Jump to content

Threat Scan Scanning for over 5 hours


Recommended Posts

This moring an automatic update started followed by a threat scan.
This usually takes a couple of minutes to finish, but today the scan has been running for over 5 hours now and it still hasn't finished.
It seems the scan is stuck on a .cab file (C:\ProgramData\Package Cache\{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}v8.59.25584\packages\Windows_SDK\58314d0646d7e1a25e97c902166c3155.cab) The .cab file is only 17MB so it shouldn't take this long to scan it.

It seems something is keeping malwarebytes from correctly accessing or reading the file, but there also doesn't appear to be a timeout in malwarebytes, which makes it so it can't get stuck on a single file.
A skip button would be nice as well, as all I can do now is pauze or cancel.
Pauze is useless in this case, and cancel makes it so the rest of my computer doesn't get scanned.

If you want I can add the file as an attachment so you can take a look at it.

Edited by RagingRaven
Link to post
Share on other sites

A reboot, would probably fix the issue, you can try rebooting and then running another scan to see what happens.  The file that is displayed my not actually be the file its stuck on.

Can you provide some logs so we can have a look at what may be happening? 

  1. Please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt)
  2. NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions


Please let us know how it goes.


Thank You,

Firefox

Link to post
Share on other sites

  • Root Admin

Hello @RagingRaven

You do have the following potential issues. Nothing wrong with a proxy, as long as you're aware of it and have set it up yourself and no malware.

ProxyServer: [S-1-5-21-3921867960-3328932981-4260551549-1001] => proxy1.eu.webscanningservice.com:3128
ProxyServer: [S-1-5-21-3921867960-3328932981-4260551549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04292017092611127] => proxy1.eu.webscanningservice.com:3128
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

Not sure if you're aware, but the logs also indicate the computer is currently being used to pirate and steal software from Adobe.

 

 

There are some other errors in the logs that can potentially be affecting overall computer performance. Including our own program, which crashed.

Error: (04/29/2017 09:01:36 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/29/2017 09:01:15 AM) (Source: DYMO Pnp Service) (EventID: 0) (User: )
Description: Exception Type: Win32Exception
Element not found

Stack Trace:    at PnpService.PnpService.HidFilter(DeviceEnumInfo device)
   at PnpService.PnpService.EnumDeviceInterfaces(IntPtr deviceInfoSet, Guid deviceInterfaceClass, Predicate`1 filter)
   at PnpService.PnpService.<GetAllFullyEnumeratedHisMsdDevices>d__5.MoveNext()
   at PnpService.PnpService.TurnAllPrinterInterfaces()

Error: (04/28/2017 09:07:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ScanControllerImpl.dll, version: 3.0.0.652, time stamp: 0x589e1d88
Exception code: 0xc0000005
Fault offset: 0x00000000001ea590
Faulting process ID: 0xd94
Faulting application start time: 0x01d2bfed638ee89d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Report ID: 7a169674-6753-4e3c-9893-40dd78b97b07
Faulting package full name:
Faulting package-relative application ID:

 


Error: (04/28/2017 06:04:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A corruption was discovered in the file system structure on volume \\?\Volume{3f6e0009-60f5-40ca-a3bc-3915a2f4b649}.

 

Please click on the "Search the web and Windows" box.

win10search.jpg.ab49407705b2ffa8728339ae


Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator"

 

cmd_prompt_run_as_administrator.jpg.252a

 

In the command prompt please type the following exactly.

CHKDSK  C:  /R

This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use.

Press the Y key to tell it to run on the next restart of the computer.

 

Quote

Microsoft Windows [Version 10.0.10586]


(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>CHKDSK C: /R
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

Then restart the computer and let it run.
Then find and copy the disk check entry from the Event Logs and paste back the results here.

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

 

Link to post
Share on other sites

  • Staff

Can you try turning off rootkit scanning to see if that helps? If it does, can you please perform the following instructions so I can verify something?

  1. Press the Windows key + R
  2. In the dialog box that pops up, type cmd and click Ok
  3. In the window that pops up, type compact /compactos
  4. Please post the results of that command (a screenshot is fine)
Link to post
Share on other sites

@AdvancedSetupThe proxy was a test for one of my customers some time ago, but it was inactive, so shouldn't be an issue.

I'll run a checkdisk later today (when I don't need my computer) and post the results.

@dcollins Turning off rootkit scanning probably won't help as the issue seemed to be fixed by doing a reboot. Also before it never gave me an issue.
I do believe AdvancedSetup is on to something with the disk having an issue though.
I did try your command though, it said: The system is in the Compact state.  It will remain in this state unless an
administrator changes it.

I'm guessing that's the default state in Windows 10, as I've never changed it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.