EMET 5.0 - explorer.exe - INVALID_POINTER_WRITE_EXPLOITABLE

Similar Messages

• Windows Server 2012 R2 RDS + User profile Disks + App-V = Explorer.exe crashing all of the time

  I have built a new RDS farm on Windows Server 2012 R2 with two Session Hosts and a combined Connect Broker/Web Access server. I had the farm up and running with User Profile Disks and all seemed OK. However, as soon as I installed the App-V 5.0 SP2 RDS
  client on the session hosts, the explorer.exe process started crashing for any user logging in via the Web Access site. The process crashes and restarts every five to ten seconds. It's the same for administrators. If they log in via Web Access explorer.exe
  crashes, but if they RDP directly to one of the session hosts explorer.exe is fine. If I reboot the session hosts, then the first user to log in via Web Access has a stable desktop session (and appears to have a new profile as well). However, if that user
  logs out and back in again, explorer.exe starts crashing again. The only applications I have packaged at the moment are Office 2013 and Firefox.
  I tried disabling User Profile Disks, but this caused a whole bunch of other problems and I eventually lost the ability to log in at all via Web Access (errors about the user profile service). As this is a small pre-production environment I completed scrapped
  all of the servers and rebuilt from scratch. Again, everything appeared fine until I installed the App-V client, then explorer.exe started crashing repeatedly for all users.
  Has anyone come across this issue before? I have tried installing the App-V 5.0 SP2 Hotfix Package 2, but this didn't help. I have read in a few forums that App-V doesn't work very well with User Profile Desks, but I have not heard of this particular issue.
  Similarly, SP2 seems to have a lot of problems, so I am going to try removing App-V RDp Client SP2 and installing SP1. I ahev also deleted User Profile Disks for the test users to recreate their profiles, but this didn't help either.
  Any other suggestions welcome!

  I forgot to include the application event log entry for explorer.exe crashing:
  Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
  Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
  Exception code: 0xc06d007e
  Fault offset: 0x0000000000005bf8
  Faulting process id: 0xae8
  Faulting application start time: 0x01cfab3a273787fd
  Faulting application path: C:\Windows\explorer.exe
  Faulting module path: C:\Windows\system32\KERNELBASE.dll
  Report Id: 69210d77-172d-11e4-80c6-0050560102d1
  Faulting package full name: 

• Multiple instances of explorer.exe running in task manager

  I got a dropper trojan virus on my computer that microsoft security essencials do not recognized but after running "superantispyware" antivirus I got discover it and delete it. After that, I still could find the infected files in my
  administrator folders as .temp files and I just erased them. After that my computer started crashing and runing several instances of explorer.exe in the task manager with different memory values, some of them ascending to 350,000. I have set up my computer
  to run just the basic services, I have tried windows in safe mode, ran other antivirus programs but still it is performing the same. As far as I have noticed other unusual process present are host.dll, dllhost.exe, and logonUI.exe. Any idea about it? Thanks
  in advance for your help.

  I have the same issue. It started about a month ago when I was filling out a form online and had to quit and close the window.  My system got very buggy (can't remember details), flashing, then really slow.  Found a bunch of explorer.exe instances
  in Task Manager.  Ran Security Essentials and several other anti-viruses, nothing found.
  Running Win7 Pro, sp1, 64-bit, CoreI5, 4Gb Ram
  Restored system to a previous version, didn't work
  Restored last system image, didn't work
  Used System Repair Disk - ran Memory Diagnostic.  Said it would give me report after reboot.  Never saw a report after reboot. But only one instance of explorer.exe in task manager at that point.  Took disk out, rebooted normally.  After
  20 minutes or so, the multiple instances were back.
  Used Repair Disk again, ran Memory Diagnostic. Again, no report after reboot (leaving disk in machine both times), but only one instance running again. 
  Did this a few times with the same result, so now leaving disk in system and always boot from it.
  Ran Security Essentials again, found that rovnix virus, removed, ran again, found it again.
  Ran search for instances and found many.  Here's an example:
  C:\Windows\explorer.exe
  C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5
  C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332
  C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d
  C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba
  C:\Windows\SysWOW64
  When I check properties on the now single one on Task Manager, this is what it shows:
  C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
  C:\Windows\explorer.exe
  I was going to reinstall entire system, but was from an Anytime Upgrade which now says it's invalid.  Much more to story on that (calls to MS support, etc.).

• Windows 8 explorer.exe keeps crashing and I can't use Windows update as a result!

  I've got Windows 8 64-bit, and it's been running fine for about 2 months now. Just today, it's started to crash the desktop every 6 seconds. The screen goes purple (which I'm pretty sure is just my chosen background colour), the outline of the taskbar remains,
  but all the icons disappear, and then everything returns, only to crash again in another 6 seconds. I've watched the task manager, and under "background processes", an icon called "Windows Problem Reporting" appears for about a second,
  and then goes away.
  I've looked up some other people's questions about this, and most people seem to recommend checking for updates, or installing new graphics drivers, but this is not an option for me. Whenever the desktop crashes, it shuts down control panel as well. This
  means I can't start my computer in safe mode, I can't check for updates, I can't uninstall/update drivers, I basically can't make any changes to my computer! Even as I'm writing this message, the cursor keeps disappearing from the test box whenever the desktop
  crashes, and I have to click on the screen every 6 seconds. ARGH!

  I crash is caused by the Intel driver:
  Call Site
  ntdll!NtWaitForSingleObject
  ntdll!RtlReportExceptionEx
  ntdll!RtlReportException
  verifier!AVrfpVectoredExceptionHandler
  ntdll!RtlpCallVectoredHandlers
  ntdll!RtlDispatchException
  ntdll!KiUserExceptionDispatch
  verifier!VerifierStopMessage
  verifier!AVrfpDphReportCorruptedBlock
  verifier!AVrfpDphCheckNormalHeapBlock
  verifier!VerifierCheckPageHeapAllocation
  verifier!AVrfpHeapFree
  hccutils!DllUnregisterServer
  hccutils!GetCUICustomizationKey
  hccutils!GetCUICustomizationKey
  hccutils!GetCUICustomizationKey
  hccutils!CreateThisKey
  hccutils!FindResources
  hccutils!LoadSTRING
  hccutils!SaveString
  hccutils!LoadICON
  hccutils!LoadIMAGE
  igfxcpl!CPlApplet
  shell32!CPL_CallEntry
  shell32!_InitializeControl
  shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''
  shell32!CPL_LoadCPLModule
  shell32!_LoadCPLModuleAndAdd
  shell32!CPLD_InitModule
  shell32!CControlPanelEnum::_NextNonCachedCpl
  shell32!CControlPanelEnum::Next
  shell32!CRegFolderEnum::Next
  shell32!CControlPanelAppletList::_AddAppletsToCategories
  shell32!CControlPanelAppletList::LoadSlowApplets
  shell32!CControlPanelDataWorkItem::_LoadSlowData
  shell32!CControlPanelDataWorkItem::DoWork
  shell32!CFrameTask::InternalResumeRT
  shell32!CRunnableTask::Run
  shell32!CShellTask::TT_Run
  shell32!CShellTaskThread::ThreadProc
  shell32!CShellTaskThread::s_ThreadProc
  SHCore!ExecuteWorkItemThreadProc
  ntdll!RtlpTpWorkCallback
  ntdll!TppWorkerThread
  kernel32!BaseThreadInitThunk
  ntdll!RtlUserThreadStart
  0:031> lmvm igfxcpl
  start end module name
  00000001`80000000 00000001`80025000 igfxcpl (export symbols) igfxcpl.cpl
  Loaded symbol image file: igfxcpl.cpl
  Image path: C:\Windows\System32\igfxcpl.cpl
  Image name: igfxcpl.cpl
  Timestamp: Mon Sep 03 04:50:21 2012 (50441AED)
  CheckSum: 00022721
  ImageSize: 00025000
  File version: 8.15.10.2849
  Product version: 8.15.10.2849
  File flags: 0 (Mask 3F)
  File OS: 4 Unknown Win32
  File type: 2.0 Dll
  File date: 00000000.00000000
  Translations: 0409.04b0
  CompanyName: Intel Corporation
  ProductName: Intel(R) Common User Interface
  InternalName: IGFXCPL
  OriginalFilename: IGFXCPL.DLL
  ProductVersion: 8.15.10.2849
  FileVersion: 8.15.10.2849
  PrivateBuild: 8.15.10.2849
  SpecialBuild: 8.15.10.2849
  FileDescription: igfxcpl Module
  LegalCopyright: Copyright 1999-2006, Intel Corporation
  LegalTrademarks: Copyright 1999-2006, Intel Corporation
  Comments: Copyright 1999-2006, Intel Corporation
  0:031> lmvm hccutils
  start end module name
  00000000`09ee0000 00000000`09eff000 hccutils (export symbols) hccutils.dll
  Loaded symbol image file: hccutils.dll
  Image path: C:\Windows\System32\hccutils.dll
  Image name: hccutils.dll
  Timestamp: Mon Sep 03 04:49:28 2012 (50441AB8)
  CheckSum: 00023677
  ImageSize: 0001F000
  File version: 8.15.10.2849
  Product version: 8.15.10.2849
  File flags: 0 (Mask 3F)
  File OS: 4 Unknown Win32
  File type: 2.0 Dll
  File date: 00000000.00000000
  Translations: 0409.04b0
  CompanyName: Intel Corporation
  ProductName: Intel(R) Common User Interface
  InternalName: HCCUTILS
  OriginalFilename: HCCUTILS.DLL
  ProductVersion: 8.15.10.2849
  FileVersion: 8.15.10.2849
  PrivateBuild: 8.15.10.2849
  SpecialBuild: 8.15.10.2849
  FileDescription: hccutils Module
  LegalCopyright: Copyright 1999-2006, Intel Corporation
  LegalTrademarks: Copyright 1999-2006, Intel Corporation
  Comments: Copyright 1999-2006, Intel Corporation
  So update the driver or use ShellExView to disable the Intel shell extension.
  The second crash looks like a corrupted shel32.dll on the HDD:
  CHKIMG_EXTENSION: !chkimg -lo 50 -d !shell32
  7fcac39c000-7fcac39c059 90 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43944
  [ 4d d8 e8 09 77 b1 ff 48:16 00 00 00 02 00 00 00 ]
  7fcac39c05b-7fcac39c07a 32 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+4399f (+0x5b)
  [ 8b d8 7c 1d 48 8b 4d e0:00 00 00 00 00 00 00 00 ]
  7fcac39c07c-7fcac39c0af 52 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+439c0 (+0x21)
  [ 48 8d 4d e0 e8 8b 76 b1:00 00 00 00 00 00 00 00 ]
  7fcac39c0b1-7fcac39c0bb 11 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+439f5 (+0x35)
  [ a9 ff 48 8b 06 4c 8d 05:00 00 00 00 00 00 00 00 ]
  7fcac39c0bd-7fcac39c0c4 8 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a01 (+0x0c)
  [ 8b d3 48 8b ce ff 90 98:00 00 00 00 00 00 00 00 ]
  7fcac39c0c8-7fcac39c0ca 3 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a0c (+0x0b)
  [ 90 e9 16:00 00 00 ]
  7fcac39c0cc-7fcac39c0e6 27 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a10 (+0x04)
  [ a9 ff cc 48 8b 07 48 8b:00 00 00 00 98 e0 53 ae ]
  7fcac39c0e8-7fcac39c0ef 8 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a2b (+0x1c)
  [ 8b d3 48 8b cf ff 90 98:00 00 00 00 00 00 00 00 ]
  7fcac39c0f3-7fcac39c0fa 8 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a36 (+0x0b)
  [ 90 e9 be 05 a9 ff bb 18:04 00 00 00 00 00 00 00 ]
  7fcac39c0fd-7fcac39c118 28 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a40 (+0x0a)
  [ 80 e9 b4 05 a9 ff cc 48:00 00 00 d0 e0 53 ae fc ]
  7fcac39c11c-7fcac39c13c 33 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a5e (+0x1f)
  [ ff 10 90 e9 7c 78 a8 ff:00 00 00 00 00 00 00 04 ]
  7fcac39c13f-7fcac39c175 55 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43a80 (+0x23)
  [ 80 e9 7d e4 a8 ff cc 48:00 00 f4 53 ae fc 07 00 ]
  7fcac39c179-7fcac39c189 17 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43ab8 (+0x3a)
  [ 85 c0 75 14 8d 50 01 44:00 00 00 00 00 00 00 ff ]
  7fcac39c18b-7fcac39c1b5 43 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43aca (+0x12)
  [ 90 e9 0b cf b5 ff 8b d3:ff 00 00 00 00 00 00 00 ]
  7fcac39c1b7-7fcac39c1c9 19 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43af5 (+0x2c)
  [ 07 80 e9 61 e9 a8 ff 4c:00 00 00 00 00 00 00 00 ]
  7fcac39c1cb-7fcac39c1e9 31 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b09 (+0x14)
  [ 10 48 85 db 0f 84 4a e9:ff 00 00 00 00 00 00 00 ]
  7fcac39c1eb-7fcac39c1f4 10 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b27 (+0x20)
  [ 07 80 e9 db b3 a8 ff cc:00 00 00 00 00 00 00 00 ]
  7fcac39c1f6-7fcac39c208 19 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b31 (+0x0b)
  [ 07 80 e9 28 f4 a8 ff cc:00 00 00 00 00 00 00 00 ]
  7fcac39c20a-7fcac39c237 46 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b42 (+0x14)
  [ 50 08 33 c0 e9 81 b4 a8:ff ff 00 00 00 00 00 00 ]
  7fcac39c239-7fcac39c240 8 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b65 (+0x2f)
  [ 48 8d 4d e8 41 b9 ff 1c:00 00 00 00 00 00 00 00 ]
  7fcac39c243-7fcac39c248 6 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b6f (+0x0a)
  [ 41 83 c8 ff ba 01:00 00 00 00 00 00 ]
  7fcac39c24c-7fcac39c25e 19 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b78 (+0x09)
  [ e8 4f 70 b0 ff 83 f8 ff:00 00 00 00 10 00 00 00 ]
  7fcac39c260-7fcac39c361 258 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43b8c (+0x14)
  [ 80 e9 2d b2 a8 ff 48 8d:00 00 00 00 00 00 00 00 ]
  7fcac39c363-7fcac39c36c 10 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43c8d (+0x103)
  [ 07 80 e9 b5 bb a8 ff cc:00 00 00 00 00 00 00 00 ]
  7fcac39c36e-7fcac39c39b 46 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43c97 (+0x0b)
  [ 07 80 e9 c1 da a8 ff cc:00 00 00 00 00 00 00 00 ]
  7fcac39c39d-7fcac39c3eb 79 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43cc5 (+0x2f)
  [ 3a 90 ff 84 c0 0f 84 cd:00 00 00 00 00 00 00 00 ]
  7fcac39c3ed-7fcac39c3f8 12 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43d14 (+0x50)
  [ 90 e9 fb e3 b8 ff cc ff:00 00 00 00 00 00 00 00 ]
  7fcac39c3fa-7fcac39c405 12 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43d20 (+0x0d)
  [ 85 c0 0f 8e 42 8a a8 ff:00 00 00 00 00 00 00 00 ]
  7fcac39c408-7fcac39c489 130 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43d2e (+0x0e)
  [ 07 80 e9 35 8a a8 ff cc:00 00 00 00 00 00 00 00 ]
  7fcac39c48b-7fcac39c4a5 27 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43daf (+0x83)
  [ 48 85 db 74 09 48 8b 13:ff 00 00 00 00 00 00 00 ]
  7fcac39c4a8-7fcac39c4b5 14 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43dc8 (+0x1d)
  [ 00 ff 50 40 85 c0 0f 88:3f 00 00 00 2d 22 04 0b ]
  7fcac39c4b9-7fcac39c4bd 5 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43dd9 (+0x11)
  [ eb 12 ba 01 00:00 00 00 09 04 ]
  7fcac39c4c0-7fcac39c4e7 40 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43de0 (+0x07)
  [ ff 50 40 85 c0 0f 88 cb:10 00 00 00 01 00 00 00 ]
  7fcac39c4ea-7fcac39c4ff 22 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43e06 (+0x2a)
  [ c0 41 8d 51 01 ff 15 43:00 00 00 00 00 00 00 00 ]
  7fcac39c501-7fcac39c508 8 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43e1d (+0x17)
  [ 48 8d 4d e8 41 b9 ff 1c:00 00 00 00 00 00 00 3f ]
  7fcac39c50b-7fcac39c510 6 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43e27 (+0x0a)
  [ 41 83 c8 ff ba 01:00 e4 04 00 00 3f ]
  7fcac39c514-7fcac39c526 19 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43e30 (+0x09)
  [ e8 87 6d b0 ff 83 f8 ff:00 00 00 00 00 00 00 00 ]
  7fcac39c528-7fcac39c5a8 129 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43e44 (+0x14)
  [ 80 e9 c1 b8 a8 ff 48 8d:f0 d3 bc ab fc 07 00 00 ]
  7fcac39c5aa-7fcac39c5ab 2 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43ec6 (+0x82)
  [ cc 83:fe ff ]
  7fcac39c5ad-7fcac39c5b9 13 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43ec8 (+0x03)
  [ 01 0f 85 40 7d a8 ff 48:07 00 00 b0 ad 0d 7b 95 ]
  7fcac39c5bb-7fcac39c5d6 28 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43ed6 (+0x0e)
  [ 48 8b 11 ff 52 10 90 e9:00 00 00 00 00 02 00 00 ]
  7fcac39c5d8-7fcac39c695 190 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43ef2 (+0x1d)
  [ 48 8b 11 ff 52 08 90 e9:00 00 00 00 00 00 00 00 ]
  7fcac39c699-7fcac39c6eb 83 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43faa (+0xc1)
  [ 48 8b ce 41 ff 53 40 8b:00 00 00 00 00 00 00 00 ]
  7fcac39c6ef-7fcac39c6f5 7 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+43ffd (+0x56)
  [ ff 50 60 c7 07 02 00:00 4a 06 b7 af f7 07 ]
  7fcac39c6f8-7fcac39c705 14 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+44006 (+0x09)
  [ eb 18 48 8b 01 4c 8d 05:00 00 00 00 00 00 00 00 ]
  7fcac39c708-7fcac39c70c 5 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+44016 (+0x10)
  [ 00 ff 50 60 c7:22 02 b6 af f7 ]
  7fcac39c70e - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+4401c (+0x06)
  [ 03:00 ]
  7fcac39c710-7fcac39c71e 15 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+4401e (+0x02)
  [ 00 00 44 8b c8 e9 a9 a1:40 9d 26 69 e8 00 00 00 ]
  7fcac39c720-7fcac39c75c 61 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+4402c (+0x10)
  [ 00 00 e9 17 74 a8 ff c7:10 74 0d 7b 95 00 00 00 ]
  7fcac39c75e-7fcac39c7c1 100 bytes - shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''+44068 (+0x3e)
  [ 80 e9 a5 d8 ae ff cc b8:00 00 60 87 53 ae fc 07 ]
  WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
  8192 errors : !shell32 (7fcac39c000-7fcac3aeebb)
  APP: explorer.exe
  FAULTING_THREAD: 0000000000000f0c
  ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
  LAST_CONTROL_TRANSFER: from 000007fcabcc02f5 to 000007fcac39cd00
  BUGCHECK_STR: APPLICATION_FAULT_MEMORY_CORRUPTION_INVALID_POINTER_WRITE_LARGE_EXPLOITABLE
  PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE_EXPLOITABLE
  DEFAULT_BUCKET_ID: MEMORY_CORRUPTION_LARGE_EXPLOITABLE
  STACK_TEXT:
  00000000`00000000 00000000`00000000 memory_corruption!shell32+0x0
  SYMBOL_STACK_INDEX: 0
  SYMBOL_NAME: memory_corruption!shell32
  Repair the DLL with DISM:
  http://social.technet.microsoft.com/Forums/en-US/w8itprogeneral/thread/5c651c1b-f800-47c4-801d-98996eaf99a4/#c280a27b-7bc9-43ac-9c1a-2ad97230a9ea
  "A programmer is just a tool which converts caffeine into code"

• Explorer.exe hangs on resolution changes

  I seem to have to have a very persistant, very reproducable and very annoying problem with explorer.exe just completely "hanging" frequently. This started happening near the end of November, about a month after I used Windows 7 (professional x64) with no problems. To make a long story short, it happens nearly any time my display changes (resolution or anything else).
  Here's a more detailed description:
  Before late November, everything worked perfectly. I don't recall what could have caused the change. I uninstalled anything I installed during or after November. I do not have anything visible on my desktop. However, any time the resolution changes, explorer.exe hangs using 50% of my cpu, or 100% of one core. Clicking on the taskbar or desktop lets me know that "Explorer.exe has stopped responding", allowing me to restart it, which I occasionally also choose to do via Process Explorer. At first, I only noticed during or after playing games, but now I have tested this thoroughly and determined that it is in fact most likely a display problem, concluded from the following pretty exhaustive list:
  Unplugging my external monitor causes explorer.exe to hang.
  Plugging in my external monitor also does.
  Changing resolutions on either monitor, to any resolution, causes explorer.exe to hang.
  Changing resolutions on the internal monitor while the external monitor is unplugged also causes a hang.
  Uninstalling the ATI display drivers causes a hang.
  Changing resolutions with the default Windows display drivers between 800x600 and 1024x768 (the only two options) causes a hang. (Uninstalled and followed with Driver Sweeper so no trace of the ATI display drivers are available and the display is running purely on Windows defaults.)
  Installing updated ATI drivers causes a hang directly after the resolution is changed automatically.
  Unchecking all options in the "Perfermance Options" causes explorer.exe to hang.
  Unchecking all options but leaving visual styles on does not result in a hang (if it was on to start with).
  Turning off visual styles causes the display to blink briefly before displaying the "Please wait" box and, when it is finished and the desktop is displayed again, explorer.exe has been hanging approximately since the display blink.
  Running games that cause the resolution to change usually cause explorer.exe to hang, but not always. This is particularly odd. Opening the simple game Torchlight in full screen at 1280x800, does not pose a problem; however, Alt-Tabbing out of it causes the hang as well as closing it, which both revert the resolution to the desktop resolution (1920x1200). Running the game in a window is no problem. Running the game in full screen at 1920x1200 is also no problem, regardless of starting, using Alt-Tab or closing, even though the display blinks for a moment. Team Fortress 2 consistently causes explorer to hang when launching (hanging TF2 as well, until explorer has been killed). All goes well while TF2 is running, even with explorer restarted. When TF2 is closed, explorer hangs again. Thus, it always causes explorer to hang, whether opening or closing. In windowed mode, it causes no problems. I can give examples of a number of more games if it helps pinpoint the problem.
  The event viewer shows no errors or warnings after a hang (except for the standard ones that are generated if the "Explorer.exe has stopped responding" dialog shows up by clicking on the taskbar or desktop. If it is killed manually before showing the dialog, nothing shows up.) It does log some information specific to ATI functions in the ACEEventLogSource which seem to be specific to an explorer freeze. No information was generated when Torchlight changed resolutions without a resulting hang but the following was generated upon closing, with an explorer hang:
  0000000090: 2010-01-12 00:13:47:423 FAILED:ADL_Display_SLSGrid_Caps and return value is: -1
  Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::CheckSLSSupported processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Caste.Graphics.Runtime, Version=2.0.3615.38596, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000091: 2010-01-12 00:13:48:428 FAILED:ADL_Display_SLSGrid_Caps and return value is: -1
  Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::CheckSLSSupported processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Caste.Graphics.Runtime, Version=2.0.3615.38596, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000092: 2010-01-12 00:13:49:775 FAILED:ADL_Display_DisplayMapConfig_PossibleAddAndRemove is: -8
  Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsCaste_N::GetAddOneRemoveOneDisplayIDList processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Caste.Graphics.Runtime, Version=2.0.3615.38596, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000093: 2010-01-12 00:13:49:967 FAILED:ADL_Display_SLSGrid_Caps and return value is: -1
  Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::CheckSLSSupported processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Caste.Graphics.Runtime, Version=2.0.3615.38596, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000094: 2010-01-12 00:13:49:970 FAILED:ADL_Display_SLSGrid_Caps and return value is: -1
  Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::CheckSLSSupported processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Caste.Graphics.Runtime, Version=2.0.3615.38596, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000095: 2010-01-12 00:13:50:496 _IDEMDeviceDFP2Settings_0812.GetDFP2ITCFlag failed with status 2
  Error Called by: ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::PrivateRefresh processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Aspect.DeviceDFP.Graphics.Runtime, Version=2.0.3615.38640, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000096: 2010-01-12 00:13:50:499 FAILED: ADL.ADL.ADL_DFP_AllowOnlyCETimings_Get
  Error Called by: ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::PrivateRefresh processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Aspect.DeviceDFP.Graphics.Runtime, Version=2.0.3615.38640, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  0000000097: 2010-01-12 00:13:50:517 Unable to obtain Color Correction information, dem status: -2
  Error Called by: ATI.ACE.CLI.Aspect.DeviceLCD.Graphics.Runtime.RT_DeviceLCD::Parse processID:03384 threadID:( ) domainName:(CCC.exe ) assemblyName:(CLI.Aspect.DeviceLCD.Graphics.Runtime, Version=2.0.3615.38647, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
  Disabling all non-Microsoft Shell extensions (with ShellExView x64) didn't help.
  As of writing, I have the feeling it didn't happen in safe-mode but I would need to retest this to make sure.
  A clean boot yields no improvement. Changing the resolution following a clean boot still results in a hang.
  Using Process Explorer, I have also checked all non-Microsoft DLL's running in conjunction with Exlporer.exe and these were only db's (some related to BitTorrent), a Comodo antivirus DLL and a bunch of Broadcom Widcomm Bluetooth files. Thus, I uninstalled all of those including the bluetooth software and drivers, unfortunately, to no avail. Changing resolutions still crashes Explorer!
  My system is as follows:
  ASUS M51Va Notebook
  Windows 7 Professional x64
  ATI Radeon HD 3650
  Catalyst Version 09.12
  DirectX Version 11
  Direct3D Version 8.14.10.0716
  OpenGL Version 6.14.10.9232
  Internal monitor Generic PnP Monitor at 1200x800 32bit 61Hz
  External monitor Samsung SyncMaster 2433BW/2433GW, SyncMaster Magic at 1920x1200 32bit 59Hz connected by an HDMI to DVI-D cable
  Anti-virus is Comodo
  If any more information is needed I'll gladly provide it! This is truly a very aggrivating problem. Particularly when gaming or hooking up displays for presentations etc. I really can't think of any thing else that could be meddling with Explorer, causing it to crash. I would love to find the source of the problem, but I'm prepared to finally bite the bullet and reinstall Windows to get rid of this extremely annoying problem. Help would really be appreciated.
  If I figure anything out, I'll post the results.

  Hi Eric,
  I would like to suggest you update the BIOS and the hardware drivers first.
  If the issue persists, would you please send me more information for analyzing. For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")
  Workspace URL: https://sftasia.one.microsoft.com/choosetransfer.aspx?key=c6554906-fc59-4afc-b248-15a77e6b766a
  Password: dPm84CYEytpieE8
  Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding.
  Collect the Windows Explorer dump files
  ========================
  1. Click Start, type Notepad in the Search bar and press Enter.
  2. Copy the following commands and then paste them into the open Notepad window.
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Explorer.exe]
  "DumpFolder"=hex(2):43,00,3a,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,44,00,75,\
    00,6d,00,70,00,73,00,00,00
  3. After pasting the above commands, please click File on the menu and click Save.
  4. Type in CollectDump.reg as the file name, select to save the file on the Desktop. Click Save.
  5. Go to the Desktop, and double click CollectDump.reg. A dialog box will pop-up saying "Are you sure you want to add the information in fix.reg to the registry?". Click Yes to confirm.
  Note: Administrative privileges are required to perform the above steps. Please click "Continue" when the User Account Control dialog-box appears.
  6. Reboot the computer and send the dump files in C:\LocalDumps to me after reproducing the Windows Explorer issue.
  Regards,
  Arthur Li - MSFT

• Need to restart the explorer.exe process virtually every single time I need to access a file

  As the subject/title says.
  This is on my replacement ThinkPad W530 which replaced my previous T530. I had my T530 from about April until earlier this week when it was picked up. The T530 gave me nothing but problems, including, but not limited to:
  Constant stalling of everything on the laptop with no mouse movement
  An out of the blue nonfunctioning microphone mute button and fingerprint reader a few weeks after I had the T530's motherboard replaced (because of the stalling issue)
  Every hour or so, I would get successive blackouts of the screen that were about 3-5 seconds apart. Sometimes they would reset the maximisation of the windows I had open
  But I digress; those were issues with my previous ThinkPad. Now the major standout issue I have with my W530 is that pretty much any time I want to access a file, I have to close and restart the explorer.exe process. This results from:
  Not being able to access folders or folder shortcuts on my desktop
  Not being able to use anything on my taskbar including the start menu. This includes hitting the windows key
  NOTE: this is an issue with WINDOWS explorer and NOT INTERNET explorer, which one member of your support team was not able to distinguish - this person tried to direct me to WiFi troubleshooting.
  The only way I have been able to remedy this has been to use task manager to reset it.
  In addition, you would expect a W530 with an i7-3740QM and an Nvidia K2000M Quadro to be pretty much buttery smooth, especially considering it's about 2 weeks old, right? Far from it. This is the slowest excuse for a new laptop that is this well spec'd I have ever used.
  I have done factory resets and pretty much everything under the sun within the realms of the Lenovo periperhal programs to try to remedy it (so as to not void my warranty) to no avail.
  If this problem cannot be fixed without me going well out of my way, then I am demanding a refund. Your support team, whilst generally helpful and *usually* knowing what they are talking about, have not been a help, and have honestly just been another hurdle to get past so I can get my money back. I do applaud them for the willingness to sit and walk people through everything.
  If this is the price I pay for the reliability of a Lenovo ThinkPad, then I greatly look forward to the glorious day I can be rid of Lenovo from my life and making about $500 while I go buy an equivalently or better spec'd laptop from quite literally any other computer company on the planet.

  What operating system are you running? I assume they had you install the latest BIOS. True? If it were mine, I would suggest forcing it to use integrated graphics (in the BIOS) to rule out a problem with the NVidia driver.

• Explorer.exe uses too much CPU cycles (roughly 50%)... How can I fix this?

  Hi everyone,
  In the last two days I have noticed a serious loss in system performance.  The first thing I do when I come accross a performance issue is to make sure that I don't have any scheduled automatic scans running in the background, such as my antivirus.  If they aren't, I then open the task manager and check to see what process(es) is(are) causing the performance issue based on CPU usage.  I discovered that explorer.exe is now regularly using approximately 50% of my CPU power AT ALL TIMES (with fluctuations ranging from as low as 35% to as high as 99%, but 45%-55% is the most common range).
  Now I thought this might have been some sort of fluke, so I rebooted several times, and in all cases I find explorer.exe continues to use this hefty amount of CPU power.  This persists even if I leave the system alone (running, but not being used) for 15 minutes or more.
  This is causing major performance issues with trying to run any/all other applications on the system, and even worse performance issues if I try to use explorer for something such as directory navigation, file searching, or file access.
  I recently made an update to Windows (about a day before this problem arose), so I thought that might be the cause of this, so I ran a system restore to the restore point made before the install.  That didn't fix the problem.  Since the problem has only started in the last two days, I restored to a point three days ago.  That didn't fix it either.  I have since tried to restore to points 5 and 7 days old, and neither of those worked to fix this problem either.
  I can use the task manager to end-task explorer.exe, and then restart it using "new task" from the file menu, and this seems to correct the problem.  After doing such a "restart" of explorer.exe, the process no longer uses 50% of my CPU power, and instead uses only 0%-20% depending on what I'm doing.  This, however, is not a viable long-term solution for a couple of reasons:  1) it screws up my tray icons, causing many to disappear even though their parent programs/processes are still running, and causing others to appear even though they shouldn't be there; and 2) subsequent instances of explorer.exe such as for directory navigation still have some performance problems and are prone to crashes.
  I need to know how to repair or replace explorer.exe without having to format my hard drive and re-install (either from scratch or using a system recovery disc).  I can try using some sort of shell replacement such as Aston, Emerge, or GeoShell, but I shouldn't have to do that.
  It may be that one of my other startup applications is causing some sort of compatibility issue, but that seems unlikely since I haven't made any changes to the system, nor installed any new software other than standard windows updates.
  I need help, advice, suggestions, etc., or really anything at all that I can try that might fix this problem.  In the meantime, I am going to boot into safe mode to see if explorer.exe has problems even then (which would solidly indicate a corruption of explorer.exe rather than a compatibility issue or anything else).
  Please help if you can.  For reference, I am using an HP Pavilion dv9700 CTO Entertainment Notebook PC, running Windows Vista Home Premium 32-bit with Service Pack 1.  I have an Intel Core2 Duo T9300 2.5GHz CPU and 3GB of RAM.  My explorer.exe file gives the following information from the Details tab of its Properties window:  file version is 6.0.6001.18000; product version is 6.0.6000.16386; file size is 2.79MB; and modification date is 1/20/2008 at 6:24pm.  As far as I know, that is all correct information and does not indicate that the program file has been replaced by any sort of malicious software.  I also ran a complete scan with AVG Antivirus and found no viruses or other malicious software anywhere on the system (unless you count tracking cookies).
  Thank you in advance for any help

   Edward Lin wrote:
  I have exactly the same problem!!!  And I concluded that the “AUTO CONNECT” function is the main reason of causing the CPU usage.  If I uncheck the “AUTO CONNECT” from the saved wi-fi connection, then the CPU would remain claim.
  But.. Still, it’s very annoying.  So I formatted the hard drive and restore to the original factory condition.  Initially, it was working ok.  But after WINDOW UPDATES, the same problem happens again!!!!!!  May this be the bug from Microsoft??
  Any thought??  Any Fix?  Please help!!!! 
  Yes, I did notice that the problem started after I did a Windows Update.  I can't remember which update it was, but the strange thing about it was that I couldn't fix the problem by restoring the system to a restore point that was made BEFORE the update.  Since I hadn't made any other changes to the system between when it worked and when it stopped working, I can only assume that the update caused the problem, and as such I believe it IS Microsoft's fault.
  As to the Auto-Connect feature, I hadn't even thought of that, but since I use my internet ALL THE TIME, it would be really annoying to have to manually connect every boot up.
  Which brings me back to the workaround.  If you have Auto-Connect enabled, and you disable WLAN AutoConfig and set it to Manual in your Services interface, then reboot the system, does it solve the CPU issues?  If the answer is yes, then you can do what I'm doing:
  1.  Go to Start, then in the search box type "task" and you should see the Task Scheduler come up as an option.
  2.  Open the Task Scheduler and click on "Create Task..." (by default this should be on the right-hand side of the window in the Actions pane).
  3.  In the General tab, give the task a name and (optionally) a description, and put a check mark in the box at the lower left that says "Run with highest privileges".
  4.  In the Triggers tab, add a trigger.  In the new window, choose "At log on" from the dropdown box at the top, set it to run for "Any user", and then head to the advanced settings section of the window.  Put a check mark in the box for "Delay task for:" and set the delay for one minute.  Make sure that there is a check mark in the box for "Enabled".  Then click OK.
  5.  In the Actions tab, add an action.  In the new window, make sure that "Start a program" is selected in the drop down box at the top (should be the default choice).  In the field where you specify the program to run, type in "SC".  In the "Add arguments (optional):" field, type in "Start wlansvc".  Then click OK.
  6.  Go through the other tabs to make sure you're happy with all of the other settings.  The default values should be just fine, but feel free to change them if you want to.  Then click OK.
  7.  Make sure that WLAN AutoConfig is still set to Manual.
  8.  Re-enable your Auto-Connect feature.
  9.  Reboot the system.
  About 60 seconds after you log into your user account you should see a black command window flash onto the screen and then disappear again.  That is your automatic task running and starting up the WLAN AutoConfig servicve.  Another 30-60 seconds later and you should have access to your wireless network and the internet, and you don't have to interact with it or manually start anything.  You can also try setting the task delay to 30 seconds rather than 1 minute, but on my system that wasn't a long enough delay to prevent the CPU usage issues, whereas 1 minute was sufficient.  On my system, it enables the wireless before the system even finishes loading up my normal startup applications like my antivirus, so Idon't even notice a slowdown on the bootup process, let alone any wait time before I can use my internet.
  This isn't a fix, and what we really need is for Microsoft to figure out what they did wrong, and fix it, but in the meantime, this works.
  Good luck
  On a side note:  Unless Microsoft gets busy on fixing Vista so that it's backwards compatible with my old games, I'm still going to downgrade to XP (like a LOT of people have been doing for various reasons)... assuming I can find XP compatible hardware drivers anyway.  Right now I can get more of my games to run under Linux than I can under Vista, despite the fact that they were programmed to run in a DirectX Windows environment only... that's simply unacceptable.

• Visual C++ Runtime Library Runtime Error! C:\windows\explorer.exe

  Hi,
  I have a got crazy problem. Firstly my system specs are,
  CPU: AMD A8-6600k
  Motherboard: Gigabyte F2A88XM-DS2
  Ram : Transcend 4GB. 2GB*2
  "This application has requested the Runtime to terminate it in an unusual way.
  C:\windows\explorer.exe
  Please contact the application's support team for more information."
  I have spent two months attempting to find a fix for this error by reading a large number of similar posts and haven't found anything that helps. I have tried everything from editing the registry, installing Microsoft Fix IT apps, to uninstalling all
  previous versions of Visual C++ and re-installing the most recent version 2013 also.
  I get this error even if I format my system completely and reconfigure it as new system.The error just simply come from no where just pops up as soon I login into my system. Same with both Windows 7 SP1 or Windows 8.1
  Please suggest me the solution as I am 100 percent sure, its the problem with Visual C++ only.

  The reason could be a some background program.
  I suggest you to perform a clean boot for troubleshooting.
  http://support2.microsoft.com/kb/331796/en-us

• Microsoft Visual C++ Runtime Library Runtime Error! C:\windows\explorer.exe

  "This application has requested the Runtime to terminate it in an unusual way.
  Please contact the application's support team for more information."
  I have spent days attempting to find a fix for this error by reading a large number of similar posts and haven't found anything that helps.
  I have tried everything from editing the registry, installing Microsoft Fix IT apps, to uninstalling all previous versions of Visual C++ and re-installing the most recent version (2012 I think?).
  Most of the "fixes" I've seen say to uninstall the program causing the error after updating and replaces your Visual C++ but I can't do this with explorer.exe.
  Is there anything I can try.
  Running 32 bit Windows 7.

  this works for Photoshop Elements 9? 
  +
  System
  Provider
  [ Name]
  SideBySide
  EventID
  80
  [ Qualifiers]
  49409
  Level
  2
  Task
  0
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2015-03-17T20:16:59.000000000Z
  EventRecordID
  318648
  Channel
  Application
  Computer
  VirginiaRoss-PC
  Security
  EventData
  C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest
  C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest

• 2 Problems. 1. Black Screen With Only Cursor Showing 2. Explorer.exe blocked.

  Hello Guys and Gals,
  I am having a problem with my Laptop.  First of all, my screen is black with only a cursor showing (that is not blinking) and I can only run programs through Task Manager. Second, I cannot open 'explorer.exe'.  When
  I try I get this error: "This app can't run on your PC. To find a PC version, check with the software publisher".  I really would like help with this as I do not wish to spend another $500 on the same laptop. Also due to the fact that I have
  many important files I do not wish to loose.  
  INFORMATION:  
  I have an Acer running Windows 8 (It came with it).
    6GB DDR3 Memory
  Thank you for your time. Cheers!
   -Gamerboy1337

  Hi,
  I notice the issues are related to Windows 8. I suggest you post in Windows 8 forum to get professional support.
  http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
  Niki Han
  TechNet Community Support

• 2 Problems. 1. Black Screen With Only Cursor Showing 2. Explorer.exe blocked. [Re-Ask]

  Hello Guys and Gals,
  I am having a problem with my Laptop.  First of all, my screen is black with only a cursor showing (that is not blinking) and I can only run programs through Task Manager. Second, I cannot open 'explorer.exe'.  When I try I get this error: "This
  app can't run on your PC. To find a PC version, check with the software publisher".  I really would like help with this as I do not wish to spend another $500 on the same laptop. Also due to the fact that I have many important files I do not wish
  to loose.  
  INFORMATION:
  I have an Acer running Windows 8 (It came with it).
  6GB DDR3 Memory
  Thank you for your time. Cheers!
   -Gamerboy1337

  Added "fl *" 
  Response:
  PSPath            : Microsoft.PowerShell.Core\FileSystem::C:\WINDOWS\explorer.exe
  PSParentPath      : Microsoft.PowerShell.Core\FileSystem::C:\WINDOWS
  PSChildName       : explorer.exe
  PSDrive           : C
  PSProvider        : Microsoft.PowerShell.Core\FileSystem
  PSIsContainer     : False
  VersionInfo       : File:             C:\WINDOWS\explorer.exe
                      InternalName:     explorer
                      OriginalFilename: EXPLORER.EXE.MUI
                      FileVersion:      6.3.9600.16384 (winblue_rtm.130821-1623)
                      FileDescription:  Windows Explorer
                      Product:          Microsoft® Windows® Operating System
                      ProductVersion:   6.3.9600.16384
                      Debug:            False
                      Patched:          False
                      PreRelease:       False
                      PrivateBuild:     False
                      SpecialBuild:     False
                      Language:         English (United States)
  BaseName          : explorer
  Mode              : -a---
  Name              : explorer.exe
  Length            : 2280232
  DirectoryName     : C:\WINDOWS
  Directory         : C:\WINDOWS
  IsReadOnly        : False
  Exists            : True
  FullName          : C:\WINDOWS\explorer.exe
  Extension         : .exe
  CreationTime      : 2014-02-10 3:28:22 PM
  CreationTimeUtc   : 2014-02-10 8:28:22 PM
  LastAccessTime    : 2014-02-10 3:28:22 PM
  LastAccessTimeUtc : 2014-02-10 8:28:22 PM
  LastWriteTime     : 2013-11-13 2:31:11 PM
  LastWriteTimeUtc  : 2013-11-13 7:31:11 PM
  Attributes        : Archive

• The new ribbon user interface in Win 8.1 should display appropriate buttons depending on the currently displayed folder within the explorer.exe window.

  To begin with, in file-explorer (.\system32\explorer.exe) normally, the new ribbon user interface in Win 8.1 does indeed display appropriate buttons depending on the currently displayed folder within the explorer.exe window. 
  But when one re-parents the explorer window handle to any window handle other than 0000 (desktop's window handle), then the UIRibbon fails to do so.
  You might ask 'Who does that ?' and I would say no-one usually, however I use BrightExplorer which
  is a great little app that  gives me a tabbed file-explorer experience.
  Now, this app works fine since Windows 7, but with Windows 8 the file explorer introduced the new UIRibbon in its UI. It's that new UIRibbon that gets confused by what I think may be be caused by the re-parenting that BrightExplorer does
  to pull a file explorer session into its tabbed control.
  This phenomenon relates to Windows 8 + and is observed only by doing the following steps:
  Download BrightExplorer from BrightNewWorlds.com by going here: BrightExplorer,
  In the address bar go to This PC,
  then go to any other folder and note that the UIRibbon is not keeping track of the changing folder selections.
  Does anyone out there feel that they can do something about this, or have advise?
  Kind regards,
  Robert van der Meijden

  To begin with, in file-explorer (.\system32\explorer.exe) normally, the new ribbon user interface in Win 8.1 does indeed display appropriate buttons depending on the currently displayed folder within the explorer.exe window. 
  But when one re-parents the explorer window handle to any window handle other than 0000 (desktop's window handle), then the UIRibbon fails to do so.
  You might ask 'Who does that ?' and I would say no-one usually, however I use BrightExplorer which
  is a great little app that  gives me a tabbed file-explorer experience.
  Now, this app works fine since Windows 7, but with Windows 8 the file explorer introduced the new UIRibbon in its UI. It's that new UIRibbon that gets confused by what I think may be be caused by the re-parenting that BrightExplorer does
  to pull a file explorer session into its tabbed control.
  This phenomenon relates to Windows 8 + and is observed only by doing the following steps:
  Download BrightExplorer from BrightNewWorlds.com by going here: BrightExplorer,
  In the address bar go to This PC,
  then go to any other folder and note that the UIRibbon is not keeping track of the changing folder selections.
  Does anyone out there feel that they can do something about this, or have advise?
  Kind regards,
  Robert van der Meijden

• Windows 8.1 issue explorer.exe error on shutdown NOT resolved and painfully slow bootup

  Hi,
  I have a brand new HP Pavilion Laptop with Windows 8 64bit. I just downloaded the free update to 8.1. And then problems started. 
  First off, the boot up time has almost doubled. Just before the desktop becomes visible, there is a 10 second period where all you see is a black screen. At times this is more than 10 seconds. Then the desktop wallpaper can be seen.
  Secondly, the most annoying problem-, everytime I shutdown or restart , I get an explorer.exe error saying memory cant be read some instruction referenced memory at 0x00000000. ?! What the h-- is this ? I mean is this what we expect to see after updating to
  Windows 8.1 ? This is ridiculous. There is no offical response from the developers either. This is affecting many people all over the world and there is not even any official patch or announcement ? 
  I have read similar posts here and none of the solutions work. Someone says edit the registry, someone says remove the bluetooth service from startup ?! nothing and stopping a bluetooth service should not be considered a solution. Why should I not be able
  to use bluetooth just to resolve this Windows 8.1 error ??
  Please fix this problem urgently. And DO NOT ask us to re-install windows... I mean come on.. You think people have nothing better to do than installing/reinstalling Windows throughout the day ?? Bandwidth does not come cheap everywhere in the world either.
  Please release a patch or some guidelines on fixing this problem ASAP. 

  Hi, I have checked with that link on HP's site and for my product number it said that my laptop has been tested-Update your System from Windows 8 to Windows 8.1
  HP has tested your Windows 8 PC with Windows 8.1 and has created update instructions.
  This is what they say. And I clicked on the Windows Store Icon >> Then I clicked on the Upgrade to Windows 8.1 Tile >> Then I clicked Download Windows 8.1 Update ( over 3 GB ) waited for a couple of days >> Then clicked next a bunch of
  times >> Selected some options that it asked me >> Then waited some more >> some more waiting >> and in 2 weeks I had upgraded to Windows 8.1 >> Then the above PROBLEMS started...
  So, as a request to the tech team or dev team, pls fix this issue. 

• File Explorer (explorer.exe) Crashes in Windows 8.1 at shutdown

  Hi,
  Iv been running a custom built PC with Windows 8.1 (Win7 upgrade to Win8 then 8.1) Now since a couple of weeks after Win8.1, which was running perfectly fine up until last month when I Started to get these Explorer.exe crashes, Im  quite knowledge able
  with PC so iv done various things such as System Restore (as far back a could) and also followed all the guides on using the Registry editor to disable the Shell Extensions, in addition iv also used Registry Recycler but all to no avail. I then saw this support.microsoft.com/kb/2929203
  and decided to use the charms bar to shut down but it still made no difference at all.
  I don't really want to preform a refresh because i have so many Desktop Programs installed and i have only had this issue since around Mid way through last month, each time on shut down the instructions (referenced memory) are different but all structured
  like: "The instruction at 0x referenced memory at 0x. The memory could not be read. Please if you could help me find a solution to solve this problem with
  out preforming a refresh, I know this could be a a program but event viewer tells me nothing so I would greatly appreciate any help.
  My System Specs are as follows:
  MB: Asus Sabertooth FX R2
  CPU: FX6300
  GPU: GTX660
  RAM: 8GB DDR3 1600
  OS: Windows 8.1 Pro 64bit With Latest Updates
  If you require any other info just ask :-)

  Another Update after changing some options in Event Viewer I get this two logs from each crash at shutdown: 
  The process C:\WINDOWS\Explorer.EXE (DESKTOP) has initiated the power off of computer DESKTOP on behalf of user Desktop\Calum for the following reason: Other (Unplanned)
   Reason Code: 0x0
   Shut-down Type: power off
   Comment:
  Followed by:
  Application pop-up: explorer.exe - Application Error : The instruction at 0xffffffff referenced memory at 0xffffffff. The memory could not be written.
  Click on OK to terminate the program
  EDIT: I also got the time of the first reported error: 02/02/2014 04:50:26

• App crash: explorer.exe faulting module: fundisc

  Hello.
  I've been having issues with 4 computers now. All of them Windows 7 Professional 32 bits.
  The error they're having is the same on each PC: explorer.exe fails and restarts after clicking Ok to the dialog.
  Level: Error
  Source: Application Error
  Event ID: 1000
  Faulting application: explorer.exe, version: 6.1.7601.175xx, time stamp: <changes>
  faulting module: unknown, version: 0.0.0.0, time stamp: 0x00000000
  exception code : 0xc0000005
  fault offset: <changes>
  process id: <changes>
  application start time: <changes>
  The oldest issue is november 6th (there's not a single instance of the error before that date); since then the issue is happening at least once a day but more like 5-10 times a day.
  I ran Windbg and for almost all errors it point to fundisc.dll as the culprit.
  This is one of the dumps:
  Loading Dump File [C:\Users\<user>\Desktop\<other_user>\explorer.exe.680.dmp]
  User Mini Dump File: Only registers, stack and portions of memory are available
  Symbol search path is: srv*;D:\WinDbg\Symbols\Win7AMD64;D:\WinDbg\Symbols\Win7x86;D:\WinDbg\Symbols\XPSP3
  Executable search path is: D:\WinDbg\Image\XPSP3
  Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
  Product: WinNt, suite: SingleUserTS
  Machine Name:
  Debug session time: Tue Nov 20 09:43:21.000 2012 (UTC - 6:00)
  System Uptime: not available
  Process Uptime: 0 days 0:06:02.000
  Loading unloaded module list
  This dump file has an exception of interest stored in it.
  The stored exception information can be accessed via .ecxr.
  (2a8.884): Access violation - code c0000005 (first/second chance not available)
  eax=00000000 ebx=0472f040 ecx=00000400 edx=00000000 esi=00000002 edi=00000000
  eip=77c57094 esp=0472eff0 ebp=0472f08c iopl=0 nv up ei pl zr na pe nc
  cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
  ntdll!KiFastSystemCallRet:
  77c57094 c3 ret
  0:012> !analyze -v
  * Exception Analysis *
  Unable to load image C:\Windows\System32\ieframe.dll, Win32 error 0n2
  *** WARNING: Unable to verify timestamp for ieframe.dll
  FAULTING_IP:
  +0
  0472f64c fc cld
  EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
  ExceptionAddress: 0472f64c
  ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
  NumberParameters: 2
  Parameter[0]: 00000008
  Parameter[1]: 0472f64c
  Attempt to execute non-executable address 0472f64c
  DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT
  PROCESS_NAME: explorer.exe
  ERROR_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.
  EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.
  EXCEPTION_PARAMETER1: 00000008
  EXCEPTION_PARAMETER2: 0472f64c
  WRITE_ADDRESS: 0472f64c
  FOLLOWUP_IP:
  fundisc!CNotificationQueue::ThreadProc+31b
  728963ee bfc0808a72 mov edi,offset fundisc!WPP_GLOBAL_Control (728a80c0)
  FAILED_INSTRUCTION_ADDRESS:
  +31b
  0472f64c fc cld
  NTGLOBALFLAG: 0
  APPLICATION_VERIFIER_FLAGS: 0
  APP: explorer.exe
  LAST_CONTROL_TRANSFER: from 76aa5d3f to 0472f64c
  FAULTING_THREAD: 00000884
  PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT
  BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT
  IP_ON_STACK:
  +31b
  0472f64c fc cld
  STACK_TEXT:
  WARNING: Frame IP not in any known module. Following frames may be wrong.
  0472f64c 76aa5d3f 00000008 03207428 fffffffe 0x472f64c
  0472f7fc 76ad8f82 2246d5ac 03207428 00000000 ole32!COIDTable::ThreadCleanup+0xcb
  0472f840 76ad8ec3 00000000 0472f890 76bd7724 ole32!FinishShutdown+0x9d
  0472f860 76acbac3 00000000 728945f0 03207428 ole32!ApartmentUninitialize+0x96
  0472f878 76ad88e8 0472f890 00000000 728a810c ole32!wCoUninitialize+0x153
  0472f894 728963ee 00000000 00000000 0015c9d0 ole32!CoUninitialize+0x72
  0472f8b0 77aded6c 0015c9d0 0472f8fc 77c7377b fundisc!CNotificationQueue::ThreadProc+0x31b
  0472f8bc 77c7377b 0015c9d0 73c46ab8 00000000 kernel32!BaseThreadInitThunk+0xe
  0472f8fc 77c7374e 72895224 0015c9d0 00000000 ntdll!__RtlUserThreadStart+0x70
  0472f914 00000000 72895224 0015c9d0 00000000 ntdll!_RtlUserThreadStart+0x1b
  STACK_COMMAND: .ecxr ; kb ; ~12s; .ecxr ; kb
  SYMBOL_STACK_INDEX: 6
  SYMBOL_NAME: fundisc!CNotificationQueue::ThreadProc+31b
  FOLLOWUP_NAME: MachineOwner
  MODULE_NAME: fundisc
  IMAGE_NAME: fundisc.dll
  DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd9ff
  FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000005_fundisc.dll!CNotificationQueue::ThreadProc
  BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_IP_fundisc!CNotificationQueue::ThreadProc+31b
  WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/explorer_exe/6_1_7601_17567/4d6727a7/unknown/0_0_0_0/bbbbbbb4/c0000005/0472f64c.htm?Retriage=1
  Followup: MachineOwner
  There's another similar error but points to "NetworkItemFactory" module instead of "fundisc", but i'm not sure they're related yet.
  I already:
  Ran viruschecks and spywarescans and the computers are clean.
  clean booted and the issue persists.
  sfc'd and no files were corrupt.
  They all are HP Compaq 8000 series; besides that, the only other thing i can think of that could be common between those particular machines is that not all of them may had been wiped out when bought and the problems came from the bloatware and some update.
  The only updates they had installed were security and critical updates via WSUS.
  I'm starting to worry and i'm out of ideas.
  Any help will be appreciated.
  "When something is not working as it is supposed to, then it is working as expected" -R

  Hi,
  Event ID: 1000; Source: Application Error; please refer to:
  http://www.eventid.net/display-eventid-1000-source-Application%20Error-eventno-1475-phase-1.htm
  I would recommend you try
  some general steps about troubleshooting explorer.exe crash Issues.
  Bug Check 0xC5,  please refer to:
  http://msdn.microsoft.com/en-us/library/windows/hardware/ff560192(v=vs.85).aspx
  Hope this helps.
  Regards.
  Spencer
  TechNet Community Support