Is This Normal Operation?

[TripodBob]

I was checking a downloaded file using the 'right click' context menu for 'scan with malwarebytes anti malware'. (2.0.2.1012).   It took 4:49 for the pre-scan operation to complete and then only a few seconds to check the file.  I seem to remember the old malwarebytes took only a few seconds to complete the entire operation.  Does this seem normal?

 

Additionally, the next time I tried using the right-click context menu to scan a single file, I tried to stop the process during the long pre-scan operation.  Both the CANCEL and the PAUSE buttons were inoperative.  Is this normal?

 

System is XP home 3.6 gig quad core with 3.25 gig ram.

[daledoc1]

Hi and welcome back:

 

No, that doesn't sound normal.

But I supposed some of the time could depend on the computer's hardware/resources, AV conflicts, corrupt files, bad disk sectors, etc.

 

BTW, is this the same computer as this one here: https://forums.malwarebytes.org/index.php?/topic/156708-malware-and-malicious-website-protection-stopped/?

 

If so, the same advice then would be a good idea now, in order to help us to better assist you:

 

• Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
• If that does not correct the issue, then please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
• NOTE: There is an FAQ section with valuable information located here - Common Questions, Issues, and their Solutions

If you have already tried the clean reinstall, then please feel free to skip directly to step #2 for the logs.

>>As you may have run FRST on this system before, please place a check-mark in the "Addition.txt" option before running it.

 

Thanks,

[TripodBob]

Wow! Thanks for the ultraspeedy reply.  Yes, same computer as mentioned in prior post, but that issue has not repeated.  I'll start on step 1 above and respond as results dictate.

 

Thanks again

[daledoc1]

OK, no rush.

Post back when you wish.

 

Cheers,

[TripodBob]

Clean Removal - Fresh Install fixed both problems.

 

Thanks again.

[daledoc1]

Excellent!

 

I'm glad you're back up and running.

Thanks for letting us know.

 

Cheers,

[TripodBob]

Well Maybe Not....

 

A little while ago I used the right-click menu to scan a single file...nothing happened.

Checked Malwarebytes to make sure right-click context was checked, it was.

Restarted computer, tried right-click context menu again, this time scan started but the pre-scan operation was running for over 3 minutes when I shut it down.

Time to move to step 2 of your original post.  Files attached

 

FRST.txt

Addition.txt

CheckResults.txt

[daledoc1]

We'll need to wait for one of the staff to review your logs and advise you.

(The log does show that the context menu entry is enabled.)

 

Until staff review the logs, it looks as though you have Self-Protection enabled (Dashboard > Settings > Advanced Settings)?

Did you DISABLE SP before doing the clean reinstall, as instructed here?

What happens if you disable SP > disable context menu scan > reboot > enable context menu scan > reboot?

 

<just curious>

 

Thanks for your patience,

[daledoc1]

Update!
 
I think I found a possible explanation for your problem.
Disclaimers:
1. I am not staff or expert.
2. I am not sure if this conflict has been resolved.

3. I do NOT know if this is the cause of your current issue.
 
BUT -- see this post from April, which might seem to apply to your system (XP + MBAM Premium + MBAE):
 

This is a known issue that only happens under Windows XP. Basically MBAM's Self-Protection prevents MBAE from writing to its log directory which is protected by MBAM. This same issue is not a problem under Vista, Win7 or Win8. It only happens under XP. It is neither a bug of MBAM nor a bug of MBAE, just a small conflict.

If you are using this combination (Windows XP + MBAM + Self-Protection + MBAE) the workaround until we fix this conflict is to simply disable Self-Protection.
https://forums.malwarebytes.org/index.php?showtopic=146350#entry817750

P.S. You also have a lot of outdated, vulnerable applications/plugins (Flash Player, Java, etc). This is not related to your current issue, but I thought I would mention it, as these create security risks for your system

 

Anyway, I guess you might try disabling SP for now?

And wait for staff to review your logs.

 

Cheers,

[TripodBob]

Self-protection is not enabled now and was not enabled before doing the clean reinstall (I checked).  AFAIK I have never enabled self-protection so work-around won't work.

 

I'm really confused about the vulnerable apps you mentioned.  I updated JAVA 2 days ago and their 'old version uninstaller' said I had no earlier versions to remove.  I'll have to check FLASH but I thought it was also up-to-date..  I'll run PSI to see what else might need updating.

[daledoc1]

Darn -- OK, I must have misread an item in your mbam-check log. My bad.

Terribly sorry for the confusion.

Please wait for staff/experts.

---------------------------------------------

Off-topic

Flash Player is definitely on version 15. http://www.adobe.com/software/flash/about/

Check your version: http://helpx.adobe.com/flash-player.html

If you use more than 1 browser, e.g. Firefox and IE, you need a separate version for each ("plug-in" for Firefox, "ActiveX" for IE).

As for Java, I think there may be a more recent release?

TBH, though, unless you absolutely need it, it's best to uninstall it -- few websites/applications require it these days, and it's a significant security vulnerability.

Up to you though.

FWIW, Secunia is not always current or correct.  Sometimes one needs to do a bit of checking on one's own.

 

Anyway, I will defer to the staff and experts to get your MBAM up and working.

They can help with these other issues, too, if you need it.

 

Cheers,

[pbust]

I see you have an old beta version of Malwarebytes Anti-Exploit (0.10.3.0100). You might want to uninstall it, reboot and download and install the latest version of MBAE 1.04.1.1012.

[daledoc1]

Dang!

 

Good catch there, @pbust!!!

THAT's why you fellas get paid the big bucks.

(So perhaps I was nearly on the right track, after all? <LOL>)

 

Cheers!

[TripodBob]

What I know so far.

 

Java is/was up to date  (don't like it either but must have it to get through security to my credit union)

Flash was not up to date, I've updated (for IE and Firefox) to V15 (thanks for that)

Did not know about new version of MBAE,  update later today

Good to know about PSI.

Thanks both

[TripodBob]

9/18/14 update

 

Still experiencing long single file scans (7 min. 11 sec.)  See OP.

A couple of hours ago I started a threat scan from the dashboard and finally manually stopped it since MBAM was still in pre-scan operation after an hour and 26 minutes.

Scheduled threat scan this morning only took 18 min 30 sec.

Could use some help here.

[AdvancedSetup]

Let us get some fresh new logs please. 

 

Please restart the computer 2 times before you run the scans.

 

 

Please read the following and post back the 3 requested logs.
 
Diagnostic Logs
 
Thank you
 

[TripodBob]

Here you go:

Addition.txt

FRST.txt

CheckResults.txt

[AdvancedSetup]

It looks like your hard drive is probably having issues. I would recommend first doing a Full disk check. Then see if that helps or not.

 

Click on START --- RUN --- and type in CMD.EXE then type the following in the DOS Console

 

 

CHKDSK   C:   /R

 

Then press the Enter key. It will say it cannot lock the drive and ask if you want to check it on the next restart. Press the Y key and then the Enter key and then restart the computer and let it run.

 

After the computer restarts then try scanning with MBAM again and let us know if it's any better or not.

[TripodBob]

OK

typically everything is fine after a restart, so I'll have to wait a while then see what happens when the system has been in use for a time.

Chkdsk said it cleaned up some minor inconsistencies on the drive, I'll post the chkdsk results when I post back here later

[TripodBob]

Some updates:

 

Ran chkdsk /r twice.  files attached

I then ran a single file mbam threat scan immediately after a fresh start.  File took 1:46 to complete.  played one game on the computer then ran a threat scan on the same file as before, this time 4:03.  Played the same game again then ran another single file threat scan and it took 4:57.  Repeated sequence again and scan took 5:46.

 

I'll try the same thing again, but this time do something else rather than play a game between scan attempts to see if similar increases in scan times occur with another program.

 

Also, when the computer restarted after the 2nd run of chkdsk I got an MBAM error. I got a window that said the error message would be found in a file called 63ed_appcompat.txt.  I can't find this file on my computer but I did find a similar message in Event Viewer so that is attached.

scan1.txt

scan2.txt

Event viewer.txt

[TripodBob]

bump

[AdvancedSetup]

Sorry for the delay.

 

The disk check also found this:

 

CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system

 

Please restart the computer again and then post back fresh new FRST logs. Make sure you place a check mark in the Additions.txt check box and post back both logs.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
  

 

[TripodBob]

As requested

 

FRST.txt

Addition.txt

[AdvancedSetup]

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

• Double click to open the zip file and then select all and choose Copy.
• Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
• Quit all browsers and other running applications.
• Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Next,
 
Please visit the following link and run the tool from Microsoft.
Fix Internet Explorer issues to make IE fast, safe and stable

 

 

Then restart the computer again and run the following and let me know how it goes.

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

[TripodBob]

Attached are some of the requested files:  Java Remover found a bunch of stuff to remove, file attached,

 

TFC removed about 640 megs of junk.

 

Could not get the IE fix to run.  Got an error message that said " troubleshooter has experienced an unexpected error & cannot continue"

I looked at Eventviewer and copied 2 error messages that are attached.

 

 

 

JavaRa.log

eventviewer errors.txt