all my browsers closed, now I click on IE and it won't open. IE works in safemode, its 6.0. Can't do windows update in safemode, gives error on webpage. I did a system restore back to the 1st of Jan, no luck. Looking for virus' now, AVG found something called alt.exe and something else, deleted those. IE stil not working, firefox works. Here is my hijackthis output

Anyone know of a common virus that prevents IE from running (other than in safemode)?

----

Logfile of HijackThis v1.99.1
Scan saved at 12:08:19 PM, on 1/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://popup/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wsrehvtl.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137347134062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137347303734
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{101E2693-7089-40C0-8D46-B7D783F7312E}: NameServer = 204.127.202.4,216.148.227.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{101E2693-7089-40C0-8D46-B7D783F7312E}: NameServer = 204.127.202.4,216.148.227.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{101E2693-7089-40C0-8D46-B7D783F7312E}: NameServer = 204.127.202.4,216.148.227.68
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

---


thx

Click on the start menu, click run, type in "iexplore", click ok.

[QUOTE=90StangLX5.0]Click on the start menu, click run, type in "iexplore", click ok.[/QUOTE]

That works in safe mode, but not in normal mode. I think something has either broke or infected IE. I just reinstalled ie6 sp1 from MS site, going to reboot and try.

It works for me in normal mode. With my SBC Yahoo account every time I have to reboot my computer I have to go in to IE. I use the run option every time because the SBC icon took over the IE icon.

I notcied to, under my internet options advanced tab, all the boxes to either select or deselect an component there are missing. No boxes, so nothing can be either selected or deselected. This is not normal.

I'm running an SFC right now, to see if that complains about the integrity of iexplore.exe...i hope.

? is, virus killed it or did it break on its own?

I'm not sure. I'd have to look at it and mess with it myself.

best bet is to reformat. ie is built into the OS and you will have issues.

reformat and install firefox for your browser.

[QUOTE=momo stallion]best bet is to reformat. ie is built into the OS and you will have issues.

reformat and install firefox for your browser.[/QUOTE]

using firefox right now to reply to thread. Something is broke in IE, one way or another. I need to make a check list of shit I need installed/servers/etc, and backup, then i guess is a full on redo :/


--Scott



edit

this line concerns me


O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wsrehvtl.exe

that file is not in that path... and can't find any info about it on the internet


anyone know what wsrehvtl.exe is ?

Might use trendmicro.com (http://www.trendmicro.com/en/home/us/personal.htm) i use it once a month or so

also you might try ending the iexplorer process, if its not running it should not be listed

[QUOTE=Skidonenko]Might use trendmicro.com (http://www.trendmicro.com/en/home/us/personal.htm) i use it once a month or so

also you might try ending the iexplorer process, if its not running it should not be listed[/QUOTE]

I'll give trendmicro a buzz, iexplore isn't running. The second you run it it opens a process then closes immediatley.

Btw I deleted {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wsrehvtl.exe , though that .exe isn't in that path, I removed the related registry entry and no change. I think IE is just flat out broke. Installing ie6 didn't help, thoughim not suprized as its not exactly modular to the OS.

[QUOTE=ScottJ]I'll give trendmicro a buzz, iexplore isn't running. The second you run it it opens a process then closes immediatley.

Btw I deleted {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wsrehvtl.exe , though that .exe isn't in that path, I removed the related registry entry and no change. I think IE is just flat out broke. Installing ie6 didn't help, thoughim not suprized as its not exactly modular to the OS.[/QUOTE]


Did you look for hidden files? Also did you try ending the iexplorer process?

go to control panel, add/remove programs. then choose add/remove windows components.
remove ie. i removed ie, media player, and a few other stupid window apps.

I Would remove the following entrys.
----

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://popup/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wsrehvtl.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{101E2693-7089-40C0-8D46-B7D783F7312E}: NameServer = 204.127.202.4,216.148.227.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{101E2693-7089-40C0-8D46-B7D783F7312E}: NameServer = 204.127.202.4,216.148.227.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{101E2693-7089-40C0-8D46-B7D783F7312E}: NameServer = 204.127.202.4,216.148.227.68
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


After removing, I would restart and run Antivirus scans, delate all temp dirs. Run Spybot, adware etc. Clean out java Cache. Then see if IE will open. I would also turn off system restore.

[QUOTE=90StangLX5.0]It works for me in normal mode. With my SBC Yahoo account every time I have to reboot my computer I have to go in to IE. I use the run option every time because the SBC icon took over the IE icon.[/QUOTE]
Just make a shortcut on the desktop, or start bar. Or you can just uninstall the sbc and it will still work, if you need to check your mail, go to dsl.sbc.yahoo.com then type in your full email address, and password, it should work fine.