Results 1 to 1 of 1

Thread: Version 1.6.2. Registry Hives Unloading for half hour

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    3

    Exclamation Version 1.6.2. Registry Hives Unloading for half hour

    I just upgraded to 1.6.2, no immunizer on XP Service Pack 3 and had to cancel my scan before it got started. It has been unloading registry hives for 30 minutes, at least. Any suggestions here? Hate to kill these sorts of processes, but there doesn't seem to be any CPU or I/O activity on the process whatsoever.

    Below is a snapshot of process and thread activity at the time, from the bottom up are details about the spybot process. Maybe this will be of help in diagnosis.

    In case you need to know, Spybot is the only application I ran, system has 1GB of memory, and there haven't been any virtual memory issues to date on the machine.

    John
    Process PID CPU Description Company Name
    System Idle Process 0 82.09
    Interrupts n/a Hardware Interrupts
    DPCs n/a Deferred Procedure Calls
    System 4
    smss.exe 860 Windows NT Session Manager Microsoft Corporation
    csrss.exe 912 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 936 Windows NT Logon Application Microsoft Corporation
    services.exe 980 1.49 Services and Controller app Microsoft Corporation
    lsass.exe 992 LSA Shell (Export Version) Microsoft Corporation
    explorer.exe 3840 Windows Explorer Microsoft Corporation
    SPMgr.exe 2500 SPM Module Sony Corporation
    Apoint.exe 436 Alps Pointing-device Driver Alps Electric Co., Ltd.
    mcvsshld.exe 1052 McAfee VirusScan ActiveShield Resource McAfee, Inc.
    oasclnt.exe 2892 McAfee VirusScan OAS Client McAfee, Inc.
    mcagent.exe 1864 McAfee SecurityCenter Agent McAfee, Inc
    MpfTray.exe 3056 McAfee Personal Firewall Tray Monitor McAfee Security
    mscifapp.exe 3112 McAfee Privacy Service McAfee, Inc.
    MSKAgent.exe 3132 McAfee SpamKiller Agent Interface module McAfee Inc.
    hpztsb09.exe 3244 HP
    VAIOUpdt.exe 2672 VAIO Update Sony Corporation
    rundll32.exe 2668 Run a DLL as an App Microsoft Corporation
    apdproxy.exe 3356 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated
    AppleSyncNotifier.exe 3876 AppleSyncNotifier Apple Inc.
    hkcmd.exe 3444 hkcmd Module Intel Corporation
    HKServ.exe 2136 Sony Corporation
    ipoint.exe 3500 IPoint.exe Microsoft Corporation
    WDBtnMgr.exe 3656 WD Button Manager Western Digital Technologies, Inc.
    iTunesHelper.exe 3716 iTunesHelper Module Apple Inc.
    msmsgs.exe 3724 Windows Messenger Microsoft Corporation
    ctfmon.exe 3756 CTF Loader Microsoft Corporation
    BTTray.exe 3224 Bluetooth Tray Application Broadcom Corporation.
    uBBMonitor.exe 3420 BBMonitor ArcSoft, Inc.
    SpybotSD.exe 1868 Spybot - Search & Destroy Safer Networking Limited
    procexp.exe 1640 14.93 Sysinternals Process Explorer Sysinternals
    ApntEx.exe 3320 Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.

    Process: SpybotSD.exe Pid: 1868

    Type Name
    Desktop \Default
    Directory \KnownDlls
    Directory \Windows
    Directory \BaseNamedObjects
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event \BaseNamedObjects\crypt32LogoffEvent
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event \BaseNamedObjects\userenv: User Profile setup event
    Event
    Event
    Event
    Event \BaseNamedObjects\snlUIWinAPIPopupExit
    Event \BaseNamedObjects\snlUIWinAPIPopupShow
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    Event
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File \Device\KsecDD
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File \Device\WMIDataDevice
    File \Device\WMIDataDevice
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File \Device\NamedPipe\EVENTLOG
    File \Device\Tcp
    File \Device\NamedPipe\Win32Pipes.0000074c.00000001
    File \Device\NamedPipe\Win32Pipes.0000074c.00000001
    File \Device\NamedPipe\Win32Pipes.0000074c.00000002
    File \Device\NamedPipe\Win32Pipes.0000074c.00000002
    File \Device\Ip
    File \Device\Tcp
    File \Device\Ip
    File \Device\Ip
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File C:\Documents and Settings\John Muoio\Local Settings\Temp\Perflib_Perfdata_74c.dat
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
    File C:\Program Files\Spybot - Search & Destroy
    IoCompletion
    IoCompletion
    IoCompletion
    IoCompletion
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
    Key HKCU
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
    Key HKCU\Software\Classes
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
    Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
    Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
    Key HKLM
    Key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
    Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
    Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
    Key HKCU\Software\Classes
    Key HKCR
    Key HKLM\SOFTWARE\Microsoft\COM3
    Key HKU
    Key HKCR
    Key HKU
    Key HKLM\SOFTWARE\Microsoft\COM3
    Key HKLM\SOFTWARE\Microsoft\COM3
    Key HKCR\CLSID
    Key HKCR
    Key HKLM\SOFTWARE\Microsoft\COM3
    Key HKU
    Key HKLM\SOFTWARE\Microsoft\COM3
    Key HKLM\SOFTWARE\Microsoft\COM3
    Key HKCR\CLSID
    Key HKCU\Software\Classes
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Key HKCU\Software\Classes
    Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
    Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
    Key HKLM\SOFTWARE\Policies
    Key HKCU\Software\Policies
    Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\.NETFramework\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_1.1.4322\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_2.0.50727\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\aspnet_state\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ContentFilter\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ContentIndex\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\DataDirect Pervasive .NET Data Provider\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\MSSQL$MICROSOFTSMLBIZ\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\Outlook\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\PSched\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\RSVP\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\TapiSrv\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\TermService\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0\Performance
    Key HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance
    Key HKCU\Software
    Key HKLM\SOFTWARE
    Key HKCU\Software\Microsoft\Windows\ShellNoRoam
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
    Key HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Key HKU
    Key HKCU\Software\Classes
    Key HKCU\Software\Classes
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
    Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
    Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
    Key HKCU\Software\Classes
    Key HKCU\Software\Classes
    Key HKCU\Software\Classes
    Key HKCU\Software\Classes
    Key HKCU\Software\Classes
    KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
    Mutant \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1948308505-267416710-2975318682-1005MUTEX.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\ShimCacheMutex
    Mutant \BaseNamedObjects\DBWinMutex
    Mutant
    Mutant
    Mutant
    Mutant
    Mutant
    Mutant \BaseNamedObjects\madToolsMsgHandlerMutex$e28$2db1ee4
    Mutant \BaseNamedObjects\madToolsMsgHandlerMutex$e28$43e20a4
    Mutant \BaseNamedObjects\6DC58E2E-20C2-4AF6-8A8D-34488EE5AE53
    Mutant \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Mutant \BaseNamedObjects\MSCTF.Shared.MUTEX.ICO
    Mutant \BaseNamedObjects\MSCTF.Shared.MUTEX.ENO
    Mutant \BaseNamedObjects\ZonesCounterMutex
    Mutant
    Mutant \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ASP.NET_1.1.4322_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ASP.NET_2.0.50727_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ContentFilter_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ContentIndex_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\DataDirect Pervasive .NET Data Provider_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ISAPISearch_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\MSSQL$MICROSOFTSMLBIZ_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\Outlook_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\PSched_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\RSVP_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\TermService_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_74c
    Mutant \BaseNamedObjects\ZoneAttributeCacheCounterMutex
    Mutant \BaseNamedObjects\ZoneAttributeCacheCounterMutex
    Mutant \BaseNamedObjects\ZonesCacheCounterMutex
    Mutant \BaseNamedObjects\ZonesLockedCacheCounterMutex
    Mutant \BaseNamedObjects\_SHuassist.mtx
    Mutant
    Mutant
    Port
    Port
    Port
    Port
    Port
    Process SpybotSD.exe(1868)
    Section \BaseNamedObjects\madExceptThreadNameBuf$74c
    Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1948308505-267416710-2975318682-1005SFM.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Section \BaseNamedObjects\ShimSharedMemory
    Section \BaseNamedObjects\madExceptSettingsBuf$74c
    Section \BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
    Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ICO..PKJBDB
    Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ICO.B.PKJBDB
    Section \BaseNamedObjects\MSCTF.Shared.SFM.ICO
    Section \BaseNamedObjects\MSCTF.Shared.SFM.ENO
    Section \BaseNamedObjects\Perflib_Perfdata_74c
    Section \BaseNamedObjects\UrlZonesSM_John Muoio
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
    Semaphore
    Semaphore
    Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
    Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
    Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore
    Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
    Semaphore
    Semaphore
    Semaphore
    Thread SpybotSD.exe(1868): 3624
    Thread SpybotSD.exe(1868): 3384
    Thread SpybotSD.exe(1868): 3624
    Thread SpybotSD.exe(1868): 2480
    Thread SpybotSD.exe(1868): 176
    Thread SpybotSD.exe(1868): 3624
    Thread SpybotSD.exe(1868): 4004
    Thread SpybotSD.exe(1868): 4004
    Thread SpybotSD.exe(1868): 4048
    Thread SpybotSD.exe(1868): 4048
    Thread SpybotSD.exe(1868): 3364
    Thread SpybotSD.exe(1868): 176
    Timer
    WindowStation \Windows\WindowStations\WinSta0
    WindowStation \Windows\WindowStations\WinSta0
    WmiGuid
    WmiGuid
    WmiGuid
    WmiGuid
    Last edited by johnmuoio; 2009-04-21 at 20:28. Reason: Additional information

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •