It seems some virus or trojans are making my pc slow. I cannot open more than one instance of Internet explorer. As soon as I try to open another instance of IE, it crashes. I tried to repair Windows XP, but of no use.

It also started happening with other Office applications like Word, Excel, etc.

Even Mozilla browser hangs a lot, I have to wait for 10-15 secs before it comes out of the hang mode again.

After reading other posts, I installed ewido and the report is attached in attachment along with Hijackthis log file.

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Click start/run and type regsvr32 /u C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: &iPlugin Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL

O4 - HKLM\..\Run: [Olwbddg] C:\Program Files\Kubyar\Otpppq.exe

O8 - Extra context menu item: &iPlugin Toolbar Serach - res://C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

Fix all 016-DPF entries.

O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA72D2C-7D76-4603-B461-9A6615AD9F06}: NameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F7989B0-0F89-4540-984B-D724D7CB4433}: NameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D847BFFE-E91F-4C5D-9821-BDEA919D20AD}: NameServer = 202.56.230.6,202.56.230.5<Only fix these 017 entries, if they don`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :wave: :wave:

Internet explorer still crashes, Hijackthis log attached

Thanks Howard,

I have followed as suggested by you. Please find attached the fresh Hijacklog.txt file after following the procedure as mentioned by you.

I am still getting error as soon as I try to open second instance of Internet Explorer. The error is also attached in the .jpeg file.

I cannot open any of the MS-office document also. A prompt comes which asks me to send error report everytime, so of no use.

Very strange, the name of 'My Documents' is automatically changed to '41'.

Please help me

Run HJT and click on the config button, then on the misc tools button. Click on the delete file on reboot button and browse to C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM click on the MENUSEARCH.HTM and click open. You will be prompted to reboot your system, click yes.

Once your system has restarted, please post a fresh HJT log.

Regards Howard

iPlugi~1.dll could not be found

Thanks Howard for quick reply !

I have browsed the folder "C:\WINDOWS\System32\iPlugin", but there is no file named as "IPLUGI~1.DLL" or "MENUSEARCH.HTM".

Before posting the previous reply, I have renamed the iPluginToolbar.dll to copyiPluginToolbar.dll

Is there anything wrong here?

You may need to show all hidden and system folders etc, in order to find the file.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Regards Howard

cant open secure sites





No help till yet. I am feeling like crying. Nothing has improved till yet. Now, I am not able to browse any of the secure sites on Internet explore or mozilla as well.

I have followed all the steps given at : http://support.microsoft.com/?kbid=813444

Please help this poor person! (

Please post a fresh HJT log.

Regards Howard

hijackthis log attached.

I am having a tough time running my computer due to some malicious worms / virus. As already told, I am still unable to open any of the secure site on my pc. 1) I am unable to open more than 1 instance of Internet Explorer.
2) Even the mozilla browser is also not able to open any secure site starting with https.
3) Cant open any MS Office file like word, excel etc.

Any help would be appreciated. Please see the attached HJT log.

Regards,
Sukhicool

Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: &iPlugin Toolbar Serach - res://C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {0188E17F-B180-48A6-B199-055C219601B5} (DV_GistFontResourcesforWeb Control) - http://203.199.132.73/cris/IE/CAB/DVData.Cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA72D2C-7D76-4603-B461-9A6615AD9F06}: NameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F7989B0-0F89-4540-984B-D724D7CB4433}: NameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D847BFFE-E91F-4C5D-9821-BDEA919D20AD}: NameServer = 202.56.230.6,202.56.230.5

Only fix the above 017 entries, if they don`t belong to your ISP.


Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to input into killbox.

C:\WINDOWS\System32\iPlugin\IPLUGI~1.DLL/MENUSEARCH.HTM

Once your system has rebooted, turn system restore back on and post a fresh HJT log.

You are running a completely unpatched version of Windows. This means your system is not secure. You should run Windows updates and install at least sp1 and preferably sp2.

Regards Howard

Problem resolved

Hi All,

I have finally got rid of all the problems by formatting my drive !!

Now, can you please guide me if there are any good anti-virus softwares or others which I should install in my fresh installation of computer so as to evade these nonsenses in the future.

Thanks a lot Howard, you are really helpful and good techie

-Regards,
Sukhi

Antivirus/antispyware apps you should have are the following.

AVG free/Spybot search and destroy/Ad-Aware se/Ewido/Spyware blaster. In addition to these you need a good firewall programme such as either the free Zonealarm or the free Kerio programmes.

You can Google for all of these.

You might want to take a look at this thread HERE for tips on how to keep your system secure.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of sukhicool only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.