Error: Access is denied (already did the homework)

[resplence]

A few days ago uTorrent just started giving me access denied errors in everything I tried to download. I didn't catch any connection with this issue and my computer behavior or installed softwares.

I do not use any of the softwares listed in the "incompatible software" section.

I do use Windows Desktop Search, but I've always had, along with uTorrent. In any case, I disabled it, and still got the error.

I thought Launchy could be the culprit, because of its indexing engine, but I disabled it and still got the error.

Slackware, OpenOffice and single file torrents are also denied.

I am saving the files to a directory with writing privileges.

Searching for the handles in Process Explorer never returned anything, so I copied the DLL info.

----------------------------------------------------------------------------------

HiJackThis Log:

================================================================

Logfile of HijackThis v1.99.1

Scan saved at 10:07:49, on 28/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

C:\Program Files\Volumouse\volumouse.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\eMule\emule.exe

C:\WINDOWS\system32\wisptis.exe

C:\Program Files\Timer\yTimer.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\7-Zip\7zFM.exe

D:\Users\Rafael\LOCALS~1\Temp\7zO2DC.tmp\procexp.exe

C:\Program Files\Launchy\Launchy.exe

G:\backup\install\hijackthis\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Velox.lnk = ?

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154385976359

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B31E86BB-F81F-4CA3-A664-292BBB3ED631}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

----------------------------------------------------------------------------------

Process Explorer Log:

================================================================

Process PID CPU Description Company Name Working Set

firefox.exe 440 Firefox Mozilla Corporation 68.572 K

msnmsgr.exe 2200 Messenger Microsoft Corporation 23.792 K

procexp.exe 3940 Sysinternals Process Explorer Sysinternals - www.sysinternals.com 20.868 K

emule.exe 1956 eMule http://www.emule-project.net 19.736 K

explorer.exe 2712 Windows Explorer Microsoft Corporation 19.716 K

searchindexer.exe 648 Microsoft Windows Search Indexer Microsoft Corporation 13.916 K

Launchy.exe 2260 13.856 K

svchost.exe 1148 Generic Host Process for Win32 Services Microsoft Corporation 13.712 K

yTimer.exe 3100 Multiple countdown timer Spacejock Software 7.420 K

uTorrent.exe 384 0.76 7.308 K

7zFM.exe 3104 6.468 K

ctfmon.exe 2232 CTF Loader Microsoft Corporation 2.392 K

svchost.exe 1232 Generic Host Process for Win32 Services Microsoft Corporation 2.252 K

csrss.exe 744 Client Server Runtime Process Microsoft Corporation 2.196 K

svchost.exe 1312 Generic Host Process for Win32 Services Microsoft Corporation 2.096 K

services.exe 812 0.76 Services and Controller app Microsoft Corporation 1.932 K

svchost.exe 332 Generic Host Process for Win32 Services Microsoft Corporation 1.628 K

svchost.exe 1052 Generic Host Process for Win32 Services Microsoft Corporation 1.600 K

svchost.exe 1004 Generic Host Process for Win32 Services Microsoft Corporation 1.580 K

avgemc.exe 1868 AVG E-Mail Scanner GRISOFT, s.r.o. 1.572 K

taskbarshuffle.exe 2156 Taskbar Shuffle Jay Elaraj 1.280 K

lsass.exe 824 LSA Shell (Export Version) Microsoft Corporation 1.036 K

winlogon.exe 768 Windows NT Logon Application Microsoft Corporation 1.020 K

usnsvc.exe 3680 Messenger Sharing USN Journal Reader Service Microsoft Corporation 1.020 K

volumouse.exe 2224 Volumouse Utility NirSoft 1.008 K

wisptis.exe 4000 Microsoft Tablet PC Component Microsoft Corporation 936 K

mDNSResponder.exe 1884 Bonjour Service Apple Computer, Inc. 904 K

dllhost.exe 3184 COM Surrogate Microsoft Corporation 884 K

spoolsv.exe 1728 Spooler SubSystem App Microsoft Corporation 856 K

PresentationFontCache.exe 1372 Windows Presentation Foundation Font Cache Service Microsoft Corporation 848 K

alg.exe 3432 Application Layer Gateway Service Microsoft Corporation 672 K

avgamsvr.exe 1812 AVG Alert Manager GRISOFT, s.r.o. 452 K

UnlockerAssistant.exe 2100 372 K

aawservice.exe 1492 Ad-Aware 2007 Service Lavasoft 332 K

ehSched.exe 2004 Media Center Scheduler Service Microsoft Corporation 308 K

ehRecvr.exe 1992 Media Center Receiver Service Microsoft Corporation 148 K

avgupsvc.exe 1844 AVG Update Service GRISOFT, s.r.o. 132 K

wdfmgr.exe 532 Windows User Mode Driver Manager Microsoft Corporation 88 K

smss.exe 688 Windows NT Session Manager Microsoft Corporation 56 K

System 4 44 K

System Idle Process 0 97.73 16 K

Interrupts n/a Hardware Interrupts 0 K

DPCs n/a 0.76 Deferred Procedure Calls 0 K

Process: uTorrent.exe Pid: 384

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.3157

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180

CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3316

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180

ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16640

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16640

IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119

locale.nls

mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

MSNLNamespaceMgr.dll Windows Desktop Search Namespace Manager Microsoft Corporation 6.00.6000.16431

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726

oleaut32.dll Microsoft Corporation 5.01.2600.3266

PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180

SHDOCVW.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.3157

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3157

sortkey.nls

sorttbls.nls

unicode.nls

UnlockerHook.dll

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16640

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099

uTorrent.exe

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

vlmshlp.dll Volumouse Helper DLL NirSoft 1.05.0001.0000

WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16640

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180

WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

----------------------------------------------------------------------------------

PS: I only installed BitComet after uTorrent stopped working.

Any ideas?

[Switeck]

Search indexers have a nasty habit of locking files they're indexing so other programs cannot edit them:

C:\WINDOWS\system32\SearchIndexer.exe

searchindexer.exe 648 Microsoft Windows Search Indexer Microsoft Corporation 13.916 K

You'll need to edit Microsoft Windows Search Indexer settings or disable it.

[jewelisheaven]

Get rid of injected DLLs and try again :/

vlmshlp.dll Volumouse Helper DLL NirSoft 1.05.0001.0000

Have you tried it with Emule closed? It's possible that emule is holding open your directory if you also share it on that network. How about with that ytimer or taskbar shuffle closed?

If you're getting access denied on Openoffice there has to be a handle call made to openoffice. Nothing can't show up. It would at least show the handle in utorrent.exe. Are you sure you checked it before/during the error message? Another way would be to get Process Monitor from http://sysinternals.com (yes same people)... use Ctrl-L to filter for the end of the filename that you're looking for, select include say OK then Ctrl-E to log as you start OOo. How long does it normally take to manifest?? This may be a rpobem with starting at the beginning because the logfiles on my system use 5MB of RAM + pagefile a minute, soooooo, you'll need to clear (Ctrl-X) a few times if you're waiting for a bit. After you get access denied Ctrl-E again to stop logging..... (only ideas atm, bit frazzled tbh, power outages.... dying infrastructure <grumble>)