Options
msko32.exe & mfcpx32.exe
Greetings oh great spybusters....
Thank you in advance for your time and effort. Any help you can provide is greatly appreciated.
I have been having a problem with something hijacking my homepage, slowing down log in and pop-ups. I read through most of the other threads that seemed very similiar to my problems and tried fixing them in the same manor. :banghead: still there. I think i know which files are the problem, however, removing these files seems to be an act that requires olympic talents. Since discovering my problem, i have learned much about spyware. It seems that the darn virus is originating in some file that is not listed? or re-names itself? Anyway, im pretty sure it has to do with the msko32.exe & mfcpx32.exe processes. Also i think it has do do with 4 programs that wont uninstall (home search assistant, searchextender, shopping wizard, radlight)I am going to post my HJT log and with some luck, you have seem this problem before and fixing it will be a sinch.
Logfile of HijackThis v1.98.0
Scan saved at 4:24:14 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msko32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\mfcpx32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://awrrn.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://awrrn.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://awrrn.dll/index.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CC74E0B9-F6BF-A716-4F9A-98CC5AAEA235} - C:\WINDOWS\sdkhp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073104 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mfcpx32.exe] C:\WINDOWS\system32\mfcpx32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
Thank you in advance for your time and effort. Any help you can provide is greatly appreciated.
I have been having a problem with something hijacking my homepage, slowing down log in and pop-ups. I read through most of the other threads that seemed very similiar to my problems and tried fixing them in the same manor. :banghead: still there. I think i know which files are the problem, however, removing these files seems to be an act that requires olympic talents. Since discovering my problem, i have learned much about spyware. It seems that the darn virus is originating in some file that is not listed? or re-names itself? Anyway, im pretty sure it has to do with the msko32.exe & mfcpx32.exe processes. Also i think it has do do with 4 programs that wont uninstall (home search assistant, searchextender, shopping wizard, radlight)I am going to post my HJT log and with some luck, you have seem this problem before and fixing it will be a sinch.
Logfile of HijackThis v1.98.0
Scan saved at 4:24:14 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msko32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\mfcpx32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://awrrn.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://awrrn.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://awrrn.dll/index.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CC74E0B9-F6BF-A716-4F9A-98CC5AAEA235} - C:\WINDOWS\sdkhp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073104 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mfcpx32.exe] C:\WINDOWS\system32\mfcpx32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
0
Comments
Get rid of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://awrrn.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://awrrn.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\awrrn.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://awrrn.dll/index.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CC74E0B9-F6BF-A716-4F9A-98CC5AAEA235} - C:\WINDOWS\sdkhp32.dll
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073104 serial=DR12WTX-9999998-YSP lang=EN
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
You'll also need the LSP-Fix from our security downloads page.
Download LSPFix and run that. Reboot and post a new HJT log.
You're going to want to manually delete C:\windows\system32\lspak.dll
Let us know how it goes.
Logfile of HijackThis v1.98.0
Scan saved at 7:28:05 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msko32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\mfcpx32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diwui.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://diwui.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://diwui.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\diwui.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diwui.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://diwui.dll/index.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CC74E0B9-F6BF-A716-4F9A-98CC5AAEA235} - C:\WINDOWS\sdkhp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mfcpx32.exe] C:\WINDOWS\system32\mfcpx32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Also, get rid of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diwui.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://diwui.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://diwui.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\diwui.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diwui.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://diwui.dll/index.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CC74E0B9-F6BF-A716-4F9A-98CC5AAEA235} - C:\WINDOWS\sdkhp32.dll
Also, while in safe mode, try to delete C:\WINDOWS\sdkhp32.dll
I live in warren
Logfile of HijackThis v1.98.0
Scan saved at 10:35:44 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msko32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\mfcpx32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ualki.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ualki.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ualki.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ualki.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ualki.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ualki.dll/index.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {166D5965-3523-FD3D-7653-2DD44AC66EB8} - C:\WINDOWS\system32\netfz32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mfcpx32.exe] C:\WINDOWS\system32\mfcpx32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe