RagingRaven Posted April 28, 2017 ID:1120594 Share Posted April 28, 2017 (edited) This moring an automatic update started followed by a threat scan. This usually takes a couple of minutes to finish, but today the scan has been running for over 5 hours now and it still hasn't finished. It seems the scan is stuck on a .cab file (C:\ProgramData\Package Cache\{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}v8.59.25584\packages\Windows_SDK\58314d0646d7e1a25e97c902166c3155.cab) The .cab file is only 17MB so it shouldn't take this long to scan it. It seems something is keeping malwarebytes from correctly accessing or reading the file, but there also doesn't appear to be a timeout in malwarebytes, which makes it so it can't get stuck on a single file. A skip button would be nice as well, as all I can do now is pauze or cancel. Pauze is useless in this case, and cancel makes it so the rest of my computer doesn't get scanned. If you want I can add the file as an attachment so you can take a look at it. Edited April 28, 2017 by RagingRaven Link to post Share on other sites More sharing options...
RagingRaven Posted April 28, 2017 Author ID:1120602 Share Posted April 28, 2017 Followup: I clicked cancel, but an hour later it's still trying to scan the file. So it seems canceling isn't working either. Link to post Share on other sites More sharing options...
Firefox Posted April 28, 2017 ID:1120604 Share Posted April 28, 2017 A reboot, would probably fix the issue, you can try rebooting and then running another scan to see what happens. The file that is displayed my not actually be the file its stuck on. Can you provide some logs so we can have a look at what may be happening? Please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt) NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions Please let us know how it goes. Thank You, Firefox Link to post Share on other sites More sharing options...
dcollins Posted April 28, 2017 ID:1120622 Share Posted April 28, 2017 Do you have Rootkit scanning enabled by chance? Link to post Share on other sites More sharing options...
RagingRaven Posted April 29, 2017 Author ID:1120788 Share Posted April 29, 2017 It appears a reboot indeed fixed the issue. I attached the requested files. @dcollins I do have Rootkit scanning enabled, I have all modules enabled in fact. Addition.txt FRST.txt logs.zip MB-CheckResult.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 30, 2017 Root Admin ID:1120998 Share Posted April 30, 2017 Hello @RagingRaven You do have the following potential issues. Nothing wrong with a proxy, as long as you're aware of it and have set it up yourself and no malware. ProxyServer: [S-1-5-21-3921867960-3328932981-4260551549-1001] => proxy1.eu.webscanningservice.com:3128 ProxyServer: [S-1-5-21-3921867960-3328932981-4260551549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04292017092611127] => proxy1.eu.webscanningservice.com:3128 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION Not sure if you're aware, but the logs also indicate the computer is currently being used to pirate and steal software from Adobe. There are some other errors in the logs that can potentially be affecting overall computer performance. Including our own program, which crashed. Error: (04/29/2017 09:01:36 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: Event-ID 1 Error: (04/29/2017 09:01:15 AM) (Source: DYMO Pnp Service) (EventID: 0) (User: ) Description: Exception Type: Win32Exception Element not found Stack Trace: at PnpService.PnpService.HidFilter(DeviceEnumInfo device) at PnpService.PnpService.EnumDeviceInterfaces(IntPtr deviceInfoSet, Guid deviceInterfaceClass, Predicate`1 filter) at PnpService.PnpService.<GetAllFullyEnumeratedHisMsdDevices>d__5.MoveNext() at PnpService.PnpService.TurnAllPrinterInterfaces() Error: (04/28/2017 09:07:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1 Faulting module name: ScanControllerImpl.dll, version: 3.0.0.652, time stamp: 0x589e1d88 Exception code: 0xc0000005 Fault offset: 0x00000000001ea590 Faulting process ID: 0xd94 Faulting application start time: 0x01d2bfed638ee89d Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll Report ID: 7a169674-6753-4e3c-9893-40dd78b97b07 Faulting package full name: Faulting package-relative application ID: Error: (04/28/2017 06:04:42 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: A corruption was discovered in the file system structure on volume \\?\Volume{3f6e0009-60f5-40ca-a3bc-3915a2f4b649}. Please click on the "Search the web and Windows" box. Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator" In the command prompt please type the following exactly. CHKDSK C: /R This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use. Press the Y key to tell it to run on the next restart of the computer. Quote Microsoft Windows [Version 10.0.10586] (c) 2015 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>CHKDSK C: /R The type of the file system is NTFS. Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N) Then restart the computer and let it run. Then find and copy the disk check entry from the Event Logs and paste back the results here. How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10 Link to post Share on other sites More sharing options...
dcollins Posted April 30, 2017 ID:1121086 Share Posted April 30, 2017 Can you try turning off rootkit scanning to see if that helps? If it does, can you please perform the following instructions so I can verify something? Press the Windows key + R In the dialog box that pops up, type cmd and click Ok In the window that pops up, type compact /compactos Please post the results of that command (a screenshot is fine) Link to post Share on other sites More sharing options...
RagingRaven Posted May 1, 2017 Author ID:1121216 Share Posted May 1, 2017 @AdvancedSetupThe proxy was a test for one of my customers some time ago, but it was inactive, so shouldn't be an issue. I'll run a checkdisk later today (when I don't need my computer) and post the results. @dcollins Turning off rootkit scanning probably won't help as the issue seemed to be fixed by doing a reboot. Also before it never gave me an issue. I do believe AdvancedSetup is on to something with the disk having an issue though. I did try your command though, it said: The system is in the Compact state. It will remain in this state unless an administrator changes it. I'm guessing that's the default state in Windows 10, as I've never changed it. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now