SurfSideKick3

**spoons23** · 2006-04-06, 11:02

Hello, and help, please!

I've recently been hit with this darned SurfSideKick3 and despite using Spybot, Microsoft Antispyware, it won't stay removed.

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 09:50:49, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\tiger\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKCU\..\Run: [Remynda] C:\Program Files\Remynda 1.0\RemTrial.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - Global Startup: ACT! Professional 8.0.lnk = C:\Program Files\ACT\ACT for Windows\Act8.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Read Me.lnk = C:\Program Files\ACT\ACT for Windows\readme.txt
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: Uninstall.lnk = ?
O4 - Global Startup: User Guide.lnk = C:\Program Files\ACT\ACT for Windows\ACT! v8 UsersGuide.pdf
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.co.uk/downlo...1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA7E7D4-00DA-49AE-A67A-1688FF659EAD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\q8ps0i77e8.dll (file missing)
O23 - Service: 1 (111) - - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Thanks in advance for helping!

**tashi** · 2006-04-10, 19:25

Hello and sorry for the wait.
Please go here and post a link back to this topic to flag a helper.

If you have waited three days for advice post here.

**tashi** · 2006-04-17, 22:07

This topic will be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me a pm and provide a link to the thread.

Thread: SurfSideKick3

Thread Tools

Display

SurfSideKick3

Posting Permissions