Explorer has caused an error in <unknown> when opening My Computer, Control Panel, etc.

This is a problem I've been experiencing for a couple of weeks now...whenever I try to open My Computer, My Documents, Control Panel or click on the Search For Files & Folders, I get an error message that says "Explorer has caused an error in <unknown>"

I've searched for similar problems and solutions on here, and have tried various remedies...nothing seems to work.

In Safe mode, the problem doesn't occur.

I do have AdAware with the latest updates, ran it, fixed problems....still doesn't help.

I've run SpyBot S&D 1.3 with the latest updates...it lists one problem, a DSO exploit that for some reason it will not fix...found a manual fix for the problem, tried it, still shows up as an error.

Norton Anti-Virus found 1 file and quarantined it.

I've tried to get the latest updates for Windows ME from Microsoft, however, you have to be using Internet Explorer to use their scan for updates feature, and whenever it starts to scan for updates, I get redirected to another page....very frustrating.

I've restored a previous backup of the registry, and this works temporarily.  However, if I do anything like run SpyBot or AdAware again, it's back to the same error.

Occasionally I will get a different error message....once in a while it says "Explorer has caused an error in KERNEL32.DLL", and twice I've gotten an error message that said "Explorer has caused an error in SHELL32.DLL"

Short of re-installing Windows ME, or reformatting my hard drive and starting over, I don't know what else to try....and I'd rather not do either of those....too much stuff to re-install.

Please don't criticize my choice in operating systems....it's what was on the computer...I haven't upgraded because I hate Windows XP (i use it at work).

Any thoughts, ideas, anecdotes would be greatly appreciated.

Who is Participating?
JonveeConnect With a Mentor Commented:

Have you tried HijackThis ?    It should help you to identify and remove obstinate
hijackware/spyware.   The first link contains useful text, the 2nd a good Download facility:
  As you've run Spybot Search and Destroy and  AdAware, please reboot before scanning with HJT, if you decide to try it.

        >>  KERNEL32.DLL errors  <<           Just wonder if there's some common link between your 'errors' !
 If it's repeat KERNEL32.DLL errors, you may wish to consider this:    [ It can often be resolved by deleting the Windows swap file, WIN386.SWP, and letting it rebuild itself.           Location:  C:\WINDOWS\WIN386.SWP     ]


blue_zeeConnect With a Mentor Commented:

Jokes apart...

You are running an updated version of IE6SP1, aren't you?

And did you install the latest patches, available through Windows Update?

Try repairing your Internet Explorer:

Add/Remove Programs, highlight Microsoft Internet Explorer, click Add/Remove, select Repair, Next and OK.

Reboot when asked to and check if problems persist.

JonveeConnect With a Mentor Commented:

Noting your Norton comments, you could try another virus scan using at least two of these free scanners:

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

floydbensonAuthor Commented:
Thanks for the suggestions....

I can't update IE because, as I said, I get automatically redirected to some search page whenever I try to get any kind of Windows or IE update....doesn't happen when I use Mozilla Firefox, but again, Microsoft in their infinite wisdom will only allow you to use their automatic update feature if you're using IE....I try to avoid using IE anyway.

I have tried HiJack this, and read their tutorial and FAQ section, but honestly don't know enough about what should be left alone and what should be deleted....don't want to make the problem worse.

I tried deleting the WIN386.SWP file but it says it's protected...is there a way around this?

I tried to use the virus scanner on trendmicro, but it kept asking me where my Netscape Plug-ins folder was....I don't use Netscape.  And pandasoftware kept resulting in a "file not found" page....I'll try the grisoft.com link and read through the Kernel32 errors link.

JonveeConnect With a Mentor Commented:
HijackThis may be the best way forward.   Suggestions:

Create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temp folder.  It is important that you download this file to its own folder as this folder will be used when HijackThis makes backups. Temp folders get deleted, taking with them HJT's 'backups' of items that were 'fixed'.
Open the LOG in Notepad or Wordpad, inspect, and you could see a reference to your 'error'.   Several users use this only to 'scan', and not to 'fix'.    Someone out here can view the items, and decide what is safe to remove.

Display your Notepad with the 'HijackThis' text.
Select 'Edit' on toolbar.
From dropdown menu, click 'Select all' which highlights your text.
Select 'copy'.
Having previously opened your Experts Exchange 'comments' box,
right click your mouse when hovering over 'comments' box, and select 'Paste'.

JonveeConnect With a Mentor Commented:
>>  I'll try the grisoft.com link <<       

Interesting to know the result of this later.   If that too fails, could it be a 'disabling virus' ?!    Not sure what (if any) 'error' you would get, if it was.    Have to log off shortly, but you may like to launch 'Stinger' if HJT doesn't eventually solve the problem.
 The 'Stinger' is a utility that cleans the system of virii, that block anti virus software. You can download the 'Stinger' from here.    Run it to make sure that 'disabling viruses' are not present:

  Then you could update and run a full system scan of all files, using a virus scanner (any of those earlier scanners).

BurbbleConnect With a Mentor Commented:
>> I tried deleting the WIN386.SWP file but it says it's protected...is there a way around this?

This is the Windows Swap file which stores the Virtual Memory (that which is stored on the hard drive instead of in physical RAM). You cannot delete it while Windows is running; you will need to restart using a Startup Disk, then navigate to the folder where the WIN386.SWP file resides, type DEL WIN386.SWP and press Enter. Then restart.

Personally, I have never had a problem fixed by deleting the Swap file, aside from keeping file fragmentation to a minimum... But who knows?

You say that you are redirected to some search page when you try to use Internet Explorer; I saw this happen before on someone's computer, and after running Spybot and disabling all of the nasty programs using MSCONFIG, it was fine.

Try using Spyware Blaster, it gives you direct access to Internet Explorer's search pages...


Also post the HijackThis log here, and we can tell you which items to disable from MSCONFIG.

floydbensonAuthor Commented:
Ok...an update on what I've done since the original post...

Managed to find some remnants of CoolWebSearch stuff on my computer and used CWShredder to get rid of that...subsequent scans with AdAware, SpyBot and SpyWare Doctor come up with nothing.  However, the original problem still persists.

I've also deleted the WIN386.SWP file...didn't help.

I've extracted a new copy of the KERNEL32.DLL file and copied that over the existing one...didn't help.

Still don't know what's going on...problem doesn't occur in safe mode...haven't added any new hardware recently....the problem just started happening a couple of weeks ago.

Anyway, as suggested, here's a copy of my HiJack This log:

Logfile of HijackThis v1.98.0
Scan saved at 1:01:48 PM, on 8/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!

Running processes:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\SYSTEM\SFG328E.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Also, I forgot to mention....after eliminating the CoolWebSearch problem, I've been able to get the WINDOWS ME updates from Microsoft...didn't help, and it wasn't that significant of an update anyway....I'm usually pretty good about keeping things updated.

One other thing, don't know if has anything to do with anything or not...if I run AceUtilities and use the StartUp Manager, there's something listed that looks kind of odd...if I try to disable it, it re-enables itself, if I delete it, it returns with a different name, but the name always begins with an asterisk....*h or *qdf for example....the application associated with it is something like "rundll32 C:\Windows\System, StreamingDevicesomething"...can't remember exactly what the last part was...what's even more strange is that if i run "msconfig" and go to the Startup tab, it's not listed....

Thanks.  You've covered a lot of ground!   Initial check and HJT log seems fairly clean.   It will take a while to work through all items, but you can definitely 'fix' this one.  
R3 - Default URLSearchHook is missing

  Will study all your comments, and get back to you.

JonveeConnect With a Mentor Commented:

After you ran Spybot and AdAware, did you reboot before scanning with HJT ?  May explain this BFO:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

Don't recognise the SFG328E.DLL file below, so suspicious.

O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\SYSTEM\SFG328E.DLL
Another suggestion, download BHODemon. It will allow you to enable/disable/re-enable any of the BHOs, including the two above.  It's a small, useful little utility.  You could install it on your Desktop.  Would prove the case.
 [What are BHOs ?     Description here:
              http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebgen/html/bho.asp    ]    

 To download BHODemon:      http://www.spywareinfo.com/downloads/bhod/
    Think of BHODemon as a guardian for your Internet browser:
It protects you from unknown Browser Helper Objects (BHOs), by letting
you enable/disable them individually.  For BHO detection this program
is highly recommended.

  Have noted all your other comments, thanks !

floydbensonAuthor Commented:

I did reboot after running SpyBot and AdAware....is it safe to remove that BHO?

The SFG328E.DLL is SafeGuard Pop-Up Blocker I believe...

I'll try the BHODemon when I get home.


      >   is it safe to remove that BHO?  <         Yes, with BHODemon, because you can immediately restore it
if theres an issue.
Seems no activity from the BHO site above, at the moment.     Here's an alternative site if you need it:


The rest of the HJT log seems ok, but i may still have missed something.  Will recheck.
HijackThis log:     Troubled by the two 'R1' entries, both ending in "about:blank".  
Can't confirm at present, whether to 'fix' or not.   Maybe someone else can comment on this one !

 The rundll32 'error' you mentioned may well be due to parasites.  Maybe a Trojan.   AdAware should have fixed it.  
rschafer3Connect With a Mentor Commented:
The "about:blank" entries are a Home Page Hijacker.

Here's a removal scheme:

floydbensonAuthor Commented:
Are you sure about the "about:blank" entries?  I always set my home page to a blank page...anyway...

A couple of new developments....the plot thickens...I bought a new soundcard today and installed it, and for whatever reason, my Explorer error problem went away...who knows...

Another thing, when I opened My Computer, Norton AntiVirus caught something, some .DLL file in C:\Windows\System (didn't write down the name of it unfortunately) and quarantined it....very strange.

But anyway....it appears my problem has worked itself out...I appreciate everyone's assistance...

Thanks again.

Interesting feedback!    Glad the issue has worked itself out.    But if you have further (similar) problems,
you may like to follow up on Ron's "about:blank" removal scheme.                    .. and thank you.

Ron, thanks for the timely help.  Spent a while getting nowhere on that one!

Jonvee, You're welcome. :-)  Those nasties are happening too fast.

Mine are set to about:blank also, because I set them to that... It's not a hijacker, it's just a blank page :-)

Glad you got it fixed and thanks for the points.

Burble, when you've been hihacked about:blank shows up in HijackThis as well as Ad-Aware. This is not the same as the undesigned home page in IE, about:blank.

This may be a slightly different problem, but a customers computer was getting

Explorer caused an error in <unknown>

But only on opening Internet Explorer. I installed Mozilla and it worked fine.
I "repaired" IE, no change
I returned IE to an earlier version, no change
I deleted much of the registry referring to IE, and deleted the program files in IE folder, then reinstalled; no change.
I had already scanned for viruses - clean!
I had scanned for spyware with Adaware, Spybot, and Coolweb Shredder, and had found a reasonable amount (Kazaa installed), and cleaned it out. No change.

Did some reading on the internet, including this column, and was convinced it must be spyware related. Some readers referred to a utility called BHODemon which looks at Browser Helper Objects. I had already looked at downloaded program files in IE but thought it was worth a look. After updating BHO Demon, then scanning, it found two orphaned entries and one suspect entry. I deleted the orphans and deactivated the suspect file and guess what - it all worked!! Only 5 minutes work after spending 2 hours trying other solutions!!

Hope this saves someone else some time.

PS. in my reading on Microsoft it mentions that damaged *.cpl files causing a similar error when opening the Control Panel (not my problem)

Peter G
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.