Explorer.exe, version: 6.3.9600.17667

Hi
i have windows server 2012 r2 standart
and i'm having this problem:
Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2268
Faulting application start time: 0x01d080d29353dde6
Faulting application path: C:\Windows\explorer.exe
Faulting module path: unknown
Report Id: e3d4721c-ecc8-11e4-80df-a0481cd69169
Faulting package full name: 
Faulting package-relative application ID: 
i cannot open any management tools: Task Manager, GPedit, Computer Management and more
each time im trying to open something its crushing, i also tried to install Excel 2013 and it crushed 
after im restarting the server it seems to be fixed by it self but the problem comes back during the day 
Please advise with this problem 
Thanks

Hi
Since this is forum for Windows 8.1, suggestions we provide might not agreeable for Windows server system in many cases, if your need further information, I’d suggest that we post at Windows Server forum. There you can get more effective suggestion by other
experts who familiar with design of Windows Server System. Your understanding is highly appreciated.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver
Typically this error is because of a race condition in the Explorer.exe process, normally caused by system corruption or offending software.
Some antivirus applications and some print applications use notification balloons to display messages. These applications may cause a race condition. Therefore, the Explorer.exe process crashes. So we could check this issue under clean boot or safe mode
in Windows 8.1. If issue persists under clean boot, we could try to disable all antivirus and turn off Aero Theme (using basic theme) for good measure.
Keep your system and device driver up to date.
Fix Windows corruption errors by using the DISM or System Update Readiness tool
https://support.microsoft.com/en-us/kb/947821
Regards,
D. Wu
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

  • Please help to solve this Faulting application name: Explorer.EXE, version: 6.3.9600.16441, time stamp: 0x5265dec8

    Faulting application name: Explorer.EXE, version: 6.3.9600.16441, time stamp: 0x5265dec8
    Faulting module name: verifier.dll, version: 6.3.9600.16384, time stamp: 0x5215f8f7
    Exception code: 0x80000003
    Fault offset: 0x000000000000abd4
    Faulting process id: 0x13fc
    Faulting application start time: 0x01cf2a60ac1727ab
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\system32\verifier.dll
    Report Id: d489ba61-9655-11e3-bf26-f82fa8e6dde2
    Faulting package full name: 
    Faulting package-relative application ID: 

    Hi,
    Try to run sfc /scannow command to repair the corrupted system file:
    Use the System File Checker tool to repair missing or corrupted system files
    http://support.microsoft.com/kb/929833
    Also we could a easier way system restore to roll back to a time when everything works fine:
    How to  refresh, reset, or restore your PC
    http://windows.microsoft.com/en-IN/windows-8/restore-refresh-reset-pc
    Karen Hu
    TechNet Community Support

  • Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588

    Hi, I'm running Windows 8.1 Pro, and having problems where explorer will crash every couple of hours.  
    here's the event viewer log info:
    Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0000000000000000
    Faulting process id: 0x2dfc
    Faulting application start time: 0x01cf7e970bd1516c
    Faulting application path: C:\windows\explorer.exe
    Faulting module path: unknown
    Report Id: a2e8b887-ea95-11e3-8265-0050b66098e2
    Faulting package full name: 
    Faulting package-relative application ID: 
    I opened up the dump file, and i'm having a hard time making out what the issue might be.  Any assistance would be appreciated.   Thank you!
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: SingleUserTS
    Built by: 6.3.9600.17031 (winblue_gdr.140221-1952)
    Machine Name:
    Debug session time: Mon Jun  2 12:15:42.000 2014 (UTC - 7:00)
    System Uptime: not available
    Process Uptime: 0 days 0:07:27.000
    Loading unloaded module list
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (2230.9d4): Access violation - code c0000005 (first/second chance not available)
    ntdll!NtWaitForMultipleObjects+0xa:
    00007ffc`20b2b13a c3              ret
    0:054> !analyze -v
    *                        Exception Analysis                                   *
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for sppc.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for dlumd11.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ClassicStartMenuDLL.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ClassicExplorer64.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for GROOVEEX.DLL - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for msvcr90.dll - 
    FAULTING_IP: 
    +50951de2c52b
    00000000`00000000 ??              ???
    EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 0000000000000000
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000008
       Parameter[1]: 0000000000000000
    Attempt to execute non-executable address 0000000000000000
    CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
    rax=00000000066e0000 rbx=0000000000000003 rcx=00000000066e0000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000003
    rip=00007ffc20b2b13a rsp=000000000980d428 rbp=000000000980dee0
     r8=0000000000001000  r9=0000000000000000 r10=0000000000000040
    r11=0000000000000286 r12=0000000000000010 r13=000000000980d840
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
    ntdll!NtWaitForMultipleObjects+0xa:
    00007ffc`20b2b13a c3              ret
    PROCESS_NAME:  explorer.exe
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_PARAMETER1:  0000000000000008
    EXCEPTION_PARAMETER2:  0000000000000000
    WRITE_ADDRESS:  0000000000000000 
    FOLLOWUP_IP: 
    propsys!PSPropertyBag_WriteInt+3c
    00007ffc`19a2945c 488b4c2438      mov     rcx,qword ptr [rsp+38h]
    FAILED_INSTRUCTION_ADDRESS: 
    +3c
    00000000`00000000 ??              ???
    NTGLOBALFLAG:  0
    APPLICATION_VERIFIER_FLAGS:  0
    APP:  explorer.exe
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    FAULTING_THREAD:  00000000000009d4
    BUGCHECK_STR:  APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL
    PRIMARY_PROBLEM_CLASS:  SOFTWARE_NX_FAULT_NULL
    DEFAULT_BUCKET_ID:  SOFTWARE_NX_FAULT_NULL
    LAST_CONTROL_TRANSFER:  from 00007ffc19a2945c to 0000000000000000
    STACK_TEXT:  
    00000000`0980ed68 00007ffc`19a2945c : 00000000`1edc55b0 00000000`1edc55b0 00000000`00000000 00007ffc`1c581762 : 0x0
    00000000`0980ed70 00007ffc`08848361 : 00000000`183c3ad0 00000000`1edc55b0 00000000`1edc55b0 00000000`00000000 : propsys!PSPropertyBag_WriteInt+0x3c
    00000000`0980edc0 00007ffc`088482c4 : 00000000`00000000 00000000`00000425 00007ffc`16461240 00000000`00000425 : explorerframe!CShellBrowser::_OnFrameStateChanged+0x81
    00000000`0980ee10 00007ffc`087ef021 : 00000000`00000001 00000000`00000425 00000000`00000425 00000000`00000033 : explorerframe!CShellBrowser::WndProcBS+0x8aa
    00000000`0980f0b0 00007ffc`1ff62434 : 00000000`00000001 00000000`0980f360 00000000`00000000 00000002`00000030 : explorerframe!IEFrameWndProc+0x7d
    00000000`0980f100 00007ffc`1ff63fe2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : user32!UserCallWinProcCheckWow+0x140
    00000000`0980f1c0 00007ffc`1ff6409d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : user32!DispatchClientMessage+0xa2
    00000000`0980f220 00007ffc`20b2c99f : 00000000`18215570 00007ffc`087ffd50 00000000`18215570 00000000`0980f310 : user32!_fnDWORD+0x2d
    00000000`0980f280 00007ffc`1ff61fea : 00007ffc`1ff6341d 00000000`00000064 00000000`00000000 00000000`0980f3a0 : ntdll!KiUserCallbackDispatcherContinue
    00000000`0980f308 00007ffc`1ff6341d : 00000000`00000064 00000000`00000000 00000000`0980f3a0 00007ffc`087f0dab : user32!NtUserMessageCall+0xa
    00000000`0980f310 00007ffc`1ff65191 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00abecc0 : user32!SendMessageWorker+0x118
    00000000`0980f3a0 00007ffc`087f736c : 00000000`183111e0 00000000`17e90f80 00000000`00020732 00000000`00000000 : user32!SendMessageW+0x105
    00000000`0980f400 00007ffc`088479bb : 00000000`0000000c 00000000`183111e0 00000000`00000000 00000000`00000000 : explorerframe!CBrowserHost::ForwardMessageToBrowser+0x1c
    00000000`0980f430 00007ffc`088484e1 : 00000000`17e90ef8 00000000`00020732 00000000`00000000 00000000`17e90f80 : explorerframe!CExplorerFrame::OnBrowserCreated+0xcb
    00000000`0980f480 00007ffc`08847dcb : 00000000`203caba8 00000000`1edc55b0 00000000`17e90ee0 00000000`16237630 : explorerframe!CBrowserHost::OnBrowserCreated+0xb5
    00000000`0980f4c0 00007ffc`08843133 : 00000000`16237630 00000000`16237630 00000000`16237630 00000000`1edc55b0 : explorerframe!CShellBrowser::AfterWindowCreated+0xc7
    00000000`0980f500 00007ffc`08842f80 : 00000000`16237630 00000000`0980f730 00000000`00000003 00000000`18311140 : explorerframe!CBrowserHost::Initialize+0xef
    00000000`0980f530 00007ffc`087f9bc0 : 00000000`18311140 00000000`00200000 00000000`0980f730 00000000`00000003 : explorerframe!CExplorerFrame::Initialize+0x3c
    00000000`0980f560 00007ffc`087fb3b6 : 00000000`18311140 00000000`16237630 00000000`00200000 00007ffc`1e102d9d : explorerframe!BrowserThreadProc+0x50
    00000000`0980f5a0 00007ffc`087fb366 : 18bc0f9b`000047ae 00000000`15ff61e0 00000000`00000000 00007ffc`1ff62f2f : explorerframe!BrowserNewThreadProc+0x3a
    00000000`0980f5d0 00007ffc`087f8549 : 00000000`00002230 00000000`000009d4 00000000`0000000f 00000000`0000000b : explorerframe!CExplorerTask::InternalResumeRT+0x12
    00000000`0980f600 00007ffc`1ebde4fc : 00000000`00000000 00000000`00000000 ffffffff`fffffffe 00000000`00200000 : explorerframe!CRunnableTask::Run+0xc9
    00000000`0980f630 00007ffc`1ebde6df : 00000000`10605f50 00000000`10605f50 00000000`00000000 00000000`00000010 : shell32!CShellTaskThread::ThreadProc+0x284
    00000000`0980f780 00007ffc`1c588023 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x2f
    00000000`0980f7b0 00007ffc`200e16ad : 00000000`0040e300 00000000`00000000 00000000`80004005 00000000`00000000 : SHCore!Microsoft::WRL::FtmBase::MarshalInterface+0x17b
    00000000`0980f8d0 00007ffc`20b04629 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
    00000000`0980f900 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
    SYMBOL_STACK_INDEX:  1
    SYMBOL_NAME:  propsys!PSPropertyBag_WriteInt+3c
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: propsys
    IMAGE_NAME:  propsys.dll
    DEBUG_FLR_IMAGE_TIMESTAMP:  53511853
    STACK_COMMAND:  ~54s; .ecxr ; kb
    FAILURE_BUCKET_ID:  SOFTWARE_NX_FAULT_NULL_c0000005_propsys.dll!PSPropertyBag_WriteInt
    BUCKET_ID:  APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL_NULL_IP_propsys!PSPropertyBag_WriteInt+3c
    ANALYSIS_SOURCE:  UM
    FAILURE_ID_HASH_STRING:  um:software_nx_fault_null_c0000005_propsys.dll!pspropertybag_writeint
    FAILURE_ID_HASH:  {a6c58e48-fd4e-59a9-7e83-f1b082937554}
    Followup: MachineOwner

    Hi,
    Please upload the dump file to a public folder such as OneDrive, then paste the download link here for further analyzing.
    Have you installed any third party tool which might be related with Explorer in your system? if you have, please uninstalled it as a test.
    Windows Explorer crashes are mostly caused by an incompatible Shell Extension.
    You can run tool ShellExView to find the culprit, in the pane sort the entries with manufacturers. Disable all non-Microsoft *.dll files, and check the result. If the issue does not occur, one of the files can be the culprit. We could narrow down it one by
    one.
    For download link and user guide, please see this link (ShellExView is included in it)
    http://technet.microsoft.com/en-us/magazine/2009.06.toolbox.aspx
    Yolanda Zhu
    TechNet Community Support

  • Explorer.exe crash, twinui.dll

    For a couple of weeks, everytime i login into my account, explorer.exe keeps crashing and restarting.During this loop, the system is laggy and it only shows the taskbar, without the icons i put on it.
    Here is the report from event viewer:
    Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: twinui.dll, version: 6.3.9600.17324, time stamp: 0x53f822bf
    Exception code: 0xc0000006
    Fault offset: 0x00000000000e87c7
    Faulting process id: 0xb20
    Faulting application start time: 0x01d06eb0d68fe96f
    Faulting application path: C:\WINDOWS\explorer.exe
    Faulting module path: C:\WINDOWS\system32\twinui.dll
    Report Id: 19f958ba-daa4-11e4-82aa-448a5bcfcd05
    Faulting package full name:
    Faulting package-relative application ID:
    I also downloaded autoruns from sysinternals, there are some dll's, but only from winrar and poweriso, which i deactivated.I ran sfc /scannow and chkdsk /f, no changes.The system runs fine in safe mode, without any crashes.

    Hello Retegan Andrei (Andrew),
    As this issue doesn’t exist in the safe mode, it is caused by driver or third-party software.
    Please try to perform a clean boot in Windows.
    https://support.microsoft.com/en-us/kb/929135
    If this issue doesn’t occur in clean boot, it is caused by third-party drivers.
    If this issue occurs in clean boot too, it is cuased by drivers, please update drivers from the manufacturer website.
    Best regards,
    Fangzhou CHEN
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Explorer.exe crashes at start of profile creation when domain-joined (using Samba 3.6.25)

    Not sure if this is the right forum?
    Getting this error (copied from Event Viewer) on a Windows 8.1 Pro client - an event ID of 1000, every time at the start of profile creation when logging in with a domain account. So explorer.exe crashes because of "twinui.appcore.dll" and profile
    creation is taking a very long time (about 17 minutes).
    Then after being stuck during "Almost ready" screen we are getting a Start-button that is stuck (non-clickable) (and also arrows on the metro-screen icons). Restarting explorer.exe manually helps to get a functional Start-button again.
    Tried using a roaming profile and without using a roaming profile (Group Policy setting to always keep profiles local). That does not seem to matter.
    Naam van toepassing met fout: Explorer.EXE, versie: 6.3.9600.17667, tijdstempel: 0x54c6f7c2
    Naam van module met fout: twinui.appcore.dll, versie: 6.3.9600.17415, tijdstempel: 0x54503801
    Uitzonderingscode: 0x80270233
    Foutmarge: 0x000000000008cb57
    Id van proces met fout: 0xf28
    Starttijd van toepassing met fout: 0x01d05bf587567d80
    Pad naar toepassing met fout: C:\Windows\Explorer.EXE
    Pad naar module met fout: C:\Windows\System32\twinui.appcore.dll
    Rapport-id: cf9c3ec8-c7e8-11e4-8262-0019bbd6f620
    Volledige pakketnaam met fout: 
    Relatieve toepassings-id van pakket met fout: 
    Using Samba 3.6.25 with an LDAP back-end. Installed all updates for Windows 8.1 Pro client.
    Thanks in advance for any advice.

    Pasting the crash dump analysis using WinDbg (x64):
    Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    Loading Dump File [C:\LocalDumps\explorer.exe.824.dmp]
    User Mini Dump File with Full Memory: Only application data is available
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 8 Version 9600 MP (2 procs) Free x64
    Product: WinNt, suite: SingleUserTS
    Built by: 6.3.9600.17031 (winblue_gdr.140221-1952)
    Machine Name:
    Debug session time: Thu Mar 12 11:53:12.000 2015 (UTC + 1:00)
    System Uptime: 0 days 21:10:37.682
    Process Uptime: 0 days 0:01:05.000
    Loading unloaded module list
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (338.f94): Unknown exception - code 80270233 (first/second chance not available)
    kernel32!RaiseFailFastException+0xae:
    00007ffe`cb2faabe e8b1000000      call    kernel32!SignalStartWerSvc (00007ffe`cb2fab74)
    0:018> !analyze -v
    *                        Exception Analysis                                  
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for sppc.dll -
    FAULTING_IP:
    twinui_appcore!CCriticalFailureHandler::_RaiseFailFastException+c7
    00007ffe`bed7cb57 488b4d37        mov     rcx,qword ptr [rbp+37h]
    EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 00007ffebed7cb57 (twinui_appcore!CCriticalFailureHandler::_RaiseFailFastException+0x00000000000000c7)
       ExceptionCode: 80270233
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: ffffffff80070005
    CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
    rax=000000000a14f560 rbx=000000000a14fa70 rcx=000000000a14f560
    rdx=0000000000000000 rsi=0000000000000001 rdi=000000000a14f560
    rip=00007ffecb2faabe rsp=000000000a14f480 rbp=000000000a14fad9
     r8=0000000000000000  r9=0000000000000006 r10=0000000000000000
    r11=00007ffecb544dd7 r12=00007ffebed00090 r13=0000000008234160
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
    kernel32!RaiseFailFastException+0xae:
    00007ffe`cb2faabe e8b1000000      call    kernel32!SignalStartWerSvc (00007ffe`cb2fab74)
    PROCESS_NAME:  explorer.exe
    ERROR_CODE: (NTSTATUS) 0x80270233 - <Unable to get error code text>
    EXCEPTION_CODE: (HRESULT) 0x80270233 (2150040115) - <Unable to get error code text>
    EXCEPTION_PARAMETER1:  ffffffff80070005
    NTGLOBALFLAG:  2000100
    APPLICATION_VERIFIER_FLAGS:  48004
    APP:  explorer.exe
    ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
    FAULTING_THREAD:  0000000000000f94
    BUGCHECK_STR:  APPLICATION_FAULT_SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233
    PRIMARY_PROBLEM_CLASS:  SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233
    DEFAULT_BUCKET_ID:  SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233
    LAST_CONTROL_TRANSFER:  from 00007ffebed7cb57 to 00007ffecb2faabe
    STACK_TEXT:  
    00000000`0a14f480 00007ffe`bed7cb57 : 00000000`80070005 00000000`00000004 ffffffff`80070005 00000000`00000000 : kernel32!RaiseFailFastException+0xae
    00000000`0a14fa50 00007ffe`bed7c8c2 : 00000000`00000a9c 00000000`0a14fc20 00000000`000003a8 00000000`000003a8 : twinui_appcore!CCriticalFailureHandler::_RaiseFailFastException+0xc7
    00000000`0a14fb40 00007ffe`bed8b349 : 00000000`00000000 00007ffe`bed00090 00000000`000003a8 00000000`00000004 : twinui_appcore!CCriticalFailureHandler::HandleFailure+0xba
    00000000`0a14fb90 00007ffe`bed19d8b : 00000000`08242340 00000000`0a14fc00 00000000`00000000 00007ffe`bed34838 : twinui_appcore!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::`dynamic atexit destructor for 'module''+0x7a79
    00000000`0a14fbd0 00007ffe`c5055bf1 : 00000000`80070005 00000000`08242340 00000000`00000000 00007ffe`bed19d30 : twinui_appcore!CProcessLifetimeManager::PerformDelayedInitialization+0x5b
    00000000`0a14fc20 00007ffe`c5055519 : 00000000`00000000 00000000`08242340 00000000`00000000 00000000`00000034 : windows_immersiveshell_serviceprovider!CImmersiveShellController::_CreateComponents+0x536
    00000000`0a14fcc0 00007ffe`c505566e : 00007ffe`00000045 00000000`00000000 00000000`082335f8 00000000`02ea60e8 : windows_immersiveshell_serviceprovider!CImmersiveShellController::_ImmersiveShellComponentsThreadProcInternal+0x17d
    00000000`0a14fd50 00007ffe`b41995cd : 00007ffe`c5050000 00007ffe`c50555f0 00000000`00000000 00000000`00000000 : windows_immersiveshell_serviceprovider!CImmersiveShellController::s_ImmersiveShellComponentsThreadProc+0x7a
    00000000`0a14fd80 00007ffe`cb2113d2 : 00007ffe`b4199580 00000000`00000000 00000000`00000000 00000000`00000000 : verifier!AVrfpStandardThreadFunction+0x4d
    00000000`0a14fdc0 00007ffe`cb51e954 : 00007ffe`cb2113b0 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x22
    00000000`0a14fdf0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34
    FOLLOWUP_IP:
    twinui_appcore!CCriticalFailureHandler::HandleFailure+ba
    00007ffe`bed7c8c2 488b6c2458      mov     rbp,qword ptr [rsp+58h]
    SYMBOL_STACK_INDEX:  2
    SYMBOL_NAME:  twinui_appcore!CCriticalFailureHandler::HandleFailure+ba
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: twinui_appcore
    IMAGE_NAME:  twinui.appcore.dll
    DEBUG_FLR_IMAGE_TIMESTAMP:  54503801
    STACK_COMMAND:  ~18s; .ecxr ; kb
    FAILURE_BUCKET_ID:  SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233_80270233_twinui.appcore.dll!CCriticalFailureHandler::HandleFailure
    BUCKET_ID:  APPLICATION_FAULT_SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233_twinui_appcore!CCriticalFailureHandler::HandleFailure+ba
    ANALYSIS_SOURCE:  UM
    FAILURE_ID_HASH_STRING:  um:shell_component_startup_failure_error_code_ffffffff80270233_80270233_twinui.appcore.dll!ccriticalfailurehandler::handlefailure
    FAILURE_ID_HASH:  {bc588def-f8dc-26b8-dac8-a057fb6557c4}
    Followup: MachineOwner
    0:018> lmvm twinui_appcore
    start             end                 module name
    00007ffe`becf0000 00007ffe`bee20000   twinui_appcore   (pdb symbols)          downstreamstore\twinui.appcore.pdb\310246EA4A1E4BF8A48502B727A7376B1\twinui.appcore.pdb
        Loaded symbol image file: twinui.appcore.dll
        Image path: C:\Windows\System32\twinui.appcore.dll
        Image name: twinui.appcore.dll
        Timestamp:        Wed Oct 29 01:42:41 2014 (54503801)
        CheckSum:         0013A0E7
        ImageSize:        00130000
        File version:     6.3.9600.17415
        Product version:  6.3.9600.17415
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     TWINUI.APPCORE
        OriginalFilename: TWINUI.APPCORE.dll
        ProductVersion:   6.3.9600.17415
        FileVersion:      6.3.9600.17415 (winblue_r4.141028-1500)
        FileDescription:  TWINUI.APPCORE
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    Does this make any sense to anyone?

  • Windows Server 2012 R2 RDS + User profile Disks + App-V = Explorer.exe crashing all of the time

    I have built a new RDS farm on Windows Server 2012 R2 with two Session Hosts and a combined Connect Broker/Web Access server. I had the farm up and running with User Profile Disks and all seemed OK. However, as soon as I installed the App-V 5.0 SP2 RDS
    client on the session hosts, the explorer.exe process started crashing for any user logging in via the Web Access site. The process crashes and restarts every five to ten seconds. It's the same for administrators. If they log in via Web Access explorer.exe
    crashes, but if they RDP directly to one of the session hosts explorer.exe is fine. If I reboot the session hosts, then the first user to log in via Web Access has a stable desktop session (and appears to have a new profile as well). However, if that user
    logs out and back in again, explorer.exe starts crashing again. The only applications I have packaged at the moment are Office 2013 and Firefox.
    I tried disabling User Profile Disks, but this caused a whole bunch of other problems and I eventually lost the ability to log in at all via Web Access (errors about the user profile service). As this is a small pre-production environment I completed scrapped
    all of the servers and rebuilt from scratch. Again, everything appeared fine until I installed the App-V client, then explorer.exe started crashing repeatedly for all users.
    Has anyone come across this issue before? I have tried installing the App-V 5.0 SP2 Hotfix Package 2, but this didn't help. I have read in a few forums that App-V doesn't work very well with User Profile Desks, but I have not heard of this particular issue.
    Similarly, SP2 seems to have a lot of problems, so I am going to try removing App-V RDp Client SP2 and installing SP1. I ahev also deleted User Profile Disks for the test users to recreate their profiles, but this didn't help either.
    Any other suggestions welcome!

    I forgot to include the application event log entry for explorer.exe crashing:
    Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
    Exception code: 0xc06d007e
    Fault offset: 0x0000000000005bf8
    Faulting process id: 0xae8
    Faulting application start time: 0x01cfab3a273787fd
    Faulting application path: C:\Windows\explorer.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: 69210d77-172d-11e4-80c6-0050560102d1
    Faulting package full name: 

  • Windows 8.1 explorer.exe crashes EVERY time I open a window

    I upgraded from win8 home yesterday and notices I was getting errors when using windows to copy files from my laptop to computer over my wifi.
    Today, I was working fine and started gettingMicrosoft Visual C++ Runtime Library "Runtime Error" and explorer restarted, I rebooted and then on all accounts I logged into, I got no error messages - just explorer restarting. I was unable
    to open any folders. 
    The event viewer states:
    Faulting application name: Explorer.EXE, version: 6.3.9600.16441, time stamp: 0x5265dec8
    Faulting module name: verifier.dll, version: 6.3.9600.16384, time stamp: 0x5215f8f7
    Exception code: 0x80000003
    Fault offset: 0x000000000000abd4
    Faulting process ID: 0x16c4
    Faulting application start time: 0x01cf1ad3991556c6
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\system32\verifier.dll
    Report ID: ecbc0d64-86c6-11e3-8089-4c72b9810b8d
    Faulting package full name: 
    Faulting package-relative application ID: 
    Explorer has however started running properly since I ran C:\ from the run prompt. Any folders I click on seem ok and now I can open explorer normally.
    Please help

    Hello,
    Please download this
    ZIP file and extract it. Once extracted, double-click the REG file to import it into the registry. Once done, this will enable creation of crash dumps when Explorer crashes. So, the next time this happens. you should fine a DMP file on your desktop. Compress
    and attach the file here. Having the file will help us identifying the cause of the issue.

  • Explorer.exe restarting in Windows 8.1

    Hi,
    The thing is that yesterday I was on my computer, and then I became to have a problem with the Explorer.Exe, I install a couple of third parties porgram that I never had problem with, in my past computers, the problem is that I tried a lot of stuff, unistalling,
    I run the ChkDsk, Anti virus, anti Malware, Rogue killer, I dont know what else to do.
    For the record, I make another user account and this one didn't present any problem, the safe mode, also didn't present any problem.
    The event log said this:
    "Faulting application name: explorer.exe, version: 6.3.9600.16441, time stamp: 0x5265dec8
    Faulting module name: verifier.dll, version: 6.3.9600.16384, time stamp: 0x5215f8f7
    Exception code: 0x80000003
    Fault offset: 0x000000000000a43a
    Faulting process id: 0x9bc
    Faulting application start time: 0x01cf2d208c65db7d
    Faulting application path: C:\WINDOWS\explorer.exe
    Faulting module path: C:\WINDOWS\system32\verifier.dll
    Report Id: b06ef933-9915-11e3-beec-14dae9d0e163
    Faulting package full name: 
    Faulting package-relative application ID:"
    I dont know if this will help, and this is what appears on the problem reports
    Source
    Windows Explorer
    Summary
    Stopped working
    Date
    ‎18/‎02/‎2014 09:20
    Status
    Report sent
    Description
    Faulting Application Path: C:\Windows\explorer.exe
    Problem signature
    Problem Event Name: AutoVerifierV2
    Application Name: Explorer.EXE
    Application Version: 6.3.9600.16441
    Application Timestamp: 5265dec8
    Fault Module Name: verifier.dll
    Fault Module Version: 6.3.9600.16384
    Fault Module Timestamp: 5215f8f7
    Exception Code: 80000003
    Exception Offset: 000000000000abd4
    Status Code: 201
    OriginalBucketID: unknown
    OS Version: 6.3.9600.2.0.0.256.48
    Locale ID: 4105
    Additional Information 1: c2e1
    Additional Information 2: c2e13b1aeab302e452699b96b40177af
    Additional Information 3: 6fc9
    Additional Information 4: 6fc9f42ae133281a1648cfab1a0009ef
    Extra information about the problem
    Bucket ID: c88c9067d445320fe7fc8872b32d5644 (-309879039)
    I dont know what else to do, thanks in advance for everything.

    Hi,
    Try to run sfc /scannow command to repair the corrupted system file:
    Use the System File Checker tool to repair missing or corrupted system files
    http://support.microsoft.com/kb/929833
    Also we could a easier way system restore to roll back to a time when everything works fine:
    How to  refresh, reset, or restore your PC
    http://windows.microsoft.com/en-IN/windows-8/restore-refresh-reset-pc
    Karen Hu
    TechNet Community Support

  • Explorer.exe keeps crashing after update to 8.1 from 8

    After updating to the 8.1 explorer.exe keeps crashing, no solution found online for the problem...only clue I get is very clear and obvious message in event log:
    Faulting application name: explorer.exe, version: 6.3.9600.16441, time stamp: 0x5265dec8
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.16496, time stamp: 0x52b3f283
    Exception code: 0xe06d7363
    Fault offset: 0x0000000000005a88
    Faulting process id: 0x1664
    Faulting application start time: 0x01cf52b7670e4534
    Faulting application path: C:\WINDOWS\explorer.exe
    Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
    Report Id: a4c05eaf-beaa-11e3-be98-ca4f0724b24c
    Faulting package full name: 
    Faulting package-relative application ID: 
    System
    Provider
    [ Name]
    Application Error
    EventID
    1000
    [ Qualifiers]
    0
    Level
    2
    Task
    100
    Keywords
    0x80000000000000
    TimeCreated
    [ SystemTime]
    2014-04-07T23:16:27.000000000Z
    EventRecordID
    16783
    Channel
    Application
    Computer
    Dell
    Security
    EventData
    explorer.exe
    6.3.9600.16441
    5265dec8
    KERNELBASE.dll
    6.3.9600.16496
    52b3f283
    e06d7363
    0000000000005a88
    1664
    01cf52b7670e4534
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\KERNELBASE.dll
    a4c05eaf-beaa-11e3-be98-ca4f0724b24c
    really helpful. Cannot understand why Microsoft were pushing me to update from poorly performing windows 8 to complete nuisance windows 8.1. My hardly earned money were spent on a product that causes me massive headache. 
    Unfortunately Microsoft does not allow me to post the link to skydrive where I keep the dmp fo review. Another great gift from them.

    0:050> lmvm rse
    start end module name
    00007ffd`abc10000 00007ffd`abec6000 rse (export symbols) rse.dll
    Loaded symbol image file: rse.dll
    Image path: C:\Program Files\Autodesk\Inventor 2014\Bin\rse.dll
    Image name: rse.dll
    Timestamp: Fri Mar 01 06:00:41 2013 (512FD389)
    CheckSum: 002B8E46
    ImageSize: 002B6000
    File version: 18.0.17000.0
    Product version: 1.0.0.1
    File flags: 0 (Mask 3F)
    File OS: 40004 NT Win32
    File type: 2.0 Dll
    File date: 00000000.00000000
    Translations: 0409.04b0
    CompanyName: Autodesk, Inc.
    ProductName: Autodesk, Inc. rse
    InternalName: rse
    OriginalFilename: rse.dll
    ProductVersion: Autodesk Inventor 2014
    FileVersion: 18, 0, 17000, 0000
    PrivateBuild: Build: 170, Release: 2014 RTM - Date: Thu 02/28/2013
    SpecialBuild: Build: 170, Release: 2014 RTM - Date: Thu 02/28/2013
    FileDescription: rse
    LegalCopyright: Copyright © 1996-2013 Autodesk, Inc.
    LegalTrademarks: Copyright © 1996-2013 Autodesk, Inc.
    Comments: Copyright © 1996-2013 Autodesk, Inc.
    Hi,
    The dump file has been analyzed by auggy, and the problem is on the rse.dll.
    Please refer to the suggestions auggy provided, If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
    If the suggestion is helpful, please remember to mark it as answer which can benefit others who may encounter the similar issue as yours. Otherwise, please unpropose it and provide the latest dump file for further assistance.
    Regards,
    Kelvin Xu
    TechNet Community Support

  • Explorer.exe Application Error - Faulting module name: Windows.UI.Xaml.dll

    We are having a problem with one of our Windows 2012 R2 Terminal Server. The server keeps maxing out CPU to 100% the only way to resolve the issue is by restarting the guest OS. When I have been trying to troubleshoot the issue. I have noticed the following
    error is appearing in the event log. I have tried various research online but have been unable to find a resolution to the issue.  Anyone have any ideas?
    Faulting application name: explorer.exe, version: 6.3.9600.17415, time stamp: 0x54503a3a
    Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17415, time stamp: 0x54504b1a
    Exception code: 0xc000027b
    Fault offset: 0x0000000000982bea
    Faulting process id: 0xd44
    Faulting application start time: 0x01d0526d40641d26
    Faulting application path: C:\Windows\explorer.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: 80a05322-be60-11e4-80db-005056bd0cad
    Faulting package full name:
    Faulting package-relative application ID:

    Hi,
    Please test the issue in Clean Boot first. For the detailed steps, please refer to the following Microsoft KB article:
    How to perform a clean boot in Windows
    http://support.microsoft.com/kb/929135
    Also seems you should try to uninstall IE and install it again but before that you can run command type:
    SFC /SCANNOW and let the system to scan your DLL files and repair them, then reinstall the new IE.
    For general reference, windows.UI.xmal.dll can handle several file in background process. For more detail refer
    this article.
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Searchindexer.exe and explorer.exe errors

    A few days ago I uninstalled Norton with Revo Uninstaller and installed malwarebytes pro. I restarted my computer only to find that approximately every 3 seconds, explorer.exe crashed and restarted. This went on for about 3 days. The event viewer showed
    the "The Windows Search service terminated unexpectedly.  It has done this 7864 time(s)" message that I've seen in other threads.
    http://social.technet.microsoft.com/Forums/windows/en-US/38a0ac31-501d-4b84-9b75-5d64fd684e10/workaround-windows-search-service-terminated-unexpectedly-faulting-application-searchindexerexe?forum=w7itprogeneral
      Here's what I've done so far.
    ran malwarebytes full system scan - found a few problems but after fixing them the main issues persisted.
    ran sfc/ scannow (7-8 times... found issues at first but now returns the message "Windows Resource Protection did not find any integrity violations.")
    Set 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\SetupCompletedSuccessfully' from 1 to 0
    left computer on overnight (windows explorer still crashing every few seconds)
    hard reset by removing the battery. Now windows explorer won't load at all. (no desktop, no modern UI or Taskbar)
    attempted to rebuild the index, which didn't work.
    Here's the what the event viewer shows
    Faulting application name: SearchIndexer.exe, version: 7.0.9600.16384, time stamp: 0x5215d4c4
    Faulting module name: PROPSYS.dll, version: 7.0.9600.16504, time stamp: 0x52c84647
    Exception code: 0xc0000005
    Fault offset: 0x000000000002e7cf
    Faulting process ID: 0x12cc
    Faulting application start time: 0x01cf2ce75776bd39
    Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe
    Faulting module path: C:\WINDOWS\system32\PROPSYS.dll
    Report ID: 9558cdec-98da-11e3-bf19-ccaf78ef940c
    Faulting package full name:
    Faulting package-relative application ID:
    and
    Faulting application name: explorer.exe, version: 6.3.9600.16441, time stamp: 0x5265dec8
    Faulting module name: PROPSYS.dll, version: 7.0.9600.16504, time stamp: 0x52c84647
    Exception code: 0xc0000005
    Fault offset: 0x000000000002e7cf
    Faulting process ID: 0x4038
    Faulting application start time: 0x01cf2c003f8be4cd
    Faulting application path: C:\WINDOWS\explorer.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\PROPSYS.dll
    Report ID: 7f1c8601-97f3-11e3-bf18-ccaf78ef940c
    Faulting package full name:
    Faulting package-relative application ID:
    I can't run Microsoft's fix it because explorer.exe won't load, so trying to save any installer results in Firefox crashing.
    Not really sure what do do at this point.
    Edit: did a system restore. returned with an error saying system restore error failed while deleting c:\$MFT\
    An unspecified error occurred during system resotre (0x8007007b)

    I have a very similar problem involving this module. It has errors and eventually the system reboots with a Kernal error 41 which I believe is from this application, the error code is
    Faulting application name: SearchIndexer.exe, version: 7.0.9600.16384, time stamp: 0x5215d4c4
    Faulting module name: MSSRCH.DLL, version: 7.0.9600.16384, time stamp: 0x5215d425
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006dbe
    Faulting process ID: 0x1b84
    Faulting application start time: 0x01cf4f7e92d28b12
    Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe
    Faulting module path: C:\WINDOWS\system32\MSSRCH.DLL
    Report ID: d0dab473-bb71-11e3-bf22-001fd0ada17a
    Faulting package full name:
    Faulting package-relative application ID:

  • EMET 5.0 - explorer.exe - INVALID_POINTER_WRITE_EXPLOITABLE

    [v] Deep Hooks
    [v] Anti Detour
    [v] Banned Function
    [x] Stop on expoit
    All options for explorer.exe checked
    => Crash
    WinDbg as the postmortem debugger:
    0:024> !analyze -v
    * Exception Analysis *
    FAULTING_IP:
    EMET64!EMETSendCert+2442
    000007fe`f2704ece 48832300 and qword ptr [rbx],0
    EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 000007fef2704ece (EMET64!EMETSendCert+0x0000000000002442)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 0000000000000001
    Parameter[1]: 0000000000120800
    Attempt to write to address 0000000000120800
    CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
    rax=00000000003a7c70 rbx=0000000000120800 rcx=0000000000000038
    rdx=00000000aa1a1088 rsi=00000000001220b4 rdi=00000000003a7c70
    rip=000007fef2704ece rsp=000000000736e940 rbp=000000000736eab0
    r8=000000000736e8f8 r9=000000000736eab0 r10=0000000000000000
    r11=0000000000000286 r12=0000000000000000 r13=0000000000000033
    r14=0000000000000033 r15=0000000000000000
    iopl=0 nv up ei pl nz na po nc
    cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
    EMET64!EMETSendCert+0x2442:
    000007fe`f2704ece 48832300 and qword ptr [rbx],0 ds:00000000`00120800=0000000004a90000
    FAULTING_THREAD: 0000000000000b74
    PROCESS_NAME: Explorer.EXE
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_PARAMETER1: 0000000000000001
    EXCEPTION_PARAMETER2: 0000000000120800
    WRITE_ADDRESS: 0000000000120800
    FOLLOWUP_IP:
    EMET64!EMETSendCert+2442
    000007fe`f2704ece 48832300 and qword ptr [rbx],0
    NTGLOBALFLAG: 400
    APPLICATION_VERIFIER_FLAGS: 0
    APP: explorer.exe
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE_EXPLOITABLE
    PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE_EXPLOITABLE
    DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE_EXPLOITABLE
    LAST_CONTROL_TRANSFER: from 000007fef2705215 to 000007fef2704ece
    STACK_TEXT:
    00000000`0736e940 000007fe`f2705215 : 00000000`0736eb00 00000000`00000010 00000000`00000010 00000000`00010000 : EMET64!EMETSendCert+0x2442
    00000000`0736e9a0 000007fe`f2703871 : 00000000`00300002 00000000`aa1a1088 00000000`c00b0007 00000000`000000c9 : EMET64!EMETSendCert+0x2789
    00000000`0736ea30 000007fe`f26fa004 : 00000000`00000000 00000000`00000000 00000000`04a90000 000007ff`fff9c000 : EMET64!EMETSendCert+0xde5
    00000000`0736eae0 000007fe`fd46403e : ffffffff`ffffffff 00000000`04a90000 00000000`00000001 00000000`02dd7790 : EMET64!GetHookAPIs+0x4c0
    00000000`0736ebf0 00000000`770e2edf : 00000000`04a90002 00000000`00000000 00000000`00000022 00000000`0736ecfa : KERNELBASE!FreeLibrary+0xa4
    00000000`0736ec20 000007fe`fea17414 : 00000000`08c808c8 00000000`04c1fbf0 00000000`02080052 00000000`0736f4a0 : USER32!PrivateExtractIconsW+0x34b
    00000000`0736f140 000007fe`fea233a9 : 00000000`00331dec 00000000`00000000 00000000`00000000 00000000`00000000 : SHELL32!SHPrivateExtractIcons+0x393
    00000000`0736f410 000007fe`fe8d2a8c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SHELL32!SHDefExtractIconW+0x157
    00000000`0736f700 000007fe`fe8d28a8 : 00000000`003e3d60 000007fe`fd4d44e7 00000000`0641c4d0 00000000`003e3d60 : SHELL32!CIconCache::ExtractIconW+0x1d8
    00000000`0736f7a0 000007fe`fbb19570 : 00000000`003e3d60 00000000`00000001 00000000`003e3d60 00000000`000000d8 : SHELL32!CSparseCallback::ForceImagePresent+0x48
    00000000`0736f810 000007fe`fbb1968e : 00000000`0736f900 000007fe`fbb1d7de 00000000`003e3d60 00000000`00000001 : comctl32!CSparseImageList::_Callback_ForceImagePresent+0x74
    00000000`0736f860 000007fe`fbb1b14f : 00000000`00000001 00000000`00000000 00000000`000000d8 00000000`06402c30 : comctl32!CSparseImageList::_Virt2Real+0xc6
    00000000`0736f890 000007fe`fe9db1cc : 00000000`064059b0 00000000`04e031a0 00000000`064059b0 00000000`0643b6c0 : comctl32!CSparseImageList::ForceImagePresent+0x57
    00000000`0736f8d0 000007fe`fe8dc54c : 00000000`0641e660 00000000`06402c30 00000000`00000000 00000000`00000000 : SHELL32!CLoadSystemIconTask::InternalResumeRT+0x164
    00000000`0736f960 000007fe`fe90efcb : 80000000`01000000 00000000`0736f9f0 00000000`0641e660 00000000`0000000a : SHELL32!CRunnableTask::Run+0xda
    00000000`0736f990 000007fe`fe912b56 : 00000000`0641e660 00000000`00000000 00000000`0641e660 00000000`00000002 : SHELL32!CShellTask::TT_Run+0x124
    00000000`0736f9c0 000007fe`fe912cb2 : 00000000`04f7c8f0 00000000`04f7c8f0 00000000`00000000 00000000`003e1a28 : SHELL32!CShellTaskThread::ThreadProc+0x1d2
    00000000`0736fa60 000007fe`fd4d3843 : 000007ff`fff9c000 00000000`02e9a890 00000000`02df0d70 00000000`003e1a28 : SHELL32!CShellTaskThread::s_ThreadProc+0x22
    00000000`0736fa90 00000000`773115db : 00000000`04e805e0 00000000`04e805e0 00000000`00000001 00000000`00000006 : SHLWAPI!ExecuteWorkItemThreadProc+0xf
    00000000`0736fac0 00000000`77310c56 : 00000000`00000000 00000000`04f7c910 00000000`02df0d70 00000000`02e9fef8 : ntdll!RtlpTpWorkCallback+0x16b
    00000000`0736fba0 00000000`771e59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
    00000000`0736fea0 00000000`7731c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
    00000000`0736fed0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
    STACK_COMMAND: .cxr 0x0 ; kb
    SYMBOL_STACK_INDEX: 0
    SYMBOL_NAME: emet64!EMETSendCert+2442
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: EMET64
    IMAGE_NAME: EMET64.dll
    DEBUG_FLR_IMAGE_TIMESTAMP: 53d99f01
    FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_EXPLOITABLE_c0000005_EMET64.dll!EMETSendCert
    BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_WRITE_EXPLOITABLE_emet64!EMETSendCert+2442
    ANALYSIS_SOURCE: UM
    FAILURE_ID_HASH_STRING: um:invalid_pointer_write_exploitable_c0000005_emet64.dll!emetsendcert
    FAILURE_ID_HASH: {f7d2108f-d68f-6bd5-d4b8-073af5241c2e}
    Followup: MachineOwner
    0:024> lm vm EMET64
    start end module name
    000007fe`f26d0000 000007fe`f279f000 EMET64 (export symbols) C:\Windows\AppPatch\AppPatch64\EMET64.dll
    Loaded symbol image file: C:\Windows\AppPatch\AppPatch64\EMET64.dll
    Image path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
    Image name: EMET64.dll
    Timestamp: Thu Jul 31 05:42:25 2014 (53D99F01)
    CheckSum: 000CE0A3
    ImageSize: 000CF000
    File version: 5.0.0.0
    Product version: 5.0.0.0
    File flags: 0 (Mask 0)
    File OS: 40004 NT Win32
    File type: 2.0 Dll
    File date: 00000000.00000000
    Translations: 0409.04b0
    CompanyName: Microsoft Corporation
    ProductName: Enhanced Mitigation Experience Toolkit
    ProductVersion: 5.0.0.0
    FileVersion: 5.0.0.0
    FileDescription: EMET SHIM
    LegalCopyright: © Microsoft Corporation. All rights reserved.
    0:024> lm vm explorer
    start end module name
    00000000`ff220000 00000000`ff4e0000 Explorer (pdb symbols) x:\symbols\explorer.pdb\A1D0A380BD3C489DB80F0E8273C9719A2\explorer.pdb
    Loaded symbol image file: C:\Windows\Explorer.EXE
    Image path: C:\Windows\Explorer.EXE
    Image name: Explorer.EXE
    Timestamp: Fri Feb 25 08:24:04 2011 (4D672EE4)
    CheckSum: 002C8AF6
    ImageSize: 002C0000
    File version: 6.1.7601.17567
    Product version: 6.1.7601.17567
    File flags: 0 (Mask 3F)
    File OS: 40004 NT Win32
    File type: 1.0 App
    File date: 00000000.00000000
    Translations: 0409.04b0
    CompanyName: Microsoft Corporation
    ProductName: Microsoft® Windows® Operating System
    InternalName: explorer
    OriginalFilename: EXPLORER.EXE
    ProductVersion: 6.1.7601.17567
    FileVersion: 6.1.7601.17567 (win7sp1_gdr.110224-1502)
    FileDescription: Windows Explorer
    LegalCopyright: © Microsoft Corporation. All rights reserved.
    0:024> vertarget
    Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    kernel32.dll version: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
    Debug session time: Tue Sep 2 14:36:19.923 2014 (UTC + 4:00)
    System Uptime: 0 days 0:15:08.322
    Process Uptime: 0 days 0:13:53.826
    Kernel time: 0 days 0:00:03.385
    User time: 0 days 0:00:04.290

    Again:
    FAULTING_IP:
    EMET64!EMETSendCert+2442
    000007fe`f3604ece 48832300 and qword ptr [rbx],0
    EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 000007fef3604ece (EMET64!EMETSendCert+0x0000000000002442)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 0000000000000001
    Parameter[1]: 0000000000120800
    Attempt to write to address 0000000000120800
    CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
    rax=0000000000427c70 rbx=0000000000120800 rcx=0000000000000021
    rdx=0000000064efbd5f rsi=00000000001220b4 rdi=0000000000427c70
    rip=000007fef3604ece rsp=000000000723ced0 rbp=000000000723d040
    r8=000000000723ce88 r9=000000000723d040 r10=0000000000000000
    r11=0000000000000286 r12=0000000000000000 r13=0000000000000033
    r14=0000000000000033 r15=0000000000000000
    iopl=0 nv up ei pl nz na po nc
    cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
    EMET64!EMETSendCert+0x2442:
    000007fe`f3604ece 48832300 and qword ptr [rbx],0 ds:00000000`00120800=0000000003d60000
    DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE
    PROCESS_NAME: explorer.exe
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_PARAMETER1: 0000000000000001
    EXCEPTION_PARAMETER2: 0000000000120800
    WRITE_ADDRESS: 0000000000120800
    FOLLOWUP_IP:
    EMET64!EMETSendCert+2442
    000007fe`f3604ece 48832300 and qword ptr [rbx],0
    NTGLOBALFLAG: 400
    APPLICATION_VERIFIER_FLAGS: 0
    APP: explorer.exe
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    FAULTING_THREAD: 00000000000003b8
    PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE
    BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE
    LAST_CONTROL_TRANSFER: from 000007fef3605215 to 000007fef3604ece
    STACK_TEXT:
    00000000`0723ced0 000007fe`f3605215 : 00000000`0723d090 00000000`77b0f6b8 00000000`03d600e0 00000000`0723cfd8 : EMET64!EMETSendCert+0x2442
    00000000`0723cf30 000007fe`f3603871 : 00000000`00300002 00000000`64efbd5f 00000000`c000008a 00000000`00000000 : EMET64!EMETSendCert+0x2789
    00000000`0723cfc0 000007fe`f35fa004 : 00000000`00000000 00000000`00000000 00000000`03d60000 000007ff`fff9a000 : EMET64!EMETSendCert+0xde5
    00000000`0723d070 000007fe`fd9b403e : ffffffff`ffffffff 00000000`03d60000 00000000`00000005 00000000`02cf7790 : EMET64!GetHookAPIs+0x4c0
    00000000`0723d180 00000000`778c2edf : 00000000`03d60002 00000000`00000000 00000000`00000022 00000000`0723d28c : KERNELBASE!FreeLibrary+0xa4
    00000000`0723d1b0 000007fe`fe79aab3 : 00000000`08c808c8 00000000`0bee0320 00000000`02080050 00000000`0723da30 : user32!PrivateExtractIconsW+0x34b
    00000000`0723d6d0 000007fe`fe79ac28 : 00000000`0723d9f0 00000000`00000040 00000000`0ba595d0 00000000`0723df54 : shell32!SHPrivateExtractIcons+0x50a
    00000000`0723d9a0 000007fe`fe8ce4ca : 00000000`00000004 00000000`00000000 00000000`0bca5110 000007fe`fe7a8186 : shell32!SHDefExtractIconW+0x254
    00000000`0723dc90 000007fe`fe7a3435 : 00000000`00000282 000007fe`fe8cc874 00000000`0bc26c20 00000000`0bc26c20 : shell32!CFSFolderExtractIcon::_ExtractW+0x37
    00000000`0723dcd0 000007fe`fe8cd7db : 00000000`0723df50 00000000`0bca5110 00000000`03d96178 00000000`0723df60 : shell32!CExtractIconBase::Extract+0x21
    00000000`0723dd10 000007fe`fe7a36cd : 00000000`00000000 00000000`0723f2d0 00000000`ffffffff 0000c769`4dc5ef38 : shell32!CShellLink::Extract+0xc2
    00000000`0723dea0 000007fe`fe8cd529 : 00000000`0000020a 000007fe`fe7a8186 00000000`ffffffff 00000000`ffffffff : shell32!CIconAndThumbnailOplockWrapper::Extract+0x21
    00000000`0723dee0 000007fe`fe8cd2da : 00000000`ffffffff 00000000`0723e3f0 00000000`8000000a 00000000`00000000 : shell32!IExtractIcon_Extract+0x43
    00000000`0723df20 000007fe`fe79fff0 : 00000000`00000202 00000000`08d4099e 00000000`00000000 00000000`08d4099e : shell32!_GetILIndexGivenPXIcon+0x22e
    00000000`0723e3c0 000007fe`fe863307 : 00000000`00000000 00000000`00000001 00000000`0723f2d0 00000000`00000002 : shell32!_GetILIndexFromItem+0x87
    00000000`0723e460 000007fe`fe7cfaaf : 00000000`00000000 00000000`0ba59600 00000000`00000000 00000000`778c62e0 : shell32!CFSFolder::GetIconOf+0x41d
    00000000`0723f200 000007fe`fe7a29df : 00000000`00000000 00000000`08d4099e 00000000`0ba59600 0000c769`4dc5c358 : shell32!SHGetIconIndexFromPIDL+0x3f
    00000000`0723f230 000007fe`fe7a2925 : 00000000`00464f80 00000000`0beb3120 00000000`00000000 00000000`00000000 : shell32!SHMapIDListToSystemImageListIndex+0x87
    00000000`0723f2a0 000007fe`fe79c54c : 00000000`08734ee0 00000000`02d93890 00000000`00000000 000007fe`fe7cf07c : shell32!CGetIconTask::InternalResumeRT+0x7d
    00000000`0723f300 000007fe`fe7cefcb : 80000000`01000000 00000000`0723f390 00000000`08734ee0 00000000`0000000c : shell32!CRunnableTask::Run+0xda
    00000000`0723f330 000007fe`fe7d2b56 : 00000000`08734ee0 00000000`00000000 00000000`08734ee0 00000000`00000002 : shell32!CShellTask::TT_Run+0x124
    00000000`0723f360 000007fe`fe7d2cb2 : 00000000`0894dd20 00000000`0894dd20 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::ThreadProc+0x1d2
    00000000`0723f400 000007fe`fdd93843 : 000007ff`fff9a000 00000000`02db51e0 00000000`02d10d70 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x22
    00000000`0723f430 00000000`77af15db : 00000000`0b755110 00000000`0b755110 00000000`00000000 00000000`00000003 : shlwapi!ExecuteWorkItemThreadProc+0xf
    00000000`0723f460 00000000`77af0c56 : 00000000`00000000 00000000`0894dd60 00000000`02d10d70 00000000`08b8f7b8 : ntdll!RtlpTpWorkCallback+0x16b
    00000000`0723f540 00000000`779c59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
    00000000`0723f840 00000000`77afc541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
    00000000`0723f870 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
    SYMBOL_STACK_INDEX: 0
    SYMBOL_NAME: emet64!EMETSendCert+2442
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: EMET64
    IMAGE_NAME: EMET64.dll
    DEBUG_FLR_IMAGE_TIMESTAMP: 53d99f01
    STACK_COMMAND: ~27s; .ecxr ; kb
    FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_c0000005_EMET64.dll!EMETSendCert
    BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_WRITE_emet64!EMETSendCert+2442
    ANALYSIS_SOURCE: UM
    FAILURE_ID_HASH_STRING: um:invalid_pointer_write_c0000005_emet64.dll!emetsendcert
    FAILURE_ID_HASH: {6fa53035-3ddf-2da0-e167-d0eae56d2591}
    Followup: MachineOwner
    I can provide the user mini dump with full memory (or any other assistance in testing this issue)

  • Event ID 1000, Explorer.exe, Crashes

    Explorer.exe crashes from time to time. The crash seems random, but I think it happens when I open explorer or the control panel. It happens intermittently, so it's hard to tell. I get two different event ID 1000 in the logs. One error indicates the
    faulting module as ntdll.dll and the other as DUI70.dll. Here's a link to the dump files:
    http://1drv.ms/1yScTvQ I don't know how to analyze the dump files. Please help me, thank you! System Information:
    http://1drv.ms/15puFOb
    "Log Name:      Application
    Source:        Application Error
    Date:          11/22/2014 2:53:40 PM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      COMPUTER
    Description:
    Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
    Exception code: 0xc0000005
    Fault offset: 0x0000000000001098
    Faulting process id: 0x6d4
    Faulting application start time: 0x01d0069509c3cb8f
    Faulting application path: C:\Windows\Explorer.EXE
    Faulting module path: C:\Windows\system32\DUI70.dll
    Report Id: a3068706-7289-11e4-bfb8-6c626d45a41"
    "Log Name:      Application
    Source:        Application Error
    Date:          11/25/2014 7:54:57 AM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      COMPUTER
    Description:
    Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0x70c
    Faulting application start time: 0x01d008b520e84613
    Faulting application path: C:\Windows\Explorer.EXE
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: a38d81ec-74aa-11e4-9900-6c626d45a415"

    Another crash . . .this time I believe it was the Windows DirectUser Engine(duser.dll). Now, I'm not sure how to troubleshoot this further. Here is the last crash dump:
    FAULTING_IP:
    +1
    00000000`00000000 ??              ???
    EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 0000000000000000
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000008
       Parameter[1]: 0000000000000000
    Attempt to execute non-executable address 0000000000000000
    CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
    rax=00000000c0000001 rbx=00000000059bd350 rcx=00000000044a0000
    rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000002
    rip=0000000077b4186a rsp=00000000059bd218 rbp=0000000000000002
     r8=00000000059bc938  r9=00000000059bcaa0 r10=0000000000000000
    r11=0000000000000246 r12=0000000000000000 r13=00000000059bd2c0
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
    ntdll!NtWaitForMultipleObjects+0xa:
    00000000`77b4186a c3              ret
    PROCESS_NAME:  explorer.exe
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_PARAMETER1:  0000000000000008
    EXCEPTION_PARAMETER2:  0000000000000000
    WRITE_ADDRESS:  0000000000000000
    FOLLOWUP_IP:
    duser!GPCB::xwInvokeDirect+67
    000007fe`fbc81df7 448be8          mov     r13d,eax
    FAILED_INSTRUCTION_ADDRESS:
    +67
    00000000`00000000 ??              ???
    NTGLOBALFLAG:  0
    APPLICATION_VERIFIER_FLAGS:  0
    APP:  explorer.exe
    ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
    FAULTING_THREAD:  00000000000012c8
    BUGCHECK_STR:  APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL
    PRIMARY_PROBLEM_CLASS:  SOFTWARE_NX_FAULT_NULL
    DEFAULT_BUCKET_ID:  SOFTWARE_NX_FAULT_NULL
    LAST_CONTROL_TRANSFER:  from 000007fefbc81df7 to 0000000000000000
    STACK_TEXT: 
    00000000`059be398 000007fe`fbc81df7 : 00000000`06b84db0 00000000`00000000 00000000`00040001 00000bee`b6e64c36 : 0x0
    00000000`059be3a0 000007fe`fbc88c02 : 00000000`059be518 00000000`06cb6da0 00000000`059be4a0 00000000`059be410 : duser!GPCB::xwInvokeDirect+0x67
    00000000`059be450 000007fe`fbc88d56 : 00000000`06b84c70 00000000`059be9c8 000001b1`000000f3 00000000`00000000 : duser!DuVisual::xrDrawCore+0x1b1
    00000000`059be4f0 000007fe`fbc88dab : 000001b1`000000f3 00000000`06b84c70 000001b1`000000f3 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x107
    00000000`059be550 000007fe`fbc88dab : 000001b1`000000f3 00000000`06b84e50 0000019e`00000072 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be5b0 000007fe`fbc88dab : 0000019e`00000072 00000000`06b858f0 00000189`0000004e 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be610 000007fe`fbc88dab : 00000189`0000004e 00000000`06b85cb0 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be670 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8cb30 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be6d0 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8c8b0 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be730 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8c770 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be790 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8b790 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be7f0 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8b830 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be850 000007fe`fbc88dab : 00000000`0000003f 00000000`06b90190 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be8b0 000007fe`fbc88c5d : 00000000`0000003f 00000000`00000000 00000000`00000000 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
    00000000`059be910 000007fe`fbc89703 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : duser!DuVisual::xrDrawFull+0x929
    00000000`059beac0 000007fe`fbc890d0 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : duser!DuVisual::xrDrawFull+0x97d
    00000000`059bec70 000007fe`fbc88ff7 : 00000000`00000000 00000000`2a010c48 00000000`00000000 00000000`00000000 : duser!DuVisual::xrDrawStart+0x58
    00000000`059beca0 000007fe`fbc88aa7 : 00000000`00000001 00000000`06befa60 00000000`2a010c48 00000000`00000009 : duser!DuRootGadget::xrDrawTree+0x51c
    00000000`059bee80 000007fe`fbc81859 : 00000000`00000000 00000000`00000000 000004b0`00000000 00000000`00000000 : duser!HWndContainer::xdHandleMessage+0x2b4
    00000000`059bf180 00000000`77a08971 : 00000000`00000000 00000000`03d430e0 00000000`00000001 00000000`059bf238 : duser!ExtraInfoWndProc+0x8b
    00000000`059bf1e0 00000000`77a072cb : 00000000`00000000 000007fe`fbc817e4 00000000`00000000 00000000`00000000 : user32!UserCallWinProcCheckWow+0x163
    00000000`059bf2a0 00000000`77a06829 : 00000000`00000000 00000000`77a0919b 00000000`00000000 00000000`00000001 : user32!DispatchClientMessage+0xc3
    00000000`059bf300 00000000`77b411f5 : 00000000`0000000f 00000000`00000000 00000000`00000000 000001e9`000bab7a : user32!_fnDWORD+0x2d
    00000000`059bf360 00000000`77a06e5a : 00000000`77a06e6c 000007fe`f85eb550 00000000`77a0791a 00000000`03d43004 : ntdll!KiUserCallbackDispatcherContinue
    00000000`059bf3e8 00000000`77a06e6c : 000007fe`f85eb550 00000000`77a0791a 00000000`03d43004 00000000`03d430e0 : user32!NtUserDispatchMessage+0xa
    00000000`059bf3f0 000007fe`f84b04b0 : 00000000`03d43004 00000000`03d43004 000007fe`fbc817e4 00000000`00000000 : user32!DispatchMessageWorker+0x55b
    00000000`059bf470 000007fe`f84b4925 : 00000000`03d430e0 00000000`00000002 00000000`00000000 00000000`00000000 : EXPLORERFRAME!CExplorerFrame::FrameMessagePump+0x436
    00000000`059bf4f0 000007fe`f84b509b : 00000000`03d430e0 00000000`03cc8540 00000000`00000000 00000000`00000000 : EXPLORERFRAME!BrowserThreadProc+0x180
    00000000`059bf570 000007fe`f84b5032 : 100ba44a`00000001 00000000`03c97cd0 00000000`7fffffff 000007fe`fd8f2d40 : EXPLORERFRAME!BrowserNewThreadProc+0x53
    00000000`059bf5a0 000007fe`f84abe50 : 00000000`03c97bb0 00000000`03c9ffa0 00000000`00000000 000007fe`fe0bf07c : EXPLORERFRAME!CExplorerTask::InternalResumeRT+0x12
    00000000`059bf5d0 000007fe`fe0befcb : 80000000`01000000 00000000`059bf660 00000000`03c97bb0 00000000`0000000a : EXPLORERFRAME!CRunnableTask::Run+0xda
    00000000`059bf600 000007fe`fe0c2b56 : 00000000`03c97bb0 00000000`00000000 00000000`03c97bb0 00000000`00000002 : shell32!CShellTask::TT_Run+0x124
    00000000`059bf630 000007fe`fe0c2cb2 : 00000000`03d6ec20 00000000`03d6ec20 00000000`00000000 00000000`00000010 : shell32!CShellTaskThread::ThreadProc+0x1d2
    00000000`059bf6d0 000007fe`fedbc71e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x22
    00000000`059bf700 00000000`778e59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shlwapi!WrapperThreadProc+0x19b
    00000000`059bf800 00000000`77b1c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
    00000000`059bf830 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
    SYMBOL_STACK_INDEX:  1
    SYMBOL_NAME:  duser!GPCB::xwInvokeDirect+67
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: duser
    IMAGE_NAME:  duser.dll
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bdf26
    STACK_COMMAND:  ~31s; .ecxr ; kb
    FAILURE_BUCKET_ID:  SOFTWARE_NX_FAULT_NULL_c0000005_duser.dll!GPCB::xwInvokeDirect
    BUCKET_ID:  X64_APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL_NULL_IP_duser!GPCB::xwInvokeDirect+67
    ANALYSIS_SOURCE:  UM
    FAILURE_ID_HASH_STRING:  um:software_nx_fault_null_c0000005_duser.dll!gpcb::xwinvokedirect
    FAILURE_ID_HASH:  {bc29cea9-f7e5-ba9f-c14c-7ccc77c4be36}
    Followup: MachineOwner

  • App crash: explorer.exe faulting module: fundisc

    Hello.
    I've been having issues with 4 computers now. All of them Windows 7 Professional 32 bits.
    The error they're having is the same on each PC: explorer.exe fails and restarts after clicking Ok to the dialog.
    Level: Error
    Source: Application Error
    Event ID: 1000
    Faulting application: explorer.exe, version: 6.1.7601.175xx, time stamp: <changes>
    faulting module: unknown, version: 0.0.0.0, time stamp: 0x00000000
    exception code : 0xc0000005
    fault offset: <changes>
    process id: <changes>
    application start time: <changes>
    The oldest issue is november 6th (there's not a single instance of the error before that date); since then the issue is happening at least once a day but more like 5-10 times a day.
    I ran Windbg and for almost all errors it point to fundisc.dll as the culprit.
    This is one of the dumps:
    Loading Dump File [C:\Users\<user>\Desktop\<other_user>\explorer.exe.680.dmp]
    User Mini Dump File: Only registers, stack and portions of memory are available
    Symbol search path is: srv*;D:\WinDbg\Symbols\Win7AMD64;D:\WinDbg\Symbols\Win7x86;D:\WinDbg\Symbols\XPSP3
    Executable search path is: D:\WinDbg\Image\XPSP3
    Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: SingleUserTS
    Machine Name:
    Debug session time: Tue Nov 20 09:43:21.000 2012 (UTC - 6:00)
    System Uptime: not available
    Process Uptime: 0 days 0:06:02.000
    Loading unloaded module list
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (2a8.884): Access violation - code c0000005 (first/second chance not available)
    eax=00000000 ebx=0472f040 ecx=00000400 edx=00000000 esi=00000002 edi=00000000
    eip=77c57094 esp=0472eff0 ebp=0472f08c iopl=0 nv up ei pl zr na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
    ntdll!KiFastSystemCallRet:
    77c57094 c3 ret
    0:012> !analyze -v
    * Exception Analysis *
    Unable to load image C:\Windows\System32\ieframe.dll, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ieframe.dll
    FAULTING_IP:
    +0
    0472f64c fc cld
    EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 0472f64c
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 00000008
    Parameter[1]: 0472f64c
    Attempt to execute non-executable address 0472f64c
    DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT
    PROCESS_NAME: explorer.exe
    ERROR_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.
    EXCEPTION_PARAMETER1: 00000008
    EXCEPTION_PARAMETER2: 0472f64c
    WRITE_ADDRESS: 0472f64c
    FOLLOWUP_IP:
    fundisc!CNotificationQueue::ThreadProc+31b
    728963ee bfc0808a72 mov edi,offset fundisc!WPP_GLOBAL_Control (728a80c0)
    FAILED_INSTRUCTION_ADDRESS:
    +31b
    0472f64c fc cld
    NTGLOBALFLAG: 0
    APPLICATION_VERIFIER_FLAGS: 0
    APP: explorer.exe
    LAST_CONTROL_TRANSFER: from 76aa5d3f to 0472f64c
    FAULTING_THREAD: 00000884
    PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT
    BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT
    IP_ON_STACK:
    +31b
    0472f64c fc cld
    STACK_TEXT:
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0472f64c 76aa5d3f 00000008 03207428 fffffffe 0x472f64c
    0472f7fc 76ad8f82 2246d5ac 03207428 00000000 ole32!COIDTable::ThreadCleanup+0xcb
    0472f840 76ad8ec3 00000000 0472f890 76bd7724 ole32!FinishShutdown+0x9d
    0472f860 76acbac3 00000000 728945f0 03207428 ole32!ApartmentUninitialize+0x96
    0472f878 76ad88e8 0472f890 00000000 728a810c ole32!wCoUninitialize+0x153
    0472f894 728963ee 00000000 00000000 0015c9d0 ole32!CoUninitialize+0x72
    0472f8b0 77aded6c 0015c9d0 0472f8fc 77c7377b fundisc!CNotificationQueue::ThreadProc+0x31b
    0472f8bc 77c7377b 0015c9d0 73c46ab8 00000000 kernel32!BaseThreadInitThunk+0xe
    0472f8fc 77c7374e 72895224 0015c9d0 00000000 ntdll!__RtlUserThreadStart+0x70
    0472f914 00000000 72895224 0015c9d0 00000000 ntdll!_RtlUserThreadStart+0x1b
    STACK_COMMAND: .ecxr ; kb ; ~12s; .ecxr ; kb
    SYMBOL_STACK_INDEX: 6
    SYMBOL_NAME: fundisc!CNotificationQueue::ThreadProc+31b
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: fundisc
    IMAGE_NAME: fundisc.dll
    DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd9ff
    FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000005_fundisc.dll!CNotificationQueue::ThreadProc
    BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_IP_fundisc!CNotificationQueue::ThreadProc+31b
    WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/explorer_exe/6_1_7601_17567/4d6727a7/unknown/0_0_0_0/bbbbbbb4/c0000005/0472f64c.htm?Retriage=1
    Followup: MachineOwner
    There's another similar error but points to "NetworkItemFactory" module instead of "fundisc", but i'm not sure they're related yet.
    I already:
    Ran viruschecks and spywarescans and the computers are clean.
    clean booted and the issue persists.
    sfc'd and no files were corrupt.
    They all are HP Compaq 8000 series; besides that, the only other thing i can think of that could be common between those particular machines is that not all of them may had been wiped out when bought and the problems came from the bloatware and some update.
    The only updates they had installed were security and critical updates via WSUS.
    I'm starting to worry and i'm out of ideas.
    Any help will be appreciated.
    "When something is not working as it is supposed to, then it is working as expected" -R

    Hi,
    Event ID: 1000; Source: Application Error; please refer to:
    http://www.eventid.net/display-eventid-1000-source-Application%20Error-eventno-1475-phase-1.htm
    I would recommend you try
    some general steps about troubleshooting explorer.exe crash Issues.
    Bug Check 0xC5,  please refer to:
    http://msdn.microsoft.com/en-us/library/windows/hardware/ff560192(v=vs.85).aspx
    Hope this helps.
    Regards.
    Spencer
    TechNet Community Support

  • WDContextMenuHandler.dll crashes Explorer.exe

    After updating to the latest WDSmartware on my laptop running Windows 7 x64  the Explorer.exe process crashes once in a while with the following error in the event log. Any suggestions as how I can fix this? Error: (03/30/2015 08:51:38 AM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: WDContextMenuHandler.dll, version: 2.0.0.3, time stamp: 0x54dd49f6
    Exception code: 0xc0000005
    Fault offset: 0x000000000001f786
    Faulting process id: 0x15c0
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Hi... I have run into the same problem today... and I've found a solution... kind of. I hope it's not too late for my answer. 1) download ShellExView from here: http://www.nirsoft.net/utils/shexview.html#DownloadLinks 2) disable the two items highlighted in the image:  The context menu problem will be solved... for a little benefit of (probably) not having those shortcuts for WD utilities in the context right-click menu, but I guess you can still use them elsehow. Hope this helped you. I've found the solution myself and it worked for me.

Maybe you are looking for

  • Is there a way to import video/audio clips from Logitech webcam?

    I just purchased a used Logitech Quickcam Vision Pro for Mac. A Logitech driver is apparently not required. I connected it to a USB port on my mini. I couldn't find any way of downloading Photo Booth so I downloaded Funny Photographer (http://homepag

  • While installing HANA studio , i am getting Error

    Hi Experts, While installing HANA studio, i am getting Error " Java installation not found" . I have already installed latest JDK, JRE from  www.java.com and also set path PATH. I am on Windows 7 , 64 bit. Any one have idea how to over come this Erro

  • Trouble connecting my new ipod

    Hello, I was extremely anxious to get my new ipod (30gb with photo and video), but I keep getting error messages from windows saying that the USB cord is not recognized by windows. Since it is not recognized, ipod updater does not recognize that ther

  • Search help: Internal Error.

    Hi, I am getting information message : 'Search help: Internal Error' after incorporating code in RETURN event. My aim was to populate the value from Hit list to Value with restriction field and then by removing some search select criteria, again disp

  • Primary_key_deletion?

    Hi Can we delete a primary key from a table? I know its not viable and feasible, but can we do that? If yes, how? Thanks