Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

'rundll32 application failed to initialize' error

Status
Not open for further replies.
lordfsa

lordfsa

Technical User
Dec 3, 2006
26
GB
My Windows XP SP2 based machine has been encountering a problem for the past two weeks and I cant seem to pinpoint what the cause is. I have carried out some diagnostic tests but seem to have hit a dead end, so I would appreciate any suggestions any of you folk can come up with.


The Problem:
-Issues emerge after leaving PC running over night.
-When i come back to the PC in the morning, several applications fail to open giving the error: 'rundll32.exe application failed to initialize properly'.
-Always affects utorrent.exe, which I leave running.
-Mostly affects other applications too.
-Sometimes even task manager refuses to open.
-Normal shut down procedure doesnt operate and I am left with no option but to force shut down using the power button.


System Specs:
-Windows XP SP2
-Intel Xeon 2.8 GHz
-2GB RAM
-All latest updates installed
-Zonealarm, AVG anti virus, Windows Defender and Peerguardian2 always run in background with latest definitions.


Diagnostics Carried Out:
-I ran full system checks using AVG anti virus, Windows Defender, AVG anti spyware, spybot search&destroy, super anti-spyware, ad-aware 2007 and mcAffes stinger using the latest versions and definitions. These were carried out both in normal and safe mode. No viruses were detected. Only a couple of tracking cookies were found which the software labelled as mild-medium threat. Naturally, I removed these. I left the PC running overnight and the problem was still there.
-I read on a forum that the lack of some .net frameworks may cause conflicts with utorrent, so i downloaded 1.1, 2.0 and 3.0 .net frameworks and all associated updates. Once again, I left the PC running and in the morning, i got the 'failed to initialize properly' error when i tried to open utorrents.
-I reinstalled the latest version of utorrent, to no avail.
-Carried out memtest86+, thinking my new RAM upgrade may have caused it, but RAM had no errors.
-I have used CCleaner to fix any issues with the registry. Temp files are cleaned using it on a consistent basis.



What else can I try? I have included the reading from HijackThis after having carried out all antivirus/spyware/malware checks and having cleared temp files....I hope someone out there with some time on their hands can lend a hand analysing this....it has overwhelmed me a little.


Short of a deeply embedded virus/spyware/malware, what else could possible cause the error messages I have been receiving?

Any insight would be much appreciated.

Regards.




HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:18:51, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\Mixer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
 
Sort by date Sort by votes
Can you uninstall ZoneAlarm and temporarily revert to the SP2 Firewall and see if the message goes away? That is only suggested as a last resort following a spate of ZoneAlarm and strange problems, really it is nothing more than just a guess.

I don't much fancy Utorrent, but that's just me.

Your log seems to be clear of malware.

Some general things to try.

See if System Restore will get you back to a restore point before your problem with Explorer.

Try Safe Mode (Do you have this problem in Safe Mode?).

Try running ChkDsk to check your drive for errors. Right-click your Drive icon/ Properties/ Tools/ Error Checking. Select both boxes.

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

 
Upvote 0 Downvote
Forgot to mention, system restore and chkdsk were the first things i tried.

ZoneAlarm has been giving 'TrueVector forced to close' errors....something along that line when it just stops and i need to close and restart the programme.....

Will try windows defender tonight.

The problem didnt happen last night and short of running several anti-malware checks, which found very little of significance, i cant pinpoint the correction down to anything.

Thanks for your help.
 
Upvote 0 Downvote
Nope, zone alarm doesnt have any entries for rundll32.

When I ran the pc overnight, that error didnt come up with windows defender and no zone alarm running, but with zone alarm, i came back in the morning to find the true vector error and disconnected from the internet.

Yesterday evening, however, AVG anti-spyware detected two trojans in safe mode which for some reason none of the others detected. There were two Trojan.Agent.abd files, one in the alcohol 120% software folder, other in system volume information folder.

I googled this up, and it seems several others who posted anti-malware logs found the same trojan in the same alcohol softwares folder.....conspiracy there?

Should it be of concern that AVG anti virus scanner finds 'reading error' for 'boot sector of C' and the following files changed: kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntoskrnl.dll?

Perhaps I should run a command prompt virus scanner? Ive already run everything in safe mode several times.
 
Upvote 0 Downvote
Changed files normally mean just that; perhaps some Windows Update caused that change. If the changed file was infected AVG would inform you of that.

Reading the Boot sector might indicate a Permissions problem, perhaps a Limited User running the Scan?

See what these links can do for you.



The last one will require Registering with the AVGfree Forum (which is also free).

Do you think that ZoneAlarm is the cause of your problem or just an unfortunate victim?
 
Upvote 0 Downvote
hi linney

The boot sector reading error on avg is a false positive, according to the experts at grisoft...theyre working on resolving that on their next update.

Id hope ZoneAlarm is the cause just so I can declare this problem resolved. Im leaning towards a software compatibility issue...two of them on my machine just dont get along.

If it is the victim, then whatever malware is on my machine is elusive beyond compare. If 7 different anti-malware programmes cant remove it, even in safe mode, then I will have to regretfully resort to what someone elsewhere advised me: reinstall XP.

ho hum!

 
Upvote 0 Downvote
Thanks to everyone for their help....it seems to have resolved. Still holding off the reformatting....

Best wishes.
 
Upvote 0 Downvote
So was it ZoneAlarm or some other mystery cause that fixed itself?
 
Upvote 0 Downvote
Hi linney...since last posting, i refrained from using zonealarm and switched to windows firewall instead. The rundll32 error hasnt come up. Either zonealarm had a compatibility issue with something else installed on my machine, or its the poor scapegoat.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
What application do you use
Replies
8
Views
291
2ffat
2ffat
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
196
bobadams52
bobadams52
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
254
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
388
combo
combo
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
309
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top