Author Topic: Cannot download...browsers freeze (Read 13852 times)

Dinky1s · « **on:** October 10, 2012, 06:51:32 pm »

I only use Firefox and Opera (FF mostly). After having some other computer issues, i ran a few scans with adwcleaner, Roguekiller, rkiller, combofix and others. There were a few nasties in there that were clean. Scans are generally coming up clean now. HOwever, since then, I am unable to download anything without the browsers freezing. I can access the internet fine, surf all day, but if I go to download a program the browser (but not the rest of the computer) freezes and I have to use Task Master to close it out. It does not matter if I use FF or Opera, attempting to DL freezes. Also, with FF if I try to choose Options, FF freezes, however, I can select Private Browsing off the same Tools menu with no problem. This is very perplexing.

Shane · « **Reply #1 on:** October 11, 2012, 12:33:55 pm »

Did you also run tdsskiller?

Shane

Dinky1s · « **Reply #2 on:** October 11, 2012, 05:12:05 pm »

Just ran it....clean.

Dinky1s · « **Reply #3 on:** October 11, 2012, 05:26:22 pm »

Ran RKill again for the fun of it. I'm posting the newest results first...as you'll see it keeps finding the same thing.

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/11/2012 07:25:54 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\MsPMSPSv.exe (PID: 2288) [WD-HEUR]
* C:\DOCUME~1\Owner1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe (PID: 2712) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/11/2012 07:26:59 PM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)

EARLIER RESULT

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/09/2012 05:16:50 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\CTsvcCDA.exe (PID: 472) [WD-HEUR]
* C:\WINDOWS\system32\MsPMSPSv.exe (PID: 792) [WD-HEUR]
* C:\DOCUME~1\Owner1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe (PID: 3600) [T-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/09/2012 05:18:26 PM
Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)

tbdawg · « **Reply #4 on:** October 12, 2012, 03:51:15 am »

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

This could be a problem! May not be a solution to your posted problem, but should be fixed if not a false positive.

Run regedit.exe and check the ImagePath value of the RpcSs service key. It should be the same as listed above.
HKLM\SYSTEM\CurrentControlSet\Services\RpcSs

Right click on the service and export before making any changes!
Post the exported RpcSs.reg.

Also please run FarBar Service Scanner and post the log file. Check all boxes.
http://www.bleepingcomputer.com/download/farbar-service-scanner/

Dinky1s · « **Reply #5 on:** October 12, 2012, 07:11:53 pm »

Ran RegEdit and attempted to attach the .reg file but apparently I cannot attach or upload files either w/o the browser freezing up. So after a restart of FF, I'm giving results of Farbar and I will post the .reg file from another comp.

AND...

Farbar Service Scanner Version: 07-10-2012
Ran by Owner1 (administrator) on 12-10-2012 at 21:08:33
Running from "J:\Malware Progs"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswFW(9) aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Shane · « **Reply #6 on:** October 12, 2012, 09:48:02 pm »

What add ons are installed in firefox?

Shane

Dinky1s · « **Reply #7 on:** October 13, 2012, 07:42:35 am »

Here is .reg log.

I reinstalled a clean version of FF, so there are no plug-ins or extensions in FF. I had no previous problems with add-ons in FF. My two cents...I think running the scans made some changes. I was not having browser problems previous to that.

tbdawg · « **Reply #8 on:** October 13, 2012, 01:53:43 pm »

Ok so your RpcSs ImagePath is actually ok. The difference between the 2 is the addition of the file extension (.exe) to the svhost. The original ImagePath value doesn't have this which I believe is why RKill reports it incorrectly. You can remove this manually via regedit if you wish, leave it alone, or use the atached reg file to change it.

example:
your current ImagePath Value is:
%SystemRoot%\system32\svchost.exe -k rpcss

The original Value is:
%SystemRoot%\system32\svchost -k rpcss

Either value will work just fine.

What type of internet connection are you using? Wireless, Ethernet etc?
Are you using a Proxy or VPN?

Some things to try:
If you have more than one antivirus uninstall all but one.
Turn off any antivirus real time protection.
Turn off your firewall (again you should only have 1)
Try booting into safe mode with networking.
reset router/modem.
Using another PC download your network adapter drivers from your PC manufacturer and transfer to pc.
Uninstall your network adpater drivers (check the box to delete driver) then reboot and install the one you downloaded ealier.

Please report your findings.

You may also try resting your TCP/IP settings: http://support.microsoft.com/kb/299357
And your winsock/LSP: http://www.cexx.org/lspfix.htm

NOTE: Any programs that use alternate winsock settings will need to be reinstalled after doing these fixes!

Dinky1s · « **Reply #9 on:** October 21, 2012, 08:09:53 pm »

SOLVED

Just did a clean install of xp

Got my internet explorer back, able to d/l from FF and Opera and more! Suck having to reinstall everything...but much happier. Thanks for everything guys!

Author Topic: Cannot download...browsers freeze (Read 13852 times)

Dinky1s

Cannot download...browsers freeze

Shane

Re: Cannot download...browsers freeze

Dinky1s

Re: Cannot download...browsers freeze

Dinky1s

Re: Cannot download...browsers freeze

tbdawg

Re: Cannot download...browsers freeze

Dinky1s

Re: Cannot download...browsers freeze

Shane

Re: Cannot download...browsers freeze

Dinky1s

Re: Cannot download...browsers freeze

tbdawg

Re: Cannot download...browsers freeze

Dinky1s

Re: Cannot download...browsers freeze