Results 1 to 2 of 2

Thread: Can't delete ISTsvc, Help?....Anyone?

  1. #1
    Junior Member
    Join Date
    Jan 2005
    Posts
    1

    Exclamation Can't delete ISTsvc, Help?....Anyone?

    I'm having a problem getting rid of this nasty little bug ISTsvc, I've tried all my little head can think of (hijackthis, adaware, spybot s&d, mcafee). I've disabled winXP sys restore, no luck yet. Please help. I have hijackthis in a folder on desktop called "HijackThis", using v1.99.0.0

    Thanks in advance.
    Jeff

    Here's my hijackthis log:

    Logfile of HijackThis v1.99.0
    Scan saved at 6:59:56 PM, on 1/19/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    E:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe
    E:\WINDOWS\System32\nvsvc32.exe
    E:\WINDOWS\system32\pctspk.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Sysmnt\ssmgr.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\NuCam\CamCheck\CamCheck.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    E:\WINDOWS\system32\ntvdm.exe
    E:\McAfee\McAfee VirusScan\McAfee\McAfee Shared

    Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\YAHOO!\BROWSER\YCOMMON.EXE
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    E:\Program Files\Ahead\InCD\InCD.exe
    E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    E:\WINDOWS\axoumtio.exe
    C:\Program Files\Archive\archive.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    E:\WINDOWS\system32\devldr32.exe
    E:\WINDOWS\system32\cidaemon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ISTsvc\istsvc.exe
    E:\Documents and Settings\JEFF\Desktop\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://red.clientapps.yahoo.com/cust...sbcydsl/*http:

    //www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini:

    UserInit=E:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.

    exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper -

    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}

    - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft

    Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    E:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinService32] C:\Program Files\Sysmnt\ssmgr.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual

    Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual

    Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe

    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CamCheck] C:\Program

    Files\NuCam\CamCheck\CamCheck.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program

    Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [InstallNAIProduct] "D:\VSC\SETUP.EXE" /RUNKEY
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft

    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [CloneCDTray] "E:\Program

    Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [McAfee Guardian] "E:\McAfee\McAfee

    VirusScan\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [VSOCheckTask]

    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online]

    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]

    c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RemoteControl] "E:\Program

    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [c7DVia] E:\WINDOWS\axoumtio.exe
    O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe

    /v=3 /cleanup
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "E:\Program Files\Spybot - Search &

    Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [Internet Download Accelerator] E:\Program

    Files\IDA\ida.exe -autorun
    O4 - Startup: MacroMaker.lnk = ?
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

    Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft

    Office\Office\OSA.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp instant support.lnk = C:\Program

    Files\Hewlett-Packard\hpis\bin\matcli.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program

    Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program

    Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: Webshots.lnk = C:\Program

    Files\Webshots\WebshotsTray.exe
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -

    res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program

    files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Yahoo! Login -

    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM

    FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Login -

    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM

    FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

    C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM

    FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} -

    (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O13 - WWW. Prefix: http://
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl

    Class) -

    http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2...rendmicro.com/

    housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

    http://a19.g.akamai.net/7/19/7125/14...123/cpbrkpie.c

    ab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -

    http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX

    Control) -

    http://install.anark.com/client/vers...n/AMClient.cab
    O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service

    Client) - http://ccon.madonion.com/global/msc.cab
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common

    Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Blink2PnP - Unknown -

    C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    O23 - Service: InCD Helper - Ahead Software AG - E:\Program

    Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Macromedia Licensing Service - Unknown - C:\Program

    Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield - Unknown -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc -

    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks

    Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -

    E:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone - PCtel, Inc. -

    E:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  2. #2
    Murders & Executions Cypher's Avatar
    Join Date
    Jul 2002
    Location
    Returning video tapes
    Posts
    2,717
    Try using HJT>config>misc tools>delete file on reboot. Just navigate to the file you want removed.

    If it's transmugenic

    Go to command line, cd to it's location change it's attributes and rem works too.

    I would recomend that you grab these:

    http://www.majorgeeks.com/download4466.html

    spysweeper 30 day trial
    http://www.webroot.com/shoppingcart/...99b8d56cc3d127

    Update them both, boot to safe mode and run in this order:
    spybot
    adaware (scan in compressed files)
    spysweeper
    MS spyware remover

Similar Threads

  1. Does anyone have a Mcafee Uninstaller?
    By Ghosthunter in forum Network Security
    Replies: 4
    Last Post: 12-15-06, 03:04 PM
  2. purchasing?
    By LuiKhang in forum Cases & Modding
    Replies: 14
    Last Post: 06-04-02, 01:15 AM
  3. fa311, rp114 + 2wire network box 1000
    By LuiKhang in forum Networking Forum
    Replies: 1
    Last Post: 05-27-02, 11:21 PM
  4. problems with norton antivirus.....
    By nightowl in forum Software Forum
    Replies: 8
    Last Post: 08-31-01, 10:52 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •