0

yesterday I tried to test a new security solution (Emsisoft Internet Security) so I deinstalled Emsisoft Anti-Malware (which is the same product, just without firewall) and tried to install IS. But right before the installation finished, Windows 8.1 crashed with the sad smiley face saying error: DRIVER CORRUPTED EXPOOL and creating a minidump file. I tried to analyze it but couldn't find anything helpful in it. So I ran some general repairs:

Dism /Online /Cleanup-Image /CheckHealth

Dism /Online /Cleanup-Image /ScanHealth

Dism /Online /Cleanup-Image /RestoreHealth

sfc /scannow

/Restorehealth keeps claining that it found and fixed an error no matter how often I run it and reboot. Also I deinstalled any unneeded Software and driver packs. Then I wanted to run a Malwarebytes scan in safe mode just to find out, that in safe mode without networking, explorer keeps crashing right away over and over again, creating infinite error messages saying that explorer.exe crashed with error message (sorry, its in german): http://www.pcfuerst.at/extern/error.jpg If I don't do anything I end up with thousands of error messages and just as many backround processes. The only way to stop it is to start task manager and kill explorer.exe. But when I do that I cant do anything else. If i restart explorer it starts allover again. So I press the power button to shut down. This happens ONLY in safe mode without networking, if I run safe mode with networking or normal mode it doesn't happen even if I unplug ethernet and everything else is working fine. I ran Malwarebytes and Emsisoft in safe mode with networking und unplugges ethernet .. nothing found. Any idea what else I could try except refreshing Windows or inplace upgrade? I did not check the RAM yep, but I will do that tonight although I don't think that's the problem because it only happens when netwoking is off. Then I ran http://www.tweaking.com/content/page/windows_repair_all_in_one.html and did all scans and repairs including file permissions .. still same problem in safe mode.

thanks for your time!

UPDATE: With some help of an Emsisoft technician (on sunday!!!) I found out that the driver corrupted error was caused by virtualbox. I deinstalled it and all of its left over registry-entries. After that the IS-installation went smoothly. But the problem with explorer.exe in safe mode stayed. So now at least I know that these 2 problems weren't connected.

Improve this question
3
  • capture a crash dump o the Explorer and share the dmp file (compressed as zip): msdn.microsoft.com/en-us/library/bb787181%28VS.85%29.aspx
    – magicandre1981
    Commented Sep 14, 2014 at 18:35
  • thanks for the hint, here is the minidump-file: bit.ly/1wxiWbe
    – Akil
    Commented Sep 15, 2014 at 21:20
  • This is the whocrashed report of this file: crash dump file: C:\WINDOWS\Minidump\explorer.exe.1760.dmp This was probably caused by the following module: Unknown () Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0) Error: CUSTOM_ERROR A third party driver was identified as the probable root cause of this system error. Google query: CUSTOM_ERROR Any idea how I can find out which driver is causing the problem?
    – Akil
    Commented Sep 15, 2014 at 21:34

1 Answer 1

Reset to default
0

From the dump I can see that the overlayicon.dll from Wuala causes the Explorer crash:

PROCESS_NAME:  explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000018

READ_ADDRESS:  0000000000000018 

FOLLOWUP_IP: 
OverlayIcon+eef7
00000001`8000eef7 488b4818        mov     rcx,qword ptr [rax+18h]

APP:  explorer.exe

BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_READ_AFTER_CALL

PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_READ_AFTER_CALL

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_READ_AFTER_CALL

STACK_TEXT:  
ntdll!NtRaiseHardError
KERNELBASE!UnhandledExceptionFilter
ntdll!RtlUserThreadStart$filt$0
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
OverlayIcon
0x0
0x0
0x0
0x0


IMAGE_NAME:  OverlayIcon.dll

FAILURE_BUCKET_ID:  NULL_CLASS_PTR_READ_AFTER_CALL_c0000005_OverlayIcon.dll!Unknown

BUCKET_ID:  APPLICATION_FAULT_NULL_CLASS_PTR_READ_AFTER_CALL_overlayicon+eef7

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:null_class_ptr_read_after_call_c0000005_overlayicon.dll!unknown

    Loaded symbol image file: OverlayIcon.dll
    Image path: C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll
    Image name: OverlayIcon.dll
    Timestamp:        Wed May 02 22:49:51 2012

Try to Update, disable the overly icons or remove the tool to fix the Explorer issues.

Improve this answer
3
  • Wow, thanks a bunch!! I will try to figure out how I can fix the dll or deaktivate the overlay, because I really need wuala up and running. May I ask: how did you analyze the dmp file? I didn't even manage openeing it :)
    – Akil
    Commented Sep 16, 2014 at 10:12
  • I used Windbg.exe from the Windows SDK to analyze it (!analyze -v)
    – magicandre1981
    Commented Sep 16, 2014 at 16:10
  • you are my hero ;D
    – Akil
    Commented Sep 16, 2014 at 22:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .