• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 806
  • Last Modified:

running ie 8 on xp will not open throws up virus error using kapaskeys

running ie8 but throws up the below error if you deny it then it just closes if you runit then it just hangs
have run kapaskeys and avs4 and have found nothing reloaded and reset ie and still no good.

Attempt to run browser with command line parameters: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:14337.

here is the hijack this file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:52 PM, on 15/02/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKLM\..\Run: [Advanced DDTML Enable] C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\13830.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\3522.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

End of file - 6495 bytes
  • 8
  • 6
  • 2
  • +2
5 Solutions
IE8 tracks tabs with different processes.

See here for a not-necessarily safe workaround that basically whitelists any IE process.  Not sure if that's a smart thing to do.

Are you running IE add-ons that can be disabled?  Try killing them all and re-enabling.  For instance, you probably have Kaspersky and Skype add-ons running by default for anti-banner adverising blocking and Skype phone # translation.  You have AdAware running as well?
RaneeshIT SupportCommented:
boot in safe mode; clear all the entries in system temp folder and temporary internet files;

could you please install antimalware and scan the system (normal mode)

also read this link and try whether it is useful or not

There are nasties on your system:

cfdrive32.exe: http://www.superantispyware.com/malwarefiles/CFDRIVE32.EXE.html
msvmiode.exe: http://www.superantispyware.com/malwarefiles/MSVMIODE.EXE.html

as well as these:

Superantispyware (www.superantispaware.com) and MBAM (see link in raneeshcr's comment above) should be able to help.

You might also want to cross-check by scanning with HitmanPro: http://www.surfright.nl/en
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Sorry, mistyped a URL above. It must read:

In your specific case I would suggest using RegRun by Greatis. It will not only backup you registery, but also remove those malicious files and setup registery protection and file protection. This can also be run parallel with your antivirus. I would also suggest that you install Sandboxie and surf through the internet using that from now on as further protection from this type of malware. It will contain most of the malware that comes from using a web browser as long as you run it through sandboxie. This files will not escape the sandbox unless the malware uses a exploit in the sandboxie's open process. Of course install this after deleting that malware from your pc first and foremost. Also suggested to watch this video and setup your Internet Explore link as it done in this video and you should be a lot safer surfing the internet. This is coming from a Malware Researcher. So keep this suggestion in mind as safe practice and avoidance of catching malware such as this in the future. I would also suggest anyone who is reading this to do this as well. It hinders this malware type of drive-by attacks, not all but most attacks of this nature.

Youtube Video of Sandboxie Review by mrizos
sydneyguyAuthor Commented:
have loaded and run http://www.malwarebytes.org/mbam.php
loaded and run (www.superantispaware.com
loaded and run RegRun by Greatis.
cleared the menory and temp files rebooted numerous time

will post the new hijack this but explorer still will not run
How do you start IE? By clicking on an icon?
If so, check its properties. Maybe the shortcut to launch it was altered and now has those command line parameters (SCODEF:2176 CREDAT:14337). Remove them, or create a new explorer shortcut.

Also consider using Firefox or Opera instead of IE for security reasons. IE, after all, is one of the main hatches for malware, and a major flaw to all security endeavours.
Personally, I have never used IE nor any of the other MS mass products, like Outlook, Outlook Express, Windows Media Player, Windows Address Book etc. (not even Paint or Notepad ;)), and I never got seriously infected in 16 years or hardcore-browsing even the darkest spots of the internet.
sydneyguyAuthor Commented:
i have ff and opera working on the machine but i need ie8 running so that i can test some software that does not seem to run on it ie8 but works fine on ie7
tried a new shortcut no good

Next step would then be to uninstall and reinstall IE 8.
sydneyguyAuthor Commented:
it works ok in safe mode but when it loads it just stops may try reinstlling ie8
sydneyguyAuthor Commented:
thats under normal non safe conditions so wil not run normally only under safe mode
sydneyguyAuthor Commented:
have just deleted and reloaded and its still the same cannot load ie8 any one have any other ideaas.

i am going to pick up another computor tonight and see i  can load that up and see how that ones goes but this has me stummped
Do you still receive the same error message as posted in your original post?
If so, have you run a search in your registry for those strange options ("SCODEF:2176 CREDAT:14337")?

Also: If it is only for testing purposes that you need IE8, you might want to consider using a browser compatibility testing tool instead of an installed version.
This one could help: http://www.my-debugbar.com/wiki/IETester/HomePage

Or Expression Web SuperPreview: http://expression.microsoft.com/en-us/dd565874.aspx

Here's a complete overwview of compatibility testing tools, online and offline:
sydneyguyAuthor Commented:
yes i have have not found any also went throughlookign for the ie dir path that it says it finds
also looked for bits but still no good.\

i need the full version as i have to be identical to make sure that there is no problems for testing of the system and the scripts.
wiill have a looka the pages thbks
Try this;
Get Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902

Run it and click on the tab "Image Hijacks". If there are any entries found under the registry keys, untick them. Cloes Autoruns, reboot and try launching IE8 again.
sydneyguyAuthor Commented:
nothing in the image hijacs but love the program, been looking for some thing like this for a long tim will keep looking though thanks for this
The line  (SCODEF:2176 CREDAT:14337) is auto-generated by IE8. With that being said 2176 is the  LCIE frame process for a single running tab and the 14337 I couldn't find anything about this part I would assume that it has to do with the URL command line option. So you wont find this in the registery. They "Microsoft" said it is nothing to worry about as it is just a another process spawned from IE's tabs.  

Now that it settled. Are you still getting error's or warnings from IE or Kaspersky?
sydneyguyAuthor Commented:
thanks every one have tried all that has been suggested so at this point of time have given up and just got anonther computer to do the job. so will try again when i have time
so thanks for all the help
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 8
  • 6
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now