I recently aquirred marketscore.Relevantknowledge. Spybot picked it up but when I went to fix selected problems my computer would shutdown & restart.When I ran the scan again this same"marketscore" would be there again. I now ran the Kaspersky scan & picked up a few things & also rebooted in safe mode & reran spybot. This time it was fixed. When I restarted my computer I had limited or connectivity to the internet.(I am on a business network). I diagnosed the connectivity issue through windows & it does seem to be working now (maybe not as fast). Following are the HJT log & Kaspersky log: Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:49 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eedac] C:\WINDOWS\system32\dllcache\csrss.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eedac] C:\Program Files\EeDac\csrss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126729878966
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = winningedge.com
O17 - HKLM\Software\..\Telephony: DomainName = winningedge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = winningedge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = winningedge.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O24 - Desktop Component 0: (no name) - https://www.inford.dealerconnection.com/Parts_Service/english/images/section4.gif

--
End of file - 6616 bytes


KASPERSKY ONLINE SCANNER REPORT
Monday, January 07, 2008 10:44:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/01/2008
Kaspersky Anti-Virus database records: 503562


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
M:\
X:\
Y:\
Z:\

Scan Statistics
Total number of scanned objects 63403
Number of viruses found 2
Number of infected objects 12
Number of suspicious objects 0
Duration of the scan process 01:04:04

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\pbs-parts1\.housecall6.6\Quarantine\rlxf.dll.bac_a04088 Infected: not-a-virus:AdWare.Win32.RK.m skipped

C:\Documents and Settings\pbs-parts1\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.NICK Object is locked skipped

C:\Documents and Settings\pbs-parts1\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Application Data\Microsoft\Outlook\Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\History\History.IE5\MSHist012008010720080108\index.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Temp\~DFA583.tmp Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Temp\~DFA59A.tmp Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\ntuser.dat Object is locked skipped

C:\Documents and Settings\pbs-parts1\NTUSER.DAT.LOG Object is locked skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc16.zip/amagent4f.exe/file01 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc16.zip/amagent4f.exe/file08 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc16.zip/amagent4f.exe Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc16.zip ZIP: infected - 3 skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amagent4f.exe/file01 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amagent4f.exe/file08 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amagent4f.exe Inno: infected - 2 skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amonitor4f.exe/file02/file01 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amonitor4f.exe/file02/file08 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amonitor4f.exe/file02 Infected: not-a-virus:Monitor.Win32.ActivityLogger.a skipped

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1200\Dc17\amonitor4f.exe Inno: infected - 3 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{7B274387-0058-478A-807E-3A03D4AD098B}\RP3\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TempFile Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

M:\archive\FordBCM.log Object is locked skipped

X:\FordComms\archive\FordBCM.log Object is locked skipped

X:\Pbs\pbswin\Pbsacct\01PBSWIN.ldb Object is locked skipped

X:\Pbs\pbswin\Pbsacct\01PBSWIN.MDB Object is locked skipped

X:\Pbs\pbswin\Pbsacct\System.ldb Object is locked skipped

X:\Pbs\pbswin\Pbsacct\System.mdb Object is locked skipped

X:\Pbs\pbswin\pbsfin\pbsf&i.ldb Object is locked skipped

X:\Pbs\pbswin\pbsfin\pbsf&i.mdb Object is locked skipped

X:\Pbs\pbswin\pbsparts\Pbsparts.ldb Object is locked skipped

X:\Pbs\pbswin\pbsparts\Pbsparts.mdb Object is locked skipped

X:\Pbs\pbswin\pbssds\schdata.ldb Object is locked skipped

X:\Pbs\pbswin\pbssds\schdata.mdb Object is locked skipped

X:\Pbs\pbswin\pbsserv\Pbsserv.ldb Object is locked skipped

X:\Pbs\pbswin\pbsserv\Pbsserv.mdb Object is locked skipped

X:\Pbs\pbswin\pbsveh\pbsinvn.ldb Object is locked skipped

X:\Pbs\pbswin\pbsveh\pbsinvn.mdb Object is locked skipped

X:\Pbs\pbswin\Pbsystem6.ldb Object is locked skipped

X:\Pbs\pbswin\Pbsystem6.mdb Object is locked skipped

X:\Pbs\pbswin\system.ldb Object is locked skipped

X:\Pbs\pbswin\system.mdw Object is locked skipped

Scan process completed.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

Sorry about the wait, you must have missed the directions pinned to the top of the forum?
If you still need help, I will do what I can.

1) You are hacked by http://www.castlecops.com/lsp-175.html
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
http://www.file.net/process/rlls.dll.html
This junk is usually downloaded on purpose, sure someone did not?

2) The item is likely a trojan, you will have to check for us.
O4 - HKLM\..\Run: [eedac] C:\WINDOWS\system32\dllcache\csrss.exe
O4 - HKCU\..\Run: [eedac] C:\Program Files\EeDac\csrss.exe
Do you have any idea what this is? If not use one or more of these free online scans and post the results. Scan the files in red.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

Provide the results of the scan and any other information you think will help.

Kaspersky scan:
C:\Documents and Settings\pbs-parts1\.housecall6.6\Quarantine\ <<< delete the contents of that quarantine folder

C:\RECYCLER\ <<< empty the Recycle Bin on your Desktop

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.