Solved

running ie 8 on xp will not open throws up virus error using kapaskeys

Posted on 2011-02-14
18
794 Views
Last Modified: 2013-12-06
running ie8 but throws up the below error if you deny it then it just closes if you runit then it just hangs
have run kapaskeys and avs4 and have found nothing reloaded and reset ie and still no good.


Attempt to run browser with command line parameters: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:14337.

here is the hijack this file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:52 PM, on 15/02/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKLM\..\Run: [Advanced DDTML Enable] C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\13830.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\3522.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6495 bytes
0
Comment
Question by:sydneyguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +2
18 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 100 total points
ID: 34894013
IE8 tracks tabs with different processes.

See here for a not-necessarily safe workaround that basically whitelists any IE process.  Not sure if that's a smart thing to do.

Are you running IE add-ons that can be disabled?  Try killing them all and re-enabling.  For instance, you probably have Kaspersky and Skype add-ons running by default for anti-banner adverising blocking and Skype phone # translation.  You have AdAware running as well?
0
 
LVL 6

Assisted Solution

by:Raneesh Chitootharayil
Raneesh Chitootharayil earned 100 total points
ID: 34894034
boot in safe mode; clear all the entries in system temp folder and temporary internet files;

could you please install antimalware and scan the system (normal mode)
http://www.malwarebytes.org/mbam.php

also read this link and try whether it is useful or not

http://translate.google.ae/translate?hl=en&sl=es&u=http://www.forospyware.com/t246438.html&ei=KgNaTYyOH4uIhQfOlf2dDQ&sa=X&oi=translate&ct=result&resnum=1&ved=0CB4Q7gEwAA&prev=/search%3Fq%3DSCODEF:2176%26hl%3Den%26biw%3D1280%26bih%3D802%26prmd%3Divns 
0
 
LVL 35

Assisted Solution

by:torimar
torimar earned 100 total points
ID: 34894059
There are nasties on your system:

cfdrive32.exe: http://www.superantispyware.com/malwarefiles/CFDRIVE32.EXE.html
msvmiode.exe: http://www.superantispyware.com/malwarefiles/MSVMIODE.EXE.html

as well as these:
C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\13830.exe
C:\DOCUME~1\ACERLO~1\LOCALS~1\Temp\3522.exe

Superantispyware (www.superantispaware.com) and MBAM (see link in raneeshcr's comment above) should be able to help.

You might also want to cross-check by scanning with HitmanPro: http://www.surfright.nl/en
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 35

Expert Comment

by:torimar
ID: 34894064
Sorry, mistyped a URL above. It must read:

www.superantispyware.com
0
 
LVL 15

Assisted Solution

by:Russell_Venable
Russell_Venable earned 200 total points
ID: 34902605
In your specific case I would suggest using RegRun by Greatis. It will not only backup you registery, but also remove those malicious files and setup registery protection and file protection. This can also be run parallel with your antivirus. I would also suggest that you install Sandboxie and surf through the internet using that from now on as further protection from this type of malware. It will contain most of the malware that comes from using a web browser as long as you run it through sandboxie. This files will not escape the sandbox unless the malware uses a exploit in the sandboxie's open process. Of course install this after deleting that malware from your pc first and foremost. Also suggested to watch this video and setup your Internet Explore link as it done in this video and you should be a lot safer surfing the internet. This is coming from a Malware Researcher. So keep this suggestion in mind as safe practice and avoidance of catching malware such as this in the future. I would also suggest anyone who is reading this to do this as well. It hinders this malware type of drive-by attacks, not all but most attacks of this nature.

Youtube Video of Sandboxie Review by mrizos
0
 

Author Comment

by:sydneyguy
ID: 34904298
have loaded and run http://www.malwarebytes.org/mbam.php
loaded and run (www.superantispaware.com
loaded and run RegRun by Greatis.
cleared the menory and temp files rebooted numerous time

will post the new hijack this but explorer still will not run
0
 
LVL 35

Expert Comment

by:torimar
ID: 34904415
How do you start IE? By clicking on an icon?
If so, check its properties. Maybe the shortcut to launch it was altered and now has those command line parameters (SCODEF:2176 CREDAT:14337). Remove them, or create a new explorer shortcut.

Also consider using Firefox or Opera instead of IE for security reasons. IE, after all, is one of the main hatches for malware, and a major flaw to all security endeavours.
Personally, I have never used IE nor any of the other MS mass products, like Outlook, Outlook Express, Windows Media Player, Windows Address Book etc. (not even Paint or Notepad ;)), and I never got seriously infected in 16 years or hardcore-browsing even the darkest spots of the internet.
0
 

Author Comment

by:sydneyguy
ID: 34905082
i have ff and opera working on the machine but i need ie8 running so that i can test some software that does not seem to run on it ie8 but works fine on ie7
tried a new shortcut no good


0
 
LVL 35

Expert Comment

by:torimar
ID: 34905093
Next step would then be to uninstall and reinstall IE 8.
0
 

Author Comment

by:sydneyguy
ID: 34922567
it works ok in safe mode but when it loads it just stops may try reinstlling ie8
0
 

Author Comment

by:sydneyguy
ID: 34922570
thats under normal non safe conditions so wil not run normally only under safe mode
0
 

Author Comment

by:sydneyguy
ID: 34923843
have just deleted and reloaded and its still the same cannot load ie8 any one have any other ideaas.

i am going to pick up another computor tonight and see i  can load that up and see how that ones goes but this has me stummped
0
 
LVL 35

Expert Comment

by:torimar
ID: 34923848
Do you still receive the same error message as posted in your original post?
If so, have you run a search in your registry for those strange options ("SCODEF:2176 CREDAT:14337")?


Also: If it is only for testing purposes that you need IE8, you might want to consider using a browser compatibility testing tool instead of an installed version.
This one could help: http://www.my-debugbar.com/wiki/IETester/HomePage

Or Expression Web SuperPreview: http://expression.microsoft.com/en-us/dd565874.aspx

Here's a complete overwview of compatibility testing tools, online and offline:
http://www.hongkiat.com/blog/complete-guide-to-cross-browser-compatibility-check/
0
 

Author Comment

by:sydneyguy
ID: 34923858
yes i have have not found any also went throughlookign for the ie dir path that it says it finds
also looked for bits but still no good.\

i need the full version as i have to be identical to make sure that there is no problems for testing of the system and the scripts.
wiill have a looka the pages thbks
0
 
LVL 35

Expert Comment

by:torimar
ID: 34923903
Try this;
Get Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902

Run it and click on the tab "Image Hijacks". If there are any entries found under the registry keys, untick them. Cloes Autoruns, reboot and try launching IE8 again.
0
 

Author Comment

by:sydneyguy
ID: 34923957
nothing in the image hijacs but love the program, been looking for some thing like this for a long tim will keep looking though thanks for this
0
 
LVL 15

Assisted Solution

by:Russell_Venable
Russell_Venable earned 200 total points
ID: 34924169
The line  (SCODEF:2176 CREDAT:14337) is auto-generated by IE8. With that being said 2176 is the  LCIE frame process for a single running tab and the 14337 I couldn't find anything about this part I would assume that it has to do with the URL command line option. So you wont find this in the registery. They "Microsoft" said it is nothing to worry about as it is just a another process spawned from IE's tabs.  

Now that it settled. Are you still getting error's or warnings from IE or Kaspersky?
0
 

Author Closing Comment

by:sydneyguy
ID: 34948258
thanks every one have tried all that has been suggested so at this point of time have given up and just got anonther computer to do the job. so will try again when i have time
so thanks for all the help
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question