Access Denied prob on Vista.. Pls help hijackthis log posted..

[arips]

Hi.. pls help... It downloads for like 5 secs, then replies with an Error:Access denied..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:49:42 PM, on 8/3/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Windows\Explorer.EXE

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.asus.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 7756 bytes

Pls help... I have tried disabling in task manager the NMindexingService but it still gives the Access denied after downloading a few seconds. Port forwarding is ok. I have a green tick...

[jewelisheaven]

Turn off or make exceptions in indexers... This may include those Infineon processes, Dmedia from ATK, and Symantec's resident scanner.

Turn off indexing / spidering for the Ctrl-P - Downloads folder... or turn off the programs temporarily if you don't have a DIFFERENT completed folder. Does this happen for ALL files including Open Office from the Setup guide? or only media files or exes or compressed files??

[arips]

Hi, sorry I dont quite understand... how do I turn off indexing in the downloads folder? I have rightclicked> andavnced and unticked indexing.. but still doesnt work.

I have a different completed folder.

Where can i see the setup guide?

[jewelisheaven]

The first setup guide many people use is setup_guide.php and is @ Guides page below link #3. I don't know how one turns off the index behaviour for each program, but the general idea is to have it NOT be looking at your download folder.. your completed folder is fine because uT no longer needs write access. But if you cannot make an exception for the folder, you need to try turning it off temporarily to see at what point uT no longer gets access denied. You didn't answer.. what types of files are access denied?? the EXE from http://xrl.us/OOoP2P or how about http://www.slackware.com/torrents/ ... It's usually easier to try to understand what's interfering if you notice files which DON'T suffer the http://xrl.us/AccessDenied error.

[arips]

Hi! thanks for replying.. It seems to happen for any file.

The error just states "Error: Access is denied" There is no mention of file being used or anything like that.

This is my new laptop that I've purchased recently with Windows Vista Home Premium. I noticed that everytime I created a new downloads folder in C:, Windows prompts me to confirm and click continue to proceed. Could this be causing the error? Is there a way to turn it off?

[jewelisheaven]

Sounds like permissions issue then. Are you saving in c:\ or C:\Users or c:\Program Files?

[arips]

I created a Downloads folder and a Completed folder in

c:\program files\utorrent

ie

c:\program files\utorrent\downloads

and

c:\program files\utorrent\completed and mapped them in utorrents correctly.

Could it be this User Access Control festure in Windows Vista that is causing the problem? Then perhaps I should try turning it off...

[jewelisheaven]

Vista does not allow you to access Program Files :/ Try making your download and completed folder in your \Users directory instead.... or run uT with elevated privileges, or turn off the UAC like you thought (I'm not sure what UAC has to do with this though sorry).

[arips]

just tried downloading the open office exe , also has the Error Access denied error.

Update: just disabled UAC, reboot and downloading seems to be working!

But what are the bad effects of disabling UAC?

Thanks jewels but wwhat do u mean by uT?

Is there anyway i can configure UAC without disabling it?

Thanks again..

[jewelisheaven]

uT is short for uTorrent

Well disabling UAC means you don't have to deal with all those privilege dialogs anymore. I don't know about bad effects... if you run programs you don't know where they came from or regularly use unpatched IE browser I can imagine it won't save you from running mal/ad/bad-ware by default anymore. I don't know if UAC is the problem per-se since you were using the protected %PROGRAMFILES% folder. If you saved OUTSIDE of there was there still the access denied?