SurfSidekick

Hello--

I've spent a better part of the past 2 days trying to rid my PC of something that'd hijacked my browser and think I've made some progress, but there are some persistent "things" I can't seem to get rid of.

I've followed Sgt. Sweetie's directions (thank you) for the basic steps to get rid of Spyware, Trojans, etc. So, I've disabled system restore, enabled viewing of hidden files, folders and extensions. I've used Ad Aware, CCleaner, Spybot, SpywareBlaster, McAfee Avert and Kill2Me but can't get rid of these items that appear in my startup files.

Something called SurfSidekick and Devldr16 keep reloading. I've downloaded Hijack This and have a logfile that includes items that seem to be the problems, but I've read enough reviews of Hijack This to know that I don't have the expertise to delete any files. If anyone out there can help, I'd appreciate it.

Thank you.

 

Hi luddite,

Did you do the Online Scans?

If you are certain that you've exhausted the Tutorial's options, then go ahead and send us a HijackThis Log. Make sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will try to take a look at your Log when they get a chance.

Best
PP

 

Hello PP--

Thanks for getting back to me. Yes, I ran all the online scans. CCleaner did a good job, but everything else is coming up clean except what I see on Hijack which definitely includes some of the problems, but some of the items I can't be sure about. Everything was closed (as far as I can tell) when I ran it.

I've been going through the Hijack This tutorial on this site and I can say that some of these other items are suspicious, but can't be sure. I'll attach the log file here. If anyone does have a chance to look I'd appreciate it. I'm almost out of wine, but fortified for the task at hand.

Thanks again,
L

 

Hi L,

Look in Add or Remove for Surf Sidekick and see if you can uninstall it.

There are some other issues to deal with, but before we can do that, you need to move HijackThis to its own safe folder ---> C:\Program Files\HijackThis

Please do that and attach a fresh log. I'll try to check back tomorrow, if I can. It's late & I need some sleep!

PP

 

PP-

I'll clean up my act and get back here tomorrow with a new log file. But just wanted to say thank you. I can't believe I lucked into a resource like this where random acts of kindness provide small miracles (I've been reading some of the past posts). Thank you again and good night.

L

 

I've moved my Hijack and created another log file which I'll attach here. If someone has a time to take a look, I'd appreciate any feedback.

Thanks,
L

 

Also, forgot to mention that I've looked for SurfSidekick in Add/Delete, but it doesn't appear. However, there are a few suspicious things in there that I've tried and failed to delete. Suspicious files include "eAcceleration Download Receiver" and "Webrebates." I'm sure it's part of the same problem (or some problem).

Thanks,
L

 

Hi L,

Before we get started, please move HijackThis to C:\Program Files\ HijackThis This will ensure the safety of backups in case you or I make a mistake!

Definitely Uninstall eAcceleration Download Receiver & WebRebates!!

O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\MSCONFIG.EXE /reminder ---> Did you remove an item that normally runs at Startup? If so, what?

O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe ---> More info for this: devldr16


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)

O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe

O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ---> Mild Spyware

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ----> Mild Spyware

O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20dd01b593504cdd2e22/netzip/RdxIE601.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and navigate to and DELETE the following if they should remain:

C:\WINDOWS\web\related.htm
C:\PROGRAM FILES\SURFSIDEKICK 2 ---> The Folder

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Best luck
PP

 

Hello-

I know it's been a while, but I've been sidetracked with some other major hard drive problems on another machine. But I've been working on this computer for the past couple of days and still having some trouble. A recap:

--I've uninstalled eAcceleration and Webrebates (I think).

-I have deleted a lot of items from the startup menu over the course of working through this problem. They've included fun things like:
Money Agent, saie, Surfer Sidekick, and about 10 other nightmares. I've also tried to stop devldr16, but no luck, keeps coming back up.

--In the link you sent for devldr16, I've followed the directions, but in the device manager I don't see: "Creative SB16 Emulation" under Creative Miscellaneous Devices" (as suggested), but I do see "Game Port for Creative SB Live" and "Creative SB Live Value under "Sound, Video & Game Controllers." Do you think that could be it?

--I've deleted all the items that you listed in your last post through Hijack This, but I'm convinced that I've got another problem. When I start up, there's automatically an "Explorer" running before I've launched it. If I try to shut it down using Cnt-Alt-Del I automatically get an option to shut down computer. And there's some new and suspicious-looking listings in my latest Hijack Scan which I'll attach here.

If anyone has time to take a look, I'd really appreciate it. I can't believe how hard this is.

Thanks,
Luddite

 

Hello--

I posted this late last night, and I don't think it is urgent, but when someone has a chance, I'd appreciate any advice.

Thanks,
L

 

Hi Luddite,

I gave your log a quick glance and there look to be a couple questionable DLLs at work. Will try to give a more thorough look tonight - I've been tied up with work and wading through Grad School Application processes these days.

GET THE NEW Hijack This V1.99

It might be a good idea to get the latest version of HijackThis (v1.99). Extract it to C:\Program Files\HijackThis and rescan and attach a fresh log.

Hang in there
PP