Jump to content

MBAM v2 free's (paus/freez)es during its "Pre-scan Operation: Working -- Filesystem Objects: Pending"


Recommended Posts

Hello.

 

I upgraded my very old, updated Windows XP Pro. SP3 machine's MBAM v1.7... free at home. I am already running into a big problem. During Windows Explorer's right click to scan on (file/folder)s, my Windows will freeze during MBAM's "Pre-scan Operation: Working -- Filesystem Objects: Pending" twice (beginning and at the end). Sometimes my mouse freezes and computer beeps at me when I try to do anything. I never had this problem with the older versions before v2.0. And yes, I rebooted too. :(

 

Thank you in advance. :)

Link to post
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

I also have XP mode and tomorrow I can try playing around with MBAM 2.0 on there and see if I get the same slowdown.

OK. It might be an isolated issue though. I don't think anyone mentioned this problem on their very old Windows XP Pro. SP3 machine? I didn't see this problem in a VM so I assume it is my very old OS.

Link to post
Share on other sites

Official in the sense that FileHippo mirrors 90% of the software that they provide links for.  Unofficial in that I don't believe they have any sort of contract with MalwareBytes to host the file....

 

FWIW, the file from FileHippo is the same identical one as the one I downloaded.

 

Hashes:

 

FileHippo file:

 
CRC32: 25164E1E
MD5: 683FDD3D773C58B262DC07CD0C6CE938
SHA-1: D0BC40EBC2A60E259AFF000ACC025F68EF62DA7D
SHA-512: B608DA4E3DD2BC45BCC5AE84B7989E1CA8B7F05262418BE1A04D70AF5BE7561835A3B897E21911678AB4C7E2DE88891B235CE163C947CE71F227479539FCD2CF
 
MB file:
 
CRC32: 25164E1E
MD5: 683FDD3D773C58B262DC07CD0C6CE938
SHA-1: D0BC40EBC2A60E259AFF000ACC025F68EF62DA7D
SHA-512: B608DA4E3DD2BC45BCC5AE84B7989E1CA8B7F05262418BE1A04D70AF5BE7561835A3B897E21911678AB4C7E2DE88891B235CE163C947CE71F227479539FCD2CF
 
So, I can attest that the FileHippo file is a valid MBAM 1.75 installer with nothing changed.
 
Thanks, 1PW, for the link - I never thought to look to a 3rd party :D
Link to post
Share on other sites

  • Root Admin

Well if you can we'd really like to get more information about your computer to see if we can help you out.  The 2.0 version of the program is much better at detection and removal than 1.75 is.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

 

 

Then run this tool as well
 
Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

Thanks

Link to post
Share on other sites

... Then run this tool as well

 

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

Thanks

I ran and uploaded. ;)

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

To start off I would recommend that you open Regedit.exe and browse to this location

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

 

Then if possible remove all of the entries found there.  Only place an application there in compatibility mode if it simply cannot run properly.

 

These must be removed or any security application is not going to run well.  If possible though as said none should be there.

explorer.exe

svchost.exe

rundll32.exe

 

Please correct that and then run the FRST program

 

Thanks again

Link to post
Share on other sites

Well if you can we'd really like to get more information about your computer to see if we can help you out.  The 2.0 version of the program is much better at detection and removal than 1.75 is.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well...

I didn't copy and paste since they are SO long. Yikes.

Link to post
Share on other sites

  • Root Admin

What is this file? There are only 7 hits for it on a Google search.

HKLM\...\Run: [start-Q] - C:\winstuff\Start-Q\sqpagt.exe [16384 2011-01-04] ()

What is this software?

D:\winstuff\DVBVIE~1\DVBVIE~2.EXE

Can you please upload them to VirusTotal and have them scan it please and then post back the links for the scans.

https://www.virustotal.com/en/

The computer shows additional signs of an infection and possible damage from a previous infection.

Having these entries is not normal

AlternateDataStreams: C:\WINDOWS\system32\h323log.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\WINDOWS\system32\PQ_DEBUG.TXT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\WINDOWS\system32\vmnetnat-mac.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Documents and Settings\Ant:gs5sys

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data:gs5sys

AlternateDataStreams: C:\Documents and Settings\All Users\Documents:gs5sys

AlternateDataStreams: C:\Documents and Settings\All Users\Templates:gs5sys

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0888F409

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E9EB8C3A

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F169C698

AlternateDataStreams: C:\Documents and Settings\All Users\Documents\My Pictures:gs5sys

AlternateDataStreams: C:\Documents and Settings\Ant\Application Data:gs5sys

AlternateDataStreams: C:\Documents and Settings\Ant\Cookies:gs5sys

AlternateDataStreams: C:\Documents and Settings\Ant\Desktop:gs5sys

AlternateDataStreams: C:\Documents and Settings\Ant\Templates:gs5sys

AlternateDataStreams: C:\Documents and Settings\Ant\My Documents\desktop.ini:gs5sys

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

What is this file? There are only 7 hits for it on a Google search.

HKLM\...\Run: [start-Q] - C:\winstuff\Start-Q\sqpagt.exe [16384 2011-01-04] ()

What is this software?

D:\winstuff\DVBVIE~1\DVBVIE~2.EXE

Those are legit programs. Start-Q is a startup manager. DVBVIE is DVB Viewer Pro. I use them often.

Link to post
Share on other sites

  • Root Admin

Those are legit programs. Start-Q is a startup manager. DVBVIE is DVB Viewer Pro. I use them often.

 

I didn't say they were not legit.  I simply asked you to please upload them to VirusTotal and let them scan them so that we can confirm they are safe and that going forward there will be a record of their safety for others that come along.

 

The other issue though are not normal and is typically a sign of an infection.  You have other applications failing, so it's up to you if you want to try and correct them or not.  You can certainly put back the 1.75 version but eventually we will pull that version and then you'll be stuck again.

Link to post
Share on other sites

What is this file? There are only 7 hits for it on a Google search.

HKLM\...\Run: [start-Q] - C:\winstuff\Start-Q\sqpagt.exe [16384 2011-01-04] ()

What is this software?

D:\winstuff\DVBVIE~1\DVBVIE~2.EXE

Can you please upload them to VirusTotal and have them scan it please and then post back the links for the scans.

https://www.virustotal.com/en/

...

VirusTotal scan for DVBVIE~2.EXE

VirusTotal scan for sqpagt.exe

I am going to contact both of these companies to see if my files are cleaned as theirs.

Link to post
Share on other sites

I doubt they're really all that bad. Depending on how programs are written or packed that can cause them to be flagged as suspicious or a threat.

Did you want to run Combofix and look at cleaning the computer or go ahead and finish up here?

 

FYI since I found my original DVB Viewer Pro installer so I installed into a clean updated XP Pro. SP3 VM and took its dvbviewer.exe file to compare with my suspicious. They matched exactly the same:

 

MD5: 8f7d81b79dd7ab9f5a8741a3dbbc9252    

SHA1: 668621f7230a4a354481713cd3e37d5689162dc8    

CRC32: 85557082

SHA-256: cf496723d3514944818fb2ee0eda2e956a953ffd90e3b0760c241719743824c4    

SHA-512: 6454e18ffc8dcf0b6e75ce551276704ef485de5098f180a3b69ed6c8de1aa53bd804a518446edcc0143d299811f42b593367c2b4433e959cee91d1238f17ac58  

SHA-384: 44ffd645052c425d81b1bffa48b338ef4882ec5b14dc542a7f0309ec90042137c87537ba2ea7b062f4cdcca39a39fcde

1,630,336 bytes

 

I don't have the original installer for that Startup Manager to compare with. Maybe I can contact the developer.

 

As for ComboFix, I did run briefly but it took too long after five/5 minutes and I needed to use the computer (thought it was only SCANNING for issues since it was trying close, reset my settings, etc. -- not fixing!) so I aborted it at its stage 3 in cmd.exe. I was forced to reboot because it broke my Internet connection (LAN still worked). I will try it later when I have more time to fix its "fixes" which I dislike. I only wanted a SCAN for issues. Sheesh. I hope it didn't break anything else. :/

 

Can you tell what is different between v1.7 and v2.0 for the pre scan stuff? I noticed in 64-bit W7, it has a long time (no annoying (pause/freez)es to start the actual scans even in Explorer's right click. I really wished this scan was faster.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.