Solved Explorer.exe keeps restarting and there is always a BSOD

Hello fine people of eightforums.com,

Since a day or two, whenever i try to restart, shut down or log off my laptop i get without fail a BSOD with CRITICAL_PROCESS_DIED. Another related symptom is the fact that my explorer.exe constantly keeps crashing at fixed intervals (every 30 - 60 seconds) and then restarts again. This happens automatically even when i am not touching the computer, i have tried booting in safe mode but the same thing keeps happening there as well. I have tried to refresh my windows installation where i just get a error message stating nothing has been changed. My System restore points have been "mysteriously" deleted so i am really suspecting a virus which is going rampant on my beloved laptop.

I am now running as many virus scanners as i can but any help and insight would be greatly appreciated.

Thanks!

SF Diagnostic Tool:
https://www.dropbox.com/sh/8nnsjk6thvnxal7/AADHsSeUSpgANn2_mxtUN4Bva/SF_28-07-2014.zip

All recent BSOD's were caused by a program called: dwiIk.exe and I don't know what it is. Google search does not have any information on this file.

EDIT: Perhaps, you might want to search and locate where it is then disable it to see if the problem goes away.

Hi Xiomax,

In addition to what Topgundcp has asked you to do, could you please run the GMER from this **link** and post back the log file?


Furthermore, the mysterious removal of the Shadow Volume Copies (System Restores) has got me thinking. Did you recently open any attachment in a mail from Symantec/Fedex/UPS/Money Receipt or anything like that?

Could you please open up the Run Prompt (Windows Key + R) and type in "regedit". Once opened, check the following entries :-

Thank you for the fast responses!

topgundcp said:

All recent BSOD's were caused by a program called: dwiIk.exe and I don't know what it is. Google search does not have any information on this file.

EDIT: Perhaps, you might want to search and locate where it is then disable it to see if the problem goes away.

Click to expand...

After i had finished a full scan with Kaspersky it showed indeed that this was the case. It has since been resolved and the computer now shuts down, logs off and restarts normally so that is an big improvement. Only the constant restarting off explorer.exe remains to be the issue now.

blueelvis said:

Hi Xiomax,

In addition to what Topgundcp has asked you to do, could you please run the GMER from this **link** and post back the log file?

Click to expand...

Link to log: https://db.tt/knxCWzEt

After starting the program it showed me this error message and i wasn't sure if this would interfere with the results. The scan did however complete successfully:
View attachment 47796

blueelvis said:

Furthermore, the mysterious removal of the Shadow Volume Copies (System Restores) has got me thinking. Did you recently open any attachment in a mail from Symantec/Fedex/UPS/Money Receipt or anything like that?

Click to expand...

No nothing in particular like that as far as i can remember.

blueelvis said:

Could you please open up the Run Prompt (Windows Key + R) and type in "regedit". Once opened, check the following entries :-

Code:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker"
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "*CryptoLocker"
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker_<version_number>"
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "*CryptoLocker_<version_number"

Click to expand...

None of the keys you mentiond seem to be present but i did recongize the name "Crypto" being used in a list of files currently opened and used by explorer.exe. I am also a bit worried about files coming from "C:\Windows\System32\en-US" and having normal names but then ending in ".mui" that may be related.

View attachment 47798

That is fine mate. Just wanted to ensure that it is not something else

You could run the System File Checker using this guide and see if it solves your problem or not :-

How To Use SFC Scannow to Repair Windows System Files


By the way are you still getting BSOD's?

I went ahead and googled what CryptoProvider.dll was doing and i finally got a forumpost with exactly the same symptoms.

explorer.exe crashing every few seconds - Microsoft Community

I deleted the file and the folder: "C:\ProgramData\Microsoft\Crypto" and the problem has been solved!

Again thank you very much guys, without your suggestions i wouldn't have known where to look for the solution!

Xiomax said:

I went ahead and googled what CryptoProvider.dll was doing and i finally got a forumpost with exactly the same symptoms.

explorer.exe crashing every few seconds - Microsoft Community

I deleted the file and the folder: "C:\ProgramData\Microsoft\Crypto" and the problem has been solved!

Again thank you very much guys, without your suggestions i wouldn't have known where to look for the solution!

Click to expand...

Great to hear that you solved your problem ^_^.

I was just making sure that you were not infected by the CryptoLocker as it has been prevalent for a while now. Anyways good to see that you resolved and thanks for the rep ^_^.

Hi Xiomax ^_^,

Could you please do a favour by searching for a driver named - "ciiog.sys" in your system and report back your findings? It would help me add the information to the Driver Reference Table.

THANKS!