I've been a AA SE user for a long time, but am having difficulty getting past a freeze problem on a new desktop machine. Here's some details on the PC:
- HP with Intel Core 2, 2Gb memory
- 2 500 Gb drives, striped w/ Raid 0
- Windows Media Center with latest fixes/patches
- Norton Security Center 2007 with latest fixes/patches (no detected virus or malware)
- Ad-Aware SE Personal
- Build 1.06 R1
- Definitions SE1R139 12.12.2006

Ad-Aware freezes on the same file each run, about 200K objects into the scan. File name is:
c:\Windows\Assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b035f5f7f11d50a3a

Actions attempted with no joy:
1. CHKDSK (no errors)
2. Defrag
3. Start|Run| "C:\...Ad-Aware SE Personal\Ad-Aware.exe +procnuke +immortal"
- Freezes at the same point in the scan
4. Turned off "Unload recognized processes & modules during scan"
5. In AA's Scanning|Select drives & folders to scan, deselected the entire c:\Windows\Assembly directory
- Freezes at the same point in the scan, de-selection did not stop \Windows\Assembly from being scanned
6. Stopped scan just before freeze and cleaned trivial Critical Objects (4 cookies)
- Subsequent scans show zero Critical Objects before freeze
7. Ran Blacklight - Zero Items Found
8. Ran Rootkit Revealer - here's the log:
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 12/16/2006 11:48 AM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8D93208F1187E5D40B33D0B0FB3E9202\Usage\SoleFeature 12/16/2006 11:36 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 12/16/2006 11:48 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate\State 12/16/2006 11:07 AM 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\22935ED5.TMP 12/16/2006 12:08 PM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\lulock.dat 12/16/2006 11:50 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\tmp2f52.tmp 12/16/2006 11:50 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\tmp3459.tmp 12/16/2006 11:50 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\lulock.dat 12/16/2006 11:50 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2b3d.tmp 12/16/2006 11:50 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp346c.tmp 12/16/2006 11:50 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
D: 0 bytes Error mounting volume

I'm about out of ideas. AA works fine on three of my other PC's, but not this one. Fresh thoughts, anyone?

TIA,
Brad

Hi

Could you try a custom scan with Ad-Aware SE please. Start Ad-Aware, click start, select "Use custom scanning options", then click "Customize", in the scan settings window, click "drives and folders to scan". In the select folders to scan window click the + sign to expand and go down to c:\Windows\Assembly\GAC_32\System.EnterpriseServices\ and uncheck this one folder, click proceed and then next to start the custom scan.

With this folder ignored does the scan complete OK now? If any items are found please post the log file.

Thanks, the scan completed this time with zero Critical Items - only the MRU objects were found.

Here's an excerpt from the log file:

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, December 16, 2006 2:25:46 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R139 12.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):33 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


12/16/2006 2:25:46 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

[SNIP]

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33

2:37:34 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:47.844
Objects scanned:204682
Objects identified:0
Objects ignored:0
New critical objects:0


I appreciate the help. There must be something odd about that one file -- AND I must have misunderstood the proper method of skipping a subdirectory (you must do a Custom Scan for de-selections to have an effect).

Brad

Hi



Yes, the smart and full scans are predefined so some of the scanning options will only affect the custom scan.

Good to see no critical items found. There must be something about that file that causes Ad-Aware to stall when it tries to scan it.

Hello

It is possible that this could be due to access limitation. Are you loged on to your system with administrator rights?

/Daniel