RegAlyzer stuck - with high CPU

S

Steven Avery

New member
Hi Folks,

When I tried a search with RegAlyzer, it found a couple of entries and then got "stuck" on an entry. From the bottom bar, (the search was simple, for "SpyPC" and had found a couple of simple search log entries) it was stuck on:

"Searching HKEY_LOCAL_MACHINE\SYSTEM\ControlSeet002\Services\xmlprov "

I tried it twice, same thing, no problem with Regedit's search. Dunno why this would be.

In addition, it went wild with CPU, going up to 99. If it can't go on, it should pretty much give up. When I returned to my puter, it took me ten minutes to get my task monitor up to see what was the problem and kill RegAlyzer. (For the future, I made some adjustments with Process Tamer.)

Any explanation of why it would be stuck would help. I would be happy to try again, other searches, etc.

Thanks.

Shalom,
Steven Avery
Queens, NY
 
Last edited:
Glad you brought this issue up again.

Mine keep stalling on the same keys as well and couldn't get Pepi's attention anymore.

Version I'm using is 1.6.0.12

RegAlyzer:
attachment.php


RegEdit:
attachment.php
 
Last edited:
PepiMK said:
Which RegAlyzer version are you using? I remember something about an endless loop in a previous one... if you manually browse to that key, does xmlprov have a subfolder xmlprov with a subfolder xmlprov which has a subfolder xmlprov...?
Click to expand...
RegAlyzer 1.6.0/12 -

Yep.
Nested about a dozen times "Parameter.." maybe all identical.

Apparently this XMLPROV is a service added in SP2,.
.
http://www.theeldergeek.com/network_provisioning_service.htm[/B]
XMLPROV

So this nesting key could be a MS glitch (I haven't searched yet.) There is a first XMLPROV key that looks solid and then this one. I could rename this second key, but the loop would probably continue. I could do some sort of export of the key and then delete, or trim the parms to one or two. Overall, I do not think this key is being used at all on my system, so I could ERUNT and then simply delete the key. Or best .. you could give an upgrade, perhaps you went to 9 levels instead of 99 :-) and looped around to 1. I just ran into that exact problem on an RPG application (the business language, not the game) that I was called in to fix.

Here is a little registry pic.
http://screencast.com/t/UvTJj0cv


Shalom,
Steven
 
Last edited:
And does your "nested" key is still nested when you browse it with RegEdit?
As you can see on the pics I attached, in my case(s) only RegAlyzer shows it as nested.
 
Hi there,

same here with

HKLM\System\ControlSet003\Services\WS2IFSL

The subkey "Security" can't be displayed with Regalyzer 1.6.0.12 (ok with Regedit). Searches passing that key end up in an endless loop.

Cheers,

Michael
 
PepiMK said:
Not sure if this version already fixes it, but I thought I should upload the latest changes first, since the native mode/rootkit browsing thing meant changes in exactly those areas that would be responsible here as well: 1.6.1.14.
Click to expand...

Thanks! Didn't fix it for me...

Still stalling but manual browsing display the key differently: "<0x00>" instead of blank
attachment.php
 
Thank you, that's important information - it shows the problem. The 0x00 is a character not "allowed" in key names, since it usually indicates the end of a text. In this case that means it detects keys with a name of zero length, which should be impossible, but has been known to occure. regedit.exe might ignore it - RegAlyzer does not because such invalid uses of 0x00 might be indicators of rootkits. We'll do some experiments about this :)
 
Just tried 1.6.2.16

Well... I can no longer see the <0x00> russian dolls but it still has a [+]cfg and I can't expand it.
When I click on the + it doesn't expand the cfg key.

And Search is still jamming on it :hair:
 
Last edited:
YaffYaff said:
Just tried 1.6.2.16

Well... I can no longer see the <0x00> russian dolls but it still has a [+]cfg and I can't expand it.
When I click on the + it doesn't expand the cfg key.

And Search is still jamming on it :hair:
Click to expand...

In other words the display is different but the problem remains:
1.6.2.16 -> RegAlyzer stuck - with high CPU

Bug still open.

I really miss the search function in RegAlyzser
:surrender:
 
sloane911 said:
RegAlyzer 1.6.2.16 crashes for me too. Virtual memory usage rises dangerously fast on Win XP Sp3

Similar issue post here:
http://forums.spybot.info/showthread.php?p=352990
Click to expand...

Sigh... It's been over 2 years and many releases. I think the issue is in the bug list but it must have a very low priority. I really miss this RegAlyzer. I gaved up already an no longer use it. :sick:

I had a spark of hope when I got the email notification of your post.

Oh well. Would have been a nice xmas gift to see a resolution.
 
You must log in or register to reply here.
Back
Top