RE: Anti-virus, anti-spyware freezing in Win XP

---

• From: MAP <mikepawlak2REM@xxxxxxxxxxxxxx>
• Date: Sat, 27 Oct 2007 15:35:00 -0700

---

Shut off system restore (system volume) and reboot,re-run scans
--
Mike Pawlak


"Munchausen" wrote:

Recently my AVG Anti-Virus & Anti-Spyware began freezing at C:\System Volume
Information\tracking.log.

Lavasoft Ad-Aware 2007 v. 7.0.2.3 froze, too. The results were: (1) Total
infections detected: 33; and (2) after 11 hours, still wasn’t finished
scanning, having frozen at C:\System Volume
Information\MountPointManagerRemoteDatabase.

The first time I rant RootkitRevealer.exe, I got the following data, which I
can't interpret:
HKU\S-1-5-18\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ParseAutoexec 10/23/2007 7:21 a.m. 5 bytes Data
mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 7/20/2005 11:28 a.m. 0 bytes Key name
contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 7/20/2005 11:28 a.m. 0 bytes Key name
contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32\ThreadingModel 10/16/2007
10:55 a.m. 5 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/23/2007 7:21 a.m. 80
bytes Data mismatch between Windows API and raw hive data.

The second time I ran RootKitRevealer, it froze on C:\System Volume
Information\. (Don't know why I ran it again since I didn't understand what
it was telling me the first time.)

Windows OneCare Live Safety Scanner froze at 20% into the virus and spyware
scan, telling me “2 items detected, 1 issue found.”

Trend Micro House Call 6.5 froze at “Step 2: Scanning local computer and
connected components – 2 ¼ hours – scanning files and folders.”

HouseCall 6.6 froze at “Step 2: Scanning local computer and connected
components – 2 ½ hours – scanning files and folders”

Panda ActiveScan 5.54.01 froze at C:\.

When I ran the latest Microsoft Malicious Software Removal Tool, it froze at
C:\System Volume Information\MountSharePointManagerRemoteDatabase.

NOD32 freezes repeatedly at C:\RECYCLER or C:\System Volume
Information\MountPointManagerRemoteDatabase

Any suggestions would be gratefully appreciated, folks.

.

---

• Follow-Ups:
  • RE: Anti-virus, anti-spyware freezing in Win XP
    • From: Munchausen

• Prev by Date: Re: norton anti virus corporate edition
• Next by Date: Re: Anyway, where are the Microsoft guys?
• Previous by thread: Re: norton anti virus corporate edition
• Next by thread: RE: Anti-virus, anti-spyware freezing in Win XP
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Word 2007 crash after Win Vista update oct. 2008 ... The only ill effect I find is that _sometimes_ the first time I open ... the installation files, and that "repair" crashed in mid course. ... I did a system restore, which enabled me to use Word again. ... (microsoft.public.word.docmanagement) Re: IE 6 will not access internet ... and the first time a system restore worked. ... but now a system restore doesn't work. ... Start by scanning for Hijackware. ... following forums for analysis. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Cannot get Intellimouse to work properly ... box froze once more. ... dialogue box froze up and had a job exiting (or coming out of the ... since choosing System Restore has failed to ... and press the Spacebar to select, then Enter to set that option. ... (microsoft.public.windowsxp.help_and_support) Re: Cant update AdAWare,SpyBot,AVG ... spy ware and a virus. ... (NOTE* they all crashed the first time I installed them during ... restore files. ... Shut down system restore, ... (microsoft.public.windowsxp.security_admin) Re: Word 2007 crash after Win Vista update oct. 2008 ... The only ill effect I find is that _sometimes_ the first time I open ... the installation files, and that "repair" crashed in mid course. ... I did a system restore, which enabled me to use Word again. ... (microsoft.public.word.docmanagement)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)