• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1444
  • Last Modified:

How to fix this error "The shell stopped unexpectedly and Explorer.exe was restarted"?

Immediately any user logs onto my PC (even new users) explorer starts to restart every 5 seconds with the error below:

Event Type:      Information
Event Source:      Winlogon
Event Category:      None
Event ID:      1002
Date:            26/04/2006
Time:            08:24:34
User:            N/A
Computer:      CLABERT2
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


I have checked the event logs and there were some errors relating to the IMAPI.exe service but with that disabled the error still occurs.  It seemed to occur on the odd occasion before yesterday but then in the afternoon (not following any particular install) it started failing continually.  The only minor change I can think of was removing internet explorer from the quick start area on the task bar.

I have searched for solutions on this site and across the web and I have tried the following:

1) Replace explorer.exe with a new copy from install CD (I replaced the dllcache copy as well to prevent the original coming back)
2) Replace explorer.exe with a working copy from another PC
3) Uninstall any recently installed software
4) Virus scan entire machine
5) Spyware scan entire machine (used Steganos anti-spyware 2006 and AdAware)

If anyone has any suggestions that result in a fix I would be grateful as I really don't want to rebuild from scratch.

1 Solution
imapi.exe is a part of the Microsoft Windows operating system, more specifically the Image Mastering Applications Programming Interface, which is used for CD recording. This program is important for the stable and secure running of your computer and should not be terminated.
probably in your burning program you have installed or the burner drivers.
> The shell stopped unexpectedly and Explorer.exe was restarted <

If you take a look at this forum and study the last commenty by FKlassen 2005-06-28, 9:14 pm, you'll see reference to "most likely a new Bagle variant"!

If it's "Trojan.Tooso.J"as suggested, see this link for help:
Have put some 'highlights' in the previous url to assist you:

You may initially like to try this online Trojan scanner "a-squared Free", which is specialized in Trojans & Dialers removal:
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

tudorrAuthor Commented:
Thanks for the comments - it appears that the problem was related to ISS BlackIce PC protection (my firewall and intrusion detection software).  I used MSCONFIG to stop various things loading and was able to remove / reproduce the error by adding / removing the services.  The strange thing is that I simply emptied the firewall logs and restarted and now all is fine - bizare!
Thanks for the update, it could help others.    
As you appear to have answered the question yourself you may wish to retrieve your points. Check this link under the heading "Closing Questions":

Then ask for a refund with reference to thread Q_21827735  posting a 0 points question here >
http://www.experts-exchange.com/Community_Support/                Thanks.
No objections, PAQ-ing the question and refunding 500 points is fine.
Closed, 500 points refunded.
The Experts Exchange
Community Support Moderator of all Ages
tudorrAuthor Commented:

I should add that further investigation revealed that the Application Protection component of the software had decided that explorer.exe was a problem as below:

04/27/2006 09:41:24.296 [ 1792]: Notification: explorer.exe (C:\WINDOWS\explorer.exe) has been terminated because it is a privacy violation

It was simply closing down what it thought was a problem application.  That information was contained in RAPPAPP.LOG but as there are so many log files I didn't manage to check it earlier!

Hopefully if someone else experiences this they can check the log first.....

In order to fix, I had to re-baseline the system as follows:

Right click the shield in the System Tray and select Stop BlackICE Application Protection. A red slash may appear over the shield. Now, find the Actlcl (may or may not exist) and Checksum .txt files in the BlackICE folder which are within the ISS folder. Delete them and then baseline.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now