floydbenson
asked on
Explorer has caused an error in <unknown> when opening My Computer, Control Panel, etc.
This is a problem I've been experiencing for a couple of weeks now...whenever I try to open My Computer, My Documents, Control Panel or click on the Search For Files & Folders, I get an error message that says "Explorer has caused an error in <unknown>"
I've searched for similar problems and solutions on here, and have tried various remedies...nothing seems to work.
In Safe mode, the problem doesn't occur.
I do have AdAware with the latest updates, ran it, fixed problems....still doesn't help.
I've run SpyBot S&D 1.3 with the latest updates...it lists one problem, a DSO exploit that for some reason it will not fix...found a manual fix for the problem, tried it, still shows up as an error.
Norton Anti-Virus found 1 file and quarantined it.
I've tried to get the latest updates for Windows ME from Microsoft, however, you have to be using Internet Explorer to use their scan for updates feature, and whenever it starts to scan for updates, I get redirected to another page....very frustrating.
I've restored a previous backup of the registry, and this works temporarily. However, if I do anything like run SpyBot or AdAware again, it's back to the same error.
Occasionally I will get a different error message....once in a while it says "Explorer has caused an error in KERNEL32.DLL", and twice I've gotten an error message that said "Explorer has caused an error in SHELL32.DLL"
Short of re-installing Windows ME, or reformatting my hard drive and starting over, I don't know what else to try....and I'd rather not do either of those....too much stuff to re-install.
Please don't criticize my choice in operating systems....it's what was on the computer...I haven't upgraded because I hate Windows XP (i use it at work).
Any thoughts, ideas, anecdotes would be greatly appreciated.
I've searched for similar problems and solutions on here, and have tried various remedies...nothing seems to work.
In Safe mode, the problem doesn't occur.
I do have AdAware with the latest updates, ran it, fixed problems....still doesn't help.
I've run SpyBot S&D 1.3 with the latest updates...it lists one problem, a DSO exploit that for some reason it will not fix...found a manual fix for the problem, tried it, still shows up as an error.
Norton Anti-Virus found 1 file and quarantined it.
I've tried to get the latest updates for Windows ME from Microsoft, however, you have to be using Internet Explorer to use their scan for updates feature, and whenever it starts to scan for updates, I get redirected to another page....very frustrating.
I've restored a previous backup of the registry, and this works temporarily. However, if I do anything like run SpyBot or AdAware again, it's back to the same error.
Occasionally I will get a different error message....once in a while it says "Explorer has caused an error in KERNEL32.DLL", and twice I've gotten an error message that said "Explorer has caused an error in SHELL32.DLL"
Short of re-installing Windows ME, or reformatting my hard drive and starting over, I don't know what else to try....and I'd rather not do either of those....too much stuff to re-install.
Please don't criticize my choice in operating systems....it's what was on the computer...I haven't upgraded because I hate Windows XP (i use it at work).
Any thoughts, ideas, anecdotes would be greatly appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok...an update on what I've done since the original post...
Managed to find some remnants of CoolWebSearch stuff on my computer and used CWShredder to get rid of that...subsequent scans with AdAware, SpyBot and SpyWare Doctor come up with nothing. However, the original problem still persists.
I've also deleted the WIN386.SWP file...didn't help.
I've extracted a new copy of the KERNEL32.DLL file and copied that over the existing one...didn't help.
Still don't know what's going on...problem doesn't occur in safe mode...haven't added any new hardware recently....the problem just started happening a couple of weeks ago.
Anyway, as suggested, here's a copy of my HiJack This log:
Logfile of HijackThis v1.98.0
Scan saved at 1:01:48 PM, on 8/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\MY DOCUMENTS\DOWNLOADS\HIJACK
C:\WINDOWS\SYSTEM\STIMON.E
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dl
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptra
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvsc
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwa
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
Also, I forgot to mention....after eliminating the CoolWebSearch problem, I've been able to get the WINDOWS ME updates from Microsoft...didn't help, and it wasn't that significant of an update anyway....I'm usually pretty good about keeping things updated.
One other thing, don't know if has anything to do with anything or not...if I run AceUtilities and use the StartUp Manager, there's something listed that looks kind of odd...if I try to disable it, it re-enables itself, if I delete it, it returns with a different name, but the name always begins with an asterisk....*h or *qdf for example....the application associated with it is something like "rundll32 C:\Windows\System, StreamingDevicesomething".
Anyway....
Managed to find some remnants of CoolWebSearch stuff on my computer and used CWShredder to get rid of that...subsequent scans with AdAware, SpyBot and SpyWare Doctor come up with nothing. However, the original problem still persists.
I've also deleted the WIN386.SWP file...didn't help.
I've extracted a new copy of the KERNEL32.DLL file and copied that over the existing one...didn't help.
Still don't know what's going on...problem doesn't occur in safe mode...haven't added any new hardware recently....the problem just started happening a couple of weeks ago.
Anyway, as suggested, here's a copy of my HiJack This log:
Logfile of HijackThis v1.98.0
Scan saved at 1:01:48 PM, on 8/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\MY DOCUMENTS\DOWNLOADS\HIJACK
C:\WINDOWS\SYSTEM\STIMON.E
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dl
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptra
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvsc
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwa
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
Also, I forgot to mention....after eliminating the CoolWebSearch problem, I've been able to get the WINDOWS ME updates from Microsoft...didn't help, and it wasn't that significant of an update anyway....I'm usually pretty good about keeping things updated.
One other thing, don't know if has anything to do with anything or not...if I run AceUtilities and use the StartUp Manager, there's something listed that looks kind of odd...if I try to disable it, it re-enables itself, if I delete it, it returns with a different name, but the name always begins with an asterisk....*h or *qdf for example....the application associated with it is something like "rundll32 C:\Windows\System, StreamingDevicesomething".
Anyway....
Thanks. You've covered a lot of ground! Initial check and HJT log seems fairly clean. It will take a while to work through all items, but you can definitely 'fix' this one.
R3 - Default URLSearchHook is missing
Will study all your comments, and get back to you.
R3 - Default URLSearchHook is missing
Will study all your comments, and get back to you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jonvee...
I did reboot after running SpyBot and AdAware....is it safe to remove that BHO?
The SFG328E.DLL is SafeGuard Pop-Up Blocker I believe...
I'll try the BHODemon when I get home.
Thanks.
I did reboot after running SpyBot and AdAware....is it safe to remove that BHO?
The SFG328E.DLL is SafeGuard Pop-Up Blocker I believe...
I'll try the BHODemon when I get home.
Thanks.
> is it safe to remove that BHO? < Yes, with BHODemon, because you can immediately restore it
if theres an issue.
Seems no activity from the BHO site above, at the moment. Here's an alternative site if you need it:
http://www.definitivesolutions.com/files/BHODemon10Setup.exe
The rest of the HJT log seems ok, but i may still have missed something. Will recheck.
HijackThis log: Troubled by the two 'R1' entries, both ending in "about:blank".
Can't confirm at present, whether to 'fix' or not. Maybe someone else can comment on this one !
The rundll32 'error' you mentioned may well be due to parasites. Maybe a Trojan. AdAware should have fixed it.
Can't confirm at present, whether to 'fix' or not. Maybe someone else can comment on this one !
The rundll32 'error' you mentioned may well be due to parasites. Maybe a Trojan. AdAware should have fixed it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are you sure about the "about:blank" entries? I always set my home page to a blank page...anyway...
A couple of new developments....the plot thickens...I bought a new soundcard today and installed it, and for whatever reason, my Explorer error problem went away...who knows...
Another thing, when I opened My Computer, Norton AntiVirus caught something, some .DLL file in C:\Windows\System (didn't write down the name of it unfortunately) and quarantined it....very strange.
But anyway....it appears my problem has worked itself out...I appreciate everyone's assistance...
Thanks again.
A couple of new developments....the plot thickens...I bought a new soundcard today and installed it, and for whatever reason, my Explorer error problem went away...who knows...
Another thing, when I opened My Computer, Norton AntiVirus caught something, some .DLL file in C:\Windows\System (didn't write down the name of it unfortunately) and quarantined it....very strange.
But anyway....it appears my problem has worked itself out...I appreciate everyone's assistance...
Thanks again.
Interesting feedback! Glad the issue has worked itself out. But if you have further (similar) problems,
you may like to follow up on Ron's "about:blank" removal scheme. .. and thank you.
Ron, thanks for the timely help. Spent a while getting nowhere on that one!
Jonvee, You're welcome. :-) Those nasties are happening too fast.
Ron
Ron
Mine are set to about:blank also, because I set them to that... It's not a hijacker, it's just a blank page :-)
Glad you got it fixed and thanks for the points.
-Burbble
Glad you got it fixed and thanks for the points.
-Burbble
Burble, when you've been hihacked about:blank shows up in HijackThis as well as Ad-Aware. This is not the same as the undesigned home page in IE, about:blank.
Ron
Ron
This may be a slightly different problem, but a customers computer was getting
Explorer caused an error in <unknown>
But only on opening Internet Explorer. I installed Mozilla and it worked fine.
I "repaired" IE, no change
I returned IE to an earlier version, no change
I deleted much of the registry referring to IE, and deleted the program files in IE folder, then reinstalled; no change.
I had already scanned for viruses - clean!
I had scanned for spyware with Adaware, Spybot, and Coolweb Shredder, and had found a reasonable amount (Kazaa installed), and cleaned it out. No change.
Did some reading on the internet, including this column, and was convinced it must be spyware related. Some readers referred to a utility called BHODemon which looks at Browser Helper Objects. I had already looked at downloaded program files in IE but thought it was worth a look. After updating BHO Demon, then scanning, it found two orphaned entries and one suspect entry. I deleted the orphans and deactivated the suspect file and guess what - it all worked!! Only 5 minutes work after spending 2 hours trying other solutions!!
Hope this saves someone else some time.
PS. in my reading on Microsoft it mentions that damaged *.cpl files causing a similar error when opening the Control Panel (not my problem)
Peter G
Explorer caused an error in <unknown>
But only on opening Internet Explorer. I installed Mozilla and it worked fine.
I "repaired" IE, no change
I returned IE to an earlier version, no change
I deleted much of the registry referring to IE, and deleted the program files in IE folder, then reinstalled; no change.
I had already scanned for viruses - clean!
I had scanned for spyware with Adaware, Spybot, and Coolweb Shredder, and had found a reasonable amount (Kazaa installed), and cleaned it out. No change.
Did some reading on the internet, including this column, and was convinced it must be spyware related. Some readers referred to a utility called BHODemon which looks at Browser Helper Objects. I had already looked at downloaded program files in IE but thought it was worth a look. After updating BHO Demon, then scanning, it found two orphaned entries and one suspect entry. I deleted the orphans and deactivated the suspect file and guess what - it all worked!! Only 5 minutes work after spending 2 hours trying other solutions!!
Hope this saves someone else some time.
PS. in my reading on Microsoft it mentions that damaged *.cpl files causing a similar error when opening the Control Panel (not my problem)
Peter G
ASKER
I can't update IE because, as I said, I get automatically redirected to some search page whenever I try to get any kind of Windows or IE update....doesn't happen when I use Mozilla Firefox, but again, Microsoft in their infinite wisdom will only allow you to use their automatic update feature if you're using IE....I try to avoid using IE anyway.
I have tried HiJack this, and read their tutorial and FAQ section, but honestly don't know enough about what should be left alone and what should be deleted....don't want to make the problem worse.
I tried deleting the WIN386.SWP file but it says it's protected...is there a way around this?
I tried to use the virus scanner on trendmicro, but it kept asking me where my Netscape Plug-ins folder was....I don't use Netscape. And pandasoftware kept resulting in a "file not found" page....I'll try the grisoft.com link and read through the Kernel32 errors link.