Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-009

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Have tried several times to resolve in normal mode. I am unable to run Hijackthis in safemode on this user. User is a Domain User and settings are not available to the local machine administrator in safemode. Safemode does not see the BHO nor the DPFs I suspect to be a problem.

These entries return after every logoff or reboot.

The first one seems tied to some type of yahoo product, but there should no longer be any yahoo software on this computer.

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

Also tried to catch it with Taskmanager16 process manager, but because no file is involved. It cannot keep it from coming back.

Normally use Spy-Bot, but also tried Ad-Aware which saw it, reported it was fixed but it came back again.

I can find these entries in the registry under
BHO and Code Store Database keys, but the DPFs also appear as default class IDs in the EmbedExtnToClsidMappings key under several of the media file extensions.

This PC has developed speed and functionality issues. If anyone has any information or help, I'm definitely in need of it. Thanks in Advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:37:00 PM, on 7/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VERITAS NetBackup Professional\System\NBPClientSvcush.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\VERITAS NetBackup Professional\NBPClientush.exe
C:\Program Files\FpsGold\FPSGOLDGateway\FPSGOLDGateway.exe
c:\Program Files\Host Integration Server\system\SNABASE.EXE
C:\Program Files\FpsGold\GOLDVision\GoldVision.exe
C:\Program Files\DHI\DHITrace\DHI.Trace.Viewer.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Orl\Vnc\WinVNC.exe
F:\UTILITY\spyware stuff\HijackThis.exe

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55163E1-EC98-4452-B557-3A9A0974B62D}: Domain = 1starnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55163E1-EC98-4452-B557-3A9A0974B62D}: NameServer =
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: VERITAS NetBackup Professional Client Service (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\VERITAS NetBackup Professional\System\NBPClientSvcush.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP