Hello Conductorwho,
I can't say I have seen this issue before. The log files should rotate automatically when full. When you check the ETW log folder do you find more than one log file. The current file is mclogs.etl. The archived data ends with "etl.bak". Again logging should automatically move a full log and create a new file. Further with each restart a new log file should be created.
It does create a new ETW log upon restarting the computer or updating the program, but it fails to do so when the log reaches its maximum size for soome odd reason. Is it supposed to do this?
Hmm, I thought they rotated automatically. Perhaps not. Let me look into this.
Message was edited by: mrepuski on 03/12/13 2:14:35 EST PM<bump>
I have a suspicion it may be a lower-level memory conflict with Chrome. I had the log reach its maximum size with only Chrome open and trigger an appcrash.
mrepuski,
Any updates on the logging code? They don't seem to be rotating automatically, yet under certain circumstances (streaming media) they fill up quite fast.
Hello All,
I spoke to dev and this is what I have learned.
- The maximum log size by default is 16 Meg
- The files do not rotate automatically at this time
- Once the logs are full logging should stop.
- The current logging method doesn't allow log rotation.
- Dev is looking at optimizing logging including ways to allow log rotation.
I don't have an ETA for any of these changes.
One option I can think of at this time would be to change the max log file size and see what happens.
Let us know if you would like to try this.
Another option, this may be a reach. We have support tools that can enable verbose logging. Perhaps verbose logging may be enabled.
http://download.mcafee.com/products/licensed/cust_support_patches/mcverbose.zip |
You need to disable access protection and then run the batch file in the zip as admin.
Select D and then press enter.
Thanks for your help! I'll look into increasing the log size. From the look of it, I can do it via Performance Monitor.
An update on the logging situation--
From the look of it, if something's still occuring and thereby prompting the log to accumulate data when it reaches its maximum (or the log is shut off via performance monitor) Explorer will crash. Therefore, the matter at hand isn't that the log is reaching its maximum size, but that the module writing the data exceeds the write buffer or takes time to 'notice' logging has stopped. Seeing that stopping the log session while data was still being written to it caused the crash in this instance, and at that when only performance monitor was open, and immediately after stopping the log session, something tells me there's more than meets the eye to these overflows.
In order to gather more data about the issue I installed AppCrashView by Nirsoft.
Version=1
EventType=BEX64
EventTime=130317962436003283
ReportType=2
Consent=1
UploadTime=130317971979580118
ReportIdentifier=504f910e-6772-11e3-87cc-4ceb421025c9
IntegratorReportIdentifier=504f910d-6772-11e3-87cc-4ceb421025c9
Response.BucketId=2571574500
Response.BucketTable=5
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=Explorer.EXE
Sig[1].Name=Application Version
Sig[1].Value=6.1.7601.17567
Sig[2].Name=Application Timestamp
Sig[2].Value=4d672ee4
Sig[3].Name=Fault Module Name
Sig[3].Value=StackHash_1b07
Sig[4].Name=Fault Module Version
Sig[4].Value=0.0.0.0
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=00000000
Sig[6].Name=Exception Offset
Sig[6].Value=000007fee9624050
Sig[7].Name=Exception Code
Sig[7].Value=c0000005
Sig[8].Name=Exception Data
Sig[8].Value=0000000000000008
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=1b07
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=1b0751a1f84a6b627f942116525ee10f
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=cbdd
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=cbdd38469b2edd83a71f76dbcf2340a1
UI[2]=C:\Windows\Explorer.EXE
UI[3]=Windows Explorer has stopped working
UI[4]=Windows can check online for a solution to the problem the next time you go online and try to restart the program.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and restart the program
UI[7]=Close the program
LoadedModule[0]=C:\Windows\Explorer.EXE
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[5]=C:\Windows\system32\msvcrt.dll
LoadedModule[6]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[7]=C:\Windows\system32\RPCRT4.dll
LoadedModule[8]=C:\Windows\system32\GDI32.dll
LoadedModule[9]=C:\Windows\system32\USER32.dll
LoadedModule[10]=C:\Windows\system32\LPK.dll
LoadedModule[11]=C:\Windows\system32\USP10.dll
LoadedModule[12]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[13]=C:\Windows\system32\SHELL32.dll
LoadedModule[14]=C:\Windows\system32\ole32.dll
LoadedModule[15]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[16]=C:\Windows\system32\EXPLORERFRAME.dll
LoadedModule[17]=C:\Windows\system32\DUser.dll
LoadedModule[18]=C:\Windows\system32\DUI70.dll
LoadedModule[19]=C:\Windows\system32\IMM32.dll
LoadedModule[20]=C:\Windows\system32\MSCTF.dll
LoadedModule[21]=C:\Windows\system32\UxTheme.dll
LoadedModule[22]=C:\Windows\system32\POWRPROF.dll
LoadedModule[23]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[24]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[25]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[26]=C:\Windows\system32\dwmapi.dll
LoadedModule[27]=C:\Windows\system32\slc.dll
LoadedModule[28]=C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\gdiplus.dll
LoadedModule[29]=C:\Windows\system32\Secur32.dll
LoadedModule[30]=C:\Windows\system32\SSPICLI.DLL
LoadedModule[31]=C:\Windows\system32\PROPSYS.dll
LoadedModule[32]=C:\Windows\system32\WINSTA.dll
LoadedModule[33]=c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll
LoadedModule[34]=C:\Windows\system32\CRYPTBASE.dll
LoadedModule[35]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
LoadedModule[36]=C:\Windows\system32\WindowsCodecs.dll
LoadedModule[37]=C:\Windows\system32\profapi.dll
LoadedModule[38]=C:\Windows\system32\apphelp.dll
LoadedModule[39]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[40]=C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
LoadedModule[41]=C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCP110.dll
LoadedModule[42]=C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll
LoadedModule[43]=C:\Windows\system32\VERSION.dll
LoadedModule[44]=C:\Windows\system32\WININET.dll
LoadedModule[45]=C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
LoadedModule[46]=C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
LoadedModule[47]=C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
LoadedModule[48]=C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
LoadedModule[49]=C:\Windows\system32\normaliz.DLL
LoadedModule[50]=C:\Windows\system32\iertutil.dll
LoadedModule[51]=C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
LoadedModule[52]=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
LoadedModule[53]=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\MSVCR100.dll
LoadedModule[54]=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\MSVCP100.dll
LoadedModule[55]=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ATL100.DLL
LoadedModule[56]=C:\Windows\system32\msi.dll
LoadedModule[57]=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
LoadedModule[58]=C:\Windows\system32\AcSignIcon.dll
LoadedModule[59]=C:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll
LoadedModule[60]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
LoadedModule[61]=C:\Windows\system32\MSIMG32.dll
LoadedModule[62]=C:\Windows\WinSxS\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL
LoadedModule[63]=C:\Windows\system32\EhStorShell.dll
LoadedModule[64]=C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll
LoadedModule[65]=C:\Windows\system32\WS2_32.dll
LoadedModule[66]=C:\Windows\system32\NSI.dll
LoadedModule[67]=C:\Windows\system32\IPHLPAPI.DLL
LoadedModule[68]=C:\Windows\system32\WINNSI.DLL
LoadedModule[69]=C:\Windows\system32\PSAPI.DLL
LoadedModule[70]=C:\Windows\system32\COMDLG32.dll
LoadedModule[71]=C:\Windows\system32\winhttp.dll
LoadedModule[72]=C:\Windows\system32\webio.dll
LoadedModule[73]=C:\Windows\system32\IconCodecService.dll
LoadedModule[74]=C:\Windows\system32\CRYPTSP.dll
LoadedModule[75]=C:\Windows\system32\rsaenh.dll
LoadedModule[76]=C:\Windows\system32\RpcRtRemote.dll
LoadedModule[77]=C:\Windows\system32\SndVolSSO.DLL
LoadedModule[78]=C:\Windows\system32\HID.DLL
LoadedModule[79]=C:\Windows\System32\MMDevApi.dll
LoadedModule[80]=C:\Windows\system32\timedate.cpl
LoadedModule[81]=C:\Windows\system32\ATL.DLL
LoadedModule[82]=C:\Windows\system32\actxprxy.dll
LoadedModule[83]=C:\Windows\system32\ntmarta.dll
LoadedModule[84]=C:\Windows\system32\WLDAP32.dll
LoadedModule[85]=C:\Windows\System32\shdocvw.dll
LoadedModule[86]=C:\Windows\system32\LINKINFO.dll
LoadedModule[87]=C:\Windows\system32\msiltcfg.dll
LoadedModule[88]=C:\Windows\system32\SAMLIB.dll
LoadedModule[89]=C:\Windows\system32\msls31.dll
LoadedModule[90]=C:\Windows\System32\gameux.dll
LoadedModule[91]=C:\Windows\System32\XmlLite.dll
LoadedModule[92]=C:\Windows\system32\CRYPT32.dll
LoadedModule[93]=C:\Windows\system32\MSASN1.dll
LoadedModule[94]=C:\Windows\System32\wer.dll
LoadedModule[95]=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
LoadedModule[96]=C:\Windows\system32\authui.dll
LoadedModule[97]=C:\Windows\system32\CRYPTUI.dll
LoadedModule[98]=C:\Windows\system32\urlmon.dll
LoadedModule[99]=C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
LoadedModule[100]=C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
LoadedModule[101]=C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
LoadedModule[102]=C:\Windows\system32\WINMM.dll
LoadedModule[103]=C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
LoadedModule[104]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCP90.dll
LoadedModule[105]=C:\Windows\system32\ntshrui.dll
LoadedModule[106]=C:\Windows\system32\srvcli.dll
LoadedModule[107]=C:\Windows\system32\cscapi.dll
LoadedModule[108]=C:\Windows\system32\wdmaud.drv
LoadedModule[109]=C:\Windows\system32\ksuser.dll
LoadedModule[110]=C:\Windows\system32\AVRT.dll
LoadedModule[111]=C:\Windows\system32\AUDIOSES.DLL
LoadedModule[112]=C:\Windows\system32\msacm32.drv
LoadedModule[113]=C:\Windows\system32\MSACM32.dll
LoadedModule[114]=C:\Windows\system32\midimap.dll
LoadedModule[115]=C:\Windows\system32\stobject.dll
LoadedModule[116]=C:\Windows\system32\BatMeter.dll
LoadedModule[117]=C:\Windows\system32\WTSAPI32.dll
LoadedModule[118]=C:\Windows\system32\WINTRUST.dll
LoadedModule[119]=C:\Windows\system32\es.dll
LoadedModule[120]=C:\Windows\system32\prnfldr.dll
LoadedModule[121]=C:\Windows\system32\WINSPOOL.DRV
LoadedModule[122]=C:\Windows\system32\dxp.dll
LoadedModule[123]=C:\Windows\system32\Syncreg.dll
LoadedModule[124]=C:\Windows\ehome\ehSSO.dll
LoadedModule[125]=C:\Windows\System32\netshell.dll
LoadedModule[126]=C:\Windows\System32\nlaapi.dll
LoadedModule[127]=C:\Windows\System32\AltTab.dll
LoadedModule[128]=C:\Windows\system32\wpdshserviceobj.dll
LoadedModule[129]=C:\Windows\system32\PortableDeviceTypes.dll
LoadedModule[130]=C:\Windows\system32\PortableDeviceApi.dll
LoadedModule[131]=C:\Windows\System32\pnidui.dll
LoadedModule[132]=C:\Windows\System32\QUtil.dll
LoadedModule[133]=C:\Windows\System32\wevtapi.dll
LoadedModule[134]=C:\Windows\system32\dhcpcsvc.DLL
LoadedModule[135]=C:\Windows\system32\dhcpcsvc6.DLL
LoadedModule[136]=C:\Windows\system32\credssp.dll
LoadedModule[137]=C:\Windows\System32\srchadmin.dll
LoadedModule[138]=C:\Windows\System32\USERENV.dll
LoadedModule[139]=C:\Windows\System32\Actioncenter.dll
LoadedModule[140]=C:\Windows\system32\netutils.dll
LoadedModule[141]=C:\Windows\System32\npmproxy.dll
LoadedModule[142]=C:\Windows\system32\mssprxy.dll
LoadedModule[143]=C:\Windows\system32\fxsst.dll
LoadedModule[144]=C:\Windows\system32\FXSAPI.dll
LoadedModule[145]=C:\Windows\system32\FXSRESM.DLL
LoadedModule[146]=C:\Windows\system32\Wlanapi.dll
LoadedModule[147]=C:\Windows\system32\wlanutil.dll
LoadedModule[148]=C:\Windows\system32\wwanapi.dll
LoadedModule[149]=C:\Windows\system32\wwapi.dll
LoadedModule[150]=C:\Windows\System32\UIAnimation.dll
LoadedModule[151]=C:\Windows\System32\QAgent.dll
LoadedModule[152]=C:\Windows\System32\bthprops.cpl
LoadedModule[153]=C:\Windows\System32\SyncCenter.dll
LoadedModule[154]=C:\Windows\system32\imapi2.dll
LoadedModule[155]=C:\Windows\System32\hgcpl.dll
LoadedModule[156]=C:\Windows\System32\provsvc.dll
LoadedModule[157]=C:\Windows\system32\SXS.DLL
LoadedModule[158]=C:\Windows\system32\wkscli.dll
LoadedModule[159]=C:\Windows\System32\wscinterop.dll
LoadedModule[160]=C:\Windows\System32\WSCAPI.dll
LoadedModule[161]=C:\Windows\System32\wscui.cpl
LoadedModule[162]=C:\Windows\System32\werconcpl.dll
LoadedModule[163]=C:\Windows\System32\framedynos.dll
LoadedModule[164]=C:\Windows\System32\wercplsupport.dll
LoadedModule[165]=C:\Windows\System32\msxml6.dll
LoadedModule[166]=C:\Windows\System32\hcproviders.dll
LoadedModule[167]=C:\Program Files\Internet Explorer\ieproxy.dll
LoadedModule[168]=C:\Windows\System32\ieframe.dll
LoadedModule[169]=C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
LoadedModule[170]=C:\Windows\system32\MsftEdit.dll
LoadedModule[171]=C:\Windows\system32\MLANG.dll
LoadedModule[172]=C:\Windows\system32\MPR.dll
LoadedModule[173]=C:\Windows\System32\msxml3.dll
LoadedModule[174]=C:\Windows\system32\thumbcache.dll
LoadedModule[175]=C:\Windows\system32\OLEACC.dll
LoadedModule[176]=C:\Windows\system32\SearchFolder.dll
LoadedModule[177]=C:\Windows\System32\StructuredQuery.dll
LoadedModule[178]=C:\Windows\System32\NaturalLanguage6.dll
LoadedModule[179]=C:\Windows\System32\NLSData0009.dll
LoadedModule[180]=C:\Windows\System32\NLSLexicons0009.dll
LoadedModule[181]=C:\Windows\system32\mswsock.dll
LoadedModule[182]=C:\Windows\System32\wship6.dll
LoadedModule[183]=C:\Windows\system32\NetworkExplorer.dll
LoadedModule[184]=C:\Windows\system32\DEVRTL.dll
LoadedModule[185]=C:\Windows\System32\mf.dll
LoadedModule[186]=C:\Windows\System32\MFPlat.DLL
LoadedModule[187]=C:\Program Files\Common Files\McAfee\Platform\McRtMui.dll
LoadedModule[188]=C:\Program Files\Common Files\McAfee\Platform\LangSel.dll
LoadedModule[189]=c:\PROGRA~1\mcafee\mqs\shredext.dll
LoadedModule[190]=c:\PROGRA~1\mcafee\mqs\shrcore.dll
LoadedModule[191]=c:\PROGRA~1\COMMON~1\mcafee\platform\core\mccoreps.dll
LoadedModule[192]=C:\Windows\system32\imagehlp.dll
LoadedModule[193]=C:\Windows\system32\ncrypt.dll
LoadedModule[194]=C:\Windows\system32\bcrypt.dll
LoadedModule[195]=C:\Windows\system32\bcryptprimitives.dll
LoadedModule[196]=C:\Windows\system32\GPAPI.dll
LoadedModule[197]=C:\Windows\system32\cryptnet.dll
LoadedModule[198]=c:\PROGRA~1\mcafee\mqs\shredshm.dll
LoadedModule[199]=C:\Windows\system32\igfxpph.dll
LoadedModule[200]=C:\Windows\system32\hccutils.DLL
LoadedModule[201]=C:\Windows\system32\igfxrENU.lrc
LoadedModule[202]=C:\Windows\system32\igfxsrvc.dll
LoadedModule[203]=C:\Program Files\Windows Sidebar\sbdrop.dll
LoadedModule[204]=C:\Windows\system32\fdproxy.dll
LoadedModule[205]=C:\Windows\system32\StorageContextHandler.dll
LoadedModule[206]=C:\Program Files\McAfee\Gkp\HcApi.dll
LoadedModule[207]=C:\Program Files\McAfee\Gkp\HcThe.dll
LoadedModule[208]=C:\Windows\system32\dsrole.dll
LoadedModule[209]=C:\Windows\system32\zipfldr.dll
LoadedModule[210]=C:\Program Files\McAfee\MSC\OemUI.dll
LoadedModule[211]=C:\Program Files\McAfee\MAT\MpvRes.dll
LoadedModule[212]=c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL
LoadedModule[213]=c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
LoadedModule[214]=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
LoadedModule[215]=C:\Windows\system32\syncui.dll
LoadedModule[216]=C:\Windows\system32\SYNCENG.dll
LoadedModule[217]=C:\Windows\System32\Wpc.dll
LoadedModule[218]=C:\Windows\system32\samcli.dll
LoadedModule[219]=C:\Windows\system32\ACLUI.dll
LoadedModule[220]=C:\Windows\system32\NTDSAPI.dll
LoadedModule[221]=C:\Windows\system32\tquery.dll
LoadedModule[222]=C:\Windows\system32\wpdshext.dll
LoadedModule[223]=C:\Windows\system32\EhStorAPI.dll
LoadedModule[224]=C:\Program Files\McAfee\MAT\McPvNs.dll
LoadedModule[225]=C:\Windows\system32\oledlg.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Stopped working
ConsentKey=BEX64
AppName=Windows Explorer
AppPath=C:\Windows\Explorer.EXE
This crash occured with only the performance monitor and the desktop active. Does it look like any conflicting shell extensions exist?
Hello Conductorwho,
I have sent you a Private message please respond to it to proceed further..!
Regards
Hi Alex,
Please confirm If the issue has been Resolved.
Thanks & Regards
Yep, the issue's been resolved--my computer's gone 1 week without any Explorer crashes pertaining to a log overflow OR to the McPvNs.dll_unloaded issue mentioned in the other thread. Thanks for your help!
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: