I need a command better than !analyze -v

[maki]

Why WinDbg doesn't show the actual file causing the problem with random crash explorer after eg opening any folder root drive. I know once a man gave a better command that ALWAYS showed the real file causing the problem. SFC indicates System is 100% integral CHKDSK /V (VERBOSE) /F /R also shows disks are ALWAYS OK (HDD / SSD)

This file is verified to be 100% good by SFC and other tools!
EXPLORERFRAME.dll
This is not a real problem file because even Windows shows "unknown" (module) in the log





Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\LocalDumps\explorer.exe.1248.dmp]
User Mini Dump File with Full Memory: Only application data is available

Symbol search path is: srv*
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Tue Aug 31 04:35:23.000 2021 (UTC + 2:00)
System Uptime: 0 days 21:21:00.546
Process Uptime: 0 days 20:58:02.000
................................................................
................................................................
..
Loading unloaded module list
................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(4e0.2adc): Access violation - code c0000005 (first/second chance not available)
For analysis of this file, run !analyze -v
ntdll!ZwWaitForMultipleObjects+0xa:
00000000`77bd9d5a c3 ret
0:007> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************


KEY_VALUES_STRING: 1

Key : AV.Fault
Value: Execute

Key : Analysis.CPU.Sec
Value: 1

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on MAKI

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 1

Key : Analysis.Memory.CommitPeak.Mb
Value: 143

Key : Analysis.System
Value: CreateObject

Key : Timeline.OS.Boot.DeltaSec
Value: 76860

Key : Timeline.Process.Start.DeltaSec
Value: 75482


NTGLOBALFLAG: 2000000

APPLICATION_VERIFIER_FLAGS: 0

APPLICATION_VERIFIER_LOADED: 1

CONTEXT: (.ecxr)
rax=000000000801f720 rbx=0000000000000000 rcx=0000000000020d92
rdx=000000000000c348 rsi=0000000000000001 rdi=0000000000000000
rip=00000000120c0fd8 rsp=000000000801f6b8 rbp=000000001853de70
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=000000000000c348
r14=0000000001b52df8 r15=0000000000020d92
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
00000000`120c0fd8 ?? ???
Resetting default scope

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00000000120c0fd8
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 00000000120c0fd8
Attempt to execute non-executable address 00000000120c0fd8

PROCESS_NAME: explorer.exe

EXECUTE_ADDRESS: 120c0fd8

FAILED_INSTRUCTION_ADDRESS:
+0
00000000`120c0fd8 ?? ???

ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000008

EXCEPTION_PARAMETER2: 00000000120c0fd8

IP_ON_HEAP: 00000000120c0fd8

IP_IN_FREE_BLOCK: 120c0fd8

STACK_TEXT:
00000000`0801f6b8 00000000`77a89861 : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000030 : 0x120c0fd8
00000000`0801f6c0 00000000`77a89572 : 00000000`0801f830 00000000`120c0fd8 000007fe`dc00c550 00000000`051a27a0 : user32!UserCallWinProcCheckWow+0x1ad
00000000`0801f780 000007fe`dbed0914 : 00000000`1853de04 00000000`1853de04 00000000`120c0fd8 00000000`00000000 : user32!DispatchMessageWorker+0x3b5
00000000`0801f800 000007fe`dbed4d89 : 00000000`1853de70 00000000`00000006 00000000`00000000 00000000`00000000 : EXPLORERFRAME!CExplorerFrame::FrameMessagePump+0x436
00000000`0801f880 000007fe`dbed54fb : 00000000`1853de70 00000000`24d13ea0 00000000`00000000 00000000`00000000 : EXPLORERFRAME!BrowserThreadProc+0x180
00000000`0801f900 000007fe`dbed5492 : 115008ec`00000001 00000000`0d1cefb0 00000000`0801f9f8 000007fe`fd783f40 : EXPLORERFRAME!BrowserNewThreadProc+0x53
00000000`0801f930 000007fe`dbecbe90 : 00000000`13614f00 00000000`02438f60 00000000`00000000 00000000`000001c8 : EXPLORERFRAME!CExplorerTask::InternalResumeRT+0x12
00000000`0801f960 000007fe`ff12f0b7 : 80000000`01000000 00000000`0801f9f0 ffffffff`fffffffe 00000000`00000009 : EXPLORERFRAME!CRunnableTask::Run+0xda
00000000`0801f990 000007fe`ff12eff7 : 00000000`13614ff0 00000000`136ddf90 ffffffff`fffffffe 000007fe`fe0ae734 : shell32!CShellTask::TT_Run+0x124
00000000`0801f9c0 000007fe`ff132cb6 : 00000000`13614ff0 00000000`13614ff0 00000000`00000000 00000000`00000010 : shell32!CShellTaskThread::ThreadProc+0xd0
00000000`0801fa60 000007fe`fdfac71e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x26
00000000`0801fa90 00000000`7796556d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shlwapi!WrapperThreadProc+0x19b
00000000`0801fb90 00000000`77bc372d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0801fbc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


SYMBOL_NAME: explorerframe!CExplorerFrame::FrameMessagePump+436

MODULE_NAME: EXPLORERFRAME

IMAGE_NAME: EXPLORERFRAME.dll

STACK_COMMAND: ~7s ; .ecxr ; kb

FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_AVRF_c0000005_EXPLORERFRAME.dll!CExplorerFrame::FrameMessagePump

OSPLATFORM_TYPE: x64

OSNAME: Windows 7

FAILURE_ID_HASH: {345374cc-d70f-27f7-3b52-1c2def41b870}

Followup: MachineOwner
---------

 

[axe0]

The verbose analysis is the first thing to run, but it's not the only thing.

What makes you think it's most definitely always a file and not something else causing this?

 

[x BlueRobot]

I would attempt to try and trace what is causing the issue here. It's most likely a third-party program calling into that .dll, are you running Application Verifier?

 

[maki]

~Perhaps the cause is with other programs. But I only use the most popular software from famous companies that most users use. They are necessary for everyday work, be it text editors or ESET antivirus, OR A PROGRAM FOR UNPACKING ARCHIVES or opening PDF. Even if I turn it off, an Explorer error will occasionally occur which creates huge DUMP files and only shortens the SSD's lifespan, because the continuous writing of large files shortens their lifespan!
Why would I turn everything off and still see others problems (Eg Needed services?)? I don't think I've ever had such errors as with this unfortunate Explorer.EXE.

 

[maki]

Are any of these popular applications causing the explorer problem?
Are there any known issues?

 

[xilolee]

Maybe DAP.

 

[x BlueRobot]

I don't know, I'm not sure why you don't attempt to get a trace using Process Monitor and see what is happening around the time of the crash. Is there a pattern to the error messages?

 

[maki]

Report for explorer.exe.1248.dmp​

Spoiler

Type of Analysis Performed	Combined Crash/Hang Analysis
Machine Name	MAKI
Operating System	Windows 7Service Pack 1
Number Of Processors	4
Process ID	1248
Process Image	C:\Windows\explorer.exe
Command Line	C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
System Up-Time	21:21:00
Process Up-Time	20:58:02
Processor Type	X64
Process Bitness	64-Bit

Top 5 Threads by CPU time​

Note- Times include both user mode and kernel mode for each thread

Thread ID: 2	Total CPU Time: 00:00:24.117	Entry Point for Thread: shlwapi!WrapperThreadProc
Thread ID: 8	Total CPU Time: 00:00:22.620	Entry Point for Thread: shlwapi!WrapperThreadProc
Thread ID: 7	Total CPU Time: 00:00:10.717	Entry Point for Thread: shlwapi!WrapperThreadProc
Thread ID: 12	Total CPU Time: 00:00:00.764	Entry Point for Thread: shlwapi!WrapperThreadProc
Thread ID: 14	Total CPU Time: 00:00:00.218	Entry Point for Thread: ntdll!TppWorkerThread

CLR Information​

Thread Report​

• Thread 10
• 11
• 14
• 15
• 16

5 Threads (25% of all threads) have this same call stack.
Note: Grouping of identical threads can be disabled in the 'Preferences' tab of the Analysis Options

Thread 10 - System ID 5632​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:33:40
Time spent in user mode	0 Days 00:00:00.062
Time spent in kernel mode	0 Days 00:00:00.078

Thread 11 - System ID 13188​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:35:06
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.015

Thread 14 - System ID 10116​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:35:06
Time spent in user mode	0 Days 00:00:00.140
Time spent in kernel mode	0 Days 00:00:00.078

Thread 15 - System ID 8872​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:35:07
Time spent in user mode	0 Days 00:00:00.156
Time spent in kernel mode	0 Days 00:00:00.031

Thread 16 - System ID 9632​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:35:07
Time spent in user mode	0 Days 00:00:00.156
Time spent in kernel mode	0 Days 00:00:00.015

ntdll!ZwWaitForMultipleObjects+a
KERNELBASE!WaitForMultipleObjectsEx+e8
kernel32!WaitForMultipleObjectsExImplementation+b3
user32!RealMsgWaitForMultipleObjectsEx+12a
user32!MsgWaitForMultipleObjectsEx+46
user32!MsgWaitForMultipleObjects+20
shell32!CShellTaskScheduler::_TT_MsgWaitForMultipleObjects+51
shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating+ac
shell32!CShellTaskThread::ThreadProc+152
shell32!CShellTaskThread::s_ThreadProc+26
shlwapi!ExecuteWorkItemThreadProc+f
ntdll!RtlpTpWorkCallback+16b
ntdll!TppWorkerThread+6f7
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

• Thread 2
• 8
• 12

3 Threads (15% of all threads) have this same call stack.
Note: Grouping of identical threads can be disabled in the 'Preferences' tab of the Analysis Options

Thread 2 - System ID 7196​

Entry point	shlwapi!WrapperThreadProc
Create time	30-08-21 07:37:21
Time spent in user mode	0 Days 00:00:17.113
Time spent in kernel mode	0 Days 00:00:07.004

Thread 8 - System ID 12332​

Entry point	shlwapi!WrapperThreadProc
Create time	30-08-21 22:55:59
Time spent in user mode	0 Days 00:00:16.146
Time spent in kernel mode	0 Days 00:00:06.474

Thread 12 - System ID 10896​

Entry point	shlwapi!WrapperThreadProc
Create time	31-08-21 04:35:06
Time spent in user mode	0 Days 00:00:00.530
Time spent in kernel mode	0 Days 00:00:00.234

ntdll!ZwWaitForMultipleObjects+a
KERNELBASE!WaitForMultipleObjectsEx+e8
kernel32!WaitForMultipleObjectsExImplementation+b3
user32!RealMsgWaitForMultipleObjectsEx+12a
duser!CoreSC::Wait+62
duser!CoreSC::WaitMessage+6f
duser!MphWaitMessageEx+5c
user32!_ClientWaitMessageExMPH+1a
ntdll!KiUserCallbackDispatcherContinue
user32!ZwUserWaitMessage+a
EXPLORERFRAME!CExplorerFrame::FrameMessagePump+468
EXPLORERFRAME!BrowserThreadProc+180
EXPLORERFRAME!BrowserNewThreadProc+53
EXPLORERFRAME!CExplorerTask::InternalResumeRT+12
EXPLORERFRAME!CRunnableTask::Run+da
shell32!CShellTask::TT_Run+124
shell32!CShellTaskThread::ThreadProc+d0
shell32!CShellTaskThread::s_ThreadProc+26
shlwapi!WrapperThreadProc+19b
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

• Thread 17
• 19

2 Threads (10% of all threads) have this same call stack.
Note: Grouping of identical threads can be disabled in the 'Preferences' tab of the Analysis Options

Thread 17 - System ID 9332​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:35:07
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

Thread 19 - System ID 4084​

Entry point	ntdll!TppWorkerThread
Create time	31-08-21 04:35:07
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!ZwWaitForWorkViaWorkerFactory+a
ntdll!TppWorkerThread+304
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 0 - System ID 7268​

Entry point	explorer!wWinMainCRTStartup
Create time	30-08-21 07:37:21
Time spent in user mode	0 Days 00:00:00.078
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!ZwWaitForMultipleObjects+a
KERNELBASE!WaitForMultipleObjectsEx+e8
kernel32!WaitForMultipleObjectsExImplementation+b3
user32!RealMsgWaitForMultipleObjectsEx+12a
user32!MsgWaitForMultipleObjectsEx+46
user32!MsgWaitForMultipleObjects+20
EXPLORERFRAME!SHProcessMessagesUntilEventsEx+61
EXPLORERFRAME!CExplorerHostCreator::RunHost+69
explorer!wWinMain+519
explorer!DelayLoadFailureHook+208
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 1 - System ID 7920​

Entry point	ntdll!TppWaiterpThread
Create time	30-08-21 07:37:21
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!ZwWaitForMultipleObjects+a
ntdll!TppWaiterpThread+14d
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 3 - System ID 820​

Entry point	msvcrt!endthreadex+64
Create time	30-08-21 07:37:21
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!ZwWaitForMultipleObjects+a
KERNELBASE!WaitForMultipleObjectsEx+e8
kernel32!WaitForMultipleObjectsExImplementation+b3
user32!RealMsgWaitForMultipleObjectsEx+12a
user32!MsgWaitForMultipleObjectsEx+46
duser!CoreSC::Wait+6a
duser!CoreSC::xwProcessNL+ed
duser!GetMessageExA+7b
duser!ResourceManager::SharedThreadProc+e8
msvcrt!endthreadex+47
msvcrt!endthreadex+e0
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 4 - System ID 5884​

Entry point	shlwapi!WrapperThreadProc
Create time	30-08-21 07:37:21
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

user32!NtUserGetMessage+a
user32!GetMessageW+34
shell32!MessagePumpThreadProc+3e
shlwapi!WrapperThreadProc+19b
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 5 - System ID 2340​

Entry point	ole32!CRpcThreadCache::RpcWorkerThreadEntry
Create time	30-08-21 07:37:21
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!ZwWaitForSingleObject+a
KERNELBASE!WaitForSingleObjectEx+79
ole32!CDllHost::MTAWorkerLoop+23
ole32!CDllHost::WorkerThread+d0
ole32!CRpcThread::WorkerLoop+1e
ole32!CRpcThreadCache::RpcWorkerThreadEntry+1a
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 6 - System ID 10624​

Entry point	winmm!mciwindow
Create time	30-08-21 08:09:34
Time spent in user mode	0 Days 00:00:00.015
Time spent in kernel mode	0 Days 00:00:00.015

user32!NtUserGetMessage+a
user32!GetMessageA+c4
winmm!mciwindow+174
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 7 - System ID 10972​

Entry point	shlwapi!WrapperThreadProc
Create time	30-08-21 13:21:29
Time spent in user mode	0 Days 00:00:07.488
Time spent in kernel mode	0 Days 00:00:03.229

This thread is not fully resolved and may or may not be a problem. Further analysis of these threads may be required.

ntdll!ZwWaitForMultipleObjects+a
KERNELBASE!WaitForMultipleObjectsEx+e8
kernel32!WaitForMultipleObjectsExImplementation+b3
kernel32!WerpReportFaultInternal+215
kernel32!WerpReportFault+77
kernel32!BasepReportFault+1f
kernel32!UnhandledExceptionFilter+1fc
ntdll! ?? ::FNODOBFM::`string'+2025
ntdll!_C_specific_handler+8c
ntdll!RtlpExecuteHandlerForException+d
ntdll!RtlDispatchException+45a
ntdll!KiUserExceptionDispatcher+2e
0x120c0fd8
user32!UserCallWinProcCheckWow+1ad
user32!DispatchMessageWorker+3b5
EXPLORERFRAME!CExplorerFrame::FrameMessagePump+436
EXPLORERFRAME!BrowserThreadProc+180
EXPLORERFRAME!BrowserNewThreadProc+53
EXPLORERFRAME!CExplorerTask::InternalResumeRT+12
EXPLORERFRAME!CRunnableTask::Run+da
shell32!CShellTask::TT_Run+124
shell32!CShellTaskThread::ThreadProc+d0
shell32!CShellTaskThread::s_ThreadProc+26
shlwapi!WrapperThreadProc+19b
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 9 - System ID 9828​

Entry point	ntdll!EtwpNotificationThread
Create time	31-08-21 04:33:40
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!NtTraceControl+a
ntdll!EtwpNotificationThread+40
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 13 - System ID 8424​

Entry point	ole32!CRpcThreadCache::RpcWorkerThreadEntry
Create time	31-08-21 04:35:06
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!NtDelayExecution+a
KERNELBASE!SleepEx+ab
ole32!CROIDTable::WorkerThreadLoop+10
ole32!CRpcThread::WorkerLoop+1e
ole32!CRpcThreadCache::RpcWorkerThreadEntry+1a
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Thread 18 - System ID 11852​

Entry point	ole32!CRpcThreadCache::RpcWorkerThreadEntry
Create time	31-08-21 04:35:07
Time spent in user mode	0 Days 00:00:00.000
Time spent in kernel mode	0 Days 00:00:00.000

ntdll!ZwWaitForSingleObject+a
KERNELBASE!WaitForSingleObjectEx+79
ole32!CRpcThread::WorkerLoop+98
ole32!CRpcThreadCache::RpcWorkerThreadEntry+1a
kernel32!BaseThreadInitThunk+d
ntdll!RtlUserThreadStart+1d

Well-Known COM STA Threads Report​

STA Name​	Thread ID​	Thread Status​	Call Status​
Main STA​	0​	In-Call (bad symbols)​	​

Exception Information​

In explorer.exe.1248.dmp the Module C:\Windows\System32\KERNELBASE.dll has caused an access violation exception (0xC0000005) when trying to execute instructions from a non-executable address at memory location 0x120c0fd8 on thread 7

Module Information​
Image Name:	C:\Windows\System32\KERNELBASE.dll	Symbol Type:	PDB
Base address:	0x00000003`00905a4d	Time Stamp:	Fri Jan 03 04:36:29 2020
Checksum:	0x55000026`a7000000	Comments:
COM DLL:	False	Company Name:	Microsoft Corporation
ISAPIExtension:	False	File Description:	Windows NT BASE API Client DLL
ISAPIFilter:	False	File Version:	6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
Managed DLL:	False	Internal Name:	Kernelbase
VB DLL:	False	Legal Copyright:	© Microsoft Corporation. All rights reserved.
Loaded Image Name:	KERNELBASE.dll	Legal Trademarks:
Mapped Image Name:		Original filename:	Kernelbase
Module name:	KERNELBASE	Private Build:
Single Threaded:	False	Product Name:	Microsoft® Windows® Operating System
Module Size:	412 KBytes	Product Version:	6.1.7601.24545
Symbol File Name:	c:\symbols\kernelbase.pdb\B4560FC25D854BD5A2F73DC9FED50F992\kernelbase.pdb	Special Build:	&

 

[JoseIbarra]

When Windows Explorer (not Internet Explorer) is misbehaving (especially when right clicking), start to suspect third party Explorer extension add-ons. You may also see Data Execution Prevention (DEP) errors. DEP errors are reported when Windows feels threatened by a program and Windows will shut down the threatening program. Windows should never feel threatened by Windows Explorer (or Internet Explorer) unless some add-on is the cause.

Those would be Explorer extensions that do not belong to Microsoft. That means extensions that you added. Explorer extensions are usually okay and installing some applications will install Explorer extensions for you, give you a choice and sometimes they can be added without your knowledge when you install new software.

Explorer extensions are sometimes added as a new right click option you see on folders and files (like scan this file, open this file, play this song).

If there is a particular thing you do when Exploring that you know will cause the problem, that will help zero in on the problem and help you know for sure when you have found and fixed it.

If you can make it happen anytime you want, make an adjustment and then there is no message the next time you do whatever it is you do, you have found and fixed it.

First you need a way to see what Explorer add-ons you have installed now and a way to disable them (not uninstall them) so you can figure out which one is causing the problem. You may have lots of non Microsoft extensions installed you don't even know about.

Download ShellExView from here to see which Explorer extensions you have loaded:

ShellExView - Shell Extension Manager For Windows

ShellExView doesn't install anything on your computer, it just runs and displays.

After you launch ShellExView (double click shexview.exe) and acknowledge the security warning, adjust the column widths so you can see everything clearly. Under Options, choose to
"Mark Non-Microsoft Extensions" and the non Microsoft extensions will be in light pink, but on some systems that is a hard color to see, so click View, Choose Columns and move up
or move down the Microsoft column so it is closer to the top (Move Up) so you can see it on your screen without having to scroll left and right.

Next, click the column header called Microsoft (it may be way out on the right side of the screen) to sort the display (by clicking the Microsoft column header) so all the
non Microsoft extensions are at the top and easy to see. They will say "No" and be marked in pink since they are not Microsoft extensions, something like this:



The non Microsoft extensions would be things you have added (non Microsoft) and are what you need to be suspecting.

If you see extensions that do not have anything listed under Description, Product Name, Version, Company or have peculiar names that looks like they might be just random numbers and letters, you might want to look at those first.

You can also Google the name of a suspicious add-on and see if there are any hits regarding Explorer crashes or DEP errors and what other people have done about it.

You might Google something like:

<my-suspicious-add-on> windows explorer crashing

You have to fill in the name of your suspicious add on.

See what kind of search results hits you get and look for solutions or situations that sound like yours.

I am not a trial and error advocate, but I can't think of another way to do this...

Right click and disable the non Microsoft extensions one at a time (or perhaps in little groups of 3-5) keeping a list so you can enable them again later if desired. The result of the change is immediate
and no reboot is required. Test your (right click) failure condition. If Explorer starts to act normally, you will know that some extension you just disabled in that group of 3-5 is the culprit so
you can start to enable them one at a time until explorer fails again.

If you recognize any extensions that may have been added or downloaded recently, start with those first.

Disabling an extension does not uninstall the extension - it is just disabled. You can always enable it again later, so keep track of things by writing them down.

Disable them one at a time or in little groups (to make things go faster) until your right click does not generate an error, then reboot and test again to be sure.
That last extension you disabled would be the suspicious one.

You can also just disable all the non Microsoft extensions, reboot, test your failure condition and enable them one at a time until you find the one that generates the failure condition.

If you have a lot of extensions, you could disable them is little groups, 3-5 at a time instead of 1 at a time until your system starts to behave.
When it does behave, you will know that the problem is one of the extensions in that little group and you can enable those in the group one at a time until the problem comes back,
then the problem will be with the last extension you enabled.

The hope is that you will find the one extension that causes the problem and then you can figure out what to do about it - either uninstall it or see if you can get an update
from the maker of the extension from their web page.

I don't have your issue but I can when you disable/enable the extensions, the extension is immediately disabled, so disabling an extension does not seem to require a reboot but
if you think you found the problem, I would reboot and retest anyway to really be sure the problem is gone.

If you post up a list of your non Microsoft extensions, maybe someone will recognize it as a potential problem.

If you find the offending extension that is the problem, please let us know what it is so I can add it to my list!

 

[maki]

PerfAnalysis​

Spoiler

CLR Information​

Input Summary​

Alias	System Time	Process Up-Time	Relative Time	Dump Name
"Dump 1"	31-08-21 04:35:23	20:58:02		C:\LocalDumps\explorer.exe.1248.dmp

Report Legend​

Abstract​

This rule is designed to assist in the troubleshooting of performance issues by quickly narrowing the focus of investigation to the particular operation(s), threads(s), and/or function(s) of interest, which would otherwise be an extremely tedious task - particularly when manually reviewing a large number of dump files of a busy multithreaded application. It analyzes multiple dump files of a single process collected during the problem and provides profiler-style function statistcs by treating each dump as a data sample - so the more data samples available, the more accurate the results will be. Statistics are provided for the entire process as well as for various subsets or "rollups" (i.e. stats for only the top 5 threads sorted by cpu consumption, or only the top 5 ASP requests sorted by duration, etc.). Typically the statistics for a particular subset, rather than the entire process, are more helpful for identifying the root of the performance issue, since typically much of the process remains in a healthy state while only the subset contributes to the performance problem. In later releases, this rule may seek to identify particular known issues. In this release, the rule simply provides the user with the statistics to facilitate a faster review of multiple dump files.

Term	Description
Glossary​
Operation	A single logical unit of work performed by an application - for example, the execution of an ASP page (and any components invoked by the page). A logical operation may span across multiple threads and processes, though in the simple case it is executed on a single thread.
Hits	The number of times a particular function appears within a given scope. For example the scope might be a particular thread, a rollup of several high CPU threads, or all threads in the process.

Type	Description
Operation Types​
ASP	An incoming ASP request
ASP.NET	An incoming ASP.NET request (includes WebServices)
COM	An incoming COM call (includes COM+)
Unknown	None of the above (i.e. custom code)

Markup	Frame Type	Description
Stack Frame Notation​
blue	User Function	Functions in modules not belonging to the system (i.e. 3rd party)
blue italic	Top User Function - Local	One of the most frequent user functions in the particular operation or set of operations
red bold	Top User Function - Global	One of the most frequent user functions in all operations
red bold italic	Top User Function - Both	One of the most frequent user functions in both the particular operation(s), as well as in all operations
dark gray	System Function	Functions in modules belonging to the system
light gray	Boilerplate Function	Extremely common system functions which can generally be safely ignored

Performance Summary​

Statistical Rollups​

All Operations​

Tip: To search on any particular function in the list below, highlight it with the mouse then press CTRL+C, CTRL+F, CTRL+V. This will highlight all the call stacks which contain the particular function and allow you to jump between them in the browser.

All user functions in all operations (excludes system functions)​

0x120c0fd8

1 hits

Top 40 functions in all operations (includes system functions, excludes boiler-plate functions)

kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc ntdll!TppWorkerThread shlwapi!WrapperThreadProc shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback duser!CoreSC::Wait EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!SHProcessMessagesUntilEventsEx EXPLORERFRAME!CExplorerHostCreator::RunHost explorer!wWinMain explorer!DelayLoadFailureHook ntdll!TppWaiterpThread duser!CoreSC::xwProcessNL duser!GetMessageExA duser!ResourceManager::SharedThreadProc msvcrt!endthreadex user32!GetMessageW shell32!MessagePumpThreadProc ole32!CDllHost::MTAWorkerLoop user32!GetMessageA winmm!mciwindow 0x120c0fd8 kernel32!WerpReportFaultInternal kernel32!WerpReportFault kernel32!BasepReportFault kernel32!UnhandledExceptionFilter

20 hits 20 hits 9 hits 9 hits 7 hits 5 hits 5 hits 5 hits 5 hits 4 hits 4 hits 4 hits 4 hits 4 hits 4 hits 4 hits 3 hits 3 hits 3 hits 3 hits 3 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Performance Details​

Tip: To get a mile-high view of all the dumps, and easily find the hot-spots, zoom out to 10% in Internet Explorer by using 'CTRL -' or the 'Change Zoom Level' button at the far right of the status bar.

Thread 7268​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point explorer!wWinMainCRTStartup System ID 7268 (0x1C64) Create time 30-08-21 07:37:21 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjects EXPLORERFRAME!SHProcessMessagesUntilEventsEx EXPLORERFRAME!CExplorerHostCreator::RunHost explorer!wWinMain explorer!DelayLoadFailureHook kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.078 Kernel time 00:00:00 Back to Top​

Thread 7920​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWaiterpThread System ID 7920 (0x1EF0) Create time 30-08-21 07:37:21 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects ntdll!TppWaiterpThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 7196​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point shlwapi!WrapperThreadProc System ID 7196 (0x1C1C) Create time 30-08-21 07:37:21 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx duser!CoreSC::Wait duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:17.113 Kernel time 00:00:07.004 Back to Top​

Thread 820​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point msvcrt!endthreadex+64 System ID 820 (0x334) Create time 30-08-21 07:37:21 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx duser!CoreSC::Wait duser!CoreSC::xwProcessNL duser!GetMessageExA duser!ResourceManager::SharedThreadProc msvcrt!endthreadex msvcrt!endthreadex kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 5884​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point shlwapi!WrapperThreadProc System ID 5884 (0x16FC) Create time 30-08-21 07:37:21 Call Stacks Dump 1 user32!NtUserGetMessage user32!GetMessageW shell32!MessagePumpThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 2340​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ole32!CRpcThreadCache::RpcWorkerThreadEntry System ID 2340 (0x924) Create time 30-08-21 07:37:21 Call Stacks Dump 1 ntdll!ZwWaitForSingleObject KERNELBASE!WaitForSingleObjectEx ole32!CDllHost::MTAWorkerLoop ole32!CDllHost::WorkerThread ole32!CRpcThread::WorkerLoop ole32!CRpcThreadCache::RpcWorkerThreadEntry kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 10624​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point winmm!mciwindow System ID 10624 (0x2980) Create time 30-08-21 08:09:34 Call Stacks Dump 1 user32!NtUserGetMessage user32!GetMessageA winmm!mciwindow kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.015 Kernel time 00:00:00.015 Back to Top​

Thread 10972​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point shlwapi!WrapperThreadProc System ID 10972 (0x2ADC) Create time 30-08-21 13:21:29 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation kernel32!WerpReportFaultInternal kernel32!WerpReportFault kernel32!BasepReportFault kernel32!UnhandledExceptionFilter ntdll! ?? ::FNODOBFM::`string' ntdll!_C_specific_handler ntdll!RtlpExecuteHandlerForException ntdll!RtlDispatchException ntdll!KiUserExceptionDispatcher 0x120c0fd8 user32!UserCallWinProcCheckWow user32!DispatchMessageWorker EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:07.488 Kernel time 00:00:03.229 Back to Top​

Thread 12332​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point shlwapi!WrapperThreadProc System ID 12332 (0x302C) Create time 30-08-21 22:55:59 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx duser!CoreSC::Wait duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:16.146 Kernel time 00:00:06.474 Back to Top​

Thread 9828​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!EtwpNotificationThread System ID 9828 (0x2664) Create time 31-08-21 04:33:40 Call Stacks Dump 1 ntdll!NtTraceControl ntdll!EtwpNotificationThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 5632​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 5632 (0x1600) Create time 31-08-21 04:33:40 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjects shell32!CShellTaskScheduler::_TT_MsgWaitForMultipleObjects shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.062 Kernel time 00:00:00.078 Back to Top​

Thread 13188​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 13188 (0x3384) Create time 31-08-21 04:35:06 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjects shell32!CShellTaskScheduler::_TT_MsgWaitForMultipleObjects shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00.015 Back to Top​

Thread 10896​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point shlwapi!WrapperThreadProc System ID 10896 (0x2A90) Create time 31-08-21 04:35:06 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx duser!CoreSC::Wait duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.530 Kernel time 00:00:00.234 Back to Top​

Thread 8424​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ole32!CRpcThreadCache::RpcWorkerThreadEntry System ID 8424 (0x20E8) Create time 31-08-21 04:35:06 Call Stacks Dump 1 ntdll!NtDelayExecution KERNELBASE!SleepEx ole32!CROIDTable::WorkerThreadLoop ole32!CRpcThread::WorkerLoop ole32!CRpcThreadCache::RpcWorkerThreadEntry kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 10116​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 10116 (0x2784) Create time 31-08-21 04:35:06 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjects shell32!CShellTaskScheduler::_TT_MsgWaitForMultipleObjects shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.140 Kernel time 00:00:00.078 Back to Top​

Thread 8872​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 8872 (0x22A8) Create time 31-08-21 04:35:07 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjects shell32!CShellTaskScheduler::_TT_MsgWaitForMultipleObjects shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.156 Kernel time 00:00:00.031 Back to Top​

Thread 9632​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 9632 (0x25A0) Create time 31-08-21 04:35:07 Call Stacks Dump 1 ntdll!ZwWaitForMultipleObjects KERNELBASE!WaitForMultipleObjectsEx kernel32!WaitForMultipleObjectsExImplementation user32!RealMsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjectsEx user32!MsgWaitForMultipleObjects shell32!CShellTaskScheduler::_TT_MsgWaitForMultipleObjects shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00.156 Kernel time 00:00:00.015 Back to Top​

Thread 9332​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 9332 (0x2474) Create time 31-08-21 04:35:07 Call Stacks Dump 1 ntdll!ZwWaitForWorkViaWorkerFactory ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 11852​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ole32!CRpcThreadCache::RpcWorkerThreadEntry System ID 11852 (0x2E4C) Create time 31-08-21 04:35:07 Call Stacks Dump 1 ntdll!ZwWaitForSingleObject KERNELBASE!WaitForSingleObjectEx ole32!CRpcThread::WorkerLoop ole32!CRpcThreadCache::RpcWorkerThreadEntry kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Thread 4084​ General Operation Info Type System.Collections.Generic.Dictionary`2[System.Int32,System.String] Dumps present All dumps Elapsed Time (unknown) Thread Info Entry point ntdll!TppWorkerThread System ID 4084 (0xFF4) Create time 31-08-21 04:35:07 Call Stacks Dump 1 ntdll!ZwWaitForWorkViaWorkerFactory ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart User Time 00:00:00 Kernel time 00:00:00 Back to Top​

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

EXPLORERFRAME!SHProcessMessagesUntilEventsEx EXPLORERFRAME!CExplorerHostCreator::RunHost explorer!wWinMain explorer!DelayLoadFailureHook kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

ntdll!TppWaiterpThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

duser!CoreSC::Wait duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

duser!CoreSC::Wait duser!CoreSC::xwProcessNL duser!GetMessageExA duser!ResourceManager::SharedThreadProc msvcrt!endthreadex kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

user32!GetMessageW shell32!MessagePumpThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

ole32!CDllHost::MTAWorkerLoop kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

user32!GetMessageA winmm!mciwindow kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits

Function Stats​

All user functions in this operation (excludes system functions)​

0x120c0fd8

1 hits

All functions in this operation (includes system functions, excludes boiler-plate functions)

0x120c0fd8 kernel32!WerpReportFaultInternal kernel32!WerpReportFault kernel32!BasepReportFault kernel32!UnhandledExceptionFilter ntdll! ?? ::FNODOBFM::`string' ntdll!_C_specific_handler ntdll!RtlpExecuteHandlerForException ntdll!RtlDispatchException ntdll!KiUserExceptionDispatcher EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

duser!CoreSC::Wait duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

ntdll!NtTraceControl ntdll!EtwpNotificationThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

duser!CoreSC::Wait duser!CoreSC::WaitMessage duser!MphWaitMessageEx user32!_ClientWaitMessageExMPH ntdll!KiUserCallbackDispatcherContinue user32!ZwUserWaitMessage EXPLORERFRAME!CExplorerFrame::FrameMessagePump EXPLORERFRAME!BrowserThreadProc EXPLORERFRAME!BrowserNewThreadProc EXPLORERFRAME!CExplorerTask::InternalResumeRT EXPLORERFRAME!CRunnableTask::Run shell32!CShellTask::TT_Run shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!WrapperThreadProc kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

KERNELBASE!SleepEx ole32!CROIDTable::WorkerThreadLoop kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

shell32!CShellTaskScheduler::TT_TransitionThreadToRunningOrTerminating shell32!CShellTaskThread::ThreadProc shell32!CShellTaskThread::s_ThreadProc shlwapi!ExecuteWorkItemThreadProc ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits

Function Stats​

All functions in this operation (includes system functions, excludes boiler-plate functions)

ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!RtlUserThreadStart

1 hits 1 hits 1 hits

 

[maki]

The problem with Explorer is rare. Sometimes it doesn't happen for days, even when he's been working on the computer for many hours! and sometimes they appear more often. However, I tested such switching off and on for months and it is still unknown what causes these random but rare Explor failures. Poblem WILL NOT WORK THE RIGHT BUTTON, ONLY LEFT MOUSE BUTTON. The Explorator error most often occurs 1-2 times within 16 hours or 24 hours. (That is the whole day)

 

[maki]

The problem repeats and shows this process all the time (?)
ALWAYS show Code: 0x120c0fd8
But there is nothing on the search engine about this code.

 

[MichaelB]

Your way will not lead you to a solution
You should download and run ShellExView as explained,

JoseIbarra is right on how to catch the Problem.​

make a shot of shellexview an insert it into your next answer,

 

[maki]

Of course, but ShellExView won't tell you what's causing the problem.
It's just a tool for disabling some shells, not diagnosing the cause of the problem.
What if I turn everything off (!) And the problem does not occur?
Then I won't be able to use any menu additions in the system.
The system will be useless!
what if I turn off one by one and there are many of these shells. Will I have to test one supplement all day and all month long, test each shell day after day. What if the error takes 7 days? And I still won't know which to turn on and off? it is looking for a needle in a haystack.
Once a specialist on the Microsoft forum gave specific commands for WinDbg so that more details could be obtained. DMP file debugging was more improved.
Never, but never the simplest! Analyze -V command
It did not show the specific file that is causing the problem.
Because! Analyze -v doesn't parse all things.
These are too simple commands that don't work on application errors. Only works for BSOD (Windows).
But I have an Explorer application DMP.

 

[MichaelB]

It's just a tool for disabling some shells, not diagnosing the cause of the problem.

Right so far, but at the moment none sees whats in your system & for Errors by Shell it is just the perfect tool to see and disable / uninstall obvious Extensions.
on the other hand, you didnt provide any dump here to have a look into.
More details may be available but a blind shot is not possible.
Your choice on how to continue or not.

 

[jcgriff2]

Ever think that since you're running Windows 7 that there may be an infection present?

I rarely ever see DLL files in BSOD dumps -- usually only in user-mode dumps.

Regards. . .

jcgriff2

p.s. follow the advice given by @JoseIbarra