Tech Support banner

Not open for further replies.
1 - 2 of 2 Posts

6 Posts
Discussion Starter · #1 ·
My Windows XP SP2 based machine has been encountering a problem for the past two weeks and I cant seem to pinpoint what the cause is. I have carried out some diagnostic tests but seem to have hit a dead end, so I would appreciate any suggestions any of you folk can come up with.

The Problem:
-Issues emerge after leaving PC running over night.
-When i come back to the PC in the morning, several applications fail to open giving the error: 'rundll32.exe application failed to initialize properly'.
-Always affects utorrent.exe, which I leave running.
-Mostly affects other applications too.
-Sometimes even task manager refuses to open.
-Normal shut down procedure doesnt operate and I am left with no option but to force shut down using the power button.

System Specs:
-Windows XP Pro SP2
-Intel Xeon 2.8 GHz
-All latest updates installed
-Zonealarm, AVG anti virus, Windows Defender and Peerguardian2 always run in background with latest definitions.

Diagnostics Carried Out:
-I ran full system checks using AVG anti virus, Windows Defender, AVG anti spyware, spybot search&destroy, super anti-spyware, ad-aware 2007 and mcAffes stinger using the latest versions and definitions. These were carried out both in normal and safe mode. No viruses were detected. Only a couple of tracking cookies were found which the software labelled as mild-medium threat. Naturally, I removed these. I left the PC running overnight and the problem was still there.
-I read on a forum that the lack of some .net frameworks may cause conflicts with utorrent, so i downloaded 1.1, 2.0 and 3.0 .net frameworks and all associated updates. Once again, I left the PC running and in the morning, i got the 'failed to initialize properly' error when i tried to open utorrents.
-I reinstalled the latest version of utorrent, to no avail.
-Carried out memtest86+, thinking my new RAM upgrade may have caused it, but RAM had no errors.
-I have used CCleaner to fix any issues with the registry. Temp files are cleaned using it on a consistent basis.

What else can I try? I have included the reading from HijackThis after having carried out all antivirus/spyware/malware checks and having cleared temp files....I hope someone out there with some time on their hands can lend a hand analysing has overwhelmed me a little.

Short of a deeply embedded virus/spyware/malware, what else could possible cause the error messages I have been receiving?

Any insight would be much appreciated.


HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:18:51, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

6 Posts
Discussion Starter · #2 ·
When Ive done some systematic overnight runs: that error didnt come up with windows defender and no zone alarm running, but with zone alarm, i came back in the morning to find the true vector error and disconnected from the 'failed to initialize' error, though.

Yesterday evening, however, AVG anti-spyware detected two trojans in safe mode which for some reason none of the other anti-spyware detected...nor were they found when i ran AVG antiS the last time. There were two Trojan.Agent.abd files, one in the alcohol 120% software folder, other in system volume information folder.

I googled this up, and it seems several others who posted anti-malware logs found the same trojan in the same alcohol softwares folder.....conspiracy there?

Should it be of concern that AVG anti virus scanner finds 'reading error' for 'boot sector of C' and the following files changed: kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntoskrnl.dll?

Perhaps I should run a command prompt virus scanner? Ive already run everything in safe mode several times.
1 - 2 of 2 Posts
Not open for further replies.