Hi all,
I have a big Problem with Explorercrashes on a few PCs.
First i import a Regfile on those PCs which creates a Dump-File on C:\ when the Explorer crash.
I opend it with the Windows Debugging Tools WinDbg an used the Command "!analyze -v"
The only thing i can see was the "hccutils.dll" and the Shellextension:GraphicShellExt Class (igfxpph Module)
was one of the Problems.
I fixed the Problem with the Explorer Crashes on 3 of 4 PCs by renaming the "hccutils.dll" and disabling "GraphicShellExtClass (igfxpph Module)". I also deleted the"Intel Common User Interface" from the startup Programms.
I'm not able to see any problem in the new Dump-File on the last machine. The explorer continues crashing.
here is the post of the *.dmp File:
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
APPLICATION_VERIFIER_LOCK_IN_UNLOADED_DLL (201)
Unloading dll containing active critical section.
This stop is generated if a DLL has a global variable containing a critical section
and the DLL is unloaded but the critical section has not been deleted. To debug
this stop use the following debugger commands:
> du parameter3 - to dump the name of the culprit DLL.
> .reload dllname or .reload dllname = parameter4 - to reload the symbols for that DLL.
> !cs -s parameter1 - dump information about this critical section.
> ln parameter1 - to show symbols near the address of the critical section.
This should help identify the leaked critical section.
> dds parameter2 - to dump the stack trace for this critical section initialization.
Arguments:
Arg1: 000000001745b2c0, Critical section address
Arg2: 00000000004aa160, Critical section initialization stack trace
Arg3: 000000002c2f1958, DLL name address
Arg4: 0000000017430000, DLL base address
FAULTING_IP:
verifier!VerifierStopMessageEx+6fb
000007fe`f59aae03 cc int 3
EXCEPTION_RECORD: ffffffffffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 000007fef59aae03 (verifier!VerifierStopMessageEx+0x00000000000006fb)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
BUGCHECK_STR: AVRF_201
PROCESS_NAME: explorer.exe
OVERLAPPED_MODULE: wpdshext
CRITICAL_SECTION: 000000001745b2c0 (!cs -s 000000001745b2c0)
IMAGE_NAME: KERNELBASE.dll
FAULTING_MODULE: 0000000017430000
DEFAULT_BUCKET_ID: CORRUPT_MODULELIST_OVERLAPPED_MODULE
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 000007fef59b56d0 to 000007fef59aae03
STACK_TEXT:
00000000`174ee050 000007fe`f59b56d0 : 00000000`018e1000 00000000`018e1000 00000000`1745b2c0 00000000`004aa160 : verifier!VerifierStopMessageEx+0x6fb
00000000`174ee3a0 000007fe`f59b2f70 : 00000000`2c2f1958 00000000`00000002 00000000`17430000 00000000`00097000 : verifier!AVrfpFreeMemLockChecks+0xf0
00000000`174ee400 000007fe`f59b3b43 : 00000000`17430000 00000000`174ef3f0 00000000`773dd5b0 00000000`0c08c070 : verifier!AVrfpFreeMemNotify+0x38
00000000`174ee430 00000000`77374347 : 00000000`00000000 00000000`174ef3f0 00000000`2c3082b0 00000000`607394f3 : verifier!AVrfpDllUnloadCallback+0x3f
00000000`174ee880 00000000`773035c4 : 00000000`00000000 00000000`2c3082b0 00000000`174ef3f0 00000000`2c3082b0 : ntdll!AVrfDllUnloadNotification+0x97
00000000`174ee8b0 00000000`772c3b5a : 00000000`0cbe0000 00000000`174eea10 00000000`00000000 00000000`2c0a13c0 : ntdll!LdrpUnloadDll+0x628
00000000`174ee9d0 000007fe`fda02dd5 : 00000000`0cbe0000 00000000`2c1da700 00000000`00000000 00000000`00000000 : ntdll!LdrUnloadDll+0x4a
00000000`174eea00 000007fe`fe62e6f8 : 00000000`02b52730 00000000`174ef3f8 000007fe`fe7e75e0 000007fe`fe62e570 : KERNELBASE!FreeLibrary+0x1d
00000000`174eea30 000007fe`fe62e373 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`2c67a300 : ole32!CClassCache::CDllPathEntry::CFinishObject::Finish+0x28
00000000`174eea60 000007fe`fe632389 : 000007fe`fe7e75e0 00000000`02b52730 00000000`02b52730 00000000`174eeab0 : ole32!CClassCache::CFinishComposite::Finish+0x46
00000000`174eea90 000007fe`fe6322d0 : 00000000`0c6ff200 00000000`00000001 00000000`00000080 00000000`00000001 : ole32!CClassCache::CleanUpDllsForApartment+0xa5
00000000`174ef450 000007fe`fe632178 : 00000000`0c6ff200 00000000`00000000 00000000`00000000 00000000`00000001 : ole32!FinishShutdown+0xa7
00000000`174ef4e0 000007fe`fe632524 : 00000000`0c6ff200 00000000`0c6ff200 00000000`00000000 000007ff`fffa0000 : ole32!ApartmentUninitialize+0x70
00000000`174ef530 000007fe`fe63133a : 00000000`0c6ff200 00000000`0c6ff200 00000000`00000000 00000000`02af69b8 : ole32!wCoUninitialize+0x1af
00000000`174ef560 000007fe`f59ba303 : 00000000`0c723380 00000000`0c6ff200 000007ff`fffa0000 00000000`0c723380 : ole32!CoUninitialize+0xa2
00000000`174ef590 000007fe`fe8c2ec0 : 00000000`0c723380 00000000`0c723380 00000000`00000000 00000000`02af69b8 : verifier!AVrfpCoUninitialize+0x1b
00000000`174ef5c0 000007fe`fde73843 : 00000000`00000000 00000001`00000000 00000000`02ad13d0 00000000`02af69b8 : shell32!CShellTaskThread::s_ThreadProc+0x28
00000000`174ef5f0 00000000`772c15db : 00000000`2bf728a0 00000000`2bf728a0 00007f0d`5f05f459 00000000`00000004 : shlwapi!ExecuteWorkItemThreadProc+0xf
00000000`174ef620 00000000`772c0c56 : 00000000`00000000 00000000`2bf72810 00000000`02ad13d0 00000000`0c6f40e8 : ntdll!RtlpTpWorkCallback+0x16b
00000000`174ef700 00000000`76f359ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5ff
00000000`174efa00 00000000`772cc541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`174efa30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
FOLLOWUP_IP:
KERNELBASE!FreeLibrary+1d
000007fe`fda02dd5 85c0 test eax,eax
SYMBOL_STACK_INDEX: 7
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: KERNELBASE!FreeLibrary+1d
MODULE_NAME: KERNELBASE
DEBUG_FLR_IMAGE_TIMESTAMP: 51fb1677
STACK_COMMAND: .ecxr ; kb
FAILURE_BUCKET_ID: X64_AVRF_201_IMAGE_KERNELBASE.dll_DATE_8_2_2013
BUCKET_ID: X64_AVRF_201_IMAGE_KERNELBASE.dll_DATE_8_2_2013
Followup: MachineOwner
---------