[aeloel]

Have tried several times to resolve in normal mode. I am unable to run Hijackthis in safemode on this user. User is a Domain User and settings are not available to the local machine administrator in safemode. Safemode does not see the BHO nor the DPFs I suspect to be a problem.

These entries return after every logoff or reboot.

The first one seems tied to some type of yahoo product, but there should no longer be any yahoo software on this computer.

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

Also tried to catch it with Taskmanager16 process manager, but because no file is involved. It cannot keep it from coming back.

Normally use Spy-Bot, but also tried Ad-Aware which saw it, reported it was fixed but it came back again.

I can find these entries in the registry under
BHO and Code Store Database keys, but the DPFs also appear as default class IDs in the EmbedExtnToClsidMappings key under several of the media file extensions.

This PC has developed speed and functionality issues. If anyone has any information or help, I'm definitely in need of it. Thanks in Advance.


Logfile of HijackThis v1.99.1
Scan saved at 4:37:00 PM, on 7/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VERITAS NetBackup Professional\System\NBPClientSvcush.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VERITAS NetBackup Professional\NBPClientush.exe
C:\Program Files\FpsGold\FPSGOLDGateway\FPSGOLDGateway.exe
c:\Program Files\Host Integration Server\system\SNABASE.EXE
C:\Program Files\FpsGold\GOLDVision\GoldVision.exe
C:\Program Files\DHI\DHITrace\DHI.Trace.Viewer.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
F:\ARTA\Arta.exe
C:\Program Files\Orl\Vnc\WinVNC.exe
F:\UTILITY\spyware stuff\HijackThis.exe

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55163E1-EC98-4452-B557-3A9A0974B62D}: Domain = 1starnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55163E1-EC98-4452-B557-3A9A0974B62D}: NameServer = 207.243.104.2
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: VERITAS NetBackup Professional Client Service (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\VERITAS NetBackup Professional\System\NBPClientSvcush.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe