Solved windows explorer has stopped working

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
This would happen Everytime when I startup my computer and tried to open the explorer !
But after 10 seconds , it can work correctly !
My os is win7 x64 , here's the problem signature:

Problem Event Name: APPCRASH
Application Name: explorer.exe
Application Version: 6.1.7601.17567
Application Timestamp: 4d672ee4
Fault Module Name: ntdll.dll
Fault Module Version: 6.1.7601.19018
Fault Module Timestamp: 560a0083
Exception Code: c0000005
Exception Offset: 0000000000039e5d
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 6aa4
Additional Information 2: 6aa45dc75f59da5f5623d283480dc6ba
Additional Information 3: 6aa4
Additional Information 4: 6aa45dc75f59da5f5623d283480dc6ba


After I close it , there will be a dialogue: *****0xC0000005***(I can't remember clearly)
Is there anyone knows what happen? -- I really appreciate it.

Regards..
 

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,998
Hi, let us have some Pc specifications.
Check and post the following.
TSG System Information Utility - found here.
http://static.techguy.org/download/SysInfo.exe
======
Run System File Checker
Click on Start - Search
Type
cmd
Right click on cmd.exe - select Run as Administrator.
At the Command Prompt window - Type
sfc /scannow

Press Enter.
Let it run to completion - but do not close the Command Prompt window.
To save the log file.
Copy and Paste the following into Command Prompt.

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Press Enter
On your desktop you will see a text file called sfcdetails.txt
Copy and Paste into your next post.

http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista
 

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
Hi, thanks for replying.

Here's the Sysinfo:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
Processor Count: 4
RAM: 3533 Mb
Graphics Card: AMD Radeon R5 M200 / HD 8500M Series, 1024 Mb
Hard Drives: C: Total - 25601 MB, Free - 876 MB; D: Total - 131073 MB, Free - 44153 MB; E: Total - 57942 MB, Free - 50719 MB;
Motherboard: LENOVO, Lenovo G405
Antivirus: 火绒安全软件, Updated and Enabled

and my sfc /scannow result:
upload_2016-3-28_13-7-54.png

I pasted the command you mentioned, but I didn't find a "txt" file on my destop , so I upload the cbs.log file.
Can you please check it later?

Thanks!
 

Attachments

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,998
Not enough hard drive space on C: - is a part of the problem.
Hard Drives: C: Total - 25601 MB, Free - 876 MB;
You will need to free up some space on C: as soon a possible.
======
While I check the log file.
Download Security Check by screen317 from.
http://screen317.spywareinfoforum.org/
Or
http://www.bleepingcomputer.com/download/securitycheck/dl/123/

Save it to your Desktop.
Double click the install icon.
If using Vista - Win 7 - right click the install icon and select "Run as Administrator"
A command Prompt window will open.
Let it scan the Pc - press any key when asked.
It should now open in Notepad.
Copy and Paste the result of the scan in the reply box below.

The saved log will be called checkup.txt.
 
Last edited:

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
Hi !

Here's the result of the Security Check.
=====================================
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
火绒安全软件
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Google Chrome (49.0.2623.108)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
=====================================================

About the space of hard drive C:
I only gave 25G to C: , I thought that was enough for an OS , but actually not.
I check the files on hard drive C: , and uninstall several softwares. now it has 1.3G vacant space , is that enough?
Sorry I can't find more to delete, most space is used by Office2013 and Adobe Photoshop , I installed them on D: , but they had many files on C: , maybe some config files .

PS:My hard drive is a SSD.

Sincerely.
 
Last edited:

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,998
Check out TreeSize for what can be moved from the C: drive.
Do not try to move any Windows related files.
http://www.jam-software.com/freeware/
======
火绒安全软件
Antivirus up to date!
What Anti-Virus program do you have installed?
======
Turn on UAC - User Account Control
http://windows.microsoft.com/en-gb/windows/turn-user-account-control-on-off#1TC=windows-7
======
Download MalwareBytes to your desktop.
Download the Free version.
MalwareBytes

Once downloaded to your desktop.
Close all open browser windows.
Click on the Install icon - allow it to update during the install process.
Start Malwarebytes Anti-Malware.
Before you run a scan.
Under Settings > Detection and Protection in the left pane.
Under Detection Options - make sure that all three entries are ticked
Under Non-Malware detections - set to Treat detections as Malware

Now click - Scan button.
Then select - Threat Scan.
Then - Scan Now.
If any infections are found during the scan, the number of them will be listed.
When the scan is finished, make sure to select and remove Everything in the list.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes Anti-Malware again.
Click History > Application Logs.
Select the most recent scan log.
Select Export >Text File.
Name it mbam > then save it on the desktop.
Copy-and-paste its contents in the reply box below.
 

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
Hi

I find that most space is possessed by Windows and that may because I install 300+ hotfixes recently.
upload_2016-3-28_20-54-58.png
That 2.6G is the hyberfil.sys.

So maybe I should re-partition my hard drive!

=====================================
火绒 is a Chinese antivirus program with anti-malware, antivirus functions, it's known for the low possession.
http://www.huorong.cn/

Maybe malware is not the reason.

Anyway, I think this issue not hurt the important essentials, so I just want to let it go. When necessary, I will re-partition my hard drive and reinstall my system.
Sorry for taking up too much of your time.
And thanks a lot ! You are enthusiastic.

Sincerely.
 

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,998
Thanks for the update - be careful of removing any Windows related files.
Hiberfil.sys, is a root folder of your hard disk and holds hibernation data.

Huorong.cn is not known for good detection rates. I would consider an anti-virus program that has a better reputation for protecting pc's.
I would still install some malware programs, like Malwarebytes and scan your pc.
 

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,998
(y)
Run a scan with Malwarebytes, but first make the changes shown in post # 6.
Then post the log file.
 

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
Hi ! Nice software, here's the result
================================
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2016
Scan Time: 1:25 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: typ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343819
Time Elapsed: 19 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [ea7cf26f6f2a69cdc261c0c5ed15d42c],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [ea7cf26f6f2a69cdc261c0c5ed15d42c],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [ea7cf26f6f2a69cdc261c0c5ed15d42c],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [ea7cf26f6f2a69cdc261c0c5ed15d42c],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ASBarBroker.BDBroker, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ASBarBroker.BDBroker.1, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [c89ea3be3d5c0036928fb1d4ae54d52b],
PUP.Optional.Xunlei.BHO, HKU\S-1-5-21-2462228631-4125468471-3612212736-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [d19588d9b2e77cba3e42a6054fb3ed13],
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [d19588d9b2e77cba3e42a6054fb3ed13],
PUP.Optional.Xunlei.BHO, HKU\S-1-5-21-2462228631-4125468471-3612212736-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [d19588d9b2e77cba3e42a6054fb3ed13],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, Quarantined, [6402c49dbedbdc5abf63b2d38b7710f0],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, Quarantined, [ca9c520f79209a9c58e5a7b0966dfc04],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, Quarantined, [f27462ff7b1e6bcb8bb252050ff46b95],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 1
Rootkit.Cidox.J.VBR, Physical Sector #4096 on Drive #0, Replace-on-Reboot, [2ea917f917d5ecf54354ebab5cab7122],


(end)
=====================================
 

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,998
Physical Sectors: 1
Rootkit.Cidox.J.VBR, Physical Sector #4096 on Drive #0, Replace-on-Reboot, [2ea917f917d5ecf54354ebab5cab7122],
Rootkit.Cidox.G.VBR - a Rootkit is a bad infection that can steal your personal data without your consent, Bank/credit card details/passwords, etc.
What is a Rootkit virus?
http://usa.kaspersky.com/internet-security-center/internet-safety/what-is-rootkit-virus#.Vvo2esbbxnE

I will ask one of our Malware Experts to check your post as they may need to run other scans to remove the rootkit from your pc

Meanwhile.
Run an online virus scan with ESET.
http://www.eset.com/us/online-scanner/
Click on Run ESET Online Scanner

Disable your existing Anti Virus following these instructions.
http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/
Do not forget to enable your anti-virus program after you have run the ESET scan.

Set ESET to detect Potentially Unwanted Applications.
Click Start and let ESET remove all what it finds.

Post the log files here so our malware expert can see what ESET found and removed.
They can be found here.
C:\Program Files\ESET\EsetOnlineScanner\log.txt

Edit
I would not use this pc to do any online bank transactions, until you know that your pc is clean.
 
Last edited:

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
Is that so serious ?? Malwarebytes didn't kill that for me ,right ?
I'm running the ESET Online checking now.
 

wiliwula

Thread Starter
Joined
Mar 27, 2016
Messages
12
Hi , Here's the ESET Online scanning result:
===================================
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b5e36543a59d4642abf71b1fb188d53a
# engine=28800
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-03-29 11:03:25
# local_time=2016-03-29 07:03:25 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 210879255 0 0
# scanned=216312
# found=7
# cleaned=7
# scan_time=3120
sh=462A9BDA41A947E227924F62E75A0BDFBCB7BFC2 ft=1 fh=8cdb0adb86d18947 vn="a variant of Win32/Kuwo.D potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\typ\AppData\Roaming\kgenuine265\Task\1002.dll"
sh=804BD57A75100CC3777349C489E49AF5A7C03720 ft=1 fh=db91d538dc3c5e32 vn="a variant of Win32/Kuwo.D potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\typ\AppData\Roaming\kgenuine265\Task\1002\1002.dll"
sh=D92D68CBB3FFB203A1339A8027DE4DD9FAC3954F ft=1 fh=396a9af38c0b7486 vn="a variant of Win32/Tencent.C potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\typ\AppData\Roaming\Tencent\QQBrowser_Setup_Wireless.exe"
sh=8A79B96736434CBC75CDC1E05CBC44CD4F85DD45 ft=1 fh=c71c00119ab9dfd7 vn="a variant of Win32/Adware.Toolbar.Xixiroom.A application (cleaned by deleting)" ac=C fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\OverlayIcon64.dll"
sh=2C436EC3AC7013994EF1DF79531CF6498A9CCF9D ft=1 fh=a7c2aeb367714829 vn="a variant of Win32/2345Explorer.C potentially unwanted application (deleted)" ac=C fn="D:\Haozip\Uninstall.exe"
sh=63550198A89584AC1ABB38418423490BB772953C ft=1 fh=c71c00110b5ed40d vn="Win32/HackTool.AliLoad trojan (deleted)" ac=C fn="D:\The Wolf Among Us Episode 5\fmodex.dll"
sh=A5D76EC03838AE0DD69C2244A2868AE94284CE18 ft=1 fh=47bb280187cb1d2a vn="a variant of Win32/FlyStudio.HackTool.A potentially unwanted application (cleaned by deleting)" ac=C fn="D:\Download\Pal5qAssist.v2.6.3\Pal5qAssist.v2.6.3.exe"
=============================================
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top