Windows taskbar unresponsive and always showing the busy Icon. Explorer.exe process crashes frequently
I strongly suspect a rogue application (or service or bug) in my Windows 8 laptop which kills my explorer process and at times makes the taskbar unresponsive showing the busy icon all the time. Hence I have to use Alt+Tab to switch over between application. When the taskbar becomes unresponsive I cant even switch between applications, I have to use the task manager to run the explorer process.
I have 6gb RAM on my laptop
So how to boil down to a possible rouge application(I have tried almost all techniques but in vain) and how to solve this problem if there are no rouge applications.
I consistently see the following 3 errors in the event logs:
Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: explorer.exe P2: 6.2.9200.16628 P3: 51a94434 P4: ntdll.dll P5: 6.2.9200.16579 P6: 51637f77 P7: c0000005 P8: 00000000000054ec P9: P10: Attached files: C:\Users\ALI\AppData\Local\Temp\WER7C5A.tmp.appcompat.txt C:\Users\ALI\AppData\Local\Temp\WER7C7A.tmp.WERInternalMetadata.xml C:\Users\ALI\AppData\Local\Temp\WER7D37.tmp.hdmp C:\Users\ALI\AppData\Local\Temp\WERC52E.tmp.mdmp These files may be available here: C:\Users\ALI\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_b6c9fc2275b8269316d2d695cbf3f2ff98e379_cab_13c6edd1 Analysis symbol: Rechecking for solution: 0 Report Id: 164f935e-f6ea-11e2-be89-60eb69184d3d Report Status: 112 Hashed bucket: == Faulting application name: backgroundTaskHost.exe, version: 6.2.9200.16384, time stamp: 0x5010a827 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6 Exception code: 0xe0434352 Fault offset: 0x000000000003811c Faulting process id: 0x205c Faulting application start time: 0x01ce8af7d0fda8cf Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 188b1b81-f6eb-11e2-be89-60eb69184d3d Faulting package full name: MarthaStewartLivingOmnime.EverydayFood_1.0.1.2_neutral__p79skxyasf6gr Faulting package-relative application ID: App === Fault bucket , type 0 Event Name: WPNConnectionFailure Response: Not available Cab Id: 0 Problem signature: P1: Data Reconnect P2: 8007274c P3: WNP P4: Unknown P5: Unknown P6: Unknown P7: 2 P8: 244 P9: P10: Attached files: C:\Users\ALI\AppData\Local\Temp\wpn_5487237965553919453.evtx These files may be available here: C:\Users\ALI\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Data Reconnect_1249b4f85ef55958ef36b1d42e2e8e111cf3dd8c_cab_1cc161dc Analysis symbol: Rechecking for solution: 0 Report Id: e9a99e36-f6ba-11e2-be89-60eb69184d3d Report Status: 116 Hashed bucket: === The description for Event ID 1903 from source HHCTRL cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: http://go.microsoft.com/fwlink?LinkID=45839
I uninstalled the Marthstewart recipe tile (as it showed up in the logs above) yet the problem persists, Moreover I tried all the tweakUI cleaning tools and various other diagnostic tools but nothing seems to even diagnose the problem.
Update:
I finally managed to get the full dump of Explorer.exe it is a large file, hence I have uploaded it here(now deleted).
After uninstalling a number of programs with revo(probable culprit google drive was also fully cleaned) I got the explorer.exe back , i.e it was atleast running from the previous error 0x10000142, where explorer.exe could not even be started , but that was shortlived I again get this error when I try to restart the explorer.exe process from task manager, the explorer process just fails to restart since the last time it crashed , infact even during the boot time I get this error "Explorer.exe was unable to start correctly (0x0000142)" thus rendering a blank screen with nothing to do , you could only work in safe mode now!.
I asked the MS support team here , there are similar questions still unanswered by their team.
Update:
An answerer found Avast to be the problem for explorer nable to start, but the crash problem continued, now I have narrowed down the problem to the right click context menu only , whenever I press start and type something to search or click a tile , than immediately the explorer process crashes. Also if I right click any icon anywhere ,the explorer crashes. So now the problem boils down to how to resolve this right click context menu problem. So how to resolve this? Is there an alternative to the tile view as I need to access the control panel and various apps ?
Also is there any alternative that I can use to access control panel and other settings as I cant use right click nor metro tiles?
suuser1 Answer
To analyze the issue yourself follow those steps:
Open WinDbg, open the dump (CTRL + D) and type this command and press ENTER:
!analyze -v
Now compare the output with what I posted and look if you have the same issue or a new one.
////////////////////
Edit 2013-08-06
Last dump shows C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll as cause:
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify timestamp for ContextMenu64.dll
*** ERROR: Module load completed but symbols could not be loaded for ContextMenu64.dll
*** WARNING: Unable to verify timestamp for Adist64.dll
*** ERROR: Module load completed but symbols could not be loaded for Adist64.dll
APPLICATION_VERIFIER_LOCKS_LOCK_IN_UNLOADED_DLL (201)
Unloading DLL containing an active critical section.
This stop is generated if a DLL has a global variable containing a critical section
and the DLL is unloaded but the critical section has not been deleted. To debug
this stop use the following debugger commands:
$ du parameter3 - to dump the name of the culprit DLL.
$ .reload dllname or .reload dllname = parameter4 - to reload the symbols for that DLL.
$ !cs -s parameter1 - dump information about this critical section.
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the leaked critical section.
$ dps parameter2 - to dump the stack trace for this critical section initialization.
Arguments:
Arg1: 00000000160384b0, Critical section address.
Arg2: 0000000001381220, Critical section initialization stack trace.
Arg3: 000000000ffc49b2, DLL name address.
Arg4: 0000000016020000, DLL base address.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sppc.dll -
*** WARNING: Unable to verify timestamp for SugarSyncShellExt_x64.dll
*** ERROR: Module load completed but symbols could not be loaded for SugarSyncShellExt_x64.dll
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007feb74da7fc (verifier!VerifierStopMessageEx+0x00000000000006d0)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: explorer.exe
CRITICAL_SECTION: 00000000160384b0 -- (!cs -s 00000000160384b0)
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
FAULTING_THREAD: 0000000000000df4
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007feb74e557b to 000007feb74da7fc
STACK_TEXT:
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpFreeMemLockChecks
verifier!AVrfpFreeMemNotify
verifier!AVrfpDllUnloadCallback
ntdll!AVrfDllUnloadNotification
ntdll!LdrpUnloadNode
ntdll!LdrpDecrementNodeLoadCount
ntdll!LdrUnloadDll
KERNELBASE!FreeLibrary
ContextMenu64
0x0
0x0
0x0
0x0
0x0
Adist64
Adist64
0x0
0x0
ContextMenu64
0x0
0x0
0x0
0x0
SYMBOL_NAME: contextmenu64+110a6
IMAGE_NAME: ContextMenu64.dll
Image path: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll
Image name: ContextMenu64.dll
Timestamp: Mon Oct 06 21:22:22 2008 (48EA656E)
CheckSum: 001880E9
ImageSize: 00189000
File version: 9.0.0.373
Product version: 9.0.0.373
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
AppVerifier does a fantastic job to show you all buggy, old and incompatible software you use.
////////////////
the dump shows that Avast (AVAST Software\Avast\snxhk64.dll) causes the Explorer crash:
APPLICATION_VERIFIER_MEMORY_SIZE_HEAP_UNEXPECTED_EXCEPTION (618)
Unexpected exception when trying to find heap block size.
This stop is generated if we get an exception while calling HeapSize for a heap block
that is being freed. This typically means that the specified heap block address is
incorrect or the heap is corrupted.
To debug this stop:
$ .exr parameter3 - to display the exception record;
$ .cxr parameter4 followed by kb - to display the exception context information
and stack trace at the time when the exception was raised.
Arguments:
Arg1: 000000000474d800, Address of the heap block being freed.
Arg2: 0000000003680000, Heap handle.
Arg3: 0000000000caeea0, Exception record. Use .exr to display it.
Arg4: 0000000000cae9b0, Context record. Use .cxr to display it.
FAULTING_IP:
verifier!VerifierStopMessageEx+6d0
000007fb`a324a7fc cc int 3
EXCEPTION_RECORD: 0000000000caeea0 -- (.exr 0xcaeea0)
ExceptionAddress: 000007fbb16fab00 (ntdll!RtlpWaitOnCriticalSection+0x00000000000000c0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: explorer.exe
CONTEXT: 0000000000cae9b0 -- (.cxr 0xcae9b0)
rax=0000000000000000 rbx=000007fba32842a0 rcx=00000000fffffffc
rdx=0000000000000088 rsi=0000000000000088 rdi=0000000000000000
rip=000007fbb16fab00 rsp=0000000000caef70 rbp=0000000000000000
r8=ffffffffffffffff r9=0000000000000004 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
r14=000007f60b35e000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010213
ntdll!RtlpWaitOnCriticalSection+0xc0:
000007fb`b16fab00 ff4024 inc dword ptr [rax+24h] ds:00000000`00000024=????????
Resetting default scope
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
FAULTING_THREAD: 0000000000000428
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fba3252861 to 000007fba324a7fc
STACK_TEXT:
ntdll!NtWaitForSingleObject
ntdll!RtlReportExceptionEx
ntdll!RtlReportException
ntdll!LdrpCalloutExceptionFilter
ntdll!LdrpInitializeNode$filt$1
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpSizeHeapExceptionFilter
verifier!AVrfpRtlFreeHeap$filt$0
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
ntdll!RtlpWaitOnCriticalSection
ntdll!RtlpEnterCriticalSectionContended
verifier!AVrfpFreeMemLockChecks
verifier!AVrfpFreeMemNotify
verifier!AVrfpRtlFreeHeap
snxhk64!SnxHk_UninstallHook
snxhk64
verifier!AVrfpInitializeExceptionChecking
verifier!DllMain
ntdll!LdrpCallInitRoutine
ntdll!LdrpInitializeNode
ntdll!LdrpInitializeGraph
ntdll!AVrfInitializeVerifier
ntdll!LdrpInitializeProcess
ntdll!_LdrpInitialize
ntdll!LdrInitializeThunk
FOLLOWUP_IP:
snxhk64!SnxHk_UninstallHook+7150
00000000`5d14fb40 85c0 test eax,eax
SYMBOL_STACK_INDEX: c
SYMBOL_NAME: snxhk64!SnxHk_UninstallHook+7150
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snxhk64
IMAGE_NAME: snxhk64.dll
Loaded symbol image file: snxhk64.dll
Image path: C:\Program Files\AVAST Software\Avast\snxhk64.dll
Image name: snxhk64.dll
Timestamp: Thu May 09 10:52:55 2013 (518B63E7)
CheckSum: 00000000
ImageSize: 0004D000
File version: 8.0.1489.300
Product version: 8.0.1489.300
File flags: 0 (Mask 17)
File OS: 4 Unknown Win32
File type: 0.0 Unknown
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: AVAST Software
ProductName: avast! Antivirus
InternalName: snxhk
OriginalFilename: snxhk.dll
ProductVersion: 8.0.1489.300
FileVersion: 8.0.1489.300
FileDescription: avast! snxhk
LegalCopyright: Copyright (c) 2013 AVAST Software
Report this issue to Avast and use a different AV tool until they fixed the issue.
Run the uninstall.reg I linked to disable the dump creation and Application Verifier which slows down the Explorer.
// Edit: The new crash is casued by the bluetooth driver:
APPLICATION_VERIFIER_LOCKS_LOCK_NOT_INITIALIZED (210)
Critical section not initialized.
This stop is generated if a critical section is used without being
initialized or after it has been deleted. To debug this stop:
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the critical section.
Arguments:
Arg1: 0000000009044c08, Critical section address.
Arg2: 0000000000000000, Critical section debug info address.
Arg3: 0000000000000000, Not used.
Arg4: 0000000000000000, Not used.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for GROOVEEX.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for SugarSyncShellExt_x64.dll -
FAULTING_IP:
verifier!VerifierStopMessageEx+6d0
000007ff`bba9a7fc cc int 3
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007ffbba9a7fc (verifier!VerifierStopMessageEx+0x00000000000006d0)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: explorer.exe
CRITICAL_SECTION: 0000000009044c08 -- (!cs -s 0000000009044c08)
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: explorer.exe
FAULTING_THREAD: 0000000000000978
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007ffbbaa5338 to 000007ffbba9a7fc
STACK_TEXT:
ntdll!NtWaitForSingleObject
ntdll!RtlReportExceptionEx
ntdll!RtlReportException
verifier!AVrfpVectoredExceptionHandler
ntdll!RtlpCallVectoredHandlers
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpVerifyInitializedCriticalSection
verifier!AVrfpRtlDeleteCriticalSection
BtvAppExt!DllUnregisterServer
BtvAppExt!DllUnregisterServer
BtvAppExt
BtvAppExt
combase!CServerContextActivator::CreateInstance
combase!ActivationPropertiesIn::DelegateCreateInstance
combase!CApartmentActivator::CreateInstance
combase!CProcessActivator::CCICallback
combase!CProcessActivator::AttemptActivation
combase!CProcessActivator::ActivateByContext
combase!CProcessActivator::CreateInstance
combase!ActivationPropertiesIn::DelegateCreateInstance
combase!CClientContextActivator::CreateInstance
combase!ActivationPropertiesIn::DelegateCreateInstance
combase!ICoCreateInstanceEx
combase!CoCreateInstance
shell32!_SHCoCreateInstance
shell32!SHExtCoCreateInstance
shell32!HDXA_QueryContextMenu
shell32!CDefFolderMenu::QueryContextMenu
shlwapi!SHInvokeCommandOnContextMenu2
shlwapi!SHInvokeCommandOnContextMenu
shell32!SHInvokeCommandOnSelection
shell32!`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<5> >::Create'::`2'::`dynamic atexit destructor for 'module''
shell32!CRegDataDrivenCommand::_Invoke
explorerframe!CRibbonCommandHandlerOnExplorerCommand::Execute
UIRibbon!CControlUser::_ExecuteOnHandler
UIRibbon!CGenericControlUser::SetValueImpl
UIRibbon!CGenericDataSource::SetValue
UIRibbon!OfficeSpace::DataSource::SetValue
UIRibbon!OfficeSpace::FSControl::SetValue
UIRibbon!NetUI::DeferCycle::ProcessDataBindingPropertyChangeRecords
UIRibbon!NetUI::DeferCycle::HrAddDataBindingPropertyChangeRecord
UIRibbon!NetUI::Binding::SetDataSourceValue
UIRibbon!NetUI::Bindings::OnBindingPropertyChanged
UIRibbon!NetUI::Node::OnPropertyChanged
UIRibbon!FlexUI::Concept::OnPropertyChanged
UIRibbon!NetUI::Node::FExecuteCommand
UIRibbon!FlexUI::ExecuteAction::OnCommand
UIRibbon!NetUI::Node::FExecuteCommand
UIRibbon!NetUI::SimpleButton::OnEvent
UIRibbon!NetUI::Element::_DisplayNodeCallback
UIRibbon!GPCB::xwInvokeDirect
UIRibbon!GPCB::xwInvokeFull
UIRibbon!DUserSendEvent
UIRibbon!NetUI::Element::FireEvent
UIRibbon!NetUI::_FireClickEvent
UIRibbon!NetUI::SimpleButton::OnInput
UIRibbon!NetUI::Element::_DisplayNodeCallback
UIRibbon!GPCB::xwInvokeDirect
UIRibbon!GPCB::xwInvokeFull
UIRibbon!BaseMsgQ::xwProcessNL
UIRibbon!DelayedMsgQ::xwProcessDelayedNL
UIRibbon!ContextLock::~ContextLock
UIRibbon!HWndContainer::xdHandleMessage
UIRibbon!ExtraInfoWndProc
user32!UserCallWinProcCheckWow
user32!DispatchMessageWorker
explorerframe!CExplorerFrame::FrameMessagePump
explorerframe!CExplorerTask::InternalResumeRT
explorerframe!CRunnableTask::Run
shell32!CShellTask::TT_Run
shell32!CShellTaskThread::ThreadProc
shell32!CShellTaskThread::s_ThreadProc
SHCore!COplockFileHandle::v_GetHandlerCLSID
verifier!AVrfpStandardThreadFunction
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
Image path: C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll
Image name: BtvAppExt.dll
Timestamp: Fri Jan 15 13:41:32 2010 (4B50627C)
CheckSum: 000329B6
ImageSize: 0002D000
File version: 1.0.0.1
Product version: 1.0.0.1
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: TODO: <Company name>
ProductName: TODO: <Product name>
InternalName: BtvAppExt.dll
OriginalFilename: BtvAppExt.dll
ProductVersion: 1.0.0.1
FileVersion: 1.0.0.1
FileDescription: TODO: <File description>
LegalCopyright: TODO: (c) <Company name>. All rights reserved.
The Bluetooth Extension is so buggy that Directory Opus blocked it 2 years ago.
Blacklisted problematic shell extension: Qualcomm Atheros Commnucations Bluetooth Suite (BtvAppExt.dll, {B8952421-0E55-400B-94A6-FA858FC0A39F}).
magicandre1981User contributions licensed under CC BY-SA 3.0