Please help..no one else will

After posting onto 2 other sites with no responce i am getting frustrated by it all.I think i have VirtualMaid and ISTbar (istsvc) as well as yoursearch.cc pop ups coming up constantly.
Id really appreciate help with this folks..
heres my hijack this log..


Logfile of HijackThis v1.99.1
Scan saved at 00:01:57, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Edit by chaslang: Unrequested inline log removed

 

Welcome To MajorGeeks.Com!

We have guidelines that must be followed so we can best assist you.

First:
Please download and run the following removal tool:

• IstBar Removal Tool

Second:
Please close all browsers and any unnecessary programs while using HJT.

• C:\Program Files\Internet Explorer\iexplore.exe

Third:

Please follow ALL the steps in this sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Fourth:

After doing ALL of the above, reboot and attach a new HJT log as an attachment to your post using the Manage Attachments feature. Please do NOT post your log inline like you did the last time as they will be removed.

Good Luck!

 

Ooops...sorry for the big hijack this log post,my mistake.Advise looks great..now i gotta get home from work and do it all.il post soon.Thanks again

 

Your welcome, I will have the log converted into an attachment for you, just be sure to attach the next one as an attachment.

Good Luck!

I will be awaiting your resutls and new HJT log.

 

Ran all guides and all scans.Nothing came up..

 

Are you familiar with UltraVNC?


Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

Are you familiar with this entry? If so leave it as is, if not have HJT fix it.

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot, Scan with HijackThis and attach the new log.

 

I did everything you said.
UltraVnc and fdireland are working programmes on my pc so they are ok.
Spybot S&D didnt find anything,and yes i did a update before it.
heres the next log anyways..

 

What will i do next?i hope my post isnt just going to die

 

Log looks ok to me, Are you currently having any further problems?

 

Im at work at the moment but this morning i checked before i left.Im still having issues..i also noticed that 3 icons appeared on my desktop.a dating one,online pharmacies and a anti spyware.Obviously i check my add/remove..nothing there.Im quite stumped by this as nothing seems to be showing in scans!
Il check again as soon as i get home.
Appreciate all the help by the way

 

Please download "StartDreck", from here: http://www.niksoft.at/_data/startdreck.zip

Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Please attach the log in this thread.

 

Here you go

 

I noticed that myself about messenger and msn.Then when i started turning on my pc msn and messenger would start up for somereason!?
So i removed them from my add/remove and reinstalled msn and its seems to have gotten rid of instantsearch.cc pop ups.I also found two files within system32...msmsgs.exe or msmsg.exe and .ini file which when you open it had
[http://www.instantsearch.cc/text/online_gambling.html]
[http://www.instantsearch.cc/text/computer_dating.html]
[http://www.instantsearch.cc/text/online_pharmacy.html]
[http://www.instantsearch.cc/text/pop_up
...and so forth.Deleted them in safe mode and its gone now.
Now i only have yourquicksearch.com toolbar popup to get rid of! lol

but what you said about that helper file within system32.i think thats it.its all deleted anyway..just gotta wait and see!
Thanks for stepping up by the way,appreciate it!

 

Well im in work now but i have a good feeling that it should be all clear!i left the pc running so when i get home il see if a have anypop ups...pray...
And may i add..majorgeeks were the only site out of 3 that would respond to my issue.Great job guys!Thanks a million for all the help and advice!
Just hope you dont hear back from me again or i still have that feckin popup!!!!

 

Glad everything is working well so far.

You should go ahead see this article on How to Protect yourself from malware!

Browse Safely!

 

Home to see that everything is clear and no pop ups!!
Thank you so so much for all your help..im now going to change to firefox!!!
Your site is in my favorites now
cheers

 

Good Deal!

You should see Chaslang's Commandments!

Browse Safely!