If you have any questions before starting the fix, please don't hesitate to ask!

Logoff your internet connection. Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

O3 - Toolbar: (no name) - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - (no file)

Unless you have the Spybot Search & Destroy option 'Lock homepage from changes' active, or your system administrator put this into place, have HijackThis fix this:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Next...

Go to Start > Run > type "cleanmgr" (without the quotes). > Select the drive to clean up (usually C ) > Place a checkmark next to the following:

Temporary Internet Files
Recycle Bin
Temporary Files

Then click OK.

Post a fresh HijackThis log.

As for your wireless connectivity, check the wireless card's manufacturer's web site for updated drivers.

Tom

Hey, thanks for helping!

Alright, I did what you said and then I read another post of yours in which you told the person to enable all startup applications in msconfig. So after I fixed the two entries you told me to, I enabled all startup options in msconfig (I really only use 3 of these entries) an ran hijack this again

Some other information, I have had three specific error popups:

1. It states that a certain instruction cannot be written to a certain location in memory.

2. A generic Win32 proccess has failed and needs to close

3. svchost.exe has encountered an error and needs to close

and the wireless is still screwed up (haven't checked for drivers yet, though)

Thanks for your help!

Here's the log:
Logfile of HijackThis v1.98.2
Scan saved at 6:14:21 PM, on 11/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\SlickRun\sr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Andrew\Application Data\Mozilla\Profiles\default\jdedr0y2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://e%3A%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Andrew\Application Data\Mozilla\Profiles\default\jdedr0y2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [AVG_CC] E:\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CSLauncher] e:\CS-Launcher\CSLauncher.exe
O4 - Global Startup: Monitor Apache Servers.lnk = E:\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.nova-dataonline.com/admin/FileManager/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

indy_jones,

Your log is clean.

When you boot your machine without the wireless card, it boots ok?

Tom

no, if the card is in the slot, I get a weird blue screen telling me that there was a fatal error and that Windows is performing a memory dump.

if the card isn't in the slot, I just get those memory access and vschost.exe errors.

When you mention vschost.exe errors, do you mean svchost.exe?

Download Stinger. Save it to your Desktop. Double-click it to start it. Make sure all of your drives are listed in the "Directories to scan" box (C:\ D:\ E:\, etc.). Click the Scan Now button and let it remove anything it finds.

http://vil.nai.com/vil/stinger/

Next...

Perform an onlne virus scan from this site:

Trend Micro Housecall - Again, select all of your drives to be scanned. Please check "Auto clean" before scanning.

http://housecall.trendmicro.com/

If you can, copy and paste the report logs from the scans into your next post.

Next....

Let's do some more cleaning up:

Download Ad-Aware SE Personal Edition version 1.05 from:

http://www.lavasoft.de/support/download/

Run Adaware, click the "Check for Updates now" link. Install the latest reference file

Perform a "Full system scan" with Adaware. Remove all checked items.

Then...

Download, install and UPDATE Spybot Search and Destroy 1.3. Scan and fix all items checked in RED.

http://www.safer-networking.org/en/download/index.html

Reboot and post a fresh HijackThis log.

Tom