Win XP SP2: The application failed to initialize properly (0XC0000142)
Hi experts,
I've installed SP2 a few days ago. I also moved my swap file to another partition and left a 256 minimum swap on the root drive. I have 1 GB of ram and swap is 256 mb on root drive and 1600 MB on the other drive (this one is fixed size (min=max))
I also made some cleanup, by deleting some folders (%windir%\$NtServicePackUn
Now, the PC is used by my father and sister. My dad doesn't remember if he did anything other than the usual, and I doubt he did, and my sister was not around.
The SP2 install kit is from an "official" SP2 CD I got from Microsoft. I have the same installed on my laptop for months (but without doing the above mentioned "tweaks").
So the problem was that every single time I tried to execute a program, anything, control panel, cmd.exe, absolutely any program after windows started up, I would get the error from the title.
If I was to ctrl+shift+esc -> task manager, that works. starting any program from task manger via new task, works.
I also ran a memtest, no errors. Ran avg full system scan, nothing. Spybot search and destroy is installed for months, so I don't think it's from there. zone alarm is also up and running as usual, so I don't think anything came in
The funny thing is, that if I ran normally, from explorer, I cannot start anything. If I start task manager, new task -> total commander, and then start things from there, everything works just fine.
So I figured (after reading a lot on google) that maybe my service pack installation got corrupted. So I tried a reinstall of SP2. now, after the reboot, I keep getting the error from the title on migrate.exe and some regsvr32.exe (but I dont' know which dll is it trying to register as it's obviously not saying).
again, starting task manager and total commander from there, and some of the program can be started and worked with, even though windows is not fully up yet (explorer is not running yet since I'm assuming that the SP2 install is doing those registrations and who knows what else).
The thing is, right now I cannot do anything with the computer. rebooting and choosing last known good configuration does nothing:
And I'm one of those guys that never re-install windows, unless it's completly dead. Like it appears to be now. But I still believe it can be fixed without a reinstall. I always seem to find a solution but right now google doens't turn out anything.
Oh, and there was another workaround, which I actually found first: I could place a shortcut in the startup folder (start-all programs-start up) and that program would start just fine.
Since I can run anything through task manager, it's not a memory issue, moreover, it's not hardware.
Given the original first workaround I found, I would say that there must be some program that messes things up (including explorer.exe or some otehr thing from SP if it got corrupted). I killed everything that was not critical (critical system processes, avg, zone alarm and some others) and still the problem persisted.
One otehr thing I forgot to mention, which makes me think that something could have gotten corrupted: I installed SP2 in order to be able to upgrade from avg 7.5 to avg 8.0. However, for some reason, the avg 8 installation was corrupted. the AV seemed to run, but there were some issues when starting the interface, like some strings were not recognied and the configuration was not usable (kept giving some error). there was also some space problem which had as a side effect that there was no more space for the page file (the reason I broke it in 2). I then made space, made 2 swap files as mentioned, and things appeared to be working for a few hours when the error from title came back. and then again it was all messed up.
I also made a check disk, on the 2 partitions in question with repair and force check, it came out clean. no errors.
I'm out of ideas.
I've installed SP2 a few days ago. I also moved my swap file to another partition and left a 256 minimum swap on the root drive. I have 1 GB of ram and swap is 256 mb on root drive and 1600 MB on the other drive (this one is fixed size (min=max))
I also made some cleanup, by deleting some folders (%windir%\$NtServicePackUn
Now, the PC is used by my father and sister. My dad doesn't remember if he did anything other than the usual, and I doubt he did, and my sister was not around.
The SP2 install kit is from an "official" SP2 CD I got from Microsoft. I have the same installed on my laptop for months (but without doing the above mentioned "tweaks").
So the problem was that every single time I tried to execute a program, anything, control panel, cmd.exe, absolutely any program after windows started up, I would get the error from the title.
If I was to ctrl+shift+esc -> task manager, that works. starting any program from task manger via new task, works.
I also ran a memtest, no errors. Ran avg full system scan, nothing. Spybot search and destroy is installed for months, so I don't think it's from there. zone alarm is also up and running as usual, so I don't think anything came in
The funny thing is, that if I ran normally, from explorer, I cannot start anything. If I start task manager, new task -> total commander, and then start things from there, everything works just fine.
So I figured (after reading a lot on google) that maybe my service pack installation got corrupted. So I tried a reinstall of SP2. now, after the reboot, I keep getting the error from the title on migrate.exe and some regsvr32.exe (but I dont' know which dll is it trying to register as it's obviously not saying).
again, starting task manager and total commander from there, and some of the program can be started and worked with, even though windows is not fully up yet (explorer is not running yet since I'm assuming that the SP2 install is doing those registrations and who knows what else).
The thing is, right now I cannot do anything with the computer. rebooting and choosing last known good configuration does nothing:
And I'm one of those guys that never re-install windows, unless it's completly dead. Like it appears to be now. But I still believe it can be fixed without a reinstall. I always seem to find a solution but right now google doens't turn out anything.
Oh, and there was another workaround, which I actually found first: I could place a shortcut in the startup folder (start-all programs-start up) and that program would start just fine.
Since I can run anything through task manager, it's not a memory issue, moreover, it's not hardware.
Given the original first workaround I found, I would say that there must be some program that messes things up (including explorer.exe or some otehr thing from SP if it got corrupted). I killed everything that was not critical (critical system processes, avg, zone alarm and some others) and still the problem persisted.
One otehr thing I forgot to mention, which makes me think that something could have gotten corrupted: I installed SP2 in order to be able to upgrade from avg 7.5 to avg 8.0. However, for some reason, the avg 8 installation was corrupted. the AV seemed to run, but there were some issues when starting the interface, like some strings were not recognied and the configuration was not usable (kept giving some error). there was also some space problem which had as a side effect that there was no more space for the page file (the reason I broke it in 2). I then made space, made 2 swap files as mentioned, and things appeared to be working for a few hours when the error from title came back. and then again it was all messed up.
I also made a check disk, on the 2 partitions in question with repair and force check, it came out clean. no errors.
I'm out of ideas.
Ok, you seem to have various errors, you seem pretty clued up, would you be able to go into the event logs
control pannel>admin tools>event logs
look at teh system and application logs, find any relevant errors and post the details of them here.
Your right in saying that anything can be fixed, the real question is, is it worth the time in fixing it compared to re-installing.
Secondly, You mentioned moving yoru swap file, you said to another "partition" this confuses me, if you move the swap file to a Seperate physical disk, you can increase performance as the heads reading the operating system are not the ones writing to teh swap file, but moving to a seperate partition on the same physical disk means the disk heads are having to travel further between reads and writes, thus decreasing performance. Which have you done? If the latter (same physical disk) i would advise moving it back, thsu elimnating one possible issue.
Anyway, i await yoru error logs
ManicD
control pannel>admin tools>event logs
look at teh system and application logs, find any relevant errors and post the details of them here.
Your right in saying that anything can be fixed, the real question is, is it worth the time in fixing it compared to re-installing.
Secondly, You mentioned moving yoru swap file, you said to another "partition" this confuses me, if you move the swap file to a Seperate physical disk, you can increase performance as the heads reading the operating system are not the ones writing to teh swap file, but moving to a seperate partition on the same physical disk means the disk heads are having to travel further between reads and writes, thus decreasing performance. Which have you done? If the latter (same physical disk) i would advise moving it back, thsu elimnating one possible issue.
Anyway, i await yoru error logs
ManicD
ASKER
hi.
1) I've disabled system restore. It's one of the first things I always do. I just hate that thing (I usually do consistent backups, but I left that task for my sister and you guess, after a while she stopped backing up.
In any case, worse case scenario is a backup restore and a few installs and upgrades to various programs, which is maybe a 2 hour job, but I am 300 miles away from the phisical PC and doing things remotely and I don't really trust my syster do correctly restore from a backup :)
but, if nothing else cuts it, this will be the way. But I'd shulrey like to know at leasat what's wrong.
event viewer was one of the first things I tried to get running. but I get the same error. I just tried opening up explorer and navigating to control panel from there, but still no luck.
the reason of moving the swap to another partition is space. I will at one time go there and backup everything and enlarge the system partition, but until then I figured this will be a workaround.
I've already done an AV scan as I said, with no problems. I am running now an antispyware test with updated spy bot search and destroy.
if nothing comes up I'll try to install hijack this.
1) I've disabled system restore. It's one of the first things I always do. I just hate that thing (I usually do consistent backups, but I left that task for my sister and you guess, after a while she stopped backing up.
In any case, worse case scenario is a backup restore and a few installs and upgrades to various programs, which is maybe a 2 hour job, but I am 300 miles away from the phisical PC and doing things remotely and I don't really trust my syster do correctly restore from a backup :)
but, if nothing else cuts it, this will be the way. But I'd shulrey like to know at leasat what's wrong.
event viewer was one of the first things I tried to get running. but I get the same error. I just tried opening up explorer and navigating to control panel from there, but still no luck.
the reason of moving the swap to another partition is space. I will at one time go there and backup everything and enlarge the system partition, but until then I figured this will be a workaround.
I've already done an AV scan as I said, with no problems. I am running now an antispyware test with updated spy bot search and destroy.
if nothing comes up I'll try to install hijack this.
ASKER
update: I've managed to start eventviewer from task manager. there are no relevant errors/warnings in the past 2 days (which was the time I cleared the event log, soI no longer have the events since I've done the changes)
SBSD is running now. I'll report back when that is done with results
SBSD is running now. I'll report back when that is done with results
ASKER
update:
- I moved the entire swap back into a single file, custom size 1024-1536. no change in behaviour
- find the hijackthis log attached.
what is bugging me is that I really can do anything if I start the application from taskmanager.
is there a way I can enumerate all hooks in a system (I'm looking more for a program that can do this)? and i don't mean just the clasic windows hooks.
- I moved the entire swap back into a single file, custom size 1024-1536. no change in behaviour
- find the hijackthis log attached.
what is bugging me is that I really can do anything if I start the application from taskmanager.
is there a way I can enumerate all hooks in a system (I'm looking more for a program that can do this)? and i don't mean just the clasic windows hooks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:40, on 04.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\Storage Bank\shwicon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\utils\procexp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [ShowIcon_The Company_Storage Bank v1.00] "C:\Program Files\Storage Bank\shwicon.exe" -t"The Company\Storage Bank v1.00"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to procexp.lnk = D:\utils\procexp.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: TeamViewer 3.lnk = C:\Program Files\TeamViewer3\TeamViewer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9121 bytesASKER
another update:
I've tried right clicking on shurtcuts, run as, and using administrator and a newly created test user (added to administrators, power users and users grups). in both cases, no matter what application shortcut I was running as, the application started displayed a part of the UI and then the UI froze up. (applicaiton was not using CPU)
tested applications:
- total commander
- winamp
- nero start smart
- opera
- windows calculator
all behave the same: starting normally: error from title, starting via run-as UI partially displayed then UI freeze (the hour glass cursor is on), and running from task manager they work just fine.
If that makes any sense to you guys, let me know.
as I see it, this eliminates user access rights (since the same user work from task manager, but not normally).
what is different here is the process which is doing the execution.
- in case of normal usage, I believe it's explorer
- in case of run-as, it's some svchost.exe instance
- in case of task-manager .. it's task manager
but, some of the programs are started by explorer at startup (process explorer reports them as children of explorer.exe) so the exe might not be corrupt, instead it's probably something to do with somehting being launched at some point which messes things up, thus some things that are later inherited by child processes (environment, handles, some access rights, etc) of explorer.exe are corrupted/replaced.
I know of no legit application that does this, but I can think of a few API functions that can do part of this. so malware is a ossibility. or even a badly written security application.
while waiting for your input, I will uninstall avg and siable zonealarm, as they are the only security applications I've touched (first one installed new, second one upgraded).
I've tried right clicking on shurtcuts, run as, and using administrator and a newly created test user (added to administrators, power users and users grups). in both cases, no matter what application shortcut I was running as, the application started displayed a part of the UI and then the UI froze up. (applicaiton was not using CPU)
tested applications:
- total commander
- winamp
- nero start smart
- opera
- windows calculator
all behave the same: starting normally: error from title, starting via run-as UI partially displayed then UI freeze (the hour glass cursor is on), and running from task manager they work just fine.
If that makes any sense to you guys, let me know.
as I see it, this eliminates user access rights (since the same user work from task manager, but not normally).
what is different here is the process which is doing the execution.
- in case of normal usage, I believe it's explorer
- in case of run-as, it's some svchost.exe instance
- in case of task-manager .. it's task manager
but, some of the programs are started by explorer at startup (process explorer reports them as children of explorer.exe) so the exe might not be corrupt, instead it's probably something to do with somehting being launched at some point which messes things up, thus some things that are later inherited by child processes (environment, handles, some access rights, etc) of explorer.exe are corrupted/replaced.
I know of no legit application that does this, but I can think of a few API functions that can do part of this. so malware is a ossibility. or even a badly written security application.
while waiting for your input, I will uninstall avg and siable zonealarm, as they are the only security applications I've touched (first one installed new, second one upgraded).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) Run a System Restore to a date before you installed SP2.
2) Scan your PC with antivirus and antispyware programs. Delete what they suggest. Then install HiJackThis and post the log here for assistance in interpretation.
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
The error message you report is really not too meaningful. It covers a lot of territory. http://www.google.com/search?hl=en&rls=GGLG,GGLG:2006-38,GGLG:en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=WinXP+SP2%3A+The+application+failed+to+initialize+properly+(0XC0000142)&spell=1
You could look into Event Viewer and see if anymore info is provided.
Start|Administration Tools|Event Viewer|Click System. Click redball error icons that occurred when you had the problem. The first window may not tell you much, allow sending the message to MS, but then click on the go.microsoft.com icon. That window may have more info and even a possible solution.
If things are working again, you could try reinstalling SP2, but this time do it from Windows Update. And disable your antivirus program while you do.