sydneyguy
asked on
running ie 8 on xp will not open throws up virus error using kapaskeys
running ie8 but throws up the below error if you deny it then it just closes if you runit then it just hangs
have run kapaskeys and avs4 and have found nothing reloaded and reset ie and still no good.
Attempt to run browser with command line parameters: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:14337.
here is the hijack this file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:52 PM, on 15/02/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Lavasoft\Ad-Aware\AA WService.e xe
C:\WINDOWS\system32\LEXBCE S.EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\LEXPPS .EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Java\jre6\bin\jqs.ex e
C:\xampp\mysql\bin\mysqld. exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\RealVNC\VNC4\WinVNC4 .exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuaucl t.exe
C:\WINDOWS\system32\hkcmd. exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusche d.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeA RM.exe
C:\WINDOWS\system32\Suppor tAppXL\Aut oDect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Skype\Phone\Skype.ex e
C:\Program Files\PKWARE\PKZIPM\9.00.0 010\PKTray .exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Lavasoft\Ad-Aware\AA WTray.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\taskmg r.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-1 8B51AB5E83 7} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreato r_Toolbar. dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2 834D952D9B 4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreato r_Toolbar. dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd. exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche d.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeA RM.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\Suppor tAppXL\Aut oDect.exe
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmio de.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKLM\..\Run: [Advanced DDTML Enable] C:\DOCUME~1\ACERLO~1\LOCAL S~1\Temp\1 3830.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\ACERLO~1\LOCAL S~1\Temp\3 522.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex e" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\ Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0 010\PKTray .exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_den y.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-A A4ACF32ED8 E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1 830C7DD7F5 D} - C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1. DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPE R~1.0FO\ad ialhk.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\File ZillaServe r.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google Update.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex e
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AA WService.e xe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE S.EXE
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld. exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc .exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4 .exe
--
End of file - 6495 bytes
have run kapaskeys and avs4 and have found nothing reloaded and reset ie and still no good.
Attempt to run browser with command line parameters: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:14337.
here is the hijack this file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:52 PM, on 15/02/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Lavasoft\Ad-Aware\AA
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\LEXPPS
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\system32\cisvc.
C:\Program Files\Java\jre6\bin\jqs.ex
C:\xampp\mysql\bin\mysqld.
C:\WINDOWS\system32\svchos
C:\Program Files\RealVNC\VNC4\WinVNC4
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\system32\hkcmd.
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusche
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeA
C:\WINDOWS\system32\Suppor
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon
C:\Program Files\Skype\Phone\Skype.ex
C:\Program Files\PKWARE\PKZIPM\9.00.0
C:\WINDOWS\System32\svchos
C:\Program Files\Lavasoft\Ad-Aware\AA
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\taskmg
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-1
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeA
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\Suppor
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmio
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKLM\..\Run: [Advanced DDTML Enable] C:\DOCUME~1\ACERLO~1\LOCAL
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\ACERLO~1\LOCAL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex
O4 - HKLM\..\Policies\Explorer\
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_den
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPE
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\File
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AA
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4
--
End of file - 6495 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
have loaded and run http://www.malwarebytes.org/mbam.php
loaded and run (www.superantispaware.com
loaded and run RegRun by Greatis.
cleared the menory and temp files rebooted numerous time
will post the new hijack this but explorer still will not run
loaded and run (www.superantispaware.com
loaded and run RegRun by Greatis.
cleared the menory and temp files rebooted numerous time
will post the new hijack this but explorer still will not run
How do you start IE? By clicking on an icon?
If so, check its properties. Maybe the shortcut to launch it was altered and now has those command line parameters (SCODEF:2176 CREDAT:14337). Remove them, or create a new explorer shortcut.
Also consider using Firefox or Opera instead of IE for security reasons. IE, after all, is one of the main hatches for malware, and a major flaw to all security endeavours.
Personally, I have never used IE nor any of the other MS mass products, like Outlook, Outlook Express, Windows Media Player, Windows Address Book etc. (not even Paint or Notepad ;)), and I never got seriously infected in 16 years or hardcore-browsing even the darkest spots of the internet.
If so, check its properties. Maybe the shortcut to launch it was altered and now has those command line parameters (SCODEF:2176 CREDAT:14337). Remove them, or create a new explorer shortcut.
Also consider using Firefox or Opera instead of IE for security reasons. IE, after all, is one of the main hatches for malware, and a major flaw to all security endeavours.
Personally, I have never used IE nor any of the other MS mass products, like Outlook, Outlook Express, Windows Media Player, Windows Address Book etc. (not even Paint or Notepad ;)), and I never got seriously infected in 16 years or hardcore-browsing even the darkest spots of the internet.
ASKER
i have ff and opera working on the machine but i need ie8 running so that i can test some software that does not seem to run on it ie8 but works fine on ie7
tried a new shortcut no good
tried a new shortcut no good
Next step would then be to uninstall and reinstall IE 8.
ASKER
it works ok in safe mode but when it loads it just stops may try reinstlling ie8
ASKER
thats under normal non safe conditions so wil not run normally only under safe mode
ASKER
have just deleted and reloaded and its still the same cannot load ie8 any one have any other ideaas.
i am going to pick up another computor tonight and see i can load that up and see how that ones goes but this has me stummped
i am going to pick up another computor tonight and see i can load that up and see how that ones goes but this has me stummped
Do you still receive the same error message as posted in your original post?
If so, have you run a search in your registry for those strange options ("SCODEF:2176 CREDAT:14337")?
Also: If it is only for testing purposes that you need IE8, you might want to consider using a browser compatibility testing tool instead of an installed version.
This one could help: http://www.my-debugbar.com/wiki/IETester/HomePage
Or Expression Web SuperPreview: http://expression.microsoft.com/en-us/dd565874.aspx
Here's a complete overwview of compatibility testing tools, online and offline:
http://www.hongkiat.com/blog/complete-guide-to-cross-browser-compatibility-check/
If so, have you run a search in your registry for those strange options ("SCODEF:2176 CREDAT:14337")?
Also: If it is only for testing purposes that you need IE8, you might want to consider using a browser compatibility testing tool instead of an installed version.
This one could help: http://www.my-debugbar.com/wiki/IETester/HomePage
Or Expression Web SuperPreview: http://expression.microsoft.com/en-us/dd565874.aspx
Here's a complete overwview of compatibility testing tools, online and offline:
http://www.hongkiat.com/blog/complete-guide-to-cross-browser-compatibility-check/
ASKER
yes i have have not found any also went throughlookign for the ie dir path that it says it finds
also looked for bits but still no good.\
i need the full version as i have to be identical to make sure that there is no problems for testing of the system and the scripts.
wiill have a looka the pages thbks
also looked for bits but still no good.\
i need the full version as i have to be identical to make sure that there is no problems for testing of the system and the scripts.
wiill have a looka the pages thbks
Try this;
Get Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902
Run it and click on the tab "Image Hijacks". If there are any entries found under the registry keys, untick them. Cloes Autoruns, reboot and try launching IE8 again.
Get Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902
Run it and click on the tab "Image Hijacks". If there are any entries found under the registry keys, untick them. Cloes Autoruns, reboot and try launching IE8 again.
ASKER
nothing in the image hijacs but love the program, been looking for some thing like this for a long tim will keep looking though thanks for this
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks every one have tried all that has been suggested so at this point of time have given up and just got anonther computer to do the job. so will try again when i have time
so thanks for all the help
so thanks for all the help
www.superantispyware.com