Access Denied, Hijack this log and Process Explorer details included

[Peior Crustulum]

I get the "access is denied" error whenever µtorrent tries to write to disc, but for the life of it I can't figure out why.

Can anyone else observe the problem?

----------------------------------------------------------------------------------------

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Spotify\spotify.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

O13 - Gopher Prefix:

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7008 bytes

-----------------------------------------------------------------------------------

Process PID CPU Description Company Name

System Idle Process 0 84.78

Interrupts n/a Hardware Interrupts

DPCs n/a 6.17 Deferred Procedure Calls

System 4

smss.exe 292

csrss.exe 392

wininit.exe 468

services.exe 516

svchost.exe 696

CTxfispi.exe 3228 SPI (Creative X-Fi Module) Creative Technology Ltd

svchost.exe 780

atiesrxx.exe 824

atieclxx.exe 1192

svchost.exe 904

audiodg.exe 3288

svchost.exe 956

dwm.exe 1588 0.77 Desktop Window Manager Microsoft Corporation

WUDFHost.exe 3312

svchost.exe 1008

CTAudSvc.exe 464

svchost.exe 264

VistaSrv.exe 1080

wbvista.exe 1092

svchost.exe 1156

svchost.exe 1356

taskhost.exe 1428 Host Process for Windows Tasks Microsoft Corporation

svchost.exe 1484

AEADISRV.EXE 1708

ekrn.exe 1760

svchost.exe 1688

svchost.exe 2336

wmpnetwk.exe 3124

svchost.exe 3736

sppsvc.exe 2004

SteamService.exe 3404

taskhost.exe 2560

svchost.exe 3424

msiexec.exe 776

msiexec.exe 1560

svchost.exe 1536

lsass.exe 532

lsm.exe 540

csrss.exe 484

winlogon.exe 608

explorer.exe 1644 Windows Explorer Microsoft Corporation

rundll32.exe 2500 Windows host process (Rundll32) Microsoft Corporation

SoundMAX.exe 2524 SoundMAX Audio Settings (32-bit) Analog Devices, Inc.

egui.exe 2544 ESET GUI ESET

Dropbox.exe 2640 Dropbox

ImpulseNow.exe 2672 Impulse Now Stardock Corporation

spotify.exe 3824 Spotify Spotify AB

DTLite.exe 1408 DAEMON Tools Lite DT Soft Ltd

uTorrent.exe 3468 1.54 µTorrent BitTorrent, Inc.

Steam.exe 2488 1.54 Steam Valve Corporation

firefox.exe 3020 3.85 Firefox Mozilla Corporation

msiexec.exe 1276 Windows® installer Microsoft Corporation

smax4pnp.exe 2724 SMax4PNP Analog Devices, Inc.

Ctxfihlp.exe 2732 CTXfiHlp MFC Application Creative Technology Ltd

MOM.exe 2768 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 3204 Catalyst Control Centre: Host application ATI Technologies Inc.

thunderbird.exe 3304 Thunderbird Mozilla Messaging

procexp.exe 340 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp64.exe 2688 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 3468

Name Description Company Name Version

{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db

{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db

actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.1.7600.16385

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385

CFGMGR32.dll Configuration Manager DLL Microsoft Corporation 6.1.7600.16385

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16385

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7600.16385

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

cversions.2.db

cversions.2.db

DEVOBJ.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7600.16385

DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16385

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

DWMAPI.DLL Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385

fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385

msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.1.7600.16385

msimg32.dll GDIEXT Client DLL Microsoft Corporation 6.1.7600.16385

mssprxy.dll Microsoft Search Proxy Microsoft Corporation 7.0.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16385

ntmarta.dll Windows NT MARTA provider Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385

oleaut32.dll Microsoft Corporation 6.1.7600.16385

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

PROPSYS.dll Microsoft Property System Microsoft Corporation 7.0.7600.16385

psapi.dll Process Status Helper Microsoft Corporation 6.1.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

SETUPAPI.dll Windows Setup API Microsoft Corporation 6.1.7600.16385

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16385

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385

SortDefault.nls

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

StaticCache.dat

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385

USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385

uTorrent.exe µTorrent BitTorrent, Inc. 2.0.1.18408

UXTHEME.DLL Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

wbhelp.dll WindowBlinds Helper DLL Stardock.Net, Inc 4.0.0.1

WBLIND.dll WindowBlinds Stardock Corporation 7.0.1.0

wbload.dll

WINMM.dll MCI API DLL Microsoft Corporation 6.1.7600.16385

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7600.16385

wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7600.16491

wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7600.16385

wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7600.16385

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385

[Switeck]

I vaguely recall these may cause problems:

wbhelp.dll WindowBlinds Helper DLL Stardock.Net, Inc 4.0.0.1

WBLIND.dll WindowBlinds Stardock Corporation 7.0.1.0

[Firon]

windowblinds doesn't cause this problem. why are you even using windowblinds on Windows 7? It doesn't need it.

It's probably the Windows search indexer. Exclude your download folders from it.

[Peior Crustulum]

Just for kicks I tried unloading WB, but it did nothing.

I then exluded my DL folder from windows search indexer, nothing.

So finally I attempted to disable windows search index through services, but stil no luck.

Tricky situation it seems...

Thank you both so far though, even if it was not a immediate solution.

[DreadWingKnight]

Have you double-checked the security properties on your downloads folder to make sure the permissions are correct?

[Peior Crustulum]

*Bangs head repeatedly into desk*

No... no I did not...

Guess what, just did a fresh install of windows, I realize of course this should have occured to me long before I requested any help.

Changed permissions and everything works just fine.

Thank you so much!