Explorer.exe Problems

[Emin]

Uh, Firstly I'd say Hello. I've just registered on the forums seeing that most of the people come here for help. I'm experiencing some problems with my Explorer.exe [Not Internet Explorer]

Firstly,
Whenever I start my computer, Explorer.exe freezes [Always] and I need to terminate it and reopen it. [CTRL + ALT + DELETE => Processes]
Any solution so it dosen't freeze? I'm having this problem from like 1 or 2 years, But I was fine just closing and reopening. But a new problem occoured yesterday. Whenever I open any folder, It says "Windows Explorer has encountered a problem and needs to close." When I click Don't send, Explorer terminates and reopens. Any solution to this one? So I can open my folders. I'm currently accessing my folders through Run [CTRL + R] Or New Task ( Run ) [CTRL + ALT + DELETE]

One more problem but not related to Explorer.exe, Whenever I format and reinstall windows it stops at data.cab or something similar, I know that it's orignal location to be installed is C:\Windows\Driver Cache\i386 and it dosen't install that file even after retrying alot. I guess I'll buy a new CD.
This problem is not a must to be solved as I there is no solution for it I think.

Well, Any help is appreciated.
Thanks,
Emin.

 

[CCT]

http://support.microsoft.com/kb/293623

 

[Emin]

I said Explorer.exe problem, Not Internet Explorer God..

I'm experiencing some problems with my Explorer.exe [Not Internet Explorer]

 

[CCT]

Yes, you are right (however, I am NOT God).

Anyway, from what I gather researching, you should be following the Prelim AV removal process:

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[caravel]

Click start, run, type "msconfig" and hit enter. Click the startup tab, take a careful note of what is and is not checked, now uncheck everything and reboot. Did it still crash?

(If it still crashes, reverse what you did above.)

 

[Emin]

Well, Thanks CCT.
That post was really helpful. When this problem occoured it got fixed the next day automatically the next day, Forgot to tell that, And again next day it happened again. So I think it may occur again. I did some of the operations which I thought were necessary. I downloaded Zone Alarm PRO. Just the problem now is whenever I'm starting my computer, it's opening a bit slow. Any solution to that? The programs I Installed were:

1. Zone Alarm PRO with Firewall
2. Lavasoft Ad-Aware's Latest Version
3. Hijackthis and renamed it to Crusty
4. Clever Cleaner [I had it, Just needed the latest version]

Everything seems to be working just fine right now.
Thanks alot for your help!

And caravel, When the problem existed I tried that several times. Anyways, Thanks to you too.

1 last thing, Here's my Hijackthis Log, Please check if something wrong or not:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:24 PM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\army.exe
C:\WINDOWS\system32\QRPG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft] army.exe
O4 - HKLM\..\Run: [Winsock2 driver] QRPG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft] army.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] QRPG.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66F9C29D-3EC4-4F42-9D7E-607651DCCC83}: NameServer = 218.248.240.46 218.248.255.146
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6119 bytes

And uh, What's QRPG.exe and Army.exe? Any clues? Thanks in advance.

--Emin

 

[CCT]

Army.exe once was a screensaver (circa 2001) but there is a baddie around using that name.

The other shows nada in Google.

You, like many others, have added all kinds of (to me) useless crap on your comp and some of it has been bad for it.

I think you should run through the complete steps from the link I gave for prelim removals.

Once done, repost with ALL the required logs.

 

[kritius]

You could upload the file to Virus Total.

Go there and browse to C:\WINDOWS\system32\QRPG.EXE and upload it.

It will run it through a series of scanners to see if there is anything up with it.

EDIT|||||||||||||||||||||||||||||||||||||||||||

Just had a proper check through the log, there are some infections in there. Also do you recognise the O17 entries as your own IP?