For some reason i'm unable to complete a full system scan of spyware on my machine. I had always used adaware se, but it kept freezing 3/4 of the way through, so I have tried switching to spydoctor and avg with the same result.

When using avg I can see that the freeze happens when the scan hits "c:\system volume information\tracking.log"

Anyone out there offer any reason why this should be happening?

I've run virus scans previous to this to be sure it's clean, so i'm guessing the problem is a piece of spyware etc?

Since you didn't state what O/S you're using I'm going to assume it's Win/XP.

Boot your PC into Safe Mode and run the Anti-Spyware software of your choice.

Post your results so others will know whether it works or not.

good luck.

Sorry about the lack of info. I'm running windows xp pro corp sp2.

I tried the safemode, and the scan went pefectly and completed. It showed up a couple of threats which were promptly got rid of.

However when I started a second scan this morning from within the normall boot, I got the same freeze. It occur's on the exact same file name, and same object scan number each time.

Any ideas?

Just so you know I'm not spouting crap, I work in tech support and have started a business on my own doing the same thing.

I would suggest scheduling a check disk by going to start -> run -> typing "cmd" w/o the quotes, then in the commande prompt window, type "chkdsk/r" again w/o quotes. when it says it can't be run b/c the drive is in use and asked to be run on next reboot, allow it and then restart, it should run automatically. watch the process and see if it finds an fixes anything. if it doesn't that wasn't ur issue, if it does, theres a chance it fixed it, or some other issue or corrupt file you didn't know about. Really check disk is a good thing to run periodically in general.

Good luck!

Ok tried the chkdsk, then tried running a scan again after the reboot. I'm still having the same problem, it still hangs on the same file name.

Anyone else??

Try this:
-Right click on my computer and go to properties.
-Go to the system restore tab.
-Select the "turn off system restore on all drives" option, and click ok and then yes to confirm the change.
-Go back into properties and uncheck the box you just checked and then ok to turn system restore back on. Make sure it now says monitoring for all the drives.

Basically, the file your scan is hanging on is in the folder where the system restore save points are stored. By turning off and back on system restore, the save points are erased and so should be the offending file. Its better to do it this way, but if it doesn't work, try manually deleting the file. Or if you're not allowed to delete the file due to an "in use" warning message, use a program like Killbox to delete it, or try booting into safe mode and deleting it from there.

Ok now im confused, I tried the system restore method and had no joy. So tried to delete manually, however I can't find it by simple clicking, so I tried a full search function yet it doesn't show up.

The file is called "tracking.log" according to the scan, I see some file that have tracking name in them, but all are things i recognise from other software so safe. But no "tracking.log" shows up anywhere in the search?

turn on "show hidden files and folders" and turn off "hide protected operating system files" in tools>folder options>view and try browsing to it via the file path you gave in your first post. OR make sure the search includes hidden files and or specify the search to look for .log files.

Ok have done that to try and find it, I can see the folder that the scan says the log is inside "c:/System Volume Information" yet when I right click to examine, its empty, and when I try to open it I get an access denied message. This is a single person machine so there is only my account on it, can't see why I shouldn't be able to open the folder?

Also searches that specify to look for "logs" don't come up with the tracking one?

I have been using a combination of Ad-Aware and Spybot S & D. There have been times when the new edition of Ad-Aware has been "difficult" and I would run Spybot, clean off anything it finds and then run Ad-Aware. This very often works.

when I try to open it I get an access denied message.

Not sure why that would be happening... do you have XP or Vista?

XP pro corp sp2, odd thing is its a new machine, only been running about 10 days or so. The first things I put on were OS, firewall, antivirus, spyware. So not as if it's been online for years to get clogged with crap.

I got a couple more ideas but running out here, lol.

try the system restore off and on as before, but reboot inbetween turning it off and turning it back on.

If that fails try:

try turning off system restore as before, but do a more complete job this time by also going to run and typing "services.msc" look for the system restore service in that list and disable it. Reboot into safe mode and run the scan again. if it doesn't hang on it, go back into normal mode and try turning system restore back on in both locations.

if that doesn't work try typing:

del c:\system volume information\tracking.log

in command prompt and see if it will delete the file. If it give an error (other than not found) and won't let you delete it, try it in safe mode.

Last, just delete the whole folder, it shouldn't harm your computer at all, and if you're wary, just back up any data first, which should be easy since its only a 10 day old build.


If none of that works I guess it might be worth it to post either a rootkitrevealer log file and or an Hijackthis log.

Ok, first off you can't get into the Sys Vol Info folder because you don't have the correct permissions to do so. Before doing this make sure that System Restore is turned off (also make sure to restart after turning it off), otherwise you're going to get a file in use error when trying to delete it. To be able to view the permissions tab open any explorer window (i.e. My Computer), go to:

Tools > Folder Options...

Click the 'View' Tab

Scroll all the way to the bottom and uncheck the box that says 'Use simple file aharing'


Now browse to your C: drive, right click on the sys vol info folder and click properties.

Click the Security tab

click Add... type 'Administrators' in the box, and press return

with Administrators selected in the list check the box in the lower portion of the windows that says 'Full Control' then click OK

You should now be able to browse into your sys vol info folder

You might have to repeat the setting of permissions on the tracking.log file, but you should be able to delete it now.


If you do get a file in use error when trying to delete the file click here (http://www.merijn.org/files/HiJackThis_v2.exe) to download HijackThis.

run the exe, when you get to the main program window click config, click Misc Tools at the top and then click 'Delete a file on reboot'. Browse to the file and click open.

Now reboot your system. If the file is still there then it is being loaded too early during startup and the only way of actually getting rid of it will be to boot off of other media and delete the file.

WARNING: Technically the System Volume Information folder is only used for storing System Restore information, and deleting this file should have no affect on your system, but I have not personally done this before so I can't guarantee it. I would make a copy of this file before deleting it just in case.

You need to defrag your system go to All Programs, Accessories, System tools, Defrag. Then run your spyware software again. Also make sure to reboot after defragging.

You need to defrag your system go to All Programs, Accessories, System tools, Defrag. Then run your spyware software again. Also make sure to reboot after defragging.



Defag as my mom inlaw calls it ? How would that help , he has a permissions problem likely caused by the spyware itself . If it doesn't work in safemode he's on his own . I'm teasing tho . :happy: Old problem hope he's got it sorted .

I have been using a combination of Ad-Aware and Spybot S & D. There have been times when the new edition of Ad-Aware has been "difficult" and I would run Spybot, clean off anything it finds and then run Ad-Aware. This very often works.

spybot S&D it`s the best i used it when i hade some spyware on my PC :) cleaned my PC up :D

it`s easy to use !