TechSpot

Computer slow. Browser hangs a lot. HijackThis log attchd.

By sukhicool
Jun 10, 2006
  1. It seems some virus or trojans are making my pc slow. I cannot open more than one instance of Internet explorer. As soon as I try to open another instance of IE, it crashes. I tried to repair Windows XP, but of no use.

    It also started happening with other Office applications like Word, Excel, etc.

    Even Mozilla browser hangs a lot, I have to wait for 10-15 secs before it comes out of the hang mode again.

    After reading other posts, I installed ewido and the report is attached in attachment along with Hijackthis log file.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Click start/run and type regsvr32 /u C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O3 - Toolbar: &iPlugin Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL

    O4 - HKLM\..\Run: [Olwbddg] C:\Program Files\Kubyar\Otpppq.exe

    O8 - Extra context menu item: &iPlugin Toolbar Serach - res://C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

    Fix all 016-DPF entries.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA72D2C-7D76-4603-B461-9A6615AD9F06}: NameServer = 172.16.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F7989B0-0F89-4540-984B-D724D7CB4433}: NameServer = 172.16.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D847BFFE-E91F-4C5D-9821-BDEA919D20AD}: NameServer = 202.56.230.6,202.56.230.5<Only fix these 017 entries, if they don`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :wave: :wave:
     
  3. sukhicool

    sukhicool TS Rookie Topic Starter

    Internet explorer still crashes, Hijackthis log attached

    Thanks Howard,

    I have followed as suggested by you. Please find attached the fresh Hijacklog.txt file after following the procedure as mentioned by you.

    I am still getting error as soon as I try to open second instance of Internet Explorer. The error is also attached in the .jpeg file.

    I cannot open any of the MS-office document also. A prompt comes which asks me to send error report everytime, so of no use.

    Very strange, the name of 'My Documents' is automatically changed to '41'.

    Please help me :(
     

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT and click on the config button, then on the misc tools button. Click on the delete file on reboot button and browse to C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM click on the MENUSEARCH.HTM and click open. You will be prompted to reboot your system, click yes.

    Once your system has restarted, please post a fresh HJT log.

    Regards Howard :)
     
  5. sukhicool

    sukhicool TS Rookie Topic Starter

    iPlugi~1.dll could not be found

    Thanks Howard for quick reply !

    I have browsed the folder "C:\WINDOWS\System32\iPlugin", but there is no file named as "IPLUGI~1.DLL" or "MENUSEARCH.HTM".

    Before posting the previous reply, I have renamed the iPluginToolbar.dll to copyiPluginToolbar.dll

    Is there anything wrong here?
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  7. sukhicool

    sukhicool TS Rookie Topic Starter

    cant open secure sites

    :mad:
    :mad:
    :(

    No help till yet. I am feeling like crying. Nothing has improved till yet. Now, I am not able to browse any of the secure sites on Internet explore or mozilla as well.

    I have followed all the steps given at : http://support.microsoft.com/?kbid=813444

    Please help this poor person! :((
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)
     
  9. sukhicool

    sukhicool TS Rookie Topic Starter

    hijackthis log attached.

    I am having a tough time running my computer due to some malicious worms / virus. As already told, I am still unable to open any of the secure site on my pc. 1) I am unable to open more than 1 instance of Internet Explorer.
    2) Even the mozilla browser is also not able to open any secure site starting with https.
    3) Cant open any MS Office file like word, excel etc.

    Any help would be appreciated. Please see the attached HJT log.

    Regards,
    Sukhicool
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.


    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    O8 - Extra context menu item: &iPlugin Toolbar Serach - res://C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

    O16 - DPF: {0188E17F-B180-48A6-B199-055C219601B5} (DV_GistFontResourcesforWeb Control) - http://203.199.132.73/cris/IE/CAB/DVData.Cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA72D2C-7D76-4603-B461-9A6615AD9F06}: NameServer = 172.16.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F7989B0-0F89-4540-984B-D724D7CB4433}: NameServer = 172.16.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D847BFFE-E91F-4C5D-9821-BDEA919D20AD}: NameServer = 202.56.230.6,202.56.230.5

    Only fix the above 017 entries, if they don`t belong to your ISP.


    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to input into killbox.

    C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

    Once your system has rebooted, turn system restore back on and post a fresh HJT log.

    You are running a completely unpatched version of Windows. This means your system is not secure. You should run Windows updates and install at least sp1 and preferably sp2.

    Regards Howard :)
     
  11. sukhicool

    sukhicool TS Rookie Topic Starter

    Problem resolved

    Hi All,

    I have finally got rid of all the problems by formatting my drive !!

    Now, can you please guide me if there are any good anti-virus softwares or others which I should install in my fresh installation of computer so as to evade these nonsenses in the future.

    Thanks a lot Howard, you are really helpful and good techie :)

    -Regards,
    Sukhi
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Antivirus/antispyware apps you should have are the following.

    AVG free/Spybot search and destroy/Ad-Aware se/Ewido/Spyware blaster. In addition to these you need a good firewall programme such as either the free Zonealarm or the free Kerio programmes.

    You can Google for all of these.

    You might want to take a look at this thread HERE for tips on how to keep your system secure.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of sukhicool only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...