Explorer.exe, version: 6.3.9600.17667
Hi
i have windows server 2012 r2 standart
and i'm having this problem:
Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2268
Faulting application start time: 0x01d080d29353dde6
Faulting application path: C:\Windows\explorer.exe
Faulting module path: unknown
Report Id: e3d4721c-ecc8-11e4-80df-a0481cd69169
Faulting package full name:
Faulting package-relative application ID:
i cannot open any management tools: Task Manager, GPedit, Computer Management and more
each time im trying to open something its crushing, i also tried to install Excel 2013 and it crushed
after im restarting the server it seems to be fixed by it self but the problem comes back during the day
Please advise with this problem
Thanks
Hi
Since this is forum for Windows 8.1, suggestions we provide might not agreeable for Windows server system in many cases, if your need further information, I’d suggest that we post at Windows Server forum. There you can get more effective suggestion by other
experts who familiar with design of Windows Server System. Your understanding is highly appreciated.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver
Typically this error is because of a race condition in the Explorer.exe process, normally caused by system corruption or offending software.
Some antivirus applications and some print applications use notification balloons to display messages. These applications may cause a race condition. Therefore, the Explorer.exe process crashes. So we could check this issue under clean boot or safe mode
in Windows 8.1. If issue persists under clean boot, we could try to disable all antivirus and turn off Aero Theme (using basic theme) for good measure.
Keep your system and device driver up to date.
Fix Windows corruption errors by using the DISM or System Update Readiness tool
https://support.microsoft.com/en-us/kb/947821
Regards,
D. Wu
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
Faulting application name: Explorer.EXE, version: 6.3.9600.16441, time stamp: 0x5265dec8
Faulting module name: verifier.dll, version: 6.3.9600.16384, time stamp: 0x5215f8f7
Exception code: 0x80000003
Fault offset: 0x000000000000abd4
Faulting process id: 0x13fc
Faulting application start time: 0x01cf2a60ac1727ab
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\verifier.dll
Report Id: d489ba61-9655-11e3-bf26-f82fa8e6dde2
Faulting package full name:
Faulting package-relative application ID:Hi,
Try to run sfc /scannow command to repair the corrupted system file:
Use the System File Checker tool to repair missing or corrupted system files
http://support.microsoft.com/kb/929833
Also we could a easier way system restore to roll back to a time when everything works fine:
How to refresh, reset, or restore your PC
http://windows.microsoft.com/en-IN/windows-8/restore-refresh-reset-pc
Karen Hu
TechNet Community Support -
Hi, I'm running Windows 8.1 Pro, and having problems where explorer will crash every couple of hours.
here's the event viewer log info:
Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2dfc
Faulting application start time: 0x01cf7e970bd1516c
Faulting application path: C:\windows\explorer.exe
Faulting module path: unknown
Report Id: a2e8b887-ea95-11e3-8265-0050b66098e2
Faulting package full name:
Faulting package-relative application ID:
I opened up the dump file, and i'm having a hard time making out what the issue might be. Any assistance would be appreciated. Thank you!
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Built by: 6.3.9600.17031 (winblue_gdr.140221-1952)
Machine Name:
Debug session time: Mon Jun 2 12:15:42.000 2014 (UTC - 7:00)
System Uptime: not available
Process Uptime: 0 days 0:07:27.000
Loading unloaded module list
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(2230.9d4): Access violation - code c0000005 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00007ffc`20b2b13a c3 ret
0:054> !analyze -v
* Exception Analysis *
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sppc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for dlumd11.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ClassicStartMenuDLL.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ClassicExplorer64.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for GROOVEEX.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msvcr90.dll -
FAULTING_IP:
+50951de2c52b
00000000`00000000 ?? ???
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000066e0000 rbx=0000000000000003 rcx=00000000066e0000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000003
rip=00007ffc20b2b13a rsp=000000000980d428 rbp=000000000980dee0
r8=0000000000001000 r9=0000000000000000 r10=0000000000000040
r11=0000000000000286 r12=0000000000000010 r13=000000000980d840
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0xa:
00007ffc`20b2b13a c3 ret
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000000000000
WRITE_ADDRESS: 0000000000000000
FOLLOWUP_IP:
propsys!PSPropertyBag_WriteInt+3c
00007ffc`19a2945c 488b4c2438 mov rcx,qword ptr [rsp+38h]
FAILED_INSTRUCTION_ADDRESS:
+3c
00000000`00000000 ?? ???
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
FAULTING_THREAD: 00000000000009d4
BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_NULL
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_NULL
LAST_CONTROL_TRANSFER: from 00007ffc19a2945c to 0000000000000000
STACK_TEXT:
00000000`0980ed68 00007ffc`19a2945c : 00000000`1edc55b0 00000000`1edc55b0 00000000`00000000 00007ffc`1c581762 : 0x0
00000000`0980ed70 00007ffc`08848361 : 00000000`183c3ad0 00000000`1edc55b0 00000000`1edc55b0 00000000`00000000 : propsys!PSPropertyBag_WriteInt+0x3c
00000000`0980edc0 00007ffc`088482c4 : 00000000`00000000 00000000`00000425 00007ffc`16461240 00000000`00000425 : explorerframe!CShellBrowser::_OnFrameStateChanged+0x81
00000000`0980ee10 00007ffc`087ef021 : 00000000`00000001 00000000`00000425 00000000`00000425 00000000`00000033 : explorerframe!CShellBrowser::WndProcBS+0x8aa
00000000`0980f0b0 00007ffc`1ff62434 : 00000000`00000001 00000000`0980f360 00000000`00000000 00000002`00000030 : explorerframe!IEFrameWndProc+0x7d
00000000`0980f100 00007ffc`1ff63fe2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : user32!UserCallWinProcCheckWow+0x140
00000000`0980f1c0 00007ffc`1ff6409d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : user32!DispatchClientMessage+0xa2
00000000`0980f220 00007ffc`20b2c99f : 00000000`18215570 00007ffc`087ffd50 00000000`18215570 00000000`0980f310 : user32!_fnDWORD+0x2d
00000000`0980f280 00007ffc`1ff61fea : 00007ffc`1ff6341d 00000000`00000064 00000000`00000000 00000000`0980f3a0 : ntdll!KiUserCallbackDispatcherContinue
00000000`0980f308 00007ffc`1ff6341d : 00000000`00000064 00000000`00000000 00000000`0980f3a0 00007ffc`087f0dab : user32!NtUserMessageCall+0xa
00000000`0980f310 00007ffc`1ff65191 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00abecc0 : user32!SendMessageWorker+0x118
00000000`0980f3a0 00007ffc`087f736c : 00000000`183111e0 00000000`17e90f80 00000000`00020732 00000000`00000000 : user32!SendMessageW+0x105
00000000`0980f400 00007ffc`088479bb : 00000000`0000000c 00000000`183111e0 00000000`00000000 00000000`00000000 : explorerframe!CBrowserHost::ForwardMessageToBrowser+0x1c
00000000`0980f430 00007ffc`088484e1 : 00000000`17e90ef8 00000000`00020732 00000000`00000000 00000000`17e90f80 : explorerframe!CExplorerFrame::OnBrowserCreated+0xcb
00000000`0980f480 00007ffc`08847dcb : 00000000`203caba8 00000000`1edc55b0 00000000`17e90ee0 00000000`16237630 : explorerframe!CBrowserHost::OnBrowserCreated+0xb5
00000000`0980f4c0 00007ffc`08843133 : 00000000`16237630 00000000`16237630 00000000`16237630 00000000`1edc55b0 : explorerframe!CShellBrowser::AfterWindowCreated+0xc7
00000000`0980f500 00007ffc`08842f80 : 00000000`16237630 00000000`0980f730 00000000`00000003 00000000`18311140 : explorerframe!CBrowserHost::Initialize+0xef
00000000`0980f530 00007ffc`087f9bc0 : 00000000`18311140 00000000`00200000 00000000`0980f730 00000000`00000003 : explorerframe!CExplorerFrame::Initialize+0x3c
00000000`0980f560 00007ffc`087fb3b6 : 00000000`18311140 00000000`16237630 00000000`00200000 00007ffc`1e102d9d : explorerframe!BrowserThreadProc+0x50
00000000`0980f5a0 00007ffc`087fb366 : 18bc0f9b`000047ae 00000000`15ff61e0 00000000`00000000 00007ffc`1ff62f2f : explorerframe!BrowserNewThreadProc+0x3a
00000000`0980f5d0 00007ffc`087f8549 : 00000000`00002230 00000000`000009d4 00000000`0000000f 00000000`0000000b : explorerframe!CExplorerTask::InternalResumeRT+0x12
00000000`0980f600 00007ffc`1ebde4fc : 00000000`00000000 00000000`00000000 ffffffff`fffffffe 00000000`00200000 : explorerframe!CRunnableTask::Run+0xc9
00000000`0980f630 00007ffc`1ebde6df : 00000000`10605f50 00000000`10605f50 00000000`00000000 00000000`00000010 : shell32!CShellTaskThread::ThreadProc+0x284
00000000`0980f780 00007ffc`1c588023 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x2f
00000000`0980f7b0 00007ffc`200e16ad : 00000000`0040e300 00000000`00000000 00000000`80004005 00000000`00000000 : SHCore!Microsoft::WRL::FtmBase::MarshalInterface+0x17b
00000000`0980f8d0 00007ffc`20b04629 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0980f900 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: propsys!PSPropertyBag_WriteInt+3c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: propsys
IMAGE_NAME: propsys.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 53511853
STACK_COMMAND: ~54s; .ecxr ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_NULL_c0000005_propsys.dll!PSPropertyBag_WriteInt
BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL_NULL_IP_propsys!PSPropertyBag_WriteInt+3c
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:software_nx_fault_null_c0000005_propsys.dll!pspropertybag_writeint
FAILURE_ID_HASH: {a6c58e48-fd4e-59a9-7e83-f1b082937554}
Followup: MachineOwnerHi,
Please upload the dump file to a public folder such as OneDrive, then paste the download link here for further analyzing.
Have you installed any third party tool which might be related with Explorer in your system? if you have, please uninstalled it as a test.
Windows Explorer crashes are mostly caused by an incompatible Shell Extension.
You can run tool ShellExView to find the culprit, in the pane sort the entries with manufacturers. Disable all non-Microsoft *.dll files, and check the result. If the issue does not occur, one of the files can be the culprit. We could narrow down it one by
one.
For download link and user guide, please see this link (ShellExView is included in it)
http://technet.microsoft.com/en-us/magazine/2009.06.toolbox.aspx
Yolanda Zhu
TechNet Community Support -
Explorer.exe crash, twinui.dll
For a couple of weeks, everytime i login into my account, explorer.exe keeps crashing and restarting.During this loop, the system is laggy and it only shows the taskbar, without the icons i put on it.
Here is the report from event viewer:
Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17324, time stamp: 0x53f822bf
Exception code: 0xc0000006
Fault offset: 0x00000000000e87c7
Faulting process id: 0xb20
Faulting application start time: 0x01d06eb0d68fe96f
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\twinui.dll
Report Id: 19f958ba-daa4-11e4-82aa-448a5bcfcd05
Faulting package full name:
Faulting package-relative application ID:
I also downloaded autoruns from sysinternals, there are some dll's, but only from winrar and poweriso, which i deactivated.I ran sfc /scannow and chkdsk /f, no changes.The system runs fine in safe mode, without any crashes.Hello Retegan Andrei (Andrew),
As this issue doesn’t exist in the safe mode, it is caused by driver or third-party software.
Please try to perform a clean boot in Windows.
https://support.microsoft.com/en-us/kb/929135
If this issue doesn’t occur in clean boot, it is caused by third-party drivers.
If this issue occurs in clean boot too, it is cuased by drivers, please update drivers from the manufacturer website.
Best regards,
Fangzhou CHEN
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Not sure if this is the right forum?
Getting this error (copied from Event Viewer) on a Windows 8.1 Pro client - an event ID of 1000, every time at the start of profile creation when logging in with a domain account. So explorer.exe crashes because of "twinui.appcore.dll" and profile
creation is taking a very long time (about 17 minutes).
Then after being stuck during "Almost ready" screen we are getting a Start-button that is stuck (non-clickable) (and also arrows on the metro-screen icons). Restarting explorer.exe manually helps to get a functional Start-button again.
Tried using a roaming profile and without using a roaming profile (Group Policy setting to always keep profiles local). That does not seem to matter.
Naam van toepassing met fout: Explorer.EXE, versie: 6.3.9600.17667, tijdstempel: 0x54c6f7c2
Naam van module met fout: twinui.appcore.dll, versie: 6.3.9600.17415, tijdstempel: 0x54503801
Uitzonderingscode: 0x80270233
Foutmarge: 0x000000000008cb57
Id van proces met fout: 0xf28
Starttijd van toepassing met fout: 0x01d05bf587567d80
Pad naar toepassing met fout: C:\Windows\Explorer.EXE
Pad naar module met fout: C:\Windows\System32\twinui.appcore.dll
Rapport-id: cf9c3ec8-c7e8-11e4-8262-0019bbd6f620
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Using Samba 3.6.25 with an LDAP back-end. Installed all updates for Windows 8.1 Pro client.
Thanks in advance for any advice.Pasting the crash dump analysis using WinDbg (x64):
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\LocalDumps\explorer.exe.824.dmp]
User Mini Dump File with Full Memory: Only application data is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Version 9600 MP (2 procs) Free x64
Product: WinNt, suite: SingleUserTS
Built by: 6.3.9600.17031 (winblue_gdr.140221-1952)
Machine Name:
Debug session time: Thu Mar 12 11:53:12.000 2015 (UTC + 1:00)
System Uptime: 0 days 21:10:37.682
Process Uptime: 0 days 0:01:05.000
Loading unloaded module list
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(338.f94): Unknown exception - code 80270233 (first/second chance not available)
kernel32!RaiseFailFastException+0xae:
00007ffe`cb2faabe e8b1000000 call kernel32!SignalStartWerSvc (00007ffe`cb2fab74)
0:018> !analyze -v
* Exception Analysis
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sppc.dll -
FAULTING_IP:
twinui_appcore!CCriticalFailureHandler::_RaiseFailFastException+c7
00007ffe`bed7cb57 488b4d37 mov rcx,qword ptr [rbp+37h]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007ffebed7cb57 (twinui_appcore!CCriticalFailureHandler::_RaiseFailFastException+0x00000000000000c7)
ExceptionCode: 80270233
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: ffffffff80070005
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=000000000a14f560 rbx=000000000a14fa70 rcx=000000000a14f560
rdx=0000000000000000 rsi=0000000000000001 rdi=000000000a14f560
rip=00007ffecb2faabe rsp=000000000a14f480 rbp=000000000a14fad9
r8=0000000000000000 r9=0000000000000006 r10=0000000000000000
r11=00007ffecb544dd7 r12=00007ffebed00090 r13=0000000008234160
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
kernel32!RaiseFailFastException+0xae:
00007ffe`cb2faabe e8b1000000 call kernel32!SignalStartWerSvc (00007ffe`cb2fab74)
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0x80270233 - <Unable to get error code text>
EXCEPTION_CODE: (HRESULT) 0x80270233 (2150040115) - <Unable to get error code text>
EXCEPTION_PARAMETER1: ffffffff80070005
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
FAULTING_THREAD: 0000000000000f94
BUGCHECK_STR: APPLICATION_FAULT_SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233
PRIMARY_PROBLEM_CLASS: SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233
DEFAULT_BUCKET_ID: SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233
LAST_CONTROL_TRANSFER: from 00007ffebed7cb57 to 00007ffecb2faabe
STACK_TEXT:
00000000`0a14f480 00007ffe`bed7cb57 : 00000000`80070005 00000000`00000004 ffffffff`80070005 00000000`00000000 : kernel32!RaiseFailFastException+0xae
00000000`0a14fa50 00007ffe`bed7c8c2 : 00000000`00000a9c 00000000`0a14fc20 00000000`000003a8 00000000`000003a8 : twinui_appcore!CCriticalFailureHandler::_RaiseFailFastException+0xc7
00000000`0a14fb40 00007ffe`bed8b349 : 00000000`00000000 00007ffe`bed00090 00000000`000003a8 00000000`00000004 : twinui_appcore!CCriticalFailureHandler::HandleFailure+0xba
00000000`0a14fb90 00007ffe`bed19d8b : 00000000`08242340 00000000`0a14fc00 00000000`00000000 00007ffe`bed34838 : twinui_appcore!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::`dynamic atexit destructor for 'module''+0x7a79
00000000`0a14fbd0 00007ffe`c5055bf1 : 00000000`80070005 00000000`08242340 00000000`00000000 00007ffe`bed19d30 : twinui_appcore!CProcessLifetimeManager::PerformDelayedInitialization+0x5b
00000000`0a14fc20 00007ffe`c5055519 : 00000000`00000000 00000000`08242340 00000000`00000000 00000000`00000034 : windows_immersiveshell_serviceprovider!CImmersiveShellController::_CreateComponents+0x536
00000000`0a14fcc0 00007ffe`c505566e : 00007ffe`00000045 00000000`00000000 00000000`082335f8 00000000`02ea60e8 : windows_immersiveshell_serviceprovider!CImmersiveShellController::_ImmersiveShellComponentsThreadProcInternal+0x17d
00000000`0a14fd50 00007ffe`b41995cd : 00007ffe`c5050000 00007ffe`c50555f0 00000000`00000000 00000000`00000000 : windows_immersiveshell_serviceprovider!CImmersiveShellController::s_ImmersiveShellComponentsThreadProc+0x7a
00000000`0a14fd80 00007ffe`cb2113d2 : 00007ffe`b4199580 00000000`00000000 00000000`00000000 00000000`00000000 : verifier!AVrfpStandardThreadFunction+0x4d
00000000`0a14fdc0 00007ffe`cb51e954 : 00007ffe`cb2113b0 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x22
00000000`0a14fdf0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34
FOLLOWUP_IP:
twinui_appcore!CCriticalFailureHandler::HandleFailure+ba
00007ffe`bed7c8c2 488b6c2458 mov rbp,qword ptr [rsp+58h]
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: twinui_appcore!CCriticalFailureHandler::HandleFailure+ba
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: twinui_appcore
IMAGE_NAME: twinui.appcore.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 54503801
STACK_COMMAND: ~18s; .ecxr ; kb
FAILURE_BUCKET_ID: SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233_80270233_twinui.appcore.dll!CCriticalFailureHandler::HandleFailure
BUCKET_ID: APPLICATION_FAULT_SHELL_COMPONENT_STARTUP_FAILURE_ERROR_CODE_ffffffff80270233_twinui_appcore!CCriticalFailureHandler::HandleFailure+ba
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:shell_component_startup_failure_error_code_ffffffff80270233_80270233_twinui.appcore.dll!ccriticalfailurehandler::handlefailure
FAILURE_ID_HASH: {bc588def-f8dc-26b8-dac8-a057fb6557c4}
Followup: MachineOwner
0:018> lmvm twinui_appcore
start end module name
00007ffe`becf0000 00007ffe`bee20000 twinui_appcore (pdb symbols) downstreamstore\twinui.appcore.pdb\310246EA4A1E4BF8A48502B727A7376B1\twinui.appcore.pdb
Loaded symbol image file: twinui.appcore.dll
Image path: C:\Windows\System32\twinui.appcore.dll
Image name: twinui.appcore.dll
Timestamp: Wed Oct 29 01:42:41 2014 (54503801)
CheckSum: 0013A0E7
ImageSize: 00130000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: TWINUI.APPCORE
OriginalFilename: TWINUI.APPCORE.dll
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: TWINUI.APPCORE
LegalCopyright: © Microsoft Corporation. All rights reserved.
Does this make any sense to anyone? -
I have built a new RDS farm on Windows Server 2012 R2 with two Session Hosts and a combined Connect Broker/Web Access server. I had the farm up and running with User Profile Disks and all seemed OK. However, as soon as I installed the App-V 5.0 SP2 RDS
client on the session hosts, the explorer.exe process started crashing for any user logging in via the Web Access site. The process crashes and restarts every five to ten seconds. It's the same for administrators. If they log in via Web Access explorer.exe
crashes, but if they RDP directly to one of the session hosts explorer.exe is fine. If I reboot the session hosts, then the first user to log in via Web Access has a stable desktop session (and appears to have a new profile as well). However, if that user
logs out and back in again, explorer.exe starts crashing again. The only applications I have packaged at the moment are Office 2013 and Firefox.
I tried disabling User Profile Disks, but this caused a whole bunch of other problems and I eventually lost the ability to log in at all via Web Access (errors about the user profile service). As this is a small pre-production environment I completed scrapped
all of the servers and rebuilt from scratch. Again, everything appeared fine until I installed the App-V client, then explorer.exe started crashing repeatedly for all users.
Has anyone come across this issue before? I have tried installing the App-V 5.0 SP2 Hotfix Package 2, but this didn't help. I have read in a few forums that App-V doesn't work very well with User Profile Desks, but I have not heard of this particular issue.
Similarly, SP2 seems to have a lot of problems, so I am going to try removing App-V RDp Client SP2 and installing SP1. I ahev also deleted User Profile Disks for the test users to recreate their profiles, but this didn't help either.
Any other suggestions welcome!I forgot to include the application event log entry for explorer.exe crashing:
Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
Exception code: 0xc06d007e
Fault offset: 0x0000000000005bf8
Faulting process id: 0xae8
Faulting application start time: 0x01cfab3a273787fd
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 69210d77-172d-11e4-80c6-0050560102d1
Faulting package full name: -
Windows 8.1 explorer.exe crashes EVERY time I open a window
I upgraded from win8 home yesterday and notices I was getting errors when using windows to copy files from my laptop to computer over my wifi.
Today, I was working fine and started gettingMicrosoft Visual C++ Runtime Library "Runtime Error" and explorer restarted, I rebooted and then on all accounts I logged into, I got no error messages - just explorer restarting. I was unable
to open any folders.
The event viewer states:
Faulting application name: Explorer.EXE, version: 6.3.9600.16441, time stamp: 0x5265dec8
Faulting module name: verifier.dll, version: 6.3.9600.16384, time stamp: 0x5215f8f7
Exception code: 0x80000003
Fault offset: 0x000000000000abd4
Faulting process ID: 0x16c4
Faulting application start time: 0x01cf1ad3991556c6
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\verifier.dll
Report ID: ecbc0d64-86c6-11e3-8089-4c72b9810b8d
Faulting package full name:
Faulting package-relative application ID:
Explorer has however started running properly since I ran C:\ from the run prompt. Any folders I click on seem ok and now I can open explorer normally.
Please helpHello,
Please download this
ZIP file and extract it. Once extracted, double-click the REG file to import it into the registry. Once done, this will enable creation of crash dumps when Explorer crashes. So, the next time this happens. you should fine a DMP file on your desktop. Compress
and attach the file here. Having the file will help us identifying the cause of the issue. -
Explorer.exe restarting in Windows 8.1
Hi,
The thing is that yesterday I was on my computer, and then I became to have a problem with the Explorer.Exe, I install a couple of third parties porgram that I never had problem with, in my past computers, the problem is that I tried a lot of stuff, unistalling,
I run the ChkDsk, Anti virus, anti Malware, Rogue killer, I dont know what else to do.
For the record, I make another user account and this one didn't present any problem, the safe mode, also didn't present any problem.
The event log said this:
"Faulting application name: explorer.exe, version: 6.3.9600.16441, time stamp: 0x5265dec8
Faulting module name: verifier.dll, version: 6.3.9600.16384, time stamp: 0x5215f8f7
Exception code: 0x80000003
Fault offset: 0x000000000000a43a
Faulting process id: 0x9bc
Faulting application start time: 0x01cf2d208c65db7d
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\verifier.dll
Report Id: b06ef933-9915-11e3-beec-14dae9d0e163
Faulting package full name:
Faulting package-relative application ID:"
I dont know if this will help, and this is what appears on the problem reports
Source
Windows Explorer
Summary
Stopped working
Date
18/02/2014 09:20
Status
Report sent
Description
Faulting Application Path: C:\Windows\explorer.exe
Problem signature
Problem Event Name: AutoVerifierV2
Application Name: Explorer.EXE
Application Version: 6.3.9600.16441
Application Timestamp: 5265dec8
Fault Module Name: verifier.dll
Fault Module Version: 6.3.9600.16384
Fault Module Timestamp: 5215f8f7
Exception Code: 80000003
Exception Offset: 000000000000abd4
Status Code: 201
OriginalBucketID: unknown
OS Version: 6.3.9600.2.0.0.256.48
Locale ID: 4105
Additional Information 1: c2e1
Additional Information 2: c2e13b1aeab302e452699b96b40177af
Additional Information 3: 6fc9
Additional Information 4: 6fc9f42ae133281a1648cfab1a0009ef
Extra information about the problem
Bucket ID: c88c9067d445320fe7fc8872b32d5644 (-309879039)
I dont know what else to do, thanks in advance for everything.Hi,
Try to run sfc /scannow command to repair the corrupted system file:
Use the System File Checker tool to repair missing or corrupted system files
http://support.microsoft.com/kb/929833
Also we could a easier way system restore to roll back to a time when everything works fine:
How to refresh, reset, or restore your PC
http://windows.microsoft.com/en-IN/windows-8/restore-refresh-reset-pc
Karen Hu
TechNet Community Support -
Explorer.exe keeps crashing after update to 8.1 from 8
After updating to the 8.1 explorer.exe keeps crashing, no solution found online for the problem...only clue I get is very clear and obvious message in event log:
Faulting application name: explorer.exe, version: 6.3.9600.16441, time stamp: 0x5265dec8
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16496, time stamp: 0x52b3f283
Exception code: 0xe06d7363
Fault offset: 0x0000000000005a88
Faulting process id: 0x1664
Faulting application start time: 0x01cf52b7670e4534
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: a4c05eaf-beaa-11e3-be98-ca4f0724b24c
Faulting package full name:
Faulting package-relative application ID:
System
Provider
[ Name]
Application Error
EventID
1000
[ Qualifiers]
0
Level
2
Task
100
Keywords
0x80000000000000
TimeCreated
[ SystemTime]
2014-04-07T23:16:27.000000000Z
EventRecordID
16783
Channel
Application
Computer
Dell
Security
EventData
explorer.exe
6.3.9600.16441
5265dec8
KERNELBASE.dll
6.3.9600.16496
52b3f283
e06d7363
0000000000005a88
1664
01cf52b7670e4534
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\KERNELBASE.dll
a4c05eaf-beaa-11e3-be98-ca4f0724b24c
really helpful. Cannot understand why Microsoft were pushing me to update from poorly performing windows 8 to complete nuisance windows 8.1. My hardly earned money were spent on a product that causes me massive headache.
Unfortunately Microsoft does not allow me to post the link to skydrive where I keep the dmp fo review. Another great gift from them.0:050> lmvm rse
start end module name
00007ffd`abc10000 00007ffd`abec6000 rse (export symbols) rse.dll
Loaded symbol image file: rse.dll
Image path: C:\Program Files\Autodesk\Inventor 2014\Bin\rse.dll
Image name: rse.dll
Timestamp: Fri Mar 01 06:00:41 2013 (512FD389)
CheckSum: 002B8E46
ImageSize: 002B6000
File version: 18.0.17000.0
Product version: 1.0.0.1
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Autodesk, Inc.
ProductName: Autodesk, Inc. rse
InternalName: rse
OriginalFilename: rse.dll
ProductVersion: Autodesk Inventor 2014
FileVersion: 18, 0, 17000, 0000
PrivateBuild: Build: 170, Release: 2014 RTM - Date: Thu 02/28/2013
SpecialBuild: Build: 170, Release: 2014 RTM - Date: Thu 02/28/2013
FileDescription: rse
LegalCopyright: Copyright © 1996-2013 Autodesk, Inc.
LegalTrademarks: Copyright © 1996-2013 Autodesk, Inc.
Comments: Copyright © 1996-2013 Autodesk, Inc.
Hi,
The dump file has been analyzed by auggy, and the problem is on the rse.dll.
Please refer to the suggestions auggy provided, If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
If the suggestion is helpful, please remember to mark it as answer which can benefit others who may encounter the similar issue as yours. Otherwise, please unpropose it and provide the latest dump file for further assistance.
Regards,
Kelvin Xu
TechNet Community Support -
We are having a problem with one of our Windows 2012 R2 Terminal Server. The server keeps maxing out CPU to 100% the only way to resolve the issue is by restarting the guest OS. When I have been trying to troubleshoot the issue. I have noticed the following
error is appearing in the event log. I have tried various research online but have been unable to find a resolution to the issue. Anyone have any ideas?
Faulting application name: explorer.exe, version: 6.3.9600.17415, time stamp: 0x54503a3a
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17415, time stamp: 0x54504b1a
Exception code: 0xc000027b
Fault offset: 0x0000000000982bea
Faulting process id: 0xd44
Faulting application start time: 0x01d0526d40641d26
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 80a05322-be60-11e4-80db-005056bd0cad
Faulting package full name:
Faulting package-relative application ID:Hi,
Please test the issue in Clean Boot first. For the detailed steps, please refer to the following Microsoft KB article:
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135
Also seems you should try to uninstall IE and install it again but before that you can run command type:
SFC /SCANNOW and let the system to scan your DLL files and repair them, then reinstall the new IE.
For general reference, windows.UI.xmal.dll can handle several file in background process. For more detail refer
this article.
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Searchindexer.exe and explorer.exe errors
A few days ago I uninstalled Norton with Revo Uninstaller and installed malwarebytes pro. I restarted my computer only to find that approximately every 3 seconds, explorer.exe crashed and restarted. This went on for about 3 days. The event viewer showed
the "The Windows Search service terminated unexpectedly. It has done this 7864 time(s)" message that I've seen in other threads.
http://social.technet.microsoft.com/Forums/windows/en-US/38a0ac31-501d-4b84-9b75-5d64fd684e10/workaround-windows-search-service-terminated-unexpectedly-faulting-application-searchindexerexe?forum=w7itprogeneral
Here's what I've done so far.
ran malwarebytes full system scan - found a few problems but after fixing them the main issues persisted.
ran sfc/ scannow (7-8 times... found issues at first but now returns the message "Windows Resource Protection did not find any integrity violations.")
Set 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\SetupCompletedSuccessfully' from 1 to 0
left computer on overnight (windows explorer still crashing every few seconds)
hard reset by removing the battery. Now windows explorer won't load at all. (no desktop, no modern UI or Taskbar)
attempted to rebuild the index, which didn't work.
Here's the what the event viewer shows
Faulting application name: SearchIndexer.exe, version: 7.0.9600.16384, time stamp: 0x5215d4c4
Faulting module name: PROPSYS.dll, version: 7.0.9600.16504, time stamp: 0x52c84647
Exception code: 0xc0000005
Fault offset: 0x000000000002e7cf
Faulting process ID: 0x12cc
Faulting application start time: 0x01cf2ce75776bd39
Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe
Faulting module path: C:\WINDOWS\system32\PROPSYS.dll
Report ID: 9558cdec-98da-11e3-bf19-ccaf78ef940c
Faulting package full name:
Faulting package-relative application ID:
and
Faulting application name: explorer.exe, version: 6.3.9600.16441, time stamp: 0x5265dec8
Faulting module name: PROPSYS.dll, version: 7.0.9600.16504, time stamp: 0x52c84647
Exception code: 0xc0000005
Fault offset: 0x000000000002e7cf
Faulting process ID: 0x4038
Faulting application start time: 0x01cf2c003f8be4cd
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\SYSTEM32\PROPSYS.dll
Report ID: 7f1c8601-97f3-11e3-bf18-ccaf78ef940c
Faulting package full name:
Faulting package-relative application ID:
I can't run Microsoft's fix it because explorer.exe won't load, so trying to save any installer results in Firefox crashing.
Not really sure what do do at this point.
Edit: did a system restore. returned with an error saying system restore error failed while deleting c:\$MFT\
An unspecified error occurred during system resotre (0x8007007b)I have a very similar problem involving this module. It has errors and eventually the system reboots with a Kernal error 41 which I believe is from this application, the error code is
Faulting application name: SearchIndexer.exe, version: 7.0.9600.16384, time stamp: 0x5215d4c4
Faulting module name: MSSRCH.DLL, version: 7.0.9600.16384, time stamp: 0x5215d425
Exception code: 0xc0000005
Fault offset: 0x0000000000006dbe
Faulting process ID: 0x1b84
Faulting application start time: 0x01cf4f7e92d28b12
Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe
Faulting module path: C:\WINDOWS\system32\MSSRCH.DLL
Report ID: d0dab473-bb71-11e3-bf22-001fd0ada17a
Faulting package full name:
Faulting package-relative application ID: -
EMET 5.0 - explorer.exe - INVALID_POINTER_WRITE_EXPLOITABLE
[v] Deep Hooks
[v] Anti Detour
[v] Banned Function
[x] Stop on expoit
All options for explorer.exe checked
=> Crash
WinDbg as the postmortem debugger:
0:024> !analyze -v
* Exception Analysis *
FAULTING_IP:
EMET64!EMETSendCert+2442
000007fe`f2704ece 48832300 and qword ptr [rbx],0
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fef2704ece (EMET64!EMETSendCert+0x0000000000002442)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000120800
Attempt to write to address 0000000000120800
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000003a7c70 rbx=0000000000120800 rcx=0000000000000038
rdx=00000000aa1a1088 rsi=00000000001220b4 rdi=00000000003a7c70
rip=000007fef2704ece rsp=000000000736e940 rbp=000000000736eab0
r8=000000000736e8f8 r9=000000000736eab0 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=0000000000000033
r14=0000000000000033 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
EMET64!EMETSendCert+0x2442:
000007fe`f2704ece 48832300 and qword ptr [rbx],0 ds:00000000`00120800=0000000004a90000
FAULTING_THREAD: 0000000000000b74
PROCESS_NAME: Explorer.EXE
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000120800
WRITE_ADDRESS: 0000000000120800
FOLLOWUP_IP:
EMET64!EMETSendCert+2442
000007fe`f2704ece 48832300 and qword ptr [rbx],0
NTGLOBALFLAG: 400
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE_EXPLOITABLE
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE_EXPLOITABLE
DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE_EXPLOITABLE
LAST_CONTROL_TRANSFER: from 000007fef2705215 to 000007fef2704ece
STACK_TEXT:
00000000`0736e940 000007fe`f2705215 : 00000000`0736eb00 00000000`00000010 00000000`00000010 00000000`00010000 : EMET64!EMETSendCert+0x2442
00000000`0736e9a0 000007fe`f2703871 : 00000000`00300002 00000000`aa1a1088 00000000`c00b0007 00000000`000000c9 : EMET64!EMETSendCert+0x2789
00000000`0736ea30 000007fe`f26fa004 : 00000000`00000000 00000000`00000000 00000000`04a90000 000007ff`fff9c000 : EMET64!EMETSendCert+0xde5
00000000`0736eae0 000007fe`fd46403e : ffffffff`ffffffff 00000000`04a90000 00000000`00000001 00000000`02dd7790 : EMET64!GetHookAPIs+0x4c0
00000000`0736ebf0 00000000`770e2edf : 00000000`04a90002 00000000`00000000 00000000`00000022 00000000`0736ecfa : KERNELBASE!FreeLibrary+0xa4
00000000`0736ec20 000007fe`fea17414 : 00000000`08c808c8 00000000`04c1fbf0 00000000`02080052 00000000`0736f4a0 : USER32!PrivateExtractIconsW+0x34b
00000000`0736f140 000007fe`fea233a9 : 00000000`00331dec 00000000`00000000 00000000`00000000 00000000`00000000 : SHELL32!SHPrivateExtractIcons+0x393
00000000`0736f410 000007fe`fe8d2a8c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SHELL32!SHDefExtractIconW+0x157
00000000`0736f700 000007fe`fe8d28a8 : 00000000`003e3d60 000007fe`fd4d44e7 00000000`0641c4d0 00000000`003e3d60 : SHELL32!CIconCache::ExtractIconW+0x1d8
00000000`0736f7a0 000007fe`fbb19570 : 00000000`003e3d60 00000000`00000001 00000000`003e3d60 00000000`000000d8 : SHELL32!CSparseCallback::ForceImagePresent+0x48
00000000`0736f810 000007fe`fbb1968e : 00000000`0736f900 000007fe`fbb1d7de 00000000`003e3d60 00000000`00000001 : comctl32!CSparseImageList::_Callback_ForceImagePresent+0x74
00000000`0736f860 000007fe`fbb1b14f : 00000000`00000001 00000000`00000000 00000000`000000d8 00000000`06402c30 : comctl32!CSparseImageList::_Virt2Real+0xc6
00000000`0736f890 000007fe`fe9db1cc : 00000000`064059b0 00000000`04e031a0 00000000`064059b0 00000000`0643b6c0 : comctl32!CSparseImageList::ForceImagePresent+0x57
00000000`0736f8d0 000007fe`fe8dc54c : 00000000`0641e660 00000000`06402c30 00000000`00000000 00000000`00000000 : SHELL32!CLoadSystemIconTask::InternalResumeRT+0x164
00000000`0736f960 000007fe`fe90efcb : 80000000`01000000 00000000`0736f9f0 00000000`0641e660 00000000`0000000a : SHELL32!CRunnableTask::Run+0xda
00000000`0736f990 000007fe`fe912b56 : 00000000`0641e660 00000000`00000000 00000000`0641e660 00000000`00000002 : SHELL32!CShellTask::TT_Run+0x124
00000000`0736f9c0 000007fe`fe912cb2 : 00000000`04f7c8f0 00000000`04f7c8f0 00000000`00000000 00000000`003e1a28 : SHELL32!CShellTaskThread::ThreadProc+0x1d2
00000000`0736fa60 000007fe`fd4d3843 : 000007ff`fff9c000 00000000`02e9a890 00000000`02df0d70 00000000`003e1a28 : SHELL32!CShellTaskThread::s_ThreadProc+0x22
00000000`0736fa90 00000000`773115db : 00000000`04e805e0 00000000`04e805e0 00000000`00000001 00000000`00000006 : SHLWAPI!ExecuteWorkItemThreadProc+0xf
00000000`0736fac0 00000000`77310c56 : 00000000`00000000 00000000`04f7c910 00000000`02df0d70 00000000`02e9fef8 : ntdll!RtlpTpWorkCallback+0x16b
00000000`0736fba0 00000000`771e59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
00000000`0736fea0 00000000`7731c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0736fed0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
STACK_COMMAND: .cxr 0x0 ; kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: emet64!EMETSendCert+2442
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: EMET64
IMAGE_NAME: EMET64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 53d99f01
FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_EXPLOITABLE_c0000005_EMET64.dll!EMETSendCert
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_WRITE_EXPLOITABLE_emet64!EMETSendCert+2442
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:invalid_pointer_write_exploitable_c0000005_emet64.dll!emetsendcert
FAILURE_ID_HASH: {f7d2108f-d68f-6bd5-d4b8-073af5241c2e}
Followup: MachineOwner
0:024> lm vm EMET64
start end module name
000007fe`f26d0000 000007fe`f279f000 EMET64 (export symbols) C:\Windows\AppPatch\AppPatch64\EMET64.dll
Loaded symbol image file: C:\Windows\AppPatch\AppPatch64\EMET64.dll
Image path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
Image name: EMET64.dll
Timestamp: Thu Jul 31 05:42:25 2014 (53D99F01)
CheckSum: 000CE0A3
ImageSize: 000CF000
File version: 5.0.0.0
Product version: 5.0.0.0
File flags: 0 (Mask 0)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Enhanced Mitigation Experience Toolkit
ProductVersion: 5.0.0.0
FileVersion: 5.0.0.0
FileDescription: EMET SHIM
LegalCopyright: © Microsoft Corporation. All rights reserved.
0:024> lm vm explorer
start end module name
00000000`ff220000 00000000`ff4e0000 Explorer (pdb symbols) x:\symbols\explorer.pdb\A1D0A380BD3C489DB80F0E8273C9719A2\explorer.pdb
Loaded symbol image file: C:\Windows\Explorer.EXE
Image path: C:\Windows\Explorer.EXE
Image name: Explorer.EXE
Timestamp: Fri Feb 25 08:24:04 2011 (4D672EE4)
CheckSum: 002C8AF6
ImageSize: 002C0000
File version: 6.1.7601.17567
Product version: 6.1.7601.17567
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: explorer
OriginalFilename: EXPLORER.EXE
ProductVersion: 6.1.7601.17567
FileVersion: 6.1.7601.17567 (win7sp1_gdr.110224-1502)
FileDescription: Windows Explorer
LegalCopyright: © Microsoft Corporation. All rights reserved.
0:024> vertarget
Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
kernel32.dll version: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Debug session time: Tue Sep 2 14:36:19.923 2014 (UTC + 4:00)
System Uptime: 0 days 0:15:08.322
Process Uptime: 0 days 0:13:53.826
Kernel time: 0 days 0:00:03.385
User time: 0 days 0:00:04.290Again:
FAULTING_IP:
EMET64!EMETSendCert+2442
000007fe`f3604ece 48832300 and qword ptr [rbx],0
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fef3604ece (EMET64!EMETSendCert+0x0000000000002442)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000120800
Attempt to write to address 0000000000120800
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000000427c70 rbx=0000000000120800 rcx=0000000000000021
rdx=0000000064efbd5f rsi=00000000001220b4 rdi=0000000000427c70
rip=000007fef3604ece rsp=000000000723ced0 rbp=000000000723d040
r8=000000000723ce88 r9=000000000723d040 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=0000000000000033
r14=0000000000000033 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
EMET64!EMETSendCert+0x2442:
000007fe`f3604ece 48832300 and qword ptr [rbx],0 ds:00000000`00120800=0000000003d60000
DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000120800
WRITE_ADDRESS: 0000000000120800
FOLLOWUP_IP:
EMET64!EMETSendCert+2442
000007fe`f3604ece 48832300 and qword ptr [rbx],0
NTGLOBALFLAG: 400
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
FAULTING_THREAD: 00000000000003b8
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 000007fef3605215 to 000007fef3604ece
STACK_TEXT:
00000000`0723ced0 000007fe`f3605215 : 00000000`0723d090 00000000`77b0f6b8 00000000`03d600e0 00000000`0723cfd8 : EMET64!EMETSendCert+0x2442
00000000`0723cf30 000007fe`f3603871 : 00000000`00300002 00000000`64efbd5f 00000000`c000008a 00000000`00000000 : EMET64!EMETSendCert+0x2789
00000000`0723cfc0 000007fe`f35fa004 : 00000000`00000000 00000000`00000000 00000000`03d60000 000007ff`fff9a000 : EMET64!EMETSendCert+0xde5
00000000`0723d070 000007fe`fd9b403e : ffffffff`ffffffff 00000000`03d60000 00000000`00000005 00000000`02cf7790 : EMET64!GetHookAPIs+0x4c0
00000000`0723d180 00000000`778c2edf : 00000000`03d60002 00000000`00000000 00000000`00000022 00000000`0723d28c : KERNELBASE!FreeLibrary+0xa4
00000000`0723d1b0 000007fe`fe79aab3 : 00000000`08c808c8 00000000`0bee0320 00000000`02080050 00000000`0723da30 : user32!PrivateExtractIconsW+0x34b
00000000`0723d6d0 000007fe`fe79ac28 : 00000000`0723d9f0 00000000`00000040 00000000`0ba595d0 00000000`0723df54 : shell32!SHPrivateExtractIcons+0x50a
00000000`0723d9a0 000007fe`fe8ce4ca : 00000000`00000004 00000000`00000000 00000000`0bca5110 000007fe`fe7a8186 : shell32!SHDefExtractIconW+0x254
00000000`0723dc90 000007fe`fe7a3435 : 00000000`00000282 000007fe`fe8cc874 00000000`0bc26c20 00000000`0bc26c20 : shell32!CFSFolderExtractIcon::_ExtractW+0x37
00000000`0723dcd0 000007fe`fe8cd7db : 00000000`0723df50 00000000`0bca5110 00000000`03d96178 00000000`0723df60 : shell32!CExtractIconBase::Extract+0x21
00000000`0723dd10 000007fe`fe7a36cd : 00000000`00000000 00000000`0723f2d0 00000000`ffffffff 0000c769`4dc5ef38 : shell32!CShellLink::Extract+0xc2
00000000`0723dea0 000007fe`fe8cd529 : 00000000`0000020a 000007fe`fe7a8186 00000000`ffffffff 00000000`ffffffff : shell32!CIconAndThumbnailOplockWrapper::Extract+0x21
00000000`0723dee0 000007fe`fe8cd2da : 00000000`ffffffff 00000000`0723e3f0 00000000`8000000a 00000000`00000000 : shell32!IExtractIcon_Extract+0x43
00000000`0723df20 000007fe`fe79fff0 : 00000000`00000202 00000000`08d4099e 00000000`00000000 00000000`08d4099e : shell32!_GetILIndexGivenPXIcon+0x22e
00000000`0723e3c0 000007fe`fe863307 : 00000000`00000000 00000000`00000001 00000000`0723f2d0 00000000`00000002 : shell32!_GetILIndexFromItem+0x87
00000000`0723e460 000007fe`fe7cfaaf : 00000000`00000000 00000000`0ba59600 00000000`00000000 00000000`778c62e0 : shell32!CFSFolder::GetIconOf+0x41d
00000000`0723f200 000007fe`fe7a29df : 00000000`00000000 00000000`08d4099e 00000000`0ba59600 0000c769`4dc5c358 : shell32!SHGetIconIndexFromPIDL+0x3f
00000000`0723f230 000007fe`fe7a2925 : 00000000`00464f80 00000000`0beb3120 00000000`00000000 00000000`00000000 : shell32!SHMapIDListToSystemImageListIndex+0x87
00000000`0723f2a0 000007fe`fe79c54c : 00000000`08734ee0 00000000`02d93890 00000000`00000000 000007fe`fe7cf07c : shell32!CGetIconTask::InternalResumeRT+0x7d
00000000`0723f300 000007fe`fe7cefcb : 80000000`01000000 00000000`0723f390 00000000`08734ee0 00000000`0000000c : shell32!CRunnableTask::Run+0xda
00000000`0723f330 000007fe`fe7d2b56 : 00000000`08734ee0 00000000`00000000 00000000`08734ee0 00000000`00000002 : shell32!CShellTask::TT_Run+0x124
00000000`0723f360 000007fe`fe7d2cb2 : 00000000`0894dd20 00000000`0894dd20 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::ThreadProc+0x1d2
00000000`0723f400 000007fe`fdd93843 : 000007ff`fff9a000 00000000`02db51e0 00000000`02d10d70 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x22
00000000`0723f430 00000000`77af15db : 00000000`0b755110 00000000`0b755110 00000000`00000000 00000000`00000003 : shlwapi!ExecuteWorkItemThreadProc+0xf
00000000`0723f460 00000000`77af0c56 : 00000000`00000000 00000000`0894dd60 00000000`02d10d70 00000000`08b8f7b8 : ntdll!RtlpTpWorkCallback+0x16b
00000000`0723f540 00000000`779c59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
00000000`0723f840 00000000`77afc541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0723f870 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: emet64!EMETSendCert+2442
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: EMET64
IMAGE_NAME: EMET64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 53d99f01
STACK_COMMAND: ~27s; .ecxr ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_c0000005_EMET64.dll!EMETSendCert
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_WRITE_emet64!EMETSendCert+2442
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:invalid_pointer_write_c0000005_emet64.dll!emetsendcert
FAILURE_ID_HASH: {6fa53035-3ddf-2da0-e167-d0eae56d2591}
Followup: MachineOwner
I can provide the user mini dump with full memory (or any other assistance in testing this issue) -
Event ID 1000, Explorer.exe, Crashes
Explorer.exe crashes from time to time. The crash seems random, but I think it happens when I open explorer or the control panel. It happens intermittently, so it's hard to tell. I get two different event ID 1000 in the logs. One error indicates the
faulting module as ntdll.dll and the other as DUI70.dll. Here's a link to the dump files:
http://1drv.ms/1yScTvQ I don't know how to analyze the dump files. Please help me, thank you! System Information:
http://1drv.ms/15puFOb
"Log Name: Application
Source: Application Error
Date: 11/22/2014 2:53:40 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: COMPUTER
Description:
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc0000005
Fault offset: 0x0000000000001098
Faulting process id: 0x6d4
Faulting application start time: 0x01d0069509c3cb8f
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\DUI70.dll
Report Id: a3068706-7289-11e4-bfb8-6c626d45a41"
"Log Name: Application
Source: Application Error
Date: 11/25/2014 7:54:57 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: COMPUTER
Description:
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x70c
Faulting application start time: 0x01d008b520e84613
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: a38d81ec-74aa-11e4-9900-6c626d45a415"Another crash . . .this time I believe it was the Windows DirectUser Engine(duser.dll). Now, I'm not sure how to troubleshoot this further. Here is the last crash dump:
FAULTING_IP:
+1
00000000`00000000 ?? ???
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000c0000001 rbx=00000000059bd350 rcx=00000000044a0000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000002
rip=0000000077b4186a rsp=00000000059bd218 rbp=0000000000000002
r8=00000000059bc938 r9=00000000059bcaa0 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=00000000059bd2c0
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0xa:
00000000`77b4186a c3 ret
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000000000000
WRITE_ADDRESS: 0000000000000000
FOLLOWUP_IP:
duser!GPCB::xwInvokeDirect+67
000007fe`fbc81df7 448be8 mov r13d,eax
FAILED_INSTRUCTION_ADDRESS:
+67
00000000`00000000 ?? ???
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
FAULTING_THREAD: 00000000000012c8
BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_NULL
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_NULL
LAST_CONTROL_TRANSFER: from 000007fefbc81df7 to 0000000000000000
STACK_TEXT:
00000000`059be398 000007fe`fbc81df7 : 00000000`06b84db0 00000000`00000000 00000000`00040001 00000bee`b6e64c36 : 0x0
00000000`059be3a0 000007fe`fbc88c02 : 00000000`059be518 00000000`06cb6da0 00000000`059be4a0 00000000`059be410 : duser!GPCB::xwInvokeDirect+0x67
00000000`059be450 000007fe`fbc88d56 : 00000000`06b84c70 00000000`059be9c8 000001b1`000000f3 00000000`00000000 : duser!DuVisual::xrDrawCore+0x1b1
00000000`059be4f0 000007fe`fbc88dab : 000001b1`000000f3 00000000`06b84c70 000001b1`000000f3 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x107
00000000`059be550 000007fe`fbc88dab : 000001b1`000000f3 00000000`06b84e50 0000019e`00000072 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be5b0 000007fe`fbc88dab : 0000019e`00000072 00000000`06b858f0 00000189`0000004e 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be610 000007fe`fbc88dab : 00000189`0000004e 00000000`06b85cb0 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be670 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8cb30 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be6d0 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8c8b0 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be730 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8c770 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be790 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8b790 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be7f0 000007fe`fbc88dab : 00000000`0000003f 00000000`06b8b830 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be850 000007fe`fbc88dab : 00000000`0000003f 00000000`06b90190 00000000`0000003f 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be8b0 000007fe`fbc88c5d : 00000000`0000003f 00000000`00000000 00000000`00000000 00000000`00000000 : duser!DuVisual::xrDrawTrivial+0x151
00000000`059be910 000007fe`fbc89703 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : duser!DuVisual::xrDrawFull+0x929
00000000`059beac0 000007fe`fbc890d0 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : duser!DuVisual::xrDrawFull+0x97d
00000000`059bec70 000007fe`fbc88ff7 : 00000000`00000000 00000000`2a010c48 00000000`00000000 00000000`00000000 : duser!DuVisual::xrDrawStart+0x58
00000000`059beca0 000007fe`fbc88aa7 : 00000000`00000001 00000000`06befa60 00000000`2a010c48 00000000`00000009 : duser!DuRootGadget::xrDrawTree+0x51c
00000000`059bee80 000007fe`fbc81859 : 00000000`00000000 00000000`00000000 000004b0`00000000 00000000`00000000 : duser!HWndContainer::xdHandleMessage+0x2b4
00000000`059bf180 00000000`77a08971 : 00000000`00000000 00000000`03d430e0 00000000`00000001 00000000`059bf238 : duser!ExtraInfoWndProc+0x8b
00000000`059bf1e0 00000000`77a072cb : 00000000`00000000 000007fe`fbc817e4 00000000`00000000 00000000`00000000 : user32!UserCallWinProcCheckWow+0x163
00000000`059bf2a0 00000000`77a06829 : 00000000`00000000 00000000`77a0919b 00000000`00000000 00000000`00000001 : user32!DispatchClientMessage+0xc3
00000000`059bf300 00000000`77b411f5 : 00000000`0000000f 00000000`00000000 00000000`00000000 000001e9`000bab7a : user32!_fnDWORD+0x2d
00000000`059bf360 00000000`77a06e5a : 00000000`77a06e6c 000007fe`f85eb550 00000000`77a0791a 00000000`03d43004 : ntdll!KiUserCallbackDispatcherContinue
00000000`059bf3e8 00000000`77a06e6c : 000007fe`f85eb550 00000000`77a0791a 00000000`03d43004 00000000`03d430e0 : user32!NtUserDispatchMessage+0xa
00000000`059bf3f0 000007fe`f84b04b0 : 00000000`03d43004 00000000`03d43004 000007fe`fbc817e4 00000000`00000000 : user32!DispatchMessageWorker+0x55b
00000000`059bf470 000007fe`f84b4925 : 00000000`03d430e0 00000000`00000002 00000000`00000000 00000000`00000000 : EXPLORERFRAME!CExplorerFrame::FrameMessagePump+0x436
00000000`059bf4f0 000007fe`f84b509b : 00000000`03d430e0 00000000`03cc8540 00000000`00000000 00000000`00000000 : EXPLORERFRAME!BrowserThreadProc+0x180
00000000`059bf570 000007fe`f84b5032 : 100ba44a`00000001 00000000`03c97cd0 00000000`7fffffff 000007fe`fd8f2d40 : EXPLORERFRAME!BrowserNewThreadProc+0x53
00000000`059bf5a0 000007fe`f84abe50 : 00000000`03c97bb0 00000000`03c9ffa0 00000000`00000000 000007fe`fe0bf07c : EXPLORERFRAME!CExplorerTask::InternalResumeRT+0x12
00000000`059bf5d0 000007fe`fe0befcb : 80000000`01000000 00000000`059bf660 00000000`03c97bb0 00000000`0000000a : EXPLORERFRAME!CRunnableTask::Run+0xda
00000000`059bf600 000007fe`fe0c2b56 : 00000000`03c97bb0 00000000`00000000 00000000`03c97bb0 00000000`00000002 : shell32!CShellTask::TT_Run+0x124
00000000`059bf630 000007fe`fe0c2cb2 : 00000000`03d6ec20 00000000`03d6ec20 00000000`00000000 00000000`00000010 : shell32!CShellTaskThread::ThreadProc+0x1d2
00000000`059bf6d0 000007fe`fedbc71e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x22
00000000`059bf700 00000000`778e59ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shlwapi!WrapperThreadProc+0x19b
00000000`059bf800 00000000`77b1c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`059bf830 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: duser!GPCB::xwInvokeDirect+67
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: duser
IMAGE_NAME: duser.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdf26
STACK_COMMAND: ~31s; .ecxr ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_NULL_c0000005_duser.dll!GPCB::xwInvokeDirect
BUCKET_ID: X64_APPLICATION_FAULT_SOFTWARE_NX_FAULT_NULL_NULL_IP_duser!GPCB::xwInvokeDirect+67
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:software_nx_fault_null_c0000005_duser.dll!gpcb::xwinvokedirect
FAILURE_ID_HASH: {bc29cea9-f7e5-ba9f-c14c-7ccc77c4be36}
Followup: MachineOwner -
App crash: explorer.exe faulting module: fundisc
Hello.
I've been having issues with 4 computers now. All of them Windows 7 Professional 32 bits.
The error they're having is the same on each PC: explorer.exe fails and restarts after clicking Ok to the dialog.
Level: Error
Source: Application Error
Event ID: 1000
Faulting application: explorer.exe, version: 6.1.7601.175xx, time stamp: <changes>
faulting module: unknown, version: 0.0.0.0, time stamp: 0x00000000
exception code : 0xc0000005
fault offset: <changes>
process id: <changes>
application start time: <changes>
The oldest issue is november 6th (there's not a single instance of the error before that date); since then the issue is happening at least once a day but more like 5-10 times a day.
I ran Windbg and for almost all errors it point to fundisc.dll as the culprit.
This is one of the dumps:
Loading Dump File [C:\Users\<user>\Desktop\<other_user>\explorer.exe.680.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*;D:\WinDbg\Symbols\Win7AMD64;D:\WinDbg\Symbols\Win7x86;D:\WinDbg\Symbols\XPSP3
Executable search path is: D:\WinDbg\Image\XPSP3
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Tue Nov 20 09:43:21.000 2012 (UTC - 6:00)
System Uptime: not available
Process Uptime: 0 days 0:06:02.000
Loading unloaded module list
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(2a8.884): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=0472f040 ecx=00000400 edx=00000000 esi=00000002 edi=00000000
eip=77c57094 esp=0472eff0 ebp=0472f08c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
77c57094 c3 ret
0:012> !analyze -v
* Exception Analysis *
Unable to load image C:\Windows\System32\ieframe.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieframe.dll
FAULTING_IP:
+0
0472f64c fc cld
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0472f64c
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 0472f64c
Attempt to execute non-executable address 0472f64c
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.
EXCEPTION_PARAMETER1: 00000008
EXCEPTION_PARAMETER2: 0472f64c
WRITE_ADDRESS: 0472f64c
FOLLOWUP_IP:
fundisc!CNotificationQueue::ThreadProc+31b
728963ee bfc0808a72 mov edi,offset fundisc!WPP_GLOBAL_Control (728a80c0)
FAILED_INSTRUCTION_ADDRESS:
+31b
0472f64c fc cld
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: explorer.exe
LAST_CONTROL_TRANSFER: from 76aa5d3f to 0472f64c
FAULTING_THREAD: 00000884
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT
BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT
IP_ON_STACK:
+31b
0472f64c fc cld
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0472f64c 76aa5d3f 00000008 03207428 fffffffe 0x472f64c
0472f7fc 76ad8f82 2246d5ac 03207428 00000000 ole32!COIDTable::ThreadCleanup+0xcb
0472f840 76ad8ec3 00000000 0472f890 76bd7724 ole32!FinishShutdown+0x9d
0472f860 76acbac3 00000000 728945f0 03207428 ole32!ApartmentUninitialize+0x96
0472f878 76ad88e8 0472f890 00000000 728a810c ole32!wCoUninitialize+0x153
0472f894 728963ee 00000000 00000000 0015c9d0 ole32!CoUninitialize+0x72
0472f8b0 77aded6c 0015c9d0 0472f8fc 77c7377b fundisc!CNotificationQueue::ThreadProc+0x31b
0472f8bc 77c7377b 0015c9d0 73c46ab8 00000000 kernel32!BaseThreadInitThunk+0xe
0472f8fc 77c7374e 72895224 0015c9d0 00000000 ntdll!__RtlUserThreadStart+0x70
0472f914 00000000 72895224 0015c9d0 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: .ecxr ; kb ; ~12s; .ecxr ; kb
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: fundisc!CNotificationQueue::ThreadProc+31b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fundisc
IMAGE_NAME: fundisc.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd9ff
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000005_fundisc.dll!CNotificationQueue::ThreadProc
BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_IP_fundisc!CNotificationQueue::ThreadProc+31b
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/explorer_exe/6_1_7601_17567/4d6727a7/unknown/0_0_0_0/bbbbbbb4/c0000005/0472f64c.htm?Retriage=1
Followup: MachineOwner
There's another similar error but points to "NetworkItemFactory" module instead of "fundisc", but i'm not sure they're related yet.
I already:
Ran viruschecks and spywarescans and the computers are clean.
clean booted and the issue persists.
sfc'd and no files were corrupt.
They all are HP Compaq 8000 series; besides that, the only other thing i can think of that could be common between those particular machines is that not all of them may had been wiped out when bought and the problems came from the bloatware and some update.
The only updates they had installed were security and critical updates via WSUS.
I'm starting to worry and i'm out of ideas.
Any help will be appreciated.
"When something is not working as it is supposed to, then it is working as expected" -RHi,
Event ID: 1000; Source: Application Error; please refer to:
http://www.eventid.net/display-eventid-1000-source-Application%20Error-eventno-1475-phase-1.htm
I would recommend you try
some general steps about troubleshooting explorer.exe crash Issues.
Bug Check 0xC5, please refer to:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff560192(v=vs.85).aspx
Hope this helps.
Regards.
Spencer
TechNet Community Support -
WDContextMenuHandler.dll crashes Explorer.exe
After updating to the latest WDSmartware on my laptop running Windows 7 x64 the Explorer.exe process crashes once in a while with the following error in the event log. Any suggestions as how I can fix this? Error: (03/30/2015 08:51:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: WDContextMenuHandler.dll, version: 2.0.0.3, time stamp: 0x54dd49f6
Exception code: 0xc0000005
Fault offset: 0x000000000001f786
Faulting process id: 0x15c0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3Hi... I have run into the same problem today... and I've found a solution... kind of. I hope it's not too late for my answer. 1) download ShellExView from here: http://www.nirsoft.net/utils/shexview.html#DownloadLinks 2) disable the two items highlighted in the image: The context menu problem will be solved... for a little benefit of (probably) not having those shortcuts for WD utilities in the context right-click menu, but I guess you can still use them elsehow. Hope this helped you. I've found the solution myself and it worked for me.
Maybe you are looking for
-
Is there a way to import video/audio clips from Logitech webcam?
I just purchased a used Logitech Quickcam Vision Pro for Mac. A Logitech driver is apparently not required. I connected it to a USB port on my mini. I couldn't find any way of downloading Photo Booth so I downloaded Funny Photographer (http://homepag
-
While installing HANA studio , i am getting Error
Hi Experts, While installing HANA studio, i am getting Error " Java installation not found" . I have already installed latest JDK, JRE from www.java.com and also set path PATH. I am on Windows 7 , 64 bit. Any one have idea how to over come this Erro
-
Trouble connecting my new ipod
Hello, I was extremely anxious to get my new ipod (30gb with photo and video), but I keep getting error messages from windows saying that the USB cord is not recognized by windows. Since it is not recognized, ipod updater does not recognize that ther
-
Search help: Internal Error.
Hi, I am getting information message : 'Search help: Internal Error' after incorporating code in RETURN event. My aim was to populate the value from Hit list to Value with restriction field and then by removing some search select criteria, again disp
-
Primary_key_deletion?
Hi Can we delete a primary key from a table? I know its not viable and feasible, but can we do that? If yes, how? Thanks