TheTechGuide Forum

General Category => Tech Clinic => Topic started by: aeria1 on February 20, 2005, 01:52:44 PM

Title: another istsvc.exe problem
Post by: aeria1 on February 20, 2005, 01:52:44 PM

Hi,

I was searching the web for istsvc.exe solutions and the best I could find was on this site.

I've seen some of the postings and followed part of it by copying the scan log.
I hope the solution hasn't changed. Can you please help me?

Many thanks

Logfile of HijackThis v1.99.1
Scan saved at 오후 6:38:27, on 2005-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_10.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
?G6x冷???n㎕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/tt3_x.cab\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab\")
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab (http://\"http://www.livecall.co.kr/pds/module/livecall.cab\")
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab (http://\"http://www.vpay.co.kr/KVPplugin01.cab\")
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab (http://\"http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab\")
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96 (http://\"http://info.anycert.com/c.wtz?i=96\")
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab (http://\"http://www.samsungcard.co.kr/XecureDemo/XecureObject/xw50_install.cab\")
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab (http://\"http://211.189.120.205/sbill/cruzbill.cab\")
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab (http://\"http://web1.shutterfly.com/downloads/Uploader.cab\")
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab (http://\"http://edu.pricequiz.com/include/ShortCut.cab\")
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab (http://\"http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab\")
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab (http://\"http://contents.wisebook.com/video/wisebook/experience/ibook/WiseLoader.cab\")
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab (http://\"http://update.nprotect.net/nprotect/samsungcard/npx.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab (http://\"http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab\")
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab (http://\"http://ib.kfb.co.kr/ko_KR_new/initech/plugin/INISafeWeb50.cab\")
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab (http://\"https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab\")
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Title: another istsvc.exe problem
Post by: guestolo on February 20, 2005, 11:06:59 PM

Access your Add/Remove Programs and Remove New.net Application or New.net Domains if found
RESTART your computer after Removal

If not listed in Add/Remove Programs, use this link to Alternately remove it
Preferrably Procedure 4 if procedure 1 is not available
You can run the removal tool from the hard drive if you have Internet connecion
http://www.newdotnet.com/removal.html (http://\"http://www.newdotnet.com/removal.html\")

When your back in Windows
Go back to Add/Remove programs and remove
ISTsvc or IstBar if listed
Restart your computer again

Back in Windows
Access your Add/Remove programs and remove
P2P Networking.exe
A useless addon usually associated with Kazaa that can cause slowness in browsing and general use of the computer
If prompted to remove Altnets>> do so

Restart your computer again

Back in Windows
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://www.lavasoftusa.com/support/download/\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
Post back a fresh hijackthis log and we'll try to finish the cleaning

Title: another istsvc.exe problem
Post by: aeria1 on February 21, 2005, 05:53:13 PM

Hi Guestolo,

Thanks ever so much for your help. I'm a lot more confident that I'll get through this without cleaning out my hard-drive since you replied, but I have trouble removing istsvc.exe from my CONTROL PANEL -ADD/REMOVE PROGRAMS.
Whenever I click on REMOVE, the window stops and I can't shut it down unless I restart the notebook.

I've managed to remove New.net and P2P Networking, but here is my Hijack Log.

Thanks again for you help.

p.s. I've been download Ad-Aware Personal SE 1.05 for the last half hour. It's stuck on 10 minutes and 50 seconds remaining. Does that happen?

Logfile of HijackThis v1.99.1
Scan saved at 오후 10:46:41, on 2005-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
?G6x冷???n㎕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Send to Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Saved Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/tt3_x.cab\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab\")
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab (http://\"http://www.livecall.co.kr/pds/module/livecall.cab\")
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab (http://\"http://www.vpay.co.kr/KVPplugin01.cab\")
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab (http://\"http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab\")
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96 (http://\"http://info.anycert.com/c.wtz?i=96\")
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab (http://\"http://www.samsungcard.co.kr/XecureDemo/XecureObject/xw50_install.cab\")
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab (http://\"http://211.189.120.205/sbill/cruzbill.cab\")
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab (http://\"http://web1.shutterfly.com/downloads/Uploader.cab\")
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab (http://\"http://edu.pricequiz.com/include/ShortCut.cab\")
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab (http://\"http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab\")
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab (http://\"http://contents.wisebook.com/video/wisebook/experience/ibook/WiseLoader.cab\")
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab (http://\"http://update.nprotect.net/nprotect/samsungcard/npx.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab (http://\"http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab\")
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab (http://\"http://ib.kfb.co.kr/ko_KR_new/initech/plugin/INISafeWeb50.cab\")
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab (http://\"https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab\")
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Title: another istsvc.exe problem
Post by: guestolo on February 21, 2005, 06:05:09 PM

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Can you do me a favor
Could you also access this page
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
Give the link time too load
Use the Browse button and navigate to
C:\WINDOWS\System32\winaa7088\Xeef.exe <--file
Right click on it and SELECT it
Use the SUBMIT button at the site and wait for the Scan Results
Post back the results of the scan<<not the whole page, just the scan results

Title: another istsvc.exe problem
Post by: aeria1 on February 21, 2005, 06:56:07 PM

Hi,

I hope I selected the right part of the page.

Many thanks for the effort.

By the way, it's official. I can't seem to download Ad-Aware 1.05 no matter how long I wait.  /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Service load:  0%        100%  
 
File:  Xeef.exe  
Status:  OK  
Packers detected:  None
   
AntiVir  No viruses found (0.86 seconds taken)
Avast  No viruses found (3.01 seconds taken)
AVG Antivirus  No viruses found (0.77 seconds taken)
BitDefender  No viruses found (0.89 seconds taken)
ClamAV  No viruses found (1.12 seconds taken)
Dr.Web  No viruses found (1.60 seconds taken)
F-Prot Antivirus  No viruses found (0.15 seconds taken)
Fortinet  No viruses found (0.81 seconds taken)
Kaspersky Anti-Virus  No viruses found (1.94 seconds taken)
mks_vir  No viruses found (0.55 seconds taken)
NOD32  No viruses found (0.90 seconds taken)
Norman Virus Control  No viruses found (1.61 seconds taken)

Title: another istsvc.exe problem
Post by: guestolo on February 21, 2005, 06:59:58 PM

Where are you downloading it from?
I forgot you couldn't download it.....
Try here
http://www.download.com/3001-8022_4-10319876.html (http://\"http://www.download.com/3001-8022_4-10319876.html\")

Title: another istsvc.exe problem
Post by: aeria1 on February 21, 2005, 07:09:46 PM

Thanks. I'm giving it another try but once again it's stuck on 10 minutes 50 sec. I'll leave it for an hour or two I guess.
Will it get rid of the ISTsvc for sure?

I managed to get rid of it with Ad-Aware 1.03, but it keeps reinstallig itself after about 15 minutes. It's starting to drive me nuts.

Always grateful,

aeria1

Title: another istsvc.exe problem
Post by: guestolo on February 21, 2005, 07:18:58 PM

Don't wait an hour or 2
I'm not sure why your getting stuck at  10 minutes 50
Are you on dialup?

Can you download it from here?
http://www.majorgeeks.com/download506.html (http://\"http://www.majorgeeks.com/download506.html\")

When installing it make sure you let it remove Ad-Aware 1.03

This doesn't get rid of all the infection of Istbar, but helps and gets other unneeded entries

Don't bother running it right now, just see if you can get it installed and updated
We'll run it later

Title: another istsvc.exe problem
Post by: aeria1 on February 21, 2005, 07:45:06 PM

Alright! We're in business. Finally managed to install Ad-Aware 1.05 (after uninstalling previous version). It's set up and updated.

What next?

Title: another istsvc.exe problem
Post by: aeria1 on February 21, 2005, 08:09:35 PM

Ran Ad-Aware 1.05 (with updates) twice and here is the Hijack log.
(I think I'm getting into this!)

With gratitude...

Logfile of HijackThis v1.99.1
Scan saved at 오전 1:07:21, on 2005-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\민병은\LOCALS~1\Temp\K1b0dQ.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
?G6x冷???n㎕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/tt3_x.cab\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab\")
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab (http://\"http://www.livecall.co.kr/pds/module/livecall.cab\")
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab (http://\"http://www.vpay.co.kr/KVPplugin01.cab\")
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab (http://\"http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab\")
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96 (http://\"http://info.anycert.com/c.wtz?i=96\")
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab (http://\"http://www.samsungcard.co.kr/XecureDemo/XecureObject/xw50_install.cab\")
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab (http://\"http://211.189.120.205/sbill/cruzbill.cab\")
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab (http://\"http://web1.shutterfly.com/downloads/Uploader.cab\")
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab (http://\"http://edu.pricequiz.com/include/ShortCut.cab\")
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab (http://\"http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab\")
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab (http://\"http://contents.wisebook.com/video/wisebook/experience/ibook/WiseLoader.cab\")
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab (http://\"http://update.nprotect.net/nprotect/samsungcard/npx.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab (http://\"http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab\")
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab (http://\"http://ib.kfb.co.kr/ko_KR_new/initech/plugin/INISafeWeb50.cab\")
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab (http://\"https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab\")
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Title: another istsvc.exe problem
Post by: guestolo on February 21, 2005, 08:13:56 PM

Good work
A couple more small downloads if you can

===Download and save to Desktop the
FixIstbar.exe from Symantecs (http://\"http://securityresponse.symantec.com/avcenter/FxIstbar.exe\")
Don't run it yet

==Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, etc...
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install for now, don't run a scan yet

Please print the rest of this out or save to a Notepad file on the desktop
I will also need you to restart into Safe mode soon, I supplied a link below if your unsure
Disconnect completely from the Internet

Open Hijackthis>>Open Misc Tools section>>Open process manager
Kill these processes if running
C:\WINDOWS\System32\winaa7088\Xeef.exe
C:\WINDOWS\wwirof.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\DOCUME~1\민병은\LOCALS~1\Temp\K1b0dQ.exe

Do another scan with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O4 - HKLM\..\Run: [Configuration Loadings] iSVCHOST.exe

O4 - HKLM\..\Run: [Xeef] C:\WINDOWS\System32\winaa7088\Xeef.exe ticket s

O4 - HKLM\..\Run: [QDp9m] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [???4??] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [{P?/??늯틶nIW?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\wwirof.exe

O4 - HKLM\..\Run: [;?W껙+7?냰?ホ퍬:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [oi?,`??뻠,jq^X<?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wwirof.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loadings] iSVCHOST.exe
O4 - HKLM\..\RunServices: [65vrgfghfd] bbbbbbbbb.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab\")

O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://info.anycert.com/c.wtz?i=96 (http://\"http://info.anycert.com/c.wtz?i=96\")

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab (http://\"http://update.nprotect.net/nprotect/samsungcard/npx.cab\")
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab (http://\"http://update.nprotect.net/keycrypt/samsungcard/npkcx.cab\")

O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer into Safe mode (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=2#_Section2\")

Find and delete these files or folders if they exist
C:\WINDOWS\wwirof.exe <--file
C:\WINDOWS\System32\iSVCHOST.exe <--file, notice the spelling, don't try and delete svchost.exe which is legit

Search for this file and delete it if it exists
bbbbbbbbb.exe

C:\Program Files\ISTsvc <--folder

Stay in safe mode

Open Windows CleanUp>>START>>All programs>>Cleanup
Click on the CleanUp button, let it finish scanning for files
When it's done and prompts you to Log off or Restart, DON'T at this time

Run the FixIstBar removal tool from Symantec's
Let it finish scanning your hard drive
Follow prompts

Open Ad-Aware
Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart back to Normal Mode

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back a fresh Hijackthis log afterwards

Title: another istsvc.exe problem
Post by: aeria1 on February 22, 2005, 04:29:52 PM

Wow! It took me a while but I managed to do exactly as instructed.
At first sight, it looks gone! Joy and jubilation!
One thing bugs me a bit. I did a Hijack scan a 2nd time in Safe Mode and fixed it twice but this one...

O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)

doesn't go away.

Anyway, here is my latest log.
I wish I could somehow repay you for the tremendous help and englightenment you've given me. I really needed that clean up.

Logfile of HijackThis v1.99.1
Scan saved at 오후 9:25:29, on 2005-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/tt3_x.cab\")
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab (http://\"http://www.livecall.co.kr/pds/module/livecall.cab\")
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab (http://\"http://www.vpay.co.kr/KVPplugin01.cab\")
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab (http://\"http://speed.kornet.net/sw5/qtest/cab/KTSpeedNewCtrl.cab\")
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.samsungcard.co.kr/XecureDemo/Xe...w50_install.cab (http://\"http://www.samsungcard.co.kr/XecureDemo/XecureObject/xw50_install.cab\")
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://211.189.120.205/sbill/cruzbill.cab (http://\"http://211.189.120.205/sbill/cruzbill.cab\")
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab (http://\"http://web1.shutterfly.com/downloads/Uploader.cab\")
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://edu.pricequiz.com/include/ShortCut.cab (http://\"http://edu.pricequiz.com/include/ShortCut.cab\")
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab (http://\"http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab\")
O16 - DPF: {A2134278-B404-4B78-B751-8FB923B31935} (WiseLoader Control) - http://contents.wisebook.com/video/wiseboo.../WiseLoader.cab (http://\"http://contents.wisebook.com/video/wisebook/experience/ibook/WiseLoader.cab\")
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://ib.kfb.co.kr/ko_KR_new/initech/plug...NISafeWeb50.cab (http://\"http://ib.kfb.co.kr/ko_KR_new/initech/plugin/INISafeWeb50.cab\")
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab (http://\"https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPI.cab\")
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Configuration Loadings (india111) - Unknown owner - C:\WINDOWS\System32\iSVCHOST.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Title: another istsvc.exe problem
Post by: guestolo on February 22, 2005, 07:37:31 PM

Could you  Download ServiceFilter.zip (http://\"http://www.bleepingcomputer.com/files/windows/ServiceFilter.zip\")
Unzip the contents to a folder
Double-click ServiceFilter.vbs, if you get a prompt from your Anti-Virus, Allow this to run, we are just collecting information
This script will create a text file named 'Post_This.txt' in the same folder as the script itself has been saved - copy and paste the contents of Post_This.txt in your next reply here.

Title: another istsvc.exe problem
Post by: Guest on February 25, 2005, 02:28:22 PM

[quote name=\'guestolo\' date=\'Feb 22 2005, 06:37 PM\']Could you  Download ServiceFilter.zip (http://\"http://www.bleepingcomputer.com/files/windows/ServiceFilter.zip\")
Unzip the contents to a folder
Double-click ServiceFilter.vbs, if you get a prompt from your Anti-Virus, Allow this to run, we are just collecting information
This script will create a text file named 'Post_This.txt' in the same folder as the script itself has been saved - copy and paste the contents of Post_This.txt in your next reply here.

[post=\"25962\"]<{POST_SNAPBACK}>[/post]

[/quote]
Go to this link and you get rid of this [censored] http://www.isearchtech.com/ (http://\"http://www.isearchtech.com/\")

Title: another istsvc.exe problem
Post by: pelle on February 28, 2005, 05:50:56 AM

follow this link and all your problems be over, a removal tool from the parasite himself.  http://www.ysbweb.com/uninstall.html (http://\"http://www.ysbweb.com/uninstall.html\")

Title: another istsvc.exe problem
Post by: Guest on March 06, 2005, 03:54:15 PM

I'm having trouble with this spyware, too.  I don't know which executable(s) to select, since I don't have the same ones as the thread starter.

Logfile of HijackThis v1.99.1
Scan saved at 12:48:20 PM, on 3/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sean M Simonsen\Desktop\istfix\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\darjhjgb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (http://\"http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099167846468 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099167846468\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O18 - Protocol: bw+0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {F02C27B4-F594-42EE-9853-F88EC91A2F55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Title: another istsvc.exe problem
Post by: guestolo on March 06, 2005, 08:13:12 PM

I'm locking this topic

aeria1, if you need it reopened please Pm a Mod or the site Admin and supply a link to this thread

All others, with similiar problems please start your own post