Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: RegAlyzer stuck - with high CPU

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    4

    Default RegAlyzer stuck - with high CPU

    Hi Folks,

    When I tried a search with RegAlyzer, it found a couple of entries and then got "stuck" on an entry. From the bottom bar, (the search was simple, for "SpyPC" and had found a couple of simple search log entries) it was stuck on:

    "Searching HKEY_LOCAL_MACHINE\SYSTEM\ControlSeet002\Services\xmlprov "

    I tried it twice, same thing, no problem with Regedit's search. Dunno why this would be.

    In addition, it went wild with CPU, going up to 99. If it can't go on, it should pretty much give up. When I returned to my puter, it took me ten minutes to get my task monitor up to see what was the problem and kill RegAlyzer. (For the future, I made some adjustments with Process Tamer.)

    Any explanation of why it would be stuck would help. I would be happy to try again, other searches, etc.

    Thanks.

    Shalom,
    Steven Avery
    Queens, NY
    Last edited by Steven Avery; 2009-04-01 at 12:10.

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,387

    Default

    Which RegAlyzer version are you using?

    I remember something about an endless loop in a previous one... if you manually browse to that key, does xmlprov have a subfolder xmlprov with a subfolder xmlprov which has a subfolder xmlprov...?
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  3. #3
    Junior Member
    Join Date
    Jan 2009
    Posts
    13

    Default

    Glad you brought this issue up again.

    Mine keep stalling on the same keys as well and couldn't get Pepi's attention anymore.

    Version I'm using is 1.6.0.12

    RegAlyzer:


    RegEdit:
    Attached Images Attached Images
    Last edited by YaffYaff; 2009-04-04 at 13:10.

  4. #4
    Junior Member
    Join Date
    Apr 2009
    Posts
    4

    Default

    Quote Originally Posted by PepiMK
    Which RegAlyzer version are you using? I remember something about an endless loop in a previous one... if you manually browse to that key, does xmlprov have a subfolder xmlprov with a subfolder xmlprov which has a subfolder xmlprov...?
    RegAlyzer 1.6.0/12 -

    Yep.
    Nested about a dozen times "Parameter.." maybe all identical.

    Apparently this XMLPROV is a service added in SP2,.
    .
    http://www.theeldergeek.com/network_...ng_service.htm[/B]
    XMLPROV

    So this nesting key could be a MS glitch (I haven't searched yet.) There is a first XMLPROV key that looks solid and then this one. I could rename this second key, but the loop would probably continue. I could do some sort of export of the key and then delete, or trim the parms to one or two. Overall, I do not think this key is being used at all on my system, so I could ERUNT and then simply delete the key. Or best .. you could give an upgrade, perhaps you went to 9 levels instead of 99 :-) and looped around to 1. I just ran into that exact problem on an RPG application (the business language, not the game) that I was called in to fix.

    Here is a little registry pic.
    http://screencast.com/t/UvTJj0cv


    Shalom,
    Steven
    Last edited by Steven Avery; 2009-04-05 at 12:37.

  5. #5
    Junior Member
    Join Date
    Jan 2009
    Posts
    13

    Default

    And does your "nested" key is still nested when you browse it with RegEdit?
    As you can see on the pics I attached, in my case(s) only RegAlyzer shows it as nested.

  6. #6
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,387

    Default

    I did add this as issue 378 to the bugtracker Will look into it soon.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  7. #7
    Junior Member
    Join Date
    Jan 2009
    Posts
    13

    Default

    Quote Originally Posted by PepiMK View Post
    I did add this as issue 378 to the bugtracker Will look into it soon.

  8. #8
    Junior Member
    Join Date
    Apr 2009
    Posts
    4

    Default

    Hi Folks,

    Thanks, Yaff. I had forgotten to look at the key in regedit, where I also have no problem
    http://screencast.com/t/M6umBkqD

    And thanks Pepi, hope it is resolved easily.

    Shalom,
    Steven Avery
    Last edited by Steven Avery; 2009-04-06 at 15:25.

  9. #9
    Junior Member
    Join Date
    Apr 2009
    Posts
    1

    Default

    Hi there,

    same here with

    HKLM\System\ControlSet003\Services\WS2IFSL

    The subkey "Security" can't be displayed with Regalyzer 1.6.0.12 (ok with Regedit). Searches passing that key end up in an endless loop.

    Cheers,

    Michael

  10. #10
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,387

    Default

    Not sure if this version already fixes it, but I thought I should upload the latest changes first, since the native mode/rootkit browsing thing meant changes in exactly those areas that would be responsible here as well: 1.6.1.14.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •