polya Posted March 7, 2008 Report Share Posted March 7, 2008 Hey all...have that problem, can't get over it.I've read all posts about it and check all possible options offered but still - none worked for me.Don't have indexing progs, to my knowledge.same problem with open office torrent.Disabled symantec AV and windows FW - no help.ut is not in the program file folder, nor the downlaods. donno what else to do Any other suggestions, please?here a hijackthis log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 3:12:49 PM, on 3/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\ABBYY Lingvo 9.0 Multilingual Dictionary\Lvagent.exeC:\Program Files\Babylon\Babylon-Pro\Babylon.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\SYMANT~1\vptray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Winamp\Winamp.exeC:\Program Files\Avant Browser\avant.exeC:\Documents and Settings\v\Desktop\uTorrent\uTorrent.exeC:\Program Files\Miranda Vista-v2\Miranda Vista!.exeC:\Documents and Settings\v\Desktop\HiJackThis_v2.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenta.ru/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emusic.com/?fref=149125R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOTO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 9.0 Multilingual Dictionary\Lvagent.exe" /STARTUPO4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStartO4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -bootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201874000718O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6F8728BC-161B-40EC-8737-8BD21B591745}: NameServer = 192.116.202.222 213.8.172.83O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: wshtlprh.dll confbrw.dll brwstat.dllO20 - Winlogon Notify: davctool - C:\WINDOWS\system32\davctool.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 8096 bytesAnother thing, uninstalled Nero 7 - still nothing.don't have any more hairs to pool.A Process explorer log on ut:Process PID CPU Description Company NameSystem Idle Process 0 84.85 Interrupts n/a Hardware Interrupts DPCs n/a 1.52 Deferred Procedure Calls System 4 smss.exe 644 Windows NT Session Manager Microsoft Corporation csrss.exe 692 Client Server Runtime Process Microsoft Corporation winlogon.exe 716 Windows NT Logon Application Microsoft Corporation services.exe 760 1.52 Services and Controller app Microsoft Corporation svchost.exe 936 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1004 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1208 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1308 Generic Host Process for Win32 Services Microsoft Corporation ccSetMgr.exe 1588 Symantec Settings Manager Service Symantec Corporation ccEvtMgr.exe 1628 Symantec Event Manager Service Symantec Corporation spoolsv.exe 1756 Spooler SubSystem App Microsoft Corporation DefWatch.exe 1556 Virus Definition Daemon Symantec Corporation Rtvscan.exe 1156 Symantec AntiVirus Symantec Corporation wdfmgr.exe 248 Windows User Mode Driver Manager Microsoft Corporation alg.exe 2176 Application Layer Gateway Service Microsoft Corporation lsass.exe 772 LSA Shell (Export Version) Microsoft Corporation taskmgr.exe 2884 Windows TaskManager Microsoft Corporationexplorer.exe 1548 Windows Explorer Microsoft CorporationuTorrent.exe 2060 procexp.exe 3088 12.12 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 2060Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000c_1252.nls CAPTLIB.DLL Babylon Information Tool Babylon Ltd. 6.00.0000.0029CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000oleaut32.dll Microsoft Corporation 5.01.2600.3266rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3268sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180uTorrent.exe UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 8, 2008 Report Share Posted March 8, 2008 Thank you for those logfiles They are usually quite helpful in this kind of thing. I only see the one injected DLL for your Babylon program. Does the access denied error happen for ALL files downloaded... or only specific types. If turning off Babylon's hooking removes the error great! If not the next step would be to turn off NAV's resident scanner... or active scanner for your download directory. If that fails then the next step sounds like removing the software entirely. I would also double check to make sure you need all those features running for your Norton. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.