Removing MarketScore....Please Help!

[Karthik1019]

Ok, this is what I know. MarketScore is spyware that claims to speed up your internet connection but really doesnt. All it does is allow the MarketScore people to look at all the websites you go to. It also slows down any instant messaging services that you are using. MarketScore adds registry keys and .dll files to your computer and runs on startup. It's a proxy or something (I'm getting a little too technical for myself now) so basically, all internet information is routed through it so it can collect information about what you do. Now that that's out of the way. To remove MarketScore on WinXP, it is supposed to be as simple as opening the command promp, typing cd.. a few times if necessary and then typing NSCheck /uninstall. The thing is, this doesn't work on my computer. It says it doesn't recognize the NSCheck command. I figured I had partially deleted some of the MarketScore stuff using SpyBot or Adaware so I googled MarketScore and looked on some other forums and read that you can use some kind of LSP-Fix or Layered Service Protector Fixer to restore your Winsock 2 settings to how they were on first install. (I have no idea what Winsock 2 is.) And after installing it you can safely delete the installed reg keys and .dll files. The thing is, the website they gave was kind of shady and I didn't really trust this file that was supposed to go and change things that I don't understand in the depths of Windows. Does anyone have any suggestions? Here's the link to the website with the LSP-fix thing.

http://www.cexx.org/lspfix.htm

[Statica]

Have you tried searching for nscheck.exe? I've been able to get it off people's systems with the nscheck /uninstall keys ; it is possible that your nscheck is not where it typicall should be, so do a search on your harddrive for nscheck and go to the directory in a command prompt; then issue the command to uninstall.
If you don't know how to change to the directory on the command prompt, post back here with the exact folder nscheck.exe turns up.

[Karthik1019]

I searched and got nothing. I was following a guide for uninstalling this thing from some Columbia.edu website, but it told me to delte some root certificates in IE before doing NSCheck /uninstall. So I did that. The only other thing I did involving this is that my McAfee VirusScan found the osconfig.dll file and the osmim.dll file and I quarantined them. In fact, I ran the virus scan a few hours later and it found osmim.dll again in the same place, so I think MarketScore is reinstalling missing components. I also found a program called 1.exe in some file that must be hidden or something called C:\Recycled\. Does this have something to do with it? Oh.....wait a second. I didn't tell it to search hidden files. Okay, I'll post back in a few minutes.

[Karthik1019]

Still nothing when I search Hidden Files too. Any suggestions? It's an IBM laptop so I could easily backup my docs and things and then just use the restore tool. But it would be a pain to do that just to speed up AOL because I'd have to reinstall my games and do all the windows update stuff.

[Statica]

Is this the site you are using to remove marketscore: http://www.columbia.edu/acis/securit...rketscore.html
It would appear that you are infected with the OS variant, in which case you need to do the following steps:
1) Remove the root certificates created
2) You need to perform this in a command prompt:

Code:

cd %WinDir%\System
ossproxy -bootremove -uninst:RelevantKnowledge

3) Delete the following files
* ossproxy.exe
* okshook.dll
* osmim.dll
* osconfig.dll

Quote:

and remove the keys : you can open the registry (Start->Run->regedit) and delete the key Software\Netsetter in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER to clear up.

[Karthik1019]

Yes, that's the site I was using. The thing is, I had certificates for both Netsetter and MarketScore. And how exactly would I do this?

cd %WinDir%\System ossproxy -bootremove -uninst:RelevantKnowledge

Just type it in right after the C:\> ?

[Statica]

Yes, but they are 2 separate commands. Issue the first one (the first line) and then the second. Follow up with deleting the files listed as well.

[Karthik1019]

I typed it in exactly how it appeared and it said system cannot find the path specified. Something strange happened though. My AIM is working at the right speed now. It's not lagging after I type something in and press enter. Does this mean that MarketScore isn't working anymore? I didn't really change anything. Maybe it's supposed to say that the path cannot be found in the command prompt? Oh well. I'll delete those DLL files and registries and see what happens.

[Statica]

Delete the files then download HijackThis: http://www.tomcoyote.org/hjt/
Follow the directions posted here: http://forum.pcmech.com/showthread.php?t=103171
Run Hijackthis and post the log file generated here. Do not delete any values till you get an feedback from the forum.

HTH

[Karthik1019]

Ok, I'll do that, but I just rebooted my computer and the pauses in AIM are back. Should I delete the files anyways, or will that cause a problem?

[Karthik1019]

I ran HijackThis without deleting anything. I got a huge text file when I saved it. I went and closed all the processes that I new were harmless and ran it again. This is what I got.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://crh.choate.edu/campusnet/default.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {C659E58D-2B81-45F5-A2AA-435689E484A6} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101475452\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

[glc]

It's awfully difficult to pick out what may be a problem with all that AOL and IBM stuff running at startup.

[Karthik1019]

Yeah, I noticed that too. Its strange though, I went into the task manager and closed many of the programs in that list before running the software. I guess I can go through the saved file and delete all the lines of code I know are not the problem. I'll get back to this this weekend though. Thanksgiving break just ended yesterday and now its back to hours of work. Thanks for all the help so far.

[Panama Red]

Instead of using Task Manager to shut down the programs, go to Run/type: msconfig/ok/Start Up tab. Uncheck the programs that you don't need to start when the computer starts. Use the link to find what programs are required/optional/unneeded.

http://www.sysinfo.org/startuplist.php

[Karthik1019]

Thanks, I'll be sure to do that on Friday/Saturday and give you a new, smaller post of what my computer is doing.

[Karthik1019]

OK, here is a shortened list, for some reason, some of the things I told not to start up started up anyways.

Logfile of HijackThis v1.98.2
Scan saved at 11:19:15 PM, on 12/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://crh.choate.edu/campusnet/default.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {C659E58D-2B81-45F5-A2AA-435689E484A6} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101475452\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

I certainly don't know much about this whole hijack this log business, but I can take a few guesses at what is bad in the above lines.

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
IT SAYS APPLE.COM, BUT I DON'T KNOW WHAT IT IS.

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
HERE'S SOMETHING BIG, I QUARANTINED OSMIM.DLL B/C IT'S PART OF MARKETSCORE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
I DELETED WEATHERBUG, CAN I GET RID OF THIS?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
I TAKE AP COMP SCI AND I HAVE A JAVA SDK'S AND JDKS ALL OVER THIS COMP

O2 - BHO: C:\WINDOWS\lbbho.dll - {C659E58D-2B81-45F5-A2AA-435689E484A6} - C:\WINDOWS\lbbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
I'M PRETTY SURE THIS ISN'T DANGEROUS, BUT WHAT IS IT?

Do you guys think that just deleting the thing that talks about osmim should solve all of my porblems?

[glc]

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
IT SAYS APPLE.COM, BUT I DON'T KNOW WHAT IT IS.

ITunes detector.

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

You been benchmarking with 3Dmark or PCmark?

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
HERE'S SOMETHING BIG, I QUARANTINED OSMIM.DLL B/C IT'S PART OF MARKETSCORE

Not a problem if you still have Internet access. You may want to run winsockxpfix (Google it) to reset your LSP's.

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
I DELETED WEATHERBUG, CAN I GET RID OF THIS?

Yes.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
I TAKE AP COMP SCI AND I HAVE A JAVA SDK'S AND JDKS ALL OVER THIS COMP

Leave it alone.

O2 - BHO: C:\WINDOWS\lbbho.dll - {C659E58D-2B81-45F5-A2AA-435689E484A6} - C:\WINDOWS\lbbho.dll

Generic hijacker, this may be the source of your problems. Probably requires more than a simple deletion to get rid of, can't find specific instructions at this time, only promising link is dead. Try posting over at Wilders.

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
I'M PRETTY SURE THIS ISN'T DANGEROUS, BUT WHAT IS IT?

Part of Sonic CD/DVD burning software or Veritas backup software.

[Karthik1019]

Thanks, glc, but what is Wilders? Also, all the winsock xp fix.exe files I can find to download were last updated in nov 2003. Is this okay. I'm running sp2, did anything change at all in the files that winsock xp fix fixes?

[glc]

Winsockxpfix does not need updating.

http://www.wilderssecurity.com/

[Karthik1019]

WOW! Thanks everybody! This was a long process, but I think its finally over. My IM's are finally consistently going at normal speed, and the osmim.dll file doesn't keep coming back. Those were the only side effect I saw from this thing, so I guess that means it's gone. I ran the LSP fixer and it was all fine after that, the osmim.dll thing didn't show up in the log when I ran HJT again,but I still have to get rid of lbbho.dll. I guess it is unrelated to MarketScore. It doesn't seem to be having any adverse effects on my computing as of now. I'll post over at wilders though. Thanks again!

[glc]

Does it keep coming back if you fix that entry with HJT and delete the file?

[Karthik1019]

Nope....Thanks! I think my computer is spyware free, for now anyways.