RE: Anti-virus, anti-spyware freezing in Win XP



Dear Mike,

I did as you suggested and chose as my first scan Trend Micro HouseCall 6.5,
but it froze at the same file as before – C:\System Volume
Information\MountPointManagerRemoteDatabase.

I'm open to any other suggestions, sir, and I'm eager to employ them.

Thank you.

"MAP" wrote:

Shut off system restore (system volume) and reboot,re-run scans
--
Mike Pawlak


"Munchausen" wrote:

Recently my AVG Anti-Virus & Anti-Spyware began freezing at C:\System Volume
Information\tracking.log.

Lavasoft Ad-Aware 2007 v. 7.0.2.3 froze, too. The results were: (1) Total
infections detected: 33; and (2) after 11 hours, still wasn’t finished
scanning, having frozen at C:\System Volume
Information\MountPointManagerRemoteDatabase.

The first time I rant RootkitRevealer.exe, I got the following data, which I
can't interpret:
HKU\S-1-5-18\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ParseAutoexec 10/23/2007 7:21 a.m. 5 bytes Data
mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 7/20/2005 11:28 a.m. 0 bytes Key name
contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 7/20/2005 11:28 a.m. 0 bytes Key name
contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32\ThreadingModel 10/16/2007
10:55 a.m. 5 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/23/2007 7:21 a.m. 80
bytes Data mismatch between Windows API and raw hive data.

The second time I ran RootKitRevealer, it froze on C:\System Volume
Information\. (Don't know why I ran it again since I didn't understand what
it was telling me the first time.)

Windows OneCare Live Safety Scanner froze at 20% into the virus and spyware
scan, telling me “2 items detected, 1 issue found.”

Trend Micro House Call 6.5 froze at “Step 2: Scanning local computer and
connected components – 2 ¼ hours – scanning files and folders.”

HouseCall 6.6 froze at “Step 2: Scanning local computer and connected
components – 2 ½ hours – scanning files and folders”

Panda ActiveScan 5.54.01 froze at C:\.

When I ran the latest Microsoft Malicious Software Removal Tool, it froze at
C:\System Volume Information\MountSharePointManagerRemoteDatabase.

NOD32 freezes repeatedly at C:\RECYCLER or C:\System Volume
Information\MountPointManagerRemoteDatabase

Any suggestions would be gratefully appreciated, folks.
.