APPCRASH explorer.exe Windows 7

  • Thread starter Thread starter cbc101
  • Start date Start date
C

cbc101

Guest
Hi all,


I've been battling the dreaded explorer.exe appcrash and I am trying to fix the problem. It is occurring on my 2 HP Laptop Probook 450s and 2 EliteDesk 800 G1s. They are came with Windows 7 Pro preloaded. The appcrash is mainly ntdll.dll but I also get StackHash_xxxx as well.


I have tried to remove all of the unnecessary HP software that came with them and they are all up to date using Windows Update.


So far I have disabled all non Microsoft context menus (both 32 and 64bit) using ShellExView but unfortunately that did not work.


Version=1
EventType=APPCRASH
EventTime=130797371075459691
ReportType=2
Consent=1
ReportIdentifier=5624ffcb-1b77-11e5-ba21-a45d36d138ad
IntegratorReportIdentifier=5624ffca-1b77-11e5-ba21-a45d36d138ad
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=explorer.exe
Sig[1].Name=Application Version
Sig[1].Value=6.1.7601.17567
Sig[2].Name=Application Timestamp
Sig[2].Value=4d672ee4
Sig[3].Name=Fault Module Name
Sig[3].Value=ntdll.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=6.1.7601.18247
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=521eaf24
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=0000000000053290
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=2057
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=e147
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=e1475feb4550eb2e2e57a2009d7d42ba
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=731d
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=731d7f6b5424145d419e2038cdb3a9be
UI[2]=C:\Windows\explorer.exe
UI[3]=Windows Explorer has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Windows\explorer.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[5]=C:\Windows\system32\msvcrt.dll
LoadedModule[6]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[7]=C:\Windows\system32\RPCRT4.dll
LoadedModule[8]=C:\Windows\system32\GDI32.dll
LoadedModule[9]=C:\Windows\system32\USER32.dll
LoadedModule[10]=C:\Windows\system32\LPK.dll
LoadedModule[11]=C:\Windows\system32\USP10.dll
LoadedModule[12]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[13]=C:\Windows\system32\SHELL32.dll
LoadedModule[14]=C:\Windows\system32\ole32.dll
LoadedModule[15]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[16]=C:\Windows\system32\EXPLORERFRAME.dll
LoadedModule[17]=C:\Windows\system32\DUser.dll
LoadedModule[18]=C:\Windows\system32\DUI70.dll
LoadedModule[19]=C:\Windows\system32\IMM32.dll
LoadedModule[20]=C:\Windows\system32\MSCTF.dll
LoadedModule[21]=C:\Windows\system32\UxTheme.dll
LoadedModule[22]=C:\Windows\system32\POWRPROF.dll
LoadedModule[23]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[24]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[25]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[26]=C:\Windows\system32\dwmapi.dll
LoadedModule[27]=C:\Windows\system32\slc.dll
LoadedModule[28]=C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll
LoadedModule[29]=C:\Windows\system32\Secur32.dll
LoadedModule[30]=C:\Windows\system32\SSPICLI.DLL
LoadedModule[31]=C:\Windows\system32\PROPSYS.dll
LoadedModule[32]=C:\Windows\system32\WINSTA.dll
LoadedModule[33]=C:\Windows\system32\CRYPTBASE.dll
LoadedModule[34]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
LoadedModule[35]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[36]=C:\Windows\system32\CRYPTSP.dll
LoadedModule[37]=C:\Windows\system32\rsaenh.dll
LoadedModule[38]=C:\Windows\system32\RpcRtRemote.dll
LoadedModule[39]=C:\Windows\system32\actxprxy.dll
LoadedModule[40]=C:\Windows\system32\SXS.DLL
LoadedModule[41]=C:\Windows\system32\WindowsCodecs.dll
LoadedModule[42]=C:\Windows\system32\apphelp.dll
LoadedModule[43]=C:\Windows\system32\msiltcfg.dll
LoadedModule[44]=C:\Windows\system32\VERSION.dll
LoadedModule[45]=C:\Windows\system32\msi.dll
LoadedModule[46]=C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll
LoadedModule[47]=C:\Windows\system32\MSVCR110.dll
LoadedModule[48]=C:\Windows\system32\MSVCP110.dll
LoadedModule[49]=C:\Program Files\Hewlett-Packard\HP Trust Circles\tbblw.dll
LoadedModule[50]=C:\Windows\system32\CRYPT32.dll
LoadedModule[51]=C:\Windows\system32\MSASN1.dll
LoadedModule[52]=C:\Windows\system32\mfc110u.dll
LoadedModule[53]=C:\Windows\system32\profapi.dll
LoadedModule[54]=C:\Windows\system32\EhStorShell.dll
LoadedModule[55]=C:\Windows\System32\cscui.dll
LoadedModule[56]=C:\Windows\System32\CSCDLL.dll
LoadedModule[57]=C:\Windows\system32\CSCAPI.dll
LoadedModule[58]=C:\Windows\system32\ntshrui.dll
LoadedModule[59]=C:\Windows\system32\srvcli.dll
LoadedModule[60]=C:\Windows\system32\msls31.dll
LoadedModule[61]=C:\Windows\system32\xmllite.dll
LoadedModule[62]=C:\Program Files\Internet Explorer\ieproxy.dll
LoadedModule[63]=C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
LoadedModule[64]=C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
LoadedModule[65]=C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
LoadedModule[66]=C:\Windows\system32\ntmarta.dll
LoadedModule[67]=C:\Windows\system32\WLDAP32.dll
LoadedModule[68]=C:\Windows\system32\thumbcache.dll
LoadedModule[69]=C:\Windows\system32\PSAPI.DLL
LoadedModule[70]=C:\Windows\system32\SHDOCVW.dll
LoadedModule[71]=C:\Windows\system32\ieframe.DLL
LoadedModule[72]=C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
LoadedModule[73]=C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
LoadedModule[74]=C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
LoadedModule[75]=C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
LoadedModule[76]=C:\Windows\system32\normaliz.DLL
LoadedModule[77]=C:\Windows\system32\iertutil.dll
LoadedModule[78]=C:\Windows\system32\urlmon.dll
LoadedModule[79]=C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
LoadedModule[80]=C:\Windows\system32\WININET.dll
LoadedModule[81]=C:\Windows\system32\USERENV.dll
LoadedModule[82]=C:\Windows\system32\IconCodecService.dll
LoadedModule[83]=C:\Windows\system32\MPR.dll
LoadedModule[84]=C:\Windows\system32\wkscli.dll
LoadedModule[85]=C:\Windows\system32\netutils.dll
LoadedModule[86]=C:\Windows\system32\WINMM.dll
LoadedModule[87]=C:\Windows\system32\NetworkExplorer.dll
LoadedModule[88]=C:\Windows\system32\WINTRUST.dll
LoadedModule[89]=C:\Windows\system32\LINKINFO.dll
LoadedModule[90]=C:\Windows\system32\NetworkItemFactory.dll
LoadedModule[91]=C:\Windows\System32\StructuredQuery.dll
LoadedModule[92]=C:\Windows\system32\dtsh.dll
LoadedModule[93]=C:\Windows\system32\FirewallAPI.dll
LoadedModule[94]=C:\Windows\System32\npmproxy.dll
LoadedModule[95]=C:\Windows\system32\FunDisc.dll
LoadedModule[96]=C:\Windows\system32\ATL.DLL
LoadedModule[97]=C:\Windows\System32\msxml6.dll
LoadedModule[98]=C:\Windows\system32\fdproxy.dll
LoadedModule[99]=C:\Windows\System32\fdwcn.dll
LoadedModule[100]=C:\Windows\System32\wcnapi.dll
LoadedModule[101]=C:\Windows\system32\fdWNet.dll
LoadedModule[102]=C:\Windows\system32\IPHLPAPI.DLL
LoadedModule[103]=C:\Windows\system32\NSI.dll
LoadedModule[104]=C:\Windows\system32\WINNSI.DLL
LoadedModule[105]=C:\Windows\system32\WS2_32.dll
LoadedModule[106]=C:\Windows\system32\dfscli.dll
LoadedModule[107]=C:\Windows\system32\browcli.dll
LoadedModule[108]=C:\Windows\system32\mswsock.dll
LoadedModule[109]=C:\Windows\system32\DNSAPI.dll
LoadedModule[110]=C:\Windows\system32\rasadhlp.dll
LoadedModule[111]=C:\Windows\system32\dhcpcsvc6.DLL
LoadedModule[112]=C:\Windows\system32\dhcpcsvc.DLL
LoadedModule[113]=C:\Windows\system32\SearchFolder.dll
LoadedModule[114]=C:\Windows\system32\samcli.dll
LoadedModule[115]=C:\Windows\system32\SAMLIB.dll
LoadedModule[116]=C:\Windows\system32\MMDevAPI.DLL
LoadedModule[117]=C:\Windows\system32\wdmaud.drv
LoadedModule[118]=C:\Windows\system32\ksuser.dll
LoadedModule[119]=C:\Windows\system32\AVRT.dll
LoadedModule[120]=C:\Windows\system32\AUDIOSES.DLL
LoadedModule[121]=C:\Windows\system32\msacm32.drv
LoadedModule[122]=C:\Windows\system32\MSACM32.dll
LoadedModule[123]=C:\Windows\system32\midimap.dll
LoadedModule[124]=C:\Windows\system32\NLAapi.dll
LoadedModule[125]=C:\Windows\System32\cscobj.dll
LoadedModule[126]=C:\Windows\system32\Cabinet.dll
LoadedModule[127]=C:\Windows\system32\tquery.dll
LoadedModule[128]=C:\Windows\System32\drprov.dll
LoadedModule[129]=C:\Windows\System32\ntlanman.dll
LoadedModule[130]=C:\Windows\System32\davclnt.dll
LoadedModule[131]=C:\Windows\System32\DAVHLPR.dll
LoadedModule[132]=C:\Windows\system32\prnfldr.dll
LoadedModule[133]=C:\Windows\system32\WINSPOOL.DRV
LoadedModule[134]=C:\Windows\System32\wshtcpip.dll
LoadedModule[135]=C:\Windows\System32\wship6.dll
LoadedModule[136]=C:\Program Files\Bonjour\mdnsNSP.dll
LoadedModule[137]=C:\Windows\System32\fwpuclnt.dll
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Windows Explorer
AppPath=C:\Windows\explorer.exe


I installed WinDbg but I can't seem to determine where the error is coming from. Output as follows:


Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Temp\20150625_crashdump\explorer.exe.1808.dmp]
User Mini Dump File with Full Memory: Only application data is available


************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Thu Jun 25 16:18:56.000 2015 (UTC - 4:00)
System Uptime: 0 days 0:58:36.154
Process Uptime: 0 days 0:18:15.000
................................................................
................................................................
..........
Loading unloaded module list
.....................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(710.11c0): Access violation - code c0000005 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00000000`76e0186a c3 ret
0:002> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** ERROR: Symbol file could not be found. Defaulted to export symbols for tbblw.dll -

FAULTING_IP:
ntdll!RtlFreeHeap+d0
00000000`76e03290 4c8b6308 mov r12,qword ptr [rbx+8]

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000076e03290 (ntdll!RtlFreeHeap+0x00000000000000d0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000008a5de812578
Attempt to read from address 000008a5de812578

CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000c0000001 rbx=0000000001fed350 rcx=0000000002030000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000002
rip=0000000076e0186a rsp=0000000001fed218 rbp=0000000000000002
r8=0000000001fec938 r9=0000000001fecaa0 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=0000000001fed2c0
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0xa:
00000000`76e0186a c3 ret

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000008a5de812578

READ_ADDRESS: 000008a5de812578

FOLLOWUP_IP:
ntdll!RtlFreeHeap+d0
00000000`76e03290 4c8b6308 mov r12,qword ptr [rbx+8]

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

APP: explorer.exe

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER: from 000007fefcf58f6b to 0000000076e03290

ADDITIONAL_DEBUG_TEXT: Enable Pageheap/AutoVerifer ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

FAULTING_THREAD: 00000000000011c0

DEFAULT_BUCKET_ID: HEAP_CORRUPTION

PRIMARY_PROBLEM_CLASS: HEAP_CORRUPTION

BUGCHECK_STR: APPLICATION_FAULT_HEAP_CORRUPTION_HEAP_CORRUPTION_INVALID_POINTER_READ

STACK_TEXT:
00000000`00000000 00000000`00000000 heap_corruption!heap_corruption+0x0


STACK_COMMAND: .ecxr ; kb ; ** Pseudo Context ** ; kb

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: heap_corruption!heap_corruption

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: heap_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: HEAP_CORRUPTION_c0000005_heap_corruption!heap_corruption

BUCKET_ID: X64_APPLICATION_FAULT_HEAP_CORRUPTION_HEAP_CORRUPTION_INVALID_POINTER_READ_heap_corruption!heap_corruption

IMAGE_NAME: heap_corruption

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:heap_corruption_c0000005_heap_corruption!heap_corruption

FAILURE_ID_HASH: {bc3c2f6a-a6b5-6b17-b904-78ea927f7380}

Followup: MachineOwner
---------

0:002> lmvm explorer
start end module name
00000000`ffae0000 00000000`ffda0000 explorer (pdb symbols) c:\symcache\explorer.pdb\A1D0A380BD3C489DB80F0E8273C9719A2\explorer.pdb
Loaded symbol image file: explorer.exe
Image path: C:\Windows\explorer.exe
Image name: explorer.exe
Timestamp: Fri Feb 25 00:24:04 2011 (4D672EE4)
CheckSum: 002C8AF6
ImageSize: 002C0000
File version: 6.1.7601.17567
Product version: 6.1.7601.17567
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: explorer
OriginalFilename: EXPLORER.EXE
ProductVersion: 6.1.7601.17567
FileVersion: 6.1.7601.17567 (win7sp1_gdr.110224-1502)
FileDescription: Windows Explorer
LegalCopyright: © Microsoft Corporation. All rights reserved.
0:002> lmvm ntdll
start end module name
00000000`76db0000 00000000`76f59000 ntdll (pdb symbols) c:\symcache\ntdll.pdb\9D04EB0AA387494FBD81ED062072B99C2\ntdll.pdb
Loaded symbol image file: ntdll.dll
Image path: C:\Windows\System32\ntdll.dll
Image name: ntdll.dll
Timestamp: Wed Aug 28 22:17:08 2013 (521EAF24)
CheckSum: 001A875F
ImageSize: 001A9000
File version: 6.1.7601.18247
Product version: 6.1.7601.18247
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntdll.dll
OriginalFilename: ntdll.dll
ProductVersion: 6.1.7601.18247
FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
FileDescription: NT Layer DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.


If more output is needed from the dump just let me know what command to run. Any ideas what is causing the errors?

Thanks in advance!

Continue reading...
 
You must log in or register to reply here.

Similar threads

Y
1008 Microsoft-Windows-Perflib S-1-5-18 N/A Warning Error in open procedure "BITS" in DLL "C:\Windows\System32\bitsperf.dll"
Replies
0
Views
7
Yasin Gencer
Y
T
missing dll
Replies
0
Views
20
tuan anh1
T
M
APPCRASH clr.dll (Windows Server 2012 R2)
Replies
0
Views
14
MicheleMancinelli
M
C
[AppCrash] Geometry Dash not working
Replies
0
Views
17
Cintagram
C
C
[AppCrash] Geometry Dash not working
Replies
0
Views
14
Cintagram
C
Back
Top