Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is mfc80.dll problem related to MBAM PUP Quarantine?


  • Please log in to reply
29 replies to this topic

#1 Inset irises

Inset irises

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 16 September 2016 - 12:59 AM

Hello,

 

Several nights ago MBAM quarantined PUP.Optional.DriverAgentPlus (note says something

about Registry Key).

 

The last 6 or so times I've tried to run Nikon Transfer after that, it encounters a problem

and needs to close after I click the transfer button.  I have uninstalled Nikon Transfer

and reinstalled an updated version.

I ran it and tried uploading just one photo off the camera memory (with the sd card removed),

rather than the large quantity of photos on the sd card,

and the problem message came up again anyway.

There also seem to be problems with Spybot updating.

There are also some .dll issues showing up, but I don't know

what they mean.

 

The Moderator at the XP forum had me run MiniTool Box by Farbar as well as

Speccy.  He suggested that I post on this forum.

 

Please let me know what you'd like me to post, or what you'd like me to run.

Thanks from California.


Edited by Inset irises, 16 September 2016 - 01:00 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 16 September 2016 - 10:09 AM

Hi, are your dll errors like this...

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. We can fix this.


Run these,,,,

zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
>>>

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 02:06 AM

Hi,

I will be following your instructions.  Just wanted to mention that Avira is set up to block autorun.inf when I plug in

external drives to usb. 



#4 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 03:11 AM

AdwCleaner won't paste, but here are the results:

Service found:  DrvAgent32 (my note: quarantined in MBAM at present)

Folder found:  C:\Program Files\Yahoo!\yset

File found:  C:\Windows\system32\drivers\DrvAgent32.sys

No malicious DLLs found

No malicious keys found

No infected shortcut found

No malicious task found

Registry

Key found:  HKU\S-1-5-21-57989841-220523388-1801674531-1003\Software\eSupport.com

Key found:  HKCU\Software\eSupport.com

Key found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo!  SearchSet

Key found:  HKLM\SOFTWARE\Microsoft\Windows\Currentversion\App Management\ARPCache\Yahoo!  SearchSet

 

No malicious Firefox based browser items found

No malicious Chromium based browser items found

 

I closed the files without deleting anything.


Edited by Inset irises, 17 September 2016 - 03:13 AM.


#5 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 03:32 AM

I am having no luck with copy and paste or cut and paste.  Paste doesn't appear when I right click,

instead I get:  Save page as, or Save page to pocket.

 

JRT removed 37 old IE temp files and 1 registry entry.

 

I will proceed with the next scan.


Edited by Inset irises, 17 September 2016 - 03:38 AM.


#6 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 04:12 AM

I have a question:

I managed to turn off the firewall and Avira, but still have MBAM and Spybot 2.4 active.

The instructions you pasted in with the link to disable a/v's is from 2007.

My version of Spybot doesn't have the "administrator" in the drop down menu.

Shall I just uninstall Spybot before running Eset online scan, or just leave it as is?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 17 September 2016 - 09:20 AM

You can leave them on..

I also have a bit of trouble with the pasting. Ive advised Admin.

remove what ADW found

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 01:09 PM

AdwCleaner and JRT have removed the files previously listed.

0 files and 0 registry now listed (still cannot paste here).

Currently half way through ESET scanner, have found an Ask toolbar and a SearchSuite Y toolbar.

MBAM still has the DriverAgent Pup in quarantine as well from previous scans.

 

Can I delete that now, or should I wait until ESET finishes?



#9 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 02:21 PM

I am now able to paste, I just discovered.  

 

Here are the items from the ESET scan:

 

 

 

 

C:\Documents and Settings\Owner\Desktop\Yencso Data 7-17-2013\Owner\My Documents\Downloads 2\Setup_FreeConverter.exe    a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application    deleted
C:\Documents and Settings\Owner\Desktop\Yencso Data 7-17-2013\Owner\My Documents\Downloads 2\GOM Download\Gomplayerensetup.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted
C:\WINDOWS\Installer\103b359.msi    a variant of Win32/HiddenStart.A potentially unsafe application    deleted
 


Edited by Inset irises, 17 September 2016 - 02:33 PM.


#10 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 02:25 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Microsoft Windows XP x86
Ran by Owner (Administrator) on Sat 09/17/2016 at  8:46:36.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will now scan with MBAM.


File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/17/2016 at  8:47:05.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 17 September 2016 - 04:38 PM

I cannot paste the logs, but I have the following in Quarantine:

PUP.Optional.DriverAgentPlus   Registry Key  9/10/16

PUP.Optional.Bandoo                 File                  9/17/16

 

Shall I delete all?

 

Also, from reading other BP posts on Bandoo, it appears to have a habit

of reinstalling itself, so please advise if more scans are in order.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 18 September 2016 - 05:07 PM

Hi,
You can delete what is quarantined if you want to.

Look in Control Panel ,Add/rmove .. for anything iLivid and remove it/

What is your browser?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 18 September 2016 - 07:47 PM

I deleted the items in MBAM's quarantine.

I have some old items in Spybot's quarantine as well.

 

I didn't have anything related to iLivid.

 

My primary browser is Firefox 48.0.2.

I use IE as a backup.  Firefox had a problem a few days back with a hung app that

said it was already running.  Firefox was deleted and reinstalled.  I copied over the bookmarks.

 

Nikon Transfer had to close last night when I tried it.  (I posted some information on it over at

the XP board from Administrative Tools),



#14 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 19 September 2016 - 08:48 AM

I'm seeing some slowdowns...Excel really slow to open, pdf's I make with my scanner software are taking longer to save...

On Admin tools, there is a repeated error, "Specified modules can't be found".



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 19 September 2016 - 09:01 AM

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message. -->>>?????.dll
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users