Tweaking.com Support Forums
		Main Forum => General Computer Support => Topic started by: Dinky1s on October 10, 2012, 06:51:32 pm
		
			
			- 
				I only use Firefox and Opera (FF mostly).  After having some other computer issues, i ran a few scans with adwcleaner, Roguekiller, rkiller, combofix and others.  There were a few nasties in there that were clean.  Scans are generally coming up clean now.  HOwever, since then, I am unable to download anything without the browsers freezing.  I can access the internet fine, surf all day, but if I go to download a program the browser (but not the rest of the computer) freezes and I have to use Task Master to close it out.  It does not matter if I use FF or Opera, attempting to DL freezes.   Also, with FF if I try to choose Options, FF freezes, however, I can select Private Browsing off the same Tools menu with no problem.   This is very perplexing. :confused:
			
- 
				Did you also run tdsskiller?
 
 Shane
- 
				Just ran it....clean.
			
- 
				Ran RKill again for the fun of it.   I'm posting the newest results first...as you'll see it keeps finding the same thing.
 
 Rkill 2.4.3 by Lawrence Abrams (Grinler)
 http://www.bleepingcomputer.com/
 Copyright 2008-2012 BleepingComputer.com
 More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
 Program started at: 10/11/2012 07:25:54 PM in x86 mode.
 Windows Version: Microsoft Windows XP Service Pack 3
 
 Checking for Windows services to stop:
 
 * No malware services found to stop.
 
 Checking for processes to terminate:
 
 * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 2288) [WD-HEUR]
 * C:\DOCUME~1\Owner1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe (PID: 2712) [T-HEUR]
 
 2 proccesses terminated!
 
 Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
 Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
 Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
 [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = dword:00000000
 
 Checking Windows Service Integrity:
 
 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
 
 Searching for Missing Digital Signatures:
 
 * No issues found.
 
 Checking HOSTS File:
 
 * HOSTS file entries found:
 
 127.0.0.1       localhost
 
 Program finished at: 10/11/2012 07:26:59 PM
 Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)
 
 
 
 EARLIER RESULT
 
 
 Rkill 2.4.3 by Lawrence Abrams (Grinler)
 http://www.bleepingcomputer.com/
 Copyright 2008-2012 BleepingComputer.com
 More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
 Program started at: 10/09/2012 05:16:50 PM in x86 mode.
 Windows Version: Microsoft Windows XP Service Pack 3
 
 Checking for Windows services to stop:
 
 * No malware services found to stop.
 
 Checking for processes to terminate:
 
 * C:\WINDOWS\system32\CTsvcCDA.exe (PID: 472) [WD-HEUR]
 * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 792) [WD-HEUR]
 * C:\DOCUME~1\Owner1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe (PID: 3600) [T-HEUR]
 
 3 proccesses terminated!
 
 Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
 Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
 Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
 [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = dword:00000000
 
 Checking Windows Service Integrity:
 
 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
 
 Searching for Missing Digital Signatures:
 
 * No issues found.
 
 Checking HOSTS File:
 
 * HOSTS file entries found:
 
 127.0.0.1       localhost
 
 Program finished at: 10/09/2012 05:18:26 PM
 Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)
 
- 
				Checking Windows Service Integrity: 
 
 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
 
 This could be a problem! May not be a solution to your posted problem, but should be fixed if not a false positive.
 
 Run regedit.exe and check the ImagePath value of the RpcSs service key. It should be the same as listed above.
 HKLM\SYSTEM\CurrentControlSet\Services\RpcSs
 
 Right click on the service and export before making any changes!
 Post the exported RpcSs.reg.
 
 Also please run FarBar Service Scanner and post the log file. Check all boxes.
 http://www.bleepingcomputer.com/download/farbar-service-scanner/
- 
				Ran RegEdit and attempted to attach the .reg file but apparently I cannot attach or upload files either w/o the browser freezing up.  So after a restart of FF, I'm giving results of Farbar and I will post the .reg file from another comp. 
 
 
 AND...
 
 Farbar Service Scanner Version: 07-10-2012
 Ran by Owner1 (administrator) on 12-10-2012 at 21:08:33
 Running from "J:\Malware Progs"
 Microsoft Windows XP Professional Service Pack 3 (X86)
 Boot Mode: Normal
 ****************************************************************
 
 Internet Services:
 ============
 
 Connection Status:
 ==============
 Localhost is accessible.
 LAN connected.
 Google IP is accessible.
 Google.com is accessible.
 Yahoo IP is accessible.
 Yahoo.com is accessible.
 
 
 Windows Firewall:
 =============
 
 Firewall Disabled Policy:
 ==================
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall"=DWORD:0
 
 
 System Restore:
 ============
 
 System Restore Disabled Policy:
 ========================
 
 
 Security Center:
 ============
 
 Windows Update:
 ============
 
 Windows Autoupdate Disabled Policy:
 ============================
 
 
 File Check:
 ========
 C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
 C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
 C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
 C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
 C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
 C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
 C:\WINDOWS\system32\netman.dll => MD5 is legit
 C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
 C:\WINDOWS\system32\srsvc.dll => MD5 is legit
 C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
 C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
 C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
 C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
 C:\WINDOWS\system32\qmgr.dll => MD5 is legit
 C:\WINDOWS\system32\es.dll => MD5 is legit
 C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
 C:\WINDOWS\system32\svchost.exe => MD5 is legit
 C:\WINDOWS\system32\rpcss.dll => MD5 is legit
 C:\WINDOWS\system32\services.exe => MD5 is legit
 
 Extra List:
 =======
 aswFW(9) aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
 0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
 IpSec Tag value is correct.
 
 **** End of log ****
- 
				What add ons are installed in firefox?
 
 Shane
- 
				Here is .reg log. 
 
 I reinstalled a clean version of FF, so there are no plug-ins or extensions in FF.  I had no previous problems with add-ons in FF.   My two cents...I think running the scans made some changes.  I was not having browser problems previous to that.
- 
				Ok so your RpcSs ImagePath is actually ok. The difference between the 2 is the addition of the file extension (.exe) to the svhost. The original ImagePath value doesn't have this which I believe is why RKill reports it incorrectly. You can remove this manually via regedit if you wish, leave it alone, or use the atached reg file to change it.
 
 example:
 your current ImagePath Value is:
 %SystemRoot%\system32\svchost.exe -k rpcss
 
 The original Value is:
 %SystemRoot%\system32\svchost -k rpcss
 
 Either value will work just fine.
 
 
 What type of internet connection are you using? Wireless, Ethernet etc?
 Are you using a Proxy or VPN?
 
 Some things to try:
 If you have more than one antivirus uninstall all but one.
 Turn off any antivirus real time protection.
 Turn off your firewall (again you should only have 1)
 Try booting into safe mode with networking.
 reset router/modem.
 Using another PC download your network adapter drivers from your PC manufacturer and transfer to pc.
 Uninstall your network adpater drivers (check the box to delete driver) then reboot and install the one you downloaded ealier.
 
 Please report your findings.
 
 You may also try resting your TCP/IP settings: http://support.microsoft.com/kb/299357
 And your winsock/LSP: http://www.cexx.org/lspfix.htm
 
 NOTE: Any programs that use alternate winsock settings will need to be reinstalled after doing these fixes!
- 
				SOLVED
 
 Just did a clean install of xp
 
 Got my internet explorer back, able to d/l from FF and Opera and more!   Suck having to reinstall everything...but much happier.  Thanks for everything guys!