Sign in to follow this  
Fernando92

My Adaware starts, then instantly closes

Recommended Posts

Hello,

I have installed adaware some days ago because my computer was having some problems, and i guessed it was some malware that was damaging my computer. I used it the first day, and found 300 traces. I selected to delete them all, and all went great. The next day, as I start my computer I got a message:"This application failed to start because sfc_os.dll was not found. Re-installing the application may fix this problem." from winlogon.exe

I tried to open my AdAware again to see if there was a problem, and it instantly closed after loading the definitions. I tried reinstalling the program and while i was installing it I got that message again "This application failed to start because sfc_os.dll was not found. Re-installing the application may fix this problem." but the installation completed. As soon as I tried opening it I got the same problem as before, it closed after loading definitions. I would be very thankful if someone can help me with this problem, if you need the HiJackThis logs here they are:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:35:12 p.m., on 16/03/2013

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARCHIV~1\AVG\AVG2013\avgrsx.exe

C:\Archivos de programa\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ad-Aware Antivirus\AdAwareService.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\AVG\AVG2013\avgfws.exe

C:\Archivos de programa\AVG\AVG2013\avgidsagent.exe

C:\Archivos de programa\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Java\jre7\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\AVG\AVG2013\avgnsx.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Archivos de programa\AVG\AVG2013\avgemcx.exe

C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Smith Micro\StuffIt 2010\ArcNameService.exe

C:\Archivos de programa\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

C:\Archivos de programa\Archivos comunes\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Archivos de programa\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

C:\Archivos de programa\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Program Files\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=AA047FE3836B0394C994FC5144853378

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/download/triggerpages_mmcom/default.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Archivos de programa\adawaretb\adawareDx.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Archivos de programa\adawaretb\adawareDx.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll

O2 - BHO: PageRage - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Archivos de programa\PageRage\prxtbPag0.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Archivos de programa\PageRage\prxtbPag0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll

O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Archivos de programa\adawaretb\adawareDx.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [vProt] "C:\Archivos de programa\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG_UI] "C:\Archivos de programa\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Datos de programa\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [searchProtection] C:\Documents and Settings\All Users\Datos de programa\Search Protection\_run.bat

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Archivos de programa\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Akamai\netsession_win.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: Download All by FlashGet - C:\ARCHIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARCHIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O9 - Extra button: Selección inteligente de HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (file missing)

O16 - DPF: {339C9F23-3526-4583-BFAD-C11D594F8A49} - http://citas.arnet.com.ar/seguimientocitas/GrillaDeCitas.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224984138953

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Archivos de programa\Archivos comunes\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll

O20 - AppInit_DLLs: c:\docume~1\alluse~1\datosd~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll

O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Archivos de programa\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Firewall de AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Archivos de programa\AVG\AVG2013\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Archivos de programa\AVG\AVG2013\avgidsagent.exe

O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Archivos de programa\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Archivos de programa\Java\jre7\bin\jqs.exe

O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: GFI VIPRE Antivirus Service (SBAMSvc) - GFI Software - C:\Archivos de programa\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Archivos de programa\Smith Micro\StuffIt 2010\ArcNameService.exe

O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: vToolbarUpdater14.1.7 - Unknown owner - C:\Archivos de programa\Archivos comunes\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe

O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

 

--

End of file - 14825 bytes

Share this post


Link to post
Share on other sites

Hi,

 

Please follow the step #2 here to get DDS logs. Then copy-paste those here.

Share this post


Link to post
Share on other sites

Hi,

 

See if you're able to run DDS without disabling antivirus protection.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this