MAAgent.exe - Entry point not found

Hi I'm new to the forum I have seen a similar solved thread on here so have followed the info on that.

MAAgent.exe - Entry point not found

The procedure entry point?OpenKey@CMAR@@AEPAUKEY_@@PBDHK@Z could not be located in the dynamic link

I downloaded and run a scan with "Hijack This" and have a log but the forum won't let me post it.

Thank you in advance for any help with this problem.

Update:- since posting this on the wrong forum sorry. I have done a little research online and taken the following action :-

Action taken:-
My computer
Boot (C:)
Programs Files
Mark Any - renamed - Mark any 1
Re start
Result :- stopped above warning with no immediate problems noticed on my computer.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete or Clean.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Hi Dave thank you very much for offering to help.
I already scan with MBAM But I will do exactly as you ask which make take some time many thanks.
Colin

Sorry should I return the file I renamed to it's original name before I start the scans?

Thanks

Woody2run wrote:

Sorry should I return the file I renamed to it's original name before I start the scans?

Thanks

Yes, please post that log along with the others.

Hi Dave sorry for the late reply, it's a long story which I'm sure you don't want me to bore you with. Hope you are still able to help me with my computer?
I have done the first scan with Adwcleaner the log as requested follows :-
# AdwCleaner v3.311 - Report created 02/10/2014 at 22:31:00
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Colin Wood - MEDION06-12-04
# Running from : C:\Documents and Settings\Colin Wood\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Breowsse2isavee
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrOwwsae2saevEe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\sAAffe  siave
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Breowsse2isavee
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\BrOwwsae2saevEe
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\sAAffe  siave
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\AOL Toolbar
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SafeSaver
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Documents and Settings\Abbigale\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Abbigale\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Abbigale\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Colin Wood\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Colin Wood\Application Data\rightbackup
Folder Deleted : C:\Documents and Settings\Colin Wood\Application Data\Search Protection
Folder Deleted : C:\Documents and Settings\Colin Wood\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Colin Wood\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Colin Wood\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Colin Wood\My Documents\Optimizer Pro
Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Kelly\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Kelly\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Kelly\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
File Deleted : C:\Documents and Settings\Abbigale\Application Data\Mozilla\Firefox\Profiles\eprs3f6v.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Colin Wood\Application Data\Mozilla\Firefox\Profiles\uicjh6ra.default\.autoreg

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_0bdf5975
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe]
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0409-0000-0000000FF1CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SP_48c708f2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-00B0-0409-0000-0000000FF1CE}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\websea~1\sprote~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\browse~1\sprote~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0 (x86 en-GB)

[ File : C:\Documents and Settings\Abbigale\Application Data\Mozilla\Firefox\Profiles\eprs3f6v.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\10.2.0.3");
Line Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B12e8b071-830c-4f2d-98b1-3b0758333a09%7D&mid=4356ba926660bfda1dc0d5ced54ac557-982eff693cbd4d01c67f59932588776bef5e9037&ds=AVG&v=10.2.0.3&l[...]
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ixjvhotr.default\prefs.js ]


[ File : C:\Documents and Settings\Colin Wood\Application Data\Mozilla\Firefox\Profiles\ib9vp1uo.default-1401381511875\prefs.js ]


[ File : C:\Documents and Settings\Colin Wood\Application Data\Mozilla\Firefox\Profiles\uicjh6ra.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

[ File : C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vhpz6xn4.default\prefs.js ]


[ File : C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\x9q3ahis.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v37.0.2062.120

[ File : C:\Documents and Settings\Colin Wood\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12938 octets] - [02/10/2014 22:19:52]
AdwCleaner[S0].txt - [13046 octets] - [02/10/2014 22:31:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13107 octets] ##########

MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/10/2014
Scan Time: 23:17:11
Logfile: MBAM 2.10.2014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.02.09
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Colin Wood

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 522500
Time Elapsed: 1 hr, 3 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Many thanks in advance

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Microsoft Windows XP x86
Ran by Colin Wood on 03/10/2014 at 12:15:08.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Colin Wood\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Colin Wood\Application Data\mozilla\firefox\profiles\uicjh6ra.default\extensions\staged
Successfully deleted the following from C:\Documents and Settings\Colin Wood\Application Data\mozilla\firefox\profiles\uicjh6ra.default\prefs.js

user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Documents and Settings\Colin Wood\Application Data\mozilla\firefox\profiles\uicjh6ra.default\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/10/2014 at 12:31:41.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
many thanks in advance

Results of screen317's Security Check version 0.99.88
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Spybot - Search & Destroy 1.4
Windows Defender
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 10.1.11 Adobe Reader out of Date!
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Many thanks in advance

You should uninstall Spybot. It's is no longer effective.
You will need to defrag your hard drive soon. Do not defrag if it is a SSD (Solid State Drive)
Remember that Avast will only offer protection for Windows XP for one year then you will need to find another AV.

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
***********************************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
  
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  
• Copy and paste the contents of these two log files in your next reply.
  

Hi Dave
Thank you for your help. All my data is backed up automatically on to an Seagate external hard drive. Should I remove that before starting this next scan?

Many thanks
Colin

Your external drive should be kept disconnected until you are ready to use it.

Hi Dave
The scan returned, no malware and no cleanup is required.
I can only find the one file requested below.
All you help is greatly appreciated cheers.

Colin

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.391000 GHz
Memory total: 1073197056, free: 59768832

Downloaded database version: v2014.10.05.08
Downloaded database version: v2014.09.19.01
Initializing...
======================
------------ Kernel report ------------
10/05/2014 22:12:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
BTHidMgr.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\wbscr.sys
\SystemRoot\system32\drivers\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\System32\Drivers\MxlW2k.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\VcommMgr.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\drivers\aswSP.sys
\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\UKBFLT.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\aswHwid.sys
\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\STEC3.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87355ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-17\
Lower Device Object: 0xffffffff87335d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87355ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87354e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87355ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873599e8, DeviceName: \Device\00000082\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87335d98, DeviceName: \Device\Ide\IdeDeviceP1T1L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CE04CD

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 263112507
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 263112570 Numsec = 225279495

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
File "C:\WINDOWS\system32\config\system" is compressed (flags = 1)
Scan finished

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi Dave

I have done the scan but it won't let me save the text file. When I last checked the computer as it was scanning, it had found 6 suspect applications. at the end of the scan it say it has found and cleaned 9 infected files as below :-


C:\AdwCleaner\Quarantine\C\Documents and Settings\Colin Wood\Application Data\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\Local Settings\Application Data\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\My Documents\Downloads\rcp_dcomnew_util_300(1).exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\My Documents\Downloads\rcp_dcomnew_util_300.exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Documents and Settings\Colin Wood\My Documents\Downloads\ViberSetup.exe Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Program Files\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\WINDOWS\CameraFixer.exe a variant of Win32/KillProc.A potentially unwanted application deleted - quarantined
C:\WINDOWS\system32\sasnative32.exe Win32/AdvancedSystemProtector.A potentially unwanted application deleted - quarantined

Have done something or has it not found any malware?

As always your help is much appreciated

Colin

How's your computer running now? Any other issues?

Just done a restart, the original prob is still there :-
MAAgent.exe - Entry Point Not Found
The procedure entry point ?Openkey@CMAReistry@@PBDHK@Z could not be located in the dynamic link libarry MADRM.dll.

The message above stays on top of all windows I open.

Plus 2 more notices:-

RUNDLL
Error loading cmicnfg.cpl
The specified module could not be found.

Adobe AIR
This application riquires a version of Adobe AIR which cannot be found. Please download the latest version of runtime from http://www,adobe,com/go/getair,
or contact the application author for an updated version

The computer runs okay apart from having to click twice to logout, it seems to start logging out but then stops but completes logging out by clicking a second time.

Thanks again
Colin

This is a file for Argus Digital Camera or PolicyMaker™ Standard Edition. See here. Do you have either of these on your computer?

Not to my knowledge but I do have software for Samsung. It is mentioed in the comments on your link. The only reason I have the software is some phone numbers are stored on it. I will transfer the numbers I need, remove the software and let you know if it solves the problem.

Many thanks
Colin

Ps it is slow at start up but I think that is down to to many demanding programs starting up, I really need to sort that out but not sure how to remove them from start up.

Cheers

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.