Improve company productivity with a Business Account.Sign Up


running ie 8 on xp will not open throws up virus error using kapaskeys

Posted on 2011-02-14
Medium Priority
Last Modified: 2013-12-06
running ie8 but throws up the below error if you deny it then it just closes if you runit then it just hangs
have run kapaskeys and avs4 and have found nothing reloaded and reset ie and still no good.

Attempt to run browser with command line parameters: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:14337.

here is the hijack this file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:52 PM, on 15/02/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKLM\..\Run: [Advanced DDTML Enable] C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\13830.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\3522.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

End of file - 6495 bytes
Question by:sydneyguy
  • 8
  • 6
  • 2
  • +2
LVL 32

Accepted Solution

aleghart earned 400 total points
ID: 34894013
IE8 tracks tabs with different processes.

See here for a not-necessarily safe workaround that basically whitelists any IE process.  Not sure if that's a smart thing to do.

Are you running IE add-ons that can be disabled?  Try killing them all and re-enabling.  For instance, you probably have Kaspersky and Skype add-ons running by default for anti-banner adverising blocking and Skype phone # translation.  You have AdAware running as well?

Assisted Solution

Raneesh earned 400 total points
ID: 34894034
boot in safe mode; clear all the entries in system temp folder and temporary internet files;

could you please install antimalware and scan the system (normal mode)

also read this link and try whether it is useful or not 
LVL 35

Assisted Solution

torimar earned 400 total points
ID: 34894059
There are nasties on your system:


as well as these:

Superantispyware ( and MBAM (see link in raneeshcr's comment above) should be able to help.

You might also want to cross-check by scanning with HitmanPro:
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

LVL 35

Expert Comment

ID: 34894064
Sorry, mistyped a URL above. It must read:
LVL 15

Assisted Solution

Russell_Venable earned 800 total points
ID: 34902605
In your specific case I would suggest using RegRun by Greatis. It will not only backup you registery, but also remove those malicious files and setup registery protection and file protection. This can also be run parallel with your antivirus. I would also suggest that you install Sandboxie and surf through the internet using that from now on as further protection from this type of malware. It will contain most of the malware that comes from using a web browser as long as you run it through sandboxie. This files will not escape the sandbox unless the malware uses a exploit in the sandboxie's open process. Of course install this after deleting that malware from your pc first and foremost. Also suggested to watch this video and setup your Internet Explore link as it done in this video and you should be a lot safer surfing the internet. This is coming from a Malware Researcher. So keep this suggestion in mind as safe practice and avoidance of catching malware such as this in the future. I would also suggest anyone who is reading this to do this as well. It hinders this malware type of drive-by attacks, not all but most attacks of this nature.

Youtube Video of Sandboxie Review by mrizos

Author Comment

ID: 34904298
have loaded and run
loaded and run (
loaded and run RegRun by Greatis.
cleared the menory and temp files rebooted numerous time

will post the new hijack this but explorer still will not run
LVL 35

Expert Comment

ID: 34904415
How do you start IE? By clicking on an icon?
If so, check its properties. Maybe the shortcut to launch it was altered and now has those command line parameters (SCODEF:2176 CREDAT:14337). Remove them, or create a new explorer shortcut.

Also consider using Firefox or Opera instead of IE for security reasons. IE, after all, is one of the main hatches for malware, and a major flaw to all security endeavours.
Personally, I have never used IE nor any of the other MS mass products, like Outlook, Outlook Express, Windows Media Player, Windows Address Book etc. (not even Paint or Notepad ;)), and I never got seriously infected in 16 years or hardcore-browsing even the darkest spots of the internet.

Author Comment

ID: 34905082
i have ff and opera working on the machine but i need ie8 running so that i can test some software that does not seem to run on it ie8 but works fine on ie7
tried a new shortcut no good

LVL 35

Expert Comment

ID: 34905093
Next step would then be to uninstall and reinstall IE 8.

Author Comment

ID: 34922567
it works ok in safe mode but when it loads it just stops may try reinstlling ie8

Author Comment

ID: 34922570
thats under normal non safe conditions so wil not run normally only under safe mode

Author Comment

ID: 34923843
have just deleted and reloaded and its still the same cannot load ie8 any one have any other ideaas.

i am going to pick up another computor tonight and see i  can load that up and see how that ones goes but this has me stummped
LVL 35

Expert Comment

ID: 34923848
Do you still receive the same error message as posted in your original post?
If so, have you run a search in your registry for those strange options ("SCODEF:2176 CREDAT:14337")?

Also: If it is only for testing purposes that you need IE8, you might want to consider using a browser compatibility testing tool instead of an installed version.
This one could help:

Or Expression Web SuperPreview:

Here's a complete overwview of compatibility testing tools, online and offline:

Author Comment

ID: 34923858
yes i have have not found any also went throughlookign for the ie dir path that it says it finds
also looked for bits but still no good.\

i need the full version as i have to be identical to make sure that there is no problems for testing of the system and the scripts.
wiill have a looka the pages thbks
LVL 35

Expert Comment

ID: 34923903
Try this;
Get Autoruns:

Run it and click on the tab "Image Hijacks". If there are any entries found under the registry keys, untick them. Cloes Autoruns, reboot and try launching IE8 again.

Author Comment

ID: 34923957
nothing in the image hijacs but love the program, been looking for some thing like this for a long tim will keep looking though thanks for this
LVL 15

Assisted Solution

Russell_Venable earned 800 total points
ID: 34924169
The line  (SCODEF:2176 CREDAT:14337) is auto-generated by IE8. With that being said 2176 is the  LCIE frame process for a single running tab and the 14337 I couldn't find anything about this part I would assume that it has to do with the URL command line option. So you wont find this in the registery. They "Microsoft" said it is nothing to worry about as it is just a another process spawned from IE's tabs.  

Now that it settled. Are you still getting error's or warnings from IE or Kaspersky?

Author Closing Comment

ID: 34948258
thanks every one have tried all that has been suggested so at this point of time have given up and just got anonther computer to do the job. so will try again when i have time
so thanks for all the help

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question