GeekPolice Tech TutorialsLog in

 

MAAgent.exe - Entry point not found

Share

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Hi Dave
Thank you for your help. All my data is backed up automatically on to an Seagate external hard drive. Should I remove that before starting this next scan?

Many thanks
Colin

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Your external drive should be kept disconnected until you are ready to use it.

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Hi Dave
The scan returned, no malware and no cleanup is required.
I can only find the one file requested below.
All you help is greatly appreciated cheers.

Colin

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.391000 GHz
Memory total: 1073197056, free: 59768832

Downloaded database version: v2014.10.05.08
Downloaded database version: v2014.09.19.01
Initializing...
======================
------------ Kernel report ------------
10/05/2014 22:12:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
BTHidMgr.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\wbscr.sys
\SystemRoot\system32\drivers\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\System32\Drivers\MxlW2k.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\VcommMgr.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\drivers\aswSP.sys
\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\UKBFLT.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\aswHwid.sys
\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\STEC3.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87355ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-17\
Lower Device Object: 0xffffffff87335d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87355ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87354e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87355ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873599e8, DeviceName: \Device\00000082\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87335d98, DeviceName: \Device\Ide\IdeDeviceP1T1L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CE04CD

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 263112507
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 263112570 Numsec = 225279495

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
File "C:\WINDOWS\system32\config\system" is compressed (flags = 1)
Scan finished

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Hi Dave

I have done the scan but it won't let me save the text file. When I last checked the computer as it was scanning, it had found 6 suspect applications. at the end of the scan it say it has found and cleaned 9 infected files as below :-


C:\AdwCleaner\Quarantine\C\Documents and Settings\Colin Wood\Application Data\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\Local Settings\Application Data\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\My Documents\Downloads\rcp_dcomnew_util_300(1).exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\My Documents\Downloads\rcp_dcomnew_util_300.exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\My Documents\Downloads\ViberSetup.exe Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Program Files\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\WINDOWS\CameraFixer.exe a variant of Win32/KillProc.A potentially unwanted application deleted - quarantined
C:\WINDOWS\system32\sasnative32.exe Win32/AdvancedSystemProtector.A potentially unwanted application deleted - quarantined

Have done something or has it not found any malware?

As always your help is much appreciated

Colin

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
How's your computer running now? Any other issues?

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Just done a restart, the original prob is still there :-
MAAgent.exe - Entry Point Not Found
The procedure entry point ?Openkey@CMAReistry@@PBDHK@Z could not be located in the dynamic link libarry MADRM.dll.

The message above stays on top of all windows I open.

Plus 2 more notices:-

RUNDLL
Error loading cmicnfg.cpl
The specified module could not be found.

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Adobe AIR
This application riquires a version of Adobe AIR which cannot be found. Please download the latest version of runtime from http://www,adobe,com/go/getair,
or contact the application author for an updated version

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
The computer runs okay apart from having to click twice to logout, it seems to start logging out but then stops but completes logging out by clicking a second time.

Thanks again
Colin

descriptionRe: MAAgent.exe - Entry point not found

more_horiz

This is a file for Argus Digital Camera or PolicyMaker™ Standard Edition. See here. Do you have either of these on your computer?

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Not to my knowledge but I do have software for Samsung. It is mentioed in the comments on your link. The only reason I have the software is some phone numbers are stored on it. I will transfer the numbers I need, remove the software and let you know if it solves the problem.

Many thanks
Colin

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
Ps it is slow at start up but I think that is down to to many demanding programs starting up, I really need to sort that out but not sure how to remove them from start up.

Cheers

descriptionRe: MAAgent.exe - Entry point not found

more_horiz
StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
Permissions in this forum:
You cannot reply to topics in this forum