# Windows Server 2008 Standard: Explorer.exe crashes



## stbender (Feb 1, 2013)

Hi,

I have a strange issue in my Windows 2008 Server (Standard) 64Bit:
explorer.exe crashes, as soon as I choose to show the C:\ folder or if the left folder tree pane shows a path beginning with C:\
So, if I right click the System icon and choose "Explorer", everything is fine.
If I click on F: in the left pane, the content of this HD is shown. As soon as I click on C:, explorer.exe crashes.
Here's what windows initially says:

```
Problemereignisname:    APPCRASH
  Anwendungsname:    Explorer.exe
  Anwendungsversion:    6.0.6002.18005
  Anwendungszeitstempel:    49e02a1e
  Fehlermodulname:    StackHash_2642
  Fehlermodulversion:    6.0.6002.18005
  Fehlermodulzeitstempel:    49e0421d
  Ausnahmecode:    c0000374
  Ausnahmeoffset:    00000000000aef37
  Betriebsystemversion:    6.0.6002.2.2.0.272.7
  Gebietsschema-ID:    1031
  Zusatzinformation 1:    2642
  Zusatzinformation 2:    7dcb948c71a8bd17542f0d74c0749a95
  Zusatzinformation 3:    9588
  Zusatzinformation 4:    1c661a2146c78d0c8531ce2488db9bca
```
(it's a German version)

I tried to disable the DEP, but no luck after the reboot.

I made a dump from the crash and analyzed it with Windbg, here's what it says:


```
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

Unable to load image C:\Windows\System32\ieframe.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieframe.dll

FAULTING_IP:
ntdll!RtlReportCriticalFailure+67
00000000`771aef37 eb00            jmp     ntdll!RtlReportCriticalFailure+0x69 (00000000`771aef39)

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000771aef37 (ntdll!RtlReportCriticalFailure+0x0000000000000067)
   ExceptionCode: c0000374
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000007721d2c0

PROCESS_NAME:  explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000374 - Ein Heap wurde besch digt.

EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - Ein Heap wurde besch digt.

EXCEPTION_PARAMETER1:  000000007721d2c0

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

APP:  explorer.exe

LAST_CONTROL_TRANSFER:  from 00000000771afa46 to 00000000771aef37

FAULTING_THREAD:  ffffffffffffffff

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_HEAP_CORRUPTION_AFTER_CALL

PRIMARY_PROBLEM_CLASS:  STATUS_HEAP_CORRUPTION_AFTER_CALL

DEFAULT_BUCKET_ID:  STATUS_HEAP_CORRUPTION_AFTER_CALL

STACK_TEXT:  
00000000`7721d328 00000000`77185db3 ntdll! ?? ::FNODOBFM::`string'+0xcbac
00000000`7721d330 00000000`76ffc4ca kernel32!HeapFree+0xa
00000000`7721d338 000007fe`fe1691d6 ole32!CoTaskMemFree+0x36
00000000`7721d340 000007fe`fdd3eef9 shlwapi!StrRetToBufW+0xd3
00000000`7721d348 000007fe`fe71705b shell32!DisplayNameOfW+0x3f
00000000`7721d350 000007fe`fe84c725 shell32!CFSFolder::_GetNormalDisplayName+0xbb
00000000`7721d358 000007fe`fe7053c4 shell32!CFSFolder::GetDisplayNameOf+0x13b
00000000`7721d360 000007fe`fe6e6c28 shell32!DisplayNameOfAsBSTR+0x58
00000000`7721d368 000007fe`fe6e73b6 shell32!ItemStore_ExtractProperty+0x11d
00000000`7721d370 000007fe`fe6e7343 shell32!ItemStore_GetCachedProperty+0x4d6
00000000`7721d378 000007fe`fe6fae4e shell32!ItemStore_GetProperty+0xee
00000000`7721d380 000007fe`fe6fad28 shell32!CDefView::_GetItemProperty+0xac
00000000`7721d388 000007fe`fe6fb138 shell32!CDefView::_GetItemPropertyForDisplay+0xd9
00000000`7721d390 000007fe`fe6fabee shell32!CDefView::_GetDisplayInfo+0x258
00000000`7721d398 000007fe`fe6ffe23 shell32!CDefView::_OnLVNotify+0xa3
00000000`7721d3a0 000007fe`fe72afe5 shell32!CDefView::WndProc+0x744
00000000`7721d3a8 000007fe`fe72aee3 shell32!CDefView::s_WndProc+0x98
00000000`7721d3b0 00000000`76f1d53e user32!UserCallWinProcCheckWow+0x1ad
00000000`7721d3b8 00000000`76f1e530 user32!CallWindowProcAorW+0xdb
00000000`7721d3c0 00000000`76f1e4a8 user32!CallWindowProcW+0x18
00000000`7721d3c8 000007fe`fb231c9b duser!WndBridge::RawWndProc+0xd9
00000000`7721d3d0 00000000`76f1d53e user32!UserCallWinProcCheckWow+0x1ad
00000000`7721d3d8 00000000`76f1b5b5 user32!SendMessageWorker+0x64a
00000000`7721d3e0 00000000`76f1b649 user32!SendMessageW+0x5b
00000000`7721d3e8 000007fe`fb474833 comctl32!CCSendNotify+0xf93
00000000`7721d3f0 000007fe`fb5412e0 comctl32!CLVItemStore::OnGetItem+0x6c0
00000000`7721d3f8 000007fe`fb56eae5 comctl32!CLVReportView::v_DrawItem+0x2a5
00000000`7721d400 000007fe`fb56c86c comctl32!CLVDrawItemManager::DrawItem+0x4c0
00000000`7721d408 000007fe`fb55a78d comctl32!CLVDrawManager::_PaintItems+0x2ed
00000000`7721d410 000007fe`fb5591d6 comctl32!CLVDrawManager::_PaintWorkArea+0xda
00000000`7721d418 000007fe`fb5590d3 comctl32!CLVDrawManager::_OnPaintWorkAreas+0x13b
00000000`7721d420 000007fe`fb558f54 comctl32!CLVDrawManager::_OnPaint+0x14c


STACK_COMMAND:  .ecxr ; kb ; !heap ; dps 7721d328 ; kb

FOLLOWUP_IP:
shlwapi!StrRetToBufW+d3
000007fe`fdd3eef9 85db            test    ebx,ebx

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  shlwapi!StrRetToBufW+d3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: shlwapi

IMAGE_NAME:  shlwapi.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  49e041f4

FAILURE_BUCKET_ID:  STATUS_HEAP_CORRUPTION_AFTER_CALL_c0000374_shlwapi.dll!StrRetToBufW

BUCKET_ID:  X64_APPLICATION_FAULT_STATUS_HEAP_CORRUPTION_AFTER_CALL_shlwapi!StrRetToBufW+d3

WATSON_STAGEONE_URL:  [URL]http://watson.microsoft.com/StageOne/explorer_exe/6_0_6002_18005/49e02a1e/ntdll_dll/6_0_6002_18005/49e0421d/c0000374/000aef37.htm?Retriage=1[/URL]

Followup: MachineOwner
---------
```
I updated the IE to version 9 (because ieframe.dll is mentioned above), but no luck again.

I tried booting in safe mode, but the problem exists there, as well.

I used ShellExView to find some Shell Extensions, but there are no 3rd party extensions active (regardless if I start with our without the "/wow64" parameter).

As a workaround, I can use the Total Commander...

I have no idea what to do now, any help would be appreciated.

Thanks in advance!


----------



## JMPC (Jan 15, 2011)

Is this a new issue or has it been happening since setting up the system? have you installed any software prior to the issue? What anti-virus program are you using? Try removing it and see if that resolves the issue.


----------



## stbender (Feb 1, 2013)

JMPC said:


> Is this a new issue or has it been happening since setting up the system? have you installed any software prior to the issue? What anti-virus program are you using? Try removing it and see if that resolves the issue.


Hi,

it took me some time to deinstall the Symantec AV system, but unfortunately the problem persists.
The problem occured some time ago - I do not exactly know when (as I do not operate the system often, it's a server). I cannot name a specific software installation associated to those crashes...


----------

