problem in IE - igbppg32.exe

[help_me]

hey i use microsoft ie 6...

and the proble in tht... when ever i open my browser the cpu usage goes upto 100% and also i get error like virtual memory low...

i face this problem even for a very simple website with no graphics. say for tht matter google....

is there a bug or something and how do i remove it...

and yes gettin feed up with this , when i restart my system i get a message ending program "igbppg32.exe"

plz help

 

[Choto Cheeta]

well what OS u r useing?? if winXP then increase ur page file... right click on My Computer >>>> Properties >>>> Advence >>>>> Performance Option >>>> Change the virtual mem option.... change it to higher amount.... 768 MB is recomended.....

*img242.imageshack.us/img242/5262/017kr.th.jpg

Scan ur system with a very good antivirus...

 

[help_me]

well m using windows 2000 pro.

 

[Choto Cheeta]

well follow this guide to change ur page file...

1. Log in as a system administrator.
2. Open the system Control Panel, and double-click "Systemp"
   *img341.imageshack.us/img341/4435/018aa.th.jpg
3. Now Select the "Advanced tab"
   *img52.imageshack.us/img52/1391/026ia.jpg
4. Now Select the "Performance Options"
   *img52.imageshack.us/img52/2778/037pm.th.jpg
5. Select "Change..."
   *img52.imageshack.us/img52/5473/049wy.th.jpg
6. Select a drive, and change the size of the paging file.
   *img124.imageshack.us/img124/7439/055wt.th.jpg
7. Press OK, and reboot ur system when asked.

by the way did u checked ur system with a good AVS like NAV05 or KAV 5.0??

 

[alib_i]

can you post your HijackThis log. that'll tell the full story.

-----
alibi

 

[help_me]

can you post your HijackThis log. that'll tell the full story.

-----
alibi

hey as u saud heres my hijackthis log..
---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:58:46 PM, on 8/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\pratik\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *www.zdnetindia.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.2:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=*www.zdnetindia.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINNT\system32\Ofncei32.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ServiceM - Unknown owner - C:\WINNT\System32\ServiceM.exe

------------------------------

hopin tht u find somethin..

 

[anandk]

log file looks clean. dont know what Ofncei32.dll is though.
as suggested above, also do a good anti-virus and a anti-spy scan; preferably at boot-time or safe mode.

 

[swatkat]

pen NotePad, and copy the contents of the below "Code" box:-

cd %windir%
cd System32
attrib -s -r -h Ofncei32.dll
del Ofncei32.dll
sc stop ServiceM
sc config ServiceM start= disabled
sc delete ServiceM
attrib -s -r -h ServiceM.exe
del ServiceM.exe

Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.


Boot in SAFE mode.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINNT\system32\Ofncei32.dll
O23 - Service: ServiceM - Unknown owner - C:\WINNT\System32\ServiceM.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Double-Click on the file Test.bat, a small DOS type window should open and close immediately.


Reboot to normal mode, run HijackThis and post a fresh log again. Also, post back whether you are experiencing any problems with your PC.

 

[help_me]

hey i tried doing this and it worked.. i just deleted tht file from my system throught a search in safe miode... gr8 na!!

 

[swatkat]

hey i tried doing this and it worked.. i just deleted tht file from my system throught a search in safe miode... gr8 na!!

You did what?

 

[help_me]

i booted in safe mode gave a search for the file named "igbppg32.exe" and then when i found it .. i deleted it... ththz it

 

[swatkat]

But there are some other (atleast 2, as i can see from the HJT log) malware files to be deleted. Its better that you run that batch file as mentioned in my previous post.