SurfSideKick - did I get it all?

Hi guys! I've been up all night following the instructions in READ & RUN ME FIRST; as well as SurfSideKick Removal.
Posted by log, if you wouldn't mind checking it over to make sure I didn't miss anything. It looks gone to me but frankly, anything could be there Thanks!

 

SurfSideKick is gone; however, you have several other issues that must be dealt with.

Download
- Pocket Killbox

Please follow the instructions in the following threads:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Please make sure System Restore is OFF.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to Command Service or cmdService ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press "OK":

Command Service or cmdService (Whichever you found above)

Do the same for Windows Overlay Components

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

REBOOT to Normal Mode.

Post the WPFind log and a fresh HijackThis log as ATTACHMENTS.

 

Got stopped at the Command Service 'Stop' line.
I can see where the button is but it is not highlighted, like I don't have permission to stop it.
When I checked the "Help" it instructed me on how to access the service permissions, link to "security templates" but the link said templates are not available on this version of XP.
I can change the service by switching from automatic, manual or disable. Will that be enough or do you want me to try and stop the Command Service some other way first?

 

disable it and countinue with the steps I gave you. If it doesn't want to be stopped we will deal with that later.

 

OK, how'd we do?

 

Open Notepad and copy the contents of the below quote box and save as fixreg.reg to your desktop

Double-click fixreg.reg and answer yes when asked if you want to merge.

Run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of

C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then

click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

 

Accomplished. Please note that fixreg.reg instructions followed,
error message appeared saying the modification could not be allowed since "the specified file is not a registry script. You can only import binary registry files from within the registry editor."

I've enclosed updated scans for your review.

 

Your logs are clean. How is your computer running?

 

A lot better thanks! Ran MS AntiSpywar just now and it pickedup a few things but the pop-up ads are gone and things seem to be running much better... Thanks. I'll let you know if anything else pops up.
Thanks again, you guys are invaluable!!!