No big deal, just Avira doing it's job. FRST was removing the Hosts file to set it to default, Avira was trying to protect it.
Solved Constantly going into 'overdrive'
- Thread starter bernie lamb
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
No big deal, just Avira doing it's job. FRST was removing the Hosts file to set it to default, Avira was trying to protect it.
Ok, after the scan is done...
Remove Avira with Geek Uninstaller.
Then reboot.
Run the Avira RegistryCleaner
Reboot again.
Then install one of the following antivirus, these offer the same if not better protection, & they are much lighter on your system!!
SecureAplus
360 Total Security
Panda Cloud Free.
Edit: I'd make a full virus scan with whatever you decide to install....
http://www.pandasecurity.com/usa/homeusers/solutions/free-antivirus/
Just a side note and a nice program to have on your machine, Everything Search Engine. Get the portable version....
In the south Georgia...
Remove Avira with Geek Uninstaller.
Then reboot.
Run the Avira RegistryCleaner
Reboot again.
Then install one of the following antivirus, these offer the same if not better protection, & they are much lighter on your system!!
SecureAplus
360 Total Security
Panda Cloud Free.
Edit: I'd make a full virus scan with whatever you decide to install....
http://www.pandasecurity.com/usa/homeusers/solutions/free-antivirus/
Just a side note and a nice program to have on your machine, Everything Search Engine. Get the portable version....
In the south Georgia...
The green scan indicator has gone, so I assume it is finished. Does the blue slider at the bottom have to be all the way over to the right to indicate end of op?
AVZ log bel
AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 16.02.2017 14:47:16
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 16.02.2017 16:00
Heuristic microprograms loaded: 410
PVS microprograms loaded: 10
Digital signatures of system files loaded: 857539
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 "Microsoft Windows XP", install date 17.07.2012 07:46:38 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=085700)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055C700
KiST = 80504570 (284)
Function NtClose (19) intercepted (805BC564->BA74D644), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateKey (29) intercepted (8062426A->BA74D5FE), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSection (32) intercepted (805AB3FC->BA74D64E), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSymbolicLinkObject (34) intercepted (805C3A2E->BA74D626), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (35) intercepted (805D1068->BA74D5F4), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteKey (3F) intercepted (80624706->BA74D603), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteValueKey (41) intercepted (806248D6->BA74D60D), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDuplicateObject (44) intercepted (805BE03C->BA74D63F), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadDriver (61) intercepted (80584172->BA74D62B), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey (62) intercepted (8062648E->BA74D612), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (7A) intercepted (805CB486->BA74D5E0), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSection (7D) intercepted (805AA420->BA74D621), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenThread (80) intercepted (805CB712->BA74D5E5), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (8062248E->BA74D667), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (C1) intercepted (8062633E->BA74D61C), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestWaitReplyPort (C8) intercepted (805A2DAA->BA74D658), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (CC) intercepted (80625C4A->BA74D617), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetContextThread (D5) intercepted (805D2C4A->BA74D653), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSecurityObject (ED) intercepted (805C0662->BA74D65D), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSystemInformation (F0) intercepted (8060FE98->BA74D630), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (806227DC->BA74D608), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSystemDebugControl (FF) intercepted (8061823E->BA74D662), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (101) intercepted (805D2308->BA74D5EF), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtWriteVirtualMemory (115) intercepted (805B4400->BA74D5EA), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 284, intercepted: 24, restored: 24
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 29
Number of modules loaded: 356
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
In the database 317 port descriptions
Opened at this PC: 4 TCP ports and 10 UDP ports
Checking - complete; no suspicious ports detected
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>>> HDD autorun is allowed - fixed
>> Network drives autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>>> Network drives autorun is allowed - fixed
>> Removable media autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>>> Removable media autorun is allowed - fixed
Checking - complete
Files scanned: 68076, extracted from archives: 43986, malicious software found 0, suspicions - 0
Scanning finished at 16.02.2017 15:24:49
!!! Attention !!! Restored 24 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 00:37:36
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
ow
AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 16.02.2017 14:47:16
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 16.02.2017 16:00
Heuristic microprograms loaded: 410
PVS microprograms loaded: 10
Digital signatures of system files loaded: 857539
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 "Microsoft Windows XP", install date 17.07.2012 07:46:38 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=085700)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055C700
KiST = 80504570 (284)
Function NtClose (19) intercepted (805BC564->BA74D644), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateKey (29) intercepted (8062426A->BA74D5FE), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSection (32) intercepted (805AB3FC->BA74D64E), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSymbolicLinkObject (34) intercepted (805C3A2E->BA74D626), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (35) intercepted (805D1068->BA74D5F4), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteKey (3F) intercepted (80624706->BA74D603), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteValueKey (41) intercepted (806248D6->BA74D60D), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDuplicateObject (44) intercepted (805BE03C->BA74D63F), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadDriver (61) intercepted (80584172->BA74D62B), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey (62) intercepted (8062648E->BA74D612), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (7A) intercepted (805CB486->BA74D5E0), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSection (7D) intercepted (805AA420->BA74D621), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenThread (80) intercepted (805CB712->BA74D5E5), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (8062248E->BA74D667), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (C1) intercepted (8062633E->BA74D61C), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestWaitReplyPort (C8) intercepted (805A2DAA->BA74D658), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (CC) intercepted (80625C4A->BA74D617), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetContextThread (D5) intercepted (805D2C4A->BA74D653), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSecurityObject (ED) intercepted (805C0662->BA74D65D), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSystemInformation (F0) intercepted (8060FE98->BA74D630), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (806227DC->BA74D608), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSystemDebugControl (FF) intercepted (8061823E->BA74D662), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (101) intercepted (805D2308->BA74D5EF), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtWriteVirtualMemory (115) intercepted (805B4400->BA74D5EA), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 284, intercepted: 24, restored: 24
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 29
Number of modules loaded: 356
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
In the database 317 port descriptions
Opened at this PC: 4 TCP ports and 10 UDP ports
Checking - complete; no suspicious ports detected
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>>> HDD autorun is allowed - fixed
>> Network drives autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>>> Network drives autorun is allowed - fixed
>> Removable media autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>>> Removable media autorun is allowed - fixed
Checking - complete
Files scanned: 68076, extracted from archives: 43986, malicious software found 0, suspicions - 0
Scanning finished at 16.02.2017 15:24:49
!!! Attention !!! Restored 24 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 00:37:36
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
ow
It was complete, go ahead and remove Avira. The only reason I suggest that you remove it is because the amount of Ram on your system. Once you have removed that and ran a full virus scan with the antivirus of your choosing, please tell me how the machine is running and if you are happy to call this solved.
It's just the intial installation, I thought! Yes, it says 'Downloading setupThe initial scan of SecureAplus does take a long time, after that scans are fast!!
Upload it here. Imgur.com
Also, if you have issues with that Antivirus, then use one of the others...
Also, if you have issues with that Antivirus, then use one of the others...
They are having server issues, that is why it may be taking a long time.
The internet for you is running fine other than that?
The internet for you is running fine other than that?
- Status