Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nt32.exe, 315load32.exe, load32.exe killing my access help please


  • This topic is locked This topic is locked
13 replies to this topic

#1 Dice20

Dice20

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 09 February 2014 - 03:57 PM

My PC started not wanting to download torrents or open certain files so i looked into it a bit and saw some files had been added onto my PC tried to run the spybot program and it would just open and close right away. At this point I knew their had to be an issue. So I brought up task manager and and watched what process were running and tried opening it again and wouldn't you know it the 315load32.exe popped up. and would allow it to run. So i tracked the sucker down in my PC and tried to delete it. I figured I'd look up some info on it since I hadn't ever seen it before and everywhere I looked said the nt32.exe and the load32.exe would be there as well. So I started going through my C drive and they were there. tried deleting them but when i restarted my PC and checked again they were there again so I figured I'd approach the community for some help.  There was another person who was going thru something similar so I tried to follow the first step in thiers and got this error when I attempted to download and run a program "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them" I am running my PC as an admin so not sure how I don't have access. Any and all help would be helpful.

 

 

also I am running Windows 7 Home Premium 64-bit


Edited by Dice20, 09 February 2014 - 03:58 PM.


BC AdBot (Login to Remove)

 


#2 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 09 February 2014 - 06:08 PM

 
 
I just attempted to run SecurityCheck.exe after a reboot and the below result happened.
 
 
 
 
 Results have been copied to checkup.txt, which should open... now!
Access is denied.
C:\Users\user\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe: can't read
 prelimcheckup2.txt: Permission denied
C:\Users\user\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe: can't read
 prelimcheckup3.txt: Permission denied


#3 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 09 February 2014 - 06:26 PM

ok tried it a second time but this time I ended the process and the process tree on the nt32.exe, load32.exe, and the 315load32.exe and it did this

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#4 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 09 February 2014 - 06:29 PM

Farbar Service Scanner Version: 02-02-2014
Ran by user (administrator) on 09-02-2014 at 18:27:50
Running from "C:\Users\user\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


#5 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 09 February 2014 - 06:41 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by user (administrator) on 09-02-2014 at 18:30:23
Running from "C:\Users\user\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
 
There are 15470 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : user-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 1C-65-9D-45-6A-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.md.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 6C-62-6D-50-13-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::951a:b7f4:1131:aa81%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.198(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, February 09, 2014 6:10:05 PM
   Lease Expires . . . . . . . . . . : Monday, February 10, 2014 6:10:05 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 258761325
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-A3-39-0A-6C-62-6D-50-13-D3
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{476E4B43-824C-4F0D-8116-000575843168}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:24ae:55b:b395:9cef(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24ae:55b:b395:9cef%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.md.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.md.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:803::1003
 74.125.228.2
 74.125.228.14
 74.125.228.3
 74.125.228.5
 74.125.228.8
 74.125.228.0
 74.125.228.1
 74.125.228.9
 74.125.228.4
 74.125.228.6
 74.125.228.7
 
 
Pinging google.com [74.125.228.32] with 32 bytes of data:
Reply from 74.125.228.32: bytes=32 time=16ms TTL=55
Reply from 74.125.228.32: bytes=32 time=17ms TTL=55
 
Ping statistics for 74.125.228.32:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=74ms TTL=49
Reply from 98.138.253.109: bytes=32 time=159ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 74ms, Maximum = 159ms, Average = 116ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...1c 65 9d 45 6a 0c ......802.11n Wireless LAN Card
 11...6c 62 6d 50 13 d3 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.198     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.198    266
    192.168.0.198  255.255.255.255         On-link     192.168.0.198    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.198    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.198    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.198    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     58 2001::/32                On-link
 10    306 2001:0:9d38:6ab8:24ae:55b:b395:9cef/128
                                    On-link
 11    266 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::24ae:55b:b395:9cef/128
                                    On-link
 11    266 fe80::951a:b7f4:1131:aa81/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/09/2014 02:56:17 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cf4
 
Start Time: 01cf25d0f2ec84ba
 
Termination Time: 0
 
Application Path: C:\Windows\system32\NOTEPAD.EXE
 
Report Id: 39ff9ed1-91c4-11e3-b868-6c626d5013d3
 
Error: (02/09/2014 10:07:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: ags.exe, version: 1.0.0.1, time stamp: 0x43e92a83
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x4000001f
Fault offset: 0x003c7426
Faulting process id: 0x1490
Faulting application start time: 0xags.exe0
Faulting application path: ags.exe1
Faulting module path: ags.exe2
Report Id: ags.exe3
 
Error: (02/08/2014 07:45:05 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. hr=0x80070057
6.1.7601.17514
 
Error: (02/08/2014 03:17:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (02/08/2014 03:15:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (02/07/2014 00:59:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (02/07/2014 00:57:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (02/05/2014 01:11:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (02/05/2014 01:09:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (02/04/2014 08:01:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
 
System errors:
=============
Error: (02/09/2014 06:10:06 PM) (Source: Service Control Manager) (User: )
Description: The Norton Online Backup service failed to start due to the following error: 
%%5
 
Error: (02/09/2014 06:10:06 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error: 
%%5
 
Error: (02/09/2014 06:09:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/09/2014 06:00:09 PM) (Source: Service Control Manager) (User: )
Description: The Norton Online Backup service failed to start due to the following error: 
%%5
 
Error: (02/09/2014 06:00:09 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error: 
%%5
 
Error: (02/09/2014 05:59:29 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/09/2014 02:48:54 PM) (Source: Service Control Manager) (User: )
Description: The Norton Online Backup service failed to start due to the following error: 
%%5
 
Error: (02/09/2014 02:48:54 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error: 
%%5
 
Error: (02/09/2014 02:42:46 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/09/2014 02:01:59 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2014 02:56:17 PM) (Source: Application Hang)(User: )
Description: NOTEPAD.EXE6.1.7600.16385cf401cf25d0f2ec84ba0C:\Windows\system32\NOTEPAD.EXE39ff9ed1-91c4-11e3-b868-6c626d5013d3
 
Error: (02/09/2014 10:07:47 AM) (Source: Application Error)(User: )
Description: ags.exe1.0.0.143e92a83unknown0.0.0.0000000004000001f003c7426149001cf25a8afcafd63C:\Program Files (x86)\Erogos\まほたま スク水編\ags.exeunknowneeac9a03-919b-11e3-afd6-6c626d5013d3
 
Error: (02/08/2014 07:45:05 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x800700576.1.7601.17514
 
Error: (02/08/2014 03:17:16 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
 
Error: (02/08/2014 03:15:07 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (02/07/2014 00:59:28 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
 
Error: (02/07/2014 00:57:23 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (02/05/2014 01:11:34 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
 
Error: (02/05/2014 01:09:32 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (02/04/2014 08:01:01 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
America's Army: Proving Grounds Beta
Application Profiles (Version: 2.0.4888.34279)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 5.0.1438.0)
Bing Bar Platform (Version: 5.0.1438.0)
BitTorrent (Version: 7.8.2.30332)
Blackhawk Striker 2 (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Combined Community Codec Pack 2014-01-17 (Version: 2014.01.17.0)
CyberLink DVD Suite Deluxe (Version: 7.0.2823)
DAEMON Tools Lite (Version: 4.48.1.0347)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4030)
Escape Rosecliff Island (Version: 2.2.0.95)
EverQuest II
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 32.0.1700.107)
Google Update Helper (Version: 1.3.22.3)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Game Console
HP Games (Version: 1.0.1.3)
HP MAINSTREAM KEYBOARD (Version: 1.4.3.0)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP MediaSmart DVD (Version: 4.2.5122)
HP MediaSmart Music (Version: 4.1.4215)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.3.0)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.1.4186.3400)
HP Support Assistant (Version: 7.4.45.4)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
Hulu Desktop (Version: 0.9.13)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
HydraVision (Version: 4.2.166.0)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8089.726)
Kobo
LabelPrint (Version: 2.5.2823)
LightScribe System Software (Version: 1.18.15.1)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 2.0.271.0)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Internet Security (Version: 18.0.0.128)
Norton Online Backup (Version: 2.1.17869)
NVIDIA PhysX (Version: 9.12.1031)
PDF Complete Special Edition (Version: 3.5.111)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
PictureMover (Version: 3.5.0.28)
PlanetSide 2
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4022)
PowerDirector (Version: 8.0.2906)
PressReader (Version: 5.10.621.0)
PunkBuster Services (Version: 0.993)
Ragnarok Online 2
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recovery Manager (Version: 5.5.2926)
Roxio CinemaNow 2.0 (Version: 1.0.284)
Steam (Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13.1)
TERA (Version: 1.6)
The Elder Scrolls V: Skyrim
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Warframe
Wheel of Fortune 2 (Version: 2.2.0.95)
WinAce Archiver (Version: 2.69)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR 5.01 (64-bit) (Version: 5.01.0)
WinRAR archiver
Yumina the Ethereal (Version: English 1.0)
Zinio Reader 4 (Version: 4.0.2811)
Zuma Deluxe (Version: 2.2.0.95)
いたずらっ娘~うちの娘にかぎって~ (Version: 2.1)
ものべの-happy end-
らぶフェチ~手コキ編~ (Version: 1.00.0000)
三つの催眠
体育倉庫物語 (Version: 1.0)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 19%
Total physical RAM: 8055.08 MB
Available physical RAM: 6475.07 MB
Total Pagefile: 16108.34 MB
Available Pagefile: 14247.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.47 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:919.36 GB) (Free:23.61 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.05 GB) (Free:1.46 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER-HP
 
Administrator            Guest                    user                     
 
 
**** End of log ****


#6 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 10 February 2014 - 05:26 AM

was able to download MBAM but can't get it running the 315load32.exe keeps blocking it



#7 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 11 February 2014 - 04:54 PM

I still have no access and can't run MBAM


Edited by Dice20, 11 February 2014 - 04:54 PM.


#8 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:39 PM

Posted 11 February 2014 - 05:41 PM

Hi Dice20,

 

May I suggest that you don't add replies to your own post, because when you do others will think that you are already being assisted and will not step in.

 

Please download and run RKill, by Grinler @ Bleeping Computer and copy & paste the log in your next post.  If you cannot run one version, download another with a different filename.

 

Do not restart your system after running RKill.

 

Now try updating and running Malwarebytes, copying & pasting the log in your next post.



#9 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 12 February 2014 - 07:58 AM

Hi dsl62

 

Thanks for responding, I ran it but I still can't access Malwarebytes. When ever I try it does the 315load32.exe. gets rid of my ownership/permissions and added this "NTKernel" file in my C drive

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/12/2014 07:36:36 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\user\Desktop\rkill\rkill-02-12-2014-07-36-37.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\ProgramData\load32.exe"
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15492 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 02/12/2014 07:36:45 AM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)


#10 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:39 PM

Posted 12 February 2014 - 08:58 AM

Hi,

 

It looks like some tools need to be used which I am not allowed to suggest.  I will ask a Moderator to flag this to a Malware Removal Team Member.



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,411 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:39 PM

Posted 12 February 2014 - 09:33 AM

MRT personnel work topics in the MRL forum, not in Am I Infected :).

 

To post a new topic in the Malware Removal Logs forum...follow Steps 6-8 of the Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and post the DDS log, along with a concise statement of the problem (and a link back to this topic) in the forum containing the Prep Guide.

 

Once that is done, this topic will be closed to avoid confusion.

 

Once the new topic is created, please post a link to it...in this topic.  This will facilitate proper procedure, thanks:).

 

Louis



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 PM

Posted 12 February 2014 - 10:11 AM

If you cannot produce any of the required logs, then still start the new topic anyway and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 12 February 2014 - 10:44 AM

New topic created and here's the link

 

Thanks for the heads up dls62 and for the guidance hamluis (also luvin your location hamluis, I used to live down there when I was younger)

 

http://www.bleepingcomputer.com/forums/t/524067/nt32exe-315load32exe-load32exe-killing-my-access-to-almost-everything/



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 PM

Posted 12 February 2014 - 10:52 AM


Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users