Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: besmith01 on December 13, 2014, 10:04:41 AM

Title: Avast file warnings.
Post by: besmith01 on December 13, 2014, 10:04:41 AM
I have Avast Internet Security installed and in the last 24 hours have received 15 pop ups advising me of a suspect file (Malware-gen) that has been removed before being opened and I need to take no further action.

I have done a Quick scan and a  Smart scan and nothing was found.
The files are shown in the Vault as C:\Windows\TEMP\tmp00002a83 (there is a different number/letter sequence for each file).

Is this something I need to worry about ?
If not, how can I remove these constant notifications ?
Any advice would be appreciated.
Title: Re: Avast file warnings.
Post by: Staticguy on December 13, 2014, 01:11:40 PM
Do a full system scan by Avast, MalwareBytes Antimalware Free, and SuperAntiSpyware Free. Before doing a full system scan of these 3 program make sure it's up-to-date. If you see that these constant notification still comes up follow these steps https://forum.avast.com/index.php?topic=53253.0 and a malware expert will help you.

Post all 3 logs of Avast, MBAM, and SAS here and a malware expert will help you.
Title: Re: Avast file warnings.
Post by: besmith01 on December 13, 2014, 05:36:06 PM
A full system scan by  SuperAntispyware found 2 "low threat tracking cookies" (and removed them, A full system scan by Avast and Malwarebytes found "no threats".

Could Avast be "reading" a malware file in the Emisoft Quarantine area ?

Title: Re: Avast file warnings.
Post by: Pondus on December 13, 2014, 05:40:40 PM
Quote
The files are shown in the Vault as C:\Windows\TEMP\tmp00002a83 (there is a different number/letter sequence for each file).   
Try clear your temp folders with TFC    http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/


Virus and false positive problems should be posted in the viruses and worms forum section
At top in that section you find a how to recive help guide


Title: Re: Avast file warnings.
Post by: Para-Noid on December 13, 2014, 05:46:45 PM
Could you provide a screenshot(s) of the pop-ups?
What are you using as a browser?

It could be there is a conflict between Emisoft and avast.
Try uninstalling Emisoft using their uninstaller then install MalwareBytes.

Uninstallers here http://www.avast.com/faq.php?article=AVKB11#artTitle
or here https://singularlabs.com/uninstallers/security-software/

MBAM download from here https://www.malwarebytes.org/
Title: Re: Avast file warnings.
Post by: besmith01 on December 13, 2014, 06:25:34 PM
Thank you for the advice.

I will clean the temporary files and uninstall Emisoft and see what happens.

It is rather unsettling for the Avast full scan to show clear and yet another part of the Avast system is reporting infected temporary files.
Is there any way to turn off the reporting popup ?

Title: Re: Avast file warnings.
Post by: Pondus on December 13, 2014, 06:30:36 PM
Quote
  It is rather unsettling for the Avast full scan to show clear and yet another part of the Avast system is reporting infected temporary files.
In your first post you say avast moved detected files to chest ...... so if already moved they will not be detected when you scan

Title: Re: Avast file warnings.
Post by: Pondus on December 13, 2014, 06:32:01 PM
If you want a malware expert to check, instructions are here   https://forum.avast.com/index.php?topic=53253.0

Title: Re: Avast file warnings.
Post by: besmith01 on December 13, 2014, 07:25:47 PM
If you want a malware expert to check, instructions are here   https://forum.avast.com/index.php?topic=53253.0

Sory, I may not have explained that well.
After the clear scan, the warning appeared.
I was nor connected to the Internet during that time, which suggested to me that the infected temporary file was on my PC.

I note the advice and will follow it.
Title: Re: Avast file warnings.
Post by: Staticguy on December 13, 2014, 11:46:59 PM
Did you also can with AdwCleaner?
Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 12:06:44 PM
I have scanned with AdwCleaner and nothing was found.
No full scan has found anything suspicious.

Thinking back, I received an email which I thought/think was from my central heating oil supplier with an Invoice attached, when I tried to open it , I had the pop up warning and I deleted the email.
The warnings started the same day.
 
The email is not in my deleted emails file, I assume the whole thing could be in the Vault.

I am now thinking that this was a legitimate email and this is a "false positive", but as I can't find the email , I am unable to report the details.

As you have probably realised I am not totally PC competent, so I am reluctant to poke about too deeply into my PC, or go into any convoluted (to me) possible solutions.

Is there any other way I can stop the pop up reports ?
I have tried uninstalling Avast and reinstalling it, but this made no difference.

 
Title: Re: Avast file warnings.
Post by: essexboy on December 14, 2014, 12:27:58 PM
Generally the incidence of false positives is low

There are infections that are not found by automated tools

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 01:26:07 PM

Error.
Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 01:30:09 PM
Thank you for your interest.
Title: Re: Avast file warnings.
Post by: essexboy on December 14, 2014, 03:27:12 PM
Could you also attach the additions.txt.

Let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2 
C:\Users\Brian\setup.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 06:11:05 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014
Ran by Brian at 2014-12-14 17:08:14
Running from C:\Users\Brian\Downloads\Programs
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{60BBC176-C393-6033-837E-B6BF4CDCBFB9}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MailWasherPro (HKLM-x32\...\{4622F96A-780B-48B8-8304-1CD8A40043E8}) (Version: 7.3.0 - Firetrust)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-GB)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1938564924-3213098998-1223892305-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-11-2014 10:29:42 Scheduled Checkpoint
08-11-2014 10:40:45 Scheduled Checkpoint
12-11-2014 14:17:52 Windows Update
12-11-2014 14:34:24 avast! antivirus system restore point
12-11-2014 14:38:40 Device Driver Package Install: Avast Network Service
19-11-2014 23:18:28 Windows Update
27-11-2014 10:14:58 Scheduled Checkpoint
04-12-2014 11:52:39 Scheduled Checkpoint
11-12-2014 00:00:38 Windows Update
13-12-2014 00:22:32 Windows Update
13-12-2014 21:04:39 avast! antivirus system restore point
13-12-2014 21:17:17 avast! antivirus system restore point
13-12-2014 21:21:01 Device Driver Package Install: Avast Network Service

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-10-19 17:31 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {009DCE2C-FCAC-42D8-9BA1-B5EED8B40C22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {017ACF58-EC58-4C5A-A7C9-A807A1D3CB7D} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {229D4E75-B898-4350-BABC-FA3211F63C18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {2BCE84F2-91C3-4207-B84C-B72CF99B1ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)
Task: {63F975BD-34B0-4F7E-BC98-BC39576F4BE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)
Task: {7D1D5EE7-7F9C-4897-8735-03AAB10A652E} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {BFC532EA-7D60-4663-B8F9-B2058E23F323} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-14 19:41 - 2014-04-14 19:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-12-13 21:20 - 2014-12-13 21:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-13 21:20 - 2014-12-13 21:20 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-13 21:20 - 2014-12-13 21:20 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121301\algo.dll
2014-12-13 21:20 - 2014-12-13 21:20 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-14 08:57 - 2014-12-14 08:57 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121400\algo.dll
2014-12-13 21:20 - 2014-12-13 21:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-02 09:36 - 2014-12-02 09:36 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1938564924-3213098998-1223892305-500 - Administrator - Disabled)
Brian (S-1-5-21-1938564924-3213098998-1223892305-1001 - Administrator - Enabled) => C:\Users\Brian
Guest (S-1-5-21-1938564924-3213098998-1223892305-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1938564924-3213098998-1223892305-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 08:57:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
   Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
   The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
   0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (12/14/2014 08:57:32 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/14/2014 08:57:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/14/2014 08:57:00 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/13/2014 09:29:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/13/2014 09:29:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/13/2014 09:27:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/13/2014 09:12:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/13/2014 09:12:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/13/2014 03:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/13/2014 03:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (12/14/2014 08:57:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:57:00 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
   Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
   The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (12/14/2014 08:56:59 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
   0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


==================== Memory info ===========================

Processor: AMD Sempron(tm) 3850 APU with Radeon(tm) R3
Percentage of memory in use: 23%
Total physical RAM: 7624.44 MB
Available physical RAM: 5816.13 MB
Total Pagefile: 15247.05 MB
Available Pagefile: 12572.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:712.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0882D59E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Do you want me to now run FRST and press FIX ?
Title: Re: Avast file warnings.
Post by: essexboy on December 14, 2014, 06:13:14 PM
Yes please, once done could you let me know how your computer is behaving
Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 06:44:05 PM
I ran the FRST scan again and then pressed "Fix", I got the following message, "No fix list found, the fixlist txt should be in the same folder/directory the tool located".

Hopefully you can point out where I went wrong.

Title: Re: Avast file warnings.
Post by: essexboy on December 14, 2014, 07:40:46 PM
You need to copy FRST from your downloads folder to the desktop then have the fixlist.txt on the desktop as well

(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 10:20:36 PM
I have a text file entitled "FRST" and one entitled "Addition", I cannot find a text file entitled "fixlist".

I do appreciate your assistance and I am sorry for making this hard work for you.
Title: Re: Avast file warnings.
Post by: essexboy on December 14, 2014, 10:33:20 PM
No problem I have made one for you and attached it to the bottom of this post.
Make sure that both FRST and the fixlist are in the same folder



Title: Re: Avast file warnings.
Post by: besmith01 on December 14, 2014, 11:16:47 PM
Thank you very much for your help.
I performed the "Fix" and everything on my PC seems to be running OK, I have just had the file warning popup again, so thats still there.

I have the feeling if I can't stop the reports,  I am going to have to live with it, or dump Avast.
I am reasonably confident that there is no serious malware on my PC, otherwise Malwarebytes, Emisoft, AVG, or Avast would have found it.

Title: Re: Avast file warnings.
Post by: Staticguy on December 15, 2014, 12:27:06 AM
 Download and install ESET Online Scanner. This scanner is very effective and is very good at what it does. ESET Online Scanner helps you find viruses and etc malware on your computer  that do not want to be found. It is shown here how to install it https://www.youtube.com/watch?v=0qTLZqFI314

I have used this tool in the past and it does a really good job at it.
Title: Re: Avast file warnings.
Post by: essexboy on December 15, 2014, 05:34:38 PM
Could you screenshot the popup and attach that please
Title: Re: Avast file warnings.
Post by: besmith01 on December 15, 2014, 09:34:17 PM
Thanks Staticguy, I did an ESET scan and it found nothing.

I have deleted the item quarantined by Emisoft , which may make a difference.

essesboy, I will take a screenshot next time it appears.
Title: Re: Avast file warnings.
Post by: besmith01 on December 17, 2014, 11:03:33 AM
Just a follow-up note, which may help others that experience this problem.

Since deleting the item from the Emisoft  quarantine file, I have had no repeat of the Avast file warning pop-up , I am touching wood while typing this.

Thanks to all those that took the time and patience to help me, it is much appreciated.