Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: windows explorer has stopped working

23 Jan 2017   #1

Windows 7 Home Premium x64
windows explorer has stopped working

Hi, I'm a newbie here, not awfully computer literate... as I got myself into a mess. I hope someone here can help me.

A couple of days ago I installed some software from the internet and uninstalled it almost immediately. I do remember haven given permission to an interactive connection and was even stupid enough to give my computer password ... I remember having seen a message with a port being assigned to it. Afterwards I got suspicious and going over my user accounts I noticed permissions to an unknown user account and also an interactive account. I wanted to get rid of those asap. The accounts did not show up among the user accounts in the Control Panel and I eliminated the unknown account in my user account in c:\users. I also denied and/or eliminated some inheritance permissions. I can't recall exactly what I did and where, but now windows explorer has stopped working for the only user account (with admin privileges) I have. I can only work from the admin account.

This user account also doesn't work when booting in safe mode.

Can someone please help me ? I am afraid of making things worse if I touch more stuff without knowing what I'm doing.


My System SpecsSystem Spec
25 Jan 2017   #2

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10

Hello and welcome Judith yes my friend that was indeed a really bad move. Now if it were me I would be running these
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Malwarebytes | Malwarebytes Premium
AdwCleaner Download
ADW download from bleeping computer delete any rubbish found with the malware scans
(NB If you are running Kaspersky as the main AV then it might need disabling it when trying ADW because it does not like it at times)

I am assuming you ran a scan with your own AV?

Now after that I would be inclined to run a system restore to before you downloaded that junk. Let us know if you do and what was the outcome.
My System SpecsSystem Spec
26 Jan 2017   #3

Windows 7 Home Premium x64

Hi Icit2lol,

Thanks for reaction and sorry I haven't gotten back to you earlier.

Strange things are happening... Let me give a resume.

After having had the initial problem (not being able to log into with windows explorer with my user account - by the way the I/O error code I got then was 0xc000185), I ran a couple of security scans that I have on my machine but they didn't find anything really nasty (I don't think my problem is caused by spyware, I think it is caused by something stupid I did > delete a user account and/or denying an account to have access and thus generating a conflict).

Then I discovered I could still see my files. So I made a (new) back-up of all my docs on a flash drive.

I checked if I could go back to a restore point dating from before the initial problem happened, but lots of restore points had been created since then (mostly due to installation of Visual Basics and also a Windows update) and there was none that was from before that date. So I couldn't restore to a 'good working' state but I restored to a point 1 before the last one in the list. I also made a new restore point before touching anything else, just in case.

A sfc /scannow revealed 2 files missing at 1st attempt. At 2nd scan all was OK.

Not wanting to do more stupid things to my computer, I contacted this forum.

In the meantime, waiting for someone to reply, I discovered an account WMPnetworkSvc in my pictures folder that I had never seen there before. Looking on the internet a website advised to uncheck Windows Media Player Network Sharing Service in msconfig, services. Which I did. The user account continues to show in the pictures folder though.

Then a popup window appeared (I can't remember if I made a new restore point or not at that time), saying something like "break point reached". It appeared that all my restore points all had gone, there a only 5 system image restore points from 2013 (when I first "adopted" this laptop). Checking the internet to what might have been the problem here, I raised the space allocated to restore points from 25% to 50% = 116GB (although I do not think that this was the problem, as my laptop always eliminated the oldest restore point when a new one was created).

Now windows explorer even stopped when logging on to my admin account.

I re-checked the unchecked WMPnetworkSvc (in case this was that caused the problem).

I did a chkdsk but it stopped a 22%... ?

At this point you wrote a reaction. So I did a scan with Superantispyware (which found some tracking cookies, adware.downware.variant, and c:\users\ben\appdata\local\nsj8a5e.tmp... ?) and Malwarebytes. I got an error code whilst installing Malwarebytes (IPersistFile save failed code 0x80070005 access denied). A scan found 1 malware (rogue.multiple) in ProgramData and for the remainder only potentially unwanted programs (among which Wiseregistrycleaner and spyhunter, I kept both). In watching the scanning process I saw that Malwarebytes scanned the 'unknown' user account that I had deleted in the c:\$recycle bin.

The account is S-1-5-21-1936491739 etc. and retrospectively I think that although the account is named "account unknown", it may be a legitimate account which I never should have deleted in C:\users. In some places it still is on my machine and the unknown account turns into HomeUsers when I open the security tab. So I looked in the recycle bin, but I cannot find it there (even when unchecking the "hide system operating files"). I have no clue how to find and retrieve it. It must be somewhere as Malwarebytes scanned it. By the way, there is 1 recycle bin that has 5,6 GB in it in 2135 files and 43 folders, which seems ridiculously high.

I haven't run adwarecleaner (which I used to have on my laptop, I must have uninstalled it at some time...), as I do not want this account to be eliminated, if it is still out there and retrievable somewhere. I have the feeling that eliminating it is at the origin of all my problems.

Another chkdsk hung at 22%, then continued and and completed and informed me that there is an error in index $I30 for file 931 and 419411.

I cannot do a chkdsk /f or /r. It gives me the following error message:
"The type of file system is NTSF. Cannot lock current drive.
Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts ? (Y/N) "

SFC /scannow gave no integrity violations.

I can log into my admin account again without window explorer stopping (don't know what did the trick), but still not the only user account I have.

By the way you have to know that this computer used to be my sister's and when she gave it to me to use (in 2013), it had a 1 admin account and only 1 user account. No new account account could be created (I can create it, but no registry files or a folder is created and trying to logon fails). I spent a week trying to find a solution to this problem (I am apparently not the only one, it seems frequent in Windows 7) but there seems to be none, except for reinstalling Windows 7... maybe... To work around this predicable state I gave the only user account admin privileges. All that I have left now is the admin account and I cannot created a new user account. Guest account is also not working.

Well this is where I stand. One admin account, one (corrupt?) user account on which windows explorer doesn't work, cannot create a new account and I have no useable restore points. I have a system repair disk, but I am not sure how that works, if it repairs user account, and if I will loose things (for instance installed programs).

Oh yes, there also is that interactive account (for which I give my computer password, I cannot believe I did that, I usually am pretty careful... must have had a black out up there in my brain...). It didn't show up in the control panel and I deleted it in c:/users, but it stills shows for instance in the security tab of Firefox and Chrome. How to un-allocate the port that it was allocated to ? As I give permission for the connection to be set up, an antivirus program will not catch it...

Sorry to give such an elaborate resume, I have no idea what can be important and what not to draw up the diagnosis for this sick computer...

I hope you have some ideas as to what I could try. And thank you in advance for your time, I much appreciate it.

My System SpecsSystem Spec

26 Jan 2017   #4

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring

Hi Judith,
after a quick once over,
The WMPxxxxxsrv and User account SHOULD NOT be in your pictures folder, System32 type folders only.
WMP auto-connects to other site's/users, so basically you've been ALLREADY compromised.

Disconnect from the NET then change your passwords, and if you know which port No's being used block it.

The user account is causing the 0Xc error, registry corruption, and removing it is possibly why your recycle bin is so big.
(note there is an option to restore ALL - use it to check)
Unchecking WMP in SERVICES just stops it, removal is via Programs/features >> features

Do you have another comp, if not then your SAFEST option is a clean install.
(note scan your recovery usb you made BEFORE re-installing from it, even then could be compromised.)

Can provide you with a W7 SP1 iso if required.

My System SpecsSystem Spec
26 Jan 2017   #5

Windows 7 64 bit

If your explorer is not working either upgrade it or downgrade it. If the problem remains then use some other browser like Chrome, Firefox.
My System SpecsSystem Spec
26 Jan 2017   #6

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring

Its not IE, its the system exe windowsExplorer.

My System SpecsSystem Spec
26 Jan 2017   #7

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10

Well Judith I am with Roy on this one and as long as you have your data backed up rather than run around trying to track down something that may prove to be un-trackable because the system seems to be compromised or corrupt in maybe a few ways - then a clean install is your best bet.

Now providing you have got the activation code you can download an ISO to do that if you have not got the original installation media. The code is on a sticker on the bottom of your machine - just make a note of it before you start to do anything. Another thing you can do to verify that code is to run software in this
Product Key Number for Windows 7 - Find and See both of the softwares in that are good to use to find the key for your machine. Just be careful if you ever post back with key details to make sure the code is partially or completely obliterated for security reasons.

to do a clean install see this Clean Install Windows 7 and early on in the tutorial there is link or tow for that ISO download. It will need to have a bootable disk (DVD) or USB stick (at least a 4GB one) made to boot the OS from.

Personally what I would do if it were me would be to buy a new 500GB SSD to install the OS onto - it saves having to clean the old drive and the SSD you will appreciate the performance difference.

Edit: Now I meant to mention as you have a Toshiba of some vintage it is an easy job to swap out the hard drive if you are stuck I can link you to a disassembly site that will show you how it is done.
My System SpecsSystem Spec
28 Jan 2017   #8

Windows 7 Home Premium x64

Thanks for you your reactions.

First in reply to your message, Roy, I only want to use re-install if all else fails. I have a system repair DVD and also a HDD Recovery on the D drive, in case... When I adopted this laptop I spent 3 weeks in getting rid of all the junk that was there (trying not to eliminate vital things...) and installing all my data and programs, some of which were very old (operating on Windows 1995, I think ?), and some of which were searching for a link to confirm my legitimate copy whereas the link and/or the company didn't exist anymore. I found patches, ways to work around etc. to install and make it all work, but if I can avoid it, I never want to go through that process again, at least not until I buy a new pc! It is risky to throw everything away if you're not sure if you can get it back and working again...

In the mean time I did some more searching. I cannot exactly recall what I did (I must remember to make notes the next time I do something stupid as to give my password and start messing with my computer), but I recall wanting to get rid off the INTERACTIVE account that was created. "Remove" was greyed and I couldn't change anything because of the inheritance. I recall denying access and removing inheritance in some places. I remember an error message popping up saying I could created conflicts but I could not cancel to get out of there without making the changes. Most likely this created an "unknown user S-1-5- etc" (with a red question mark) among my c:\users. As I had never seen that there before and it didn't show up in the user accounts in the control panel, I deleted both the "interactive" and the "S-1-5-xxxx" in c:\users. I think this is how I blocked myself out of my own user account. In some areas the S-1-5-xxx changed to homeusers when opening a security tab and my user account is part of the homeusers group. The inheritance premission may have been broken.

Yesterday I did a reset of the inheritance (icacls * /reset /t /c /q. That did the trick, although I did get a lot of "denied access" lines. I can log onto my user account again, and all seems to be working as it should. Eureka!

I immediately made a restore point and I run superantispyware, malwarebytes, adwcleaner, wise registry cleaner, ccleaner, spybot, full scan ms essentials (took +7 hours! I've played enough Mahjong for the rest of my life now...). No serious threats were found, I didn't expect any as I do not think my problems are related to malware. After all the scans I made a 2nd restore point. I am not sure whether my pc is very compromised. The software I downloaded from the web was a trial to be able to make architectural designs (Graphisoft), and students could share their projects/work together through this interactive network. So I'm not sure that the access to the data on my laptop is meant to do harm, but I do want to get rid of it. I don't like open doors.

A scannow was OK, but a chkdsk revealed the same error in index $I30 for file 931 as a couple of days ago. So I am trying to find what is still wrong...

Is there a way in Home Premium to reset the local permission policies to default status?

How to get rid of this interactive account that still shows in the security tab of for instance Firefox? Remove is greyed and "include inheritable permissions from parent" is checked. Permissions (all grey) contains "traverse folder/execure file", "list/read data", "read attributes", "read extended attributes". I am too scared now to touch any of this without knowing what I am doing. This is what got me into all this trouble...

Thanks for the help!

My System SpecsSystem Spec
28 Jan 2017   #9

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring

Hi Judith,
gonna do a QUICK run thru your latest post and comment on your actions/proposals.
but first of all


i can provide you with a bloatfree iso..

Did you uninstall those files in your pictures folder??
Have you changed your passwords, offline??
did you "uninstall WMP via programs/features

now back to yourpost

Para 2
The changes you have made are possibly creating an even more unstable system
removing users in C is only what you see, there will also be associated entries in your registry, which will then regenerate the unknown users profile and more importantly RENEWING his control of permissions
Hence the access denied errors/greyed out options

para 3
Creating a restore point on a corrupt system is pointless, your just causing a problem for the future.
The graphisoft download part has 2 caviats, the source and the program.
As for the student part why your comp, assuming your at a college, they will have their own I.T systems use that as the "hub" and network thru that, go talk to the I.T dept
(also ask them about Dreamspark, Microsoft Imagine - Wikipedia )

Para 4
follow this link
Download - Reset Registry Permissions - MajorGeeks

The interactive account that shows on the security tabS means its got access, presumably created when you downloaded/installed graphisoft


My System SpecsSystem Spec
28 Jan 2017   #10

Windows 7 Home Premium x64

Hi Roy,

Well reading your findings, as well as strangs things happening (logging off my user account and logging into my admin account got me to the highest level of administrators with an error message saying my desktop was moved; after an update of Firefox today I couldn't log out of my google account any more; when I start up realtime web protection of Malwarebytes is turned off but maybe that's because of the installation error I got when installing it... and chkdsk /f or /r isn't working), I think I probably cannot escape from reinstalling... Someone else in my computer or an instable computer with my only user account all corrupted, it leaves me few options.

It just scares me, loosing everyting with starting from scratch... I need to see if I have all the keys and/or a disk for the products that were on this pc (MS Office package for instance...) when I got this pc. I need to backup my Firefox bookmarks and I need to look through the papers of my internet provider to see how I need to set up my internet connection again. That will be my 1st priority. It is my only pc/internet connection... and without internet I will be totally on my own. I need to think what else I need to do before reinstalling and going offline...

I am no student and I do not have an IT dept to consult, I wish I had. I eliminated the WMP account from the security tabs in pictures, music and videos (the latter two contained no files). WMP didn't show up in the program list but I turned off the feature. Will change my password offline next and when I will go through a reinstall of Windows, the pictures (a tonne of GB...) will be gone automatically.

Do you think a reinstall from the d drive would be safe, should my computer be monitored by someone else?

Well, the reinstall will be for tomorrow then (and the next 3 weeks...). It is late here on the other side of the ocean. What a nightmare...

Thank you for the help and the offer to help.

My System SpecsSystem Spec

 windows explorer has stopped working

Thread Tools

Similar help and support threads
Thread Forum
Windows explorer has stopped working
So sometimes on my pc i get this popup
General Discussion
Windows explorer has stopped working
what must i do with this? Problem Event Name: APPCRASH Application Name: explorer.exe Application Version: 6.1.7601.17514 Application Timestamp: 4ce796f3 Fault Module Name: StackHash_0a9e Fault Module Version: Fault Module Timestamp: 00000000 Exception...
General Discussion
Windows Explorer has stopped working
I have a "Windows Explorer has stopped working" at right button clicking desktop. The message is attached. How can I solve this? Thanks in advance.
BSOD Help and Support
Windows Explorer stopped working
Every time I right click a blank area of my desktop to make a new folder, a window pops up that says: Windows Explorer Has Stopped Working under that it gives 2 options: "Check online for a solution and restart the program" & "Restart the program"
BSOD Help and Support
Windows Explorer has stopped working
if i have multiple apps open at the same time & if i do a ALT+TAB to switch to another window, it gives this error, "Windows Explorer has stopped working" Any ideas?:mad: is there a specific update available to fix this problem
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:12.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App