Command Service/SurfSideKick3 removal?

[Linux_Chic]

Hi,
I've looked at other, similar posts to my problem but they don't seem to be working. I've run Spybot S&D 1.4, Ad-Aware and PandaScan. I've also tried that "house call" scan, STOPzilla, and ewido (i followed all the directions until I couldn't). the housecall couldn't initiate, STOPzilla freeware was more or less useless, and ewido wouldn't finish - it got stuck or frozen.
SO, here's the Hijak This log:


Logfile of HijackThis v1.99.1
Scan saved at 8:48:43 PM, on 3/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Vmlja2k\command.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Documents and Settings\Vicki\Desktop\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wintray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\tasksvc.exe
C:\Documents and Settings\Vicki\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kcitb.exe
F2 - REG:system.ini: UserInit=userinit.exe,vxoxlen.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {1AE6D7D5-0C28-4DB6-9FD1-33B870A4C5F2} - C:\WINDOWS\System32\geeda.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\System32\gebcc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [emroyziA] C:\WINDOWS\emroyziA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\Vicki\LOCALS~1\Temp\157.tmp2560.exe "
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.buffalo.edu
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: repairs303169563.dll,Runner.dll
O20 - Winlogon Notify: gebcc - C:\WINDOWS\SYSTEM32\gebcc.dll
O20 - Winlogon Notify: geeda - C:\WINDOWS\System32\geeda.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Vmlja2k\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Vicki\Desktop\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Task Service (TaskSvc) - Unknown owner - C:\WINDOWS\tasksvc.exe
O23 - Service: Windows System Tray (WINTRAY) - Unknown owner - C:\WINDOWS\wintray.exe

I got rid of SpySheriff (I think) and I just can't get rid of SurfSideKick3 and Command Service. A few other forums suggested I start deleting from my Registry Editor, but of course I'm a little hesitant to mess with that on a whim. ^_~.\/.
Hope you can help, Thank you!

[steamwiz]

Hi

First please go to ADD/REMOVE programs in the Control Panel and uninstall surfsidekick ... allow the computer to reboot when prompted to do so ...

Then...

Please download VundoFix.exe to your desktop.
1. Double-click VundoFix.exe to run it.
2. Put a check next to Run VundoFix as a task.
3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
4. When VundoFix re-opens - Click the "Scan for Vundo" button.
5. Once it's done scanning, click the "Remove Vundo" button.
6. You will receive a prompt asking if you want to remove the files, click "YES".
7. Once you click yes, your desktop will go blank as it starts removing Vundo.
8. When completed, VundoFix will prompt that it will shutdown your computer; click "OK".
9. Turn your computer back on.
10. Please post the contents of C:\vundofix.txt

Then...

Please download and run these :-

Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your passward when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

THEN........

1. run ewido....

2. From the main ewido screen, click on update in the left menu, then click the Start update button.

3. After the update finishes (the status bar at the bottom will display "Update successful")

4. You may need to manually update the definitions which you can get HERE

5. Exit Ewido. DO NOT scan yet.

Boot into safemode...and scan with Ewido

7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.

Important - You need to click "Save report" and Save it to your desktop, or you wont have a log

reboot

post a new hijackthis log + the ewido log + the vundofix.txt

There will be more to do....

cheers

steam

[tashi]

Linux_Chic, still with us?

[tashi]

This topic is closed due to lack of a response to helper.

Thank you steamwiz.