Windows Explorer has stopped working errors
Hello,
Recently in the last 1-2-3 months I'm getting more and more errors like "Windows Explorer has stopped working. Restart the program". After I click restart the program Kaspersky shows up and tells me "C:\WINDOWS\EXPLORER.EXE (PID: ****) Behavior similar to PDM.Keylogger detected. And then the display freezes a bit and all the Open folders are closed and taskbar restarts. I've attached an complete report on my computer and also some screenshots.
I don't want suggestions that involve reinstalling the OS or formatting the PC because thats not a solution, so I hope anyone has some ideas why this is happening.
These errors are occurring when an torent has finished the download, or when I perform the Everest Report that I've attached here, or after I connect through OpenVPN and many other situations when some windows systems files are being used I presume.
Thank you
Recently in the last 1-2-3 months I'm getting more and more errors like "Windows Explorer has stopped working. Restart the program". After I click restart the program Kaspersky shows up and tells me "C:\WINDOWS\EXPLORER.EXE (PID: ****) Behavior similar to PDM.Keylogger detected. And then the display freezes a bit and all the Open folders are closed and taskbar restarts. I've attached an complete report on my computer and also some screenshots.
I don't want suggestions that involve reinstalling the OS or formatting the PC because thats not a solution, so I hope anyone has some ideas why this is happening.
These errors are occurring when an torent has finished the download, or when I perform the Everest Report that I've attached here, or after I connect through OpenVPN and many other situations when some windows systems files are being used I presume.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You've got Daemon Tools on this machine. According to your logs it is an incompatible version. Try removing it and see what happens after it has gone. It is also possible that Kapersky is detecting Daemon as being a keylogger although I would not swear on that.
I've also asked EE to remove your attachment as there is far too much personal information within that you don't need placed here.
I've also asked EE to remove your attachment as there is far too much personal information within that you don't need placed here.
ASKER
Thank you dbrunton but I've only installed Daemon Tools few days, a week max ago and this problem was there before of that.
Are you getting a runtime error message besides the messages above?
ASKER
No the programs runs ok. Only that error message above displays then explorer.exe restarts if I click 'restart the program' and after starting Kaspersky identifies its behavior similar to PDM.Keylogger.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your Explorer errors start around the 25-08-2010
There is some sort of failed Nero installation around the same time but I don't know if this is related or not. Not Roxio as stated earlier.
There is some sort of failed Nero installation around the same time but I don't know if this is related or not. Not Roxio as stated earlier.
ASKER
I don't know if its relevant but Malwarebytes found a single Malware: C:\Users\The Doctor\Local Settings\Application Data\Windows Server\admin.txt
Inside that file its only: "ad"
But now I don't remember how but I've triggered something and Nero Installation showed up when I tried to access the folder directly or something. But after that it didn't render again I think now because I've opened the server.dat with notepad. See below:
C:\Users\The Doctor\Local Settings\Application Data\Windows Server>dir
Volume in drive C has no label.
Volume Serial Number is EC39-89E3
Directory of C:\Users\The Doctor\Local Settings\Application Data\Windows Server
08/20/2010 18:23 <DIR> .
08/20/2010 18:23 <DIR> ..
07/14/2009 03:11 2 admin.txt
08/20/2010 18:23 38,566 server.dat
2 File(s) 38,568 bytes
2 Dir(s) 96,699,301,888 bytes free
C:\Users\The Doctor\Local Settings\Application Data\Windows Server>cd ..
C:\Users\The Doctor\Local Settings\Application Data>cd ..
C:\Users\The Doctor\Local Settings>tree
Folder PATH listing
Volume serial number is EC39-89E3
C:.
No subfolders exist
Now I'm trying to delete this folder but:
C:\Users\The Doctor>rmdir Local Settings
The system cannot find the file specified.
The system cannot find the file specified.
I don't know if this is causing the problem or not but I want to remove the whole folder and it doesn't allow me.
Inside that file its only: "ad"
But now I don't remember how but I've triggered something and Nero Installation showed up when I tried to access the folder directly or something. But after that it didn't render again I think now because I've opened the server.dat with notepad. See below:
C:\Users\The Doctor\Local Settings\Application Data\Windows Server>dir
Volume in drive C has no label.
Volume Serial Number is EC39-89E3
Directory of C:\Users\The Doctor\Local Settings\Application Data\Windows Server
08/20/2010 18:23 <DIR> .
08/20/2010 18:23 <DIR> ..
07/14/2009 03:11 2 admin.txt
08/20/2010 18:23 38,566 server.dat
2 File(s) 38,568 bytes
2 Dir(s) 96,699,301,888 bytes free
C:\Users\The Doctor\Local Settings\Application Data\Windows Server>cd ..
C:\Users\The Doctor\Local Settings\Application Data>cd ..
C:\Users\The Doctor\Local Settings>tree
Folder PATH listing
Volume serial number is EC39-89E3
C:.
No subfolders exist
Now I'm trying to delete this folder but:
C:\Users\The Doctor>rmdir Local Settings
The system cannot find the file specified.
The system cannot find the file specified.
I don't know if this is causing the problem or not but I want to remove the whole folder and it doesn't allow me.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In windows 7 I think the local settings have moved to C:\Users\The Doctor\AppData\Local
C:\Users\The Doctor\Local Settings>tree
Folder PATH listing
Volume serial number is EC39-89E3
C:.
No subfolders exist
C:\Users\The Doctor\Local Settings>tree
Folder PATH listing
Volume serial number is EC39-89E3
C:.
No subfolders exist
ASKER
It turns out it was something related to the taskbar notifications area. Whenever a notification should have appear the explorer.exe was going rogue and it needed to restart. I don't know how I didn't noticed this earlier, but after I fixed the problem I saw that sometimes where I knew there should've been a crash, a notification gets displayed now.
So the solution I've followed is from here: http://support.microsoft.com/kb/929833. It involves what stergium suggested but I didn't need the windows cd like he said so I could've solved this yesterday but I thought I needed the cd. But I have to give him credit because he suggested that some system files are tampered and indeed I think that was the case.
I installed MalwareBytes and HitmanPro and no medium/major problems were found.
I also disabled orsaxnwecm.exe to run at startup and I actually deleted everything from C:\Users\THEDOC~1\AppData\
Thanks you both for your answers.
Best Regards,
Ionut
So the solution I've followed is from here: http://support.microsoft.com/kb/929833. It involves what stergium suggested but I didn't need the windows cd like he said so I could've solved this yesterday but I thought I needed the cd. But I have to give him credit because he suggested that some system files are tampered and indeed I think that was the case.
I installed MalwareBytes and HitmanPro and no medium/major problems were found.
I also disabled orsaxnwecm.exe to run at startup and I actually deleted everything from C:\Users\THEDOC~1\AppData\
Thanks you both for your answers.
Best Regards,
Ionut
ASKER
I don't think I have windows 7 original or the backup cd here with me.
Thank you for your response, let me know other ideas.