This toolbar installs automatically and without notice, after entering to some questionable sites, like serial number and porn sites.  I'm not saying that this is your case, but mentioning examples.

It is not only the internet search (ISTSVC), but a package of several spyware that are installed at the same time.

Personally, I remove it manually, doing 4 steps;

1 - Searching the registry using "Regedit" and removing all entries associated with the keywords on the list below.

2 - Searching the harddrive for files with the same names and deleting them (if any is not allowed to be deleted because windows is using it, try to stop the process by hitting "Ctrl+Alt+Del" once and searching the task in the list and hitting "End Task", then continuing to delete the file).

3 - Removing the URL that these programs place in the "home page" blank on "internet options" without notice.  That will prevent, going to their main site and reinstalling all, every time you open the IE.

4 - Removing links placed by these programs in the "Favorites Folder"

Keyword list:

ISTSVC (Internet Search Tool Server or Service)

XXXToolbar

msbb (Don't know what exactly it is, but i know it is installed by these Spyware)

PowerScan (Porn Scanner, Actually, a Spyware)

Lycos (Actually not really from Lycos)

180 (180 search, part of the above "Lycos entry")

Adult

Porn

Infamous (Infamous-Downloader)

2nd (Second Thought whatever software)

If it sounds too tedious, you may use a registry cleaner, but manual removal of any file will still be mandatory.

I hope this works for you,

Richard

Ghost50lx:

We need you to download and install an analysis and repair tool called Hijackthis.

Go here and download the file: http://tomcoyote.com/hjt

Please unzip Hijackthis.zip into a new folder you create in the root (first) level of the C: drive. Name this folder HJT for best and safest results. (don't unzip it into a temp folder or run the file from a temp folder, or the Windows Desktop, etc...as it needs a safe folder to keep backup logs). Also when people post here and place it on the Desktop the log usually shows their full name since their Windows user profile is commonly named with their full name. We try not to disturb your privacy. *;-)

See my entire Hijackthis FAQ (Frequently Asked Questions) at:

http://russelltexas.com/malware/faqhijackthis.htm

After downloading, and unzipping the hijackthis file into a safe folder you create (preferably a folder named HJT in the first level of the C: drive)...run Hijackthis, click on the 'scan' button and then 'save log' button.

Copy and paste the contents of the text file you save into a reply to this message. A lot of posters make mistakes here in copying and pasting so reread the left info sidebar called Copy and Paste at http://www.tomcoyote.com/hjt

Special Notice! Hijackthis is a powerful tool that edits the brains of Windows (the Registry). DO NOT FIX anything in the Hijackthis log screen without assistance from the experts! Most of the line items in the scanned log are normal for Windows operation. Hijackthis should identify the vast majority of your problems and enable us to help you clean them off your system.


Stay in this thread for continuity. Reply to this message.

Special Note: Most of the experts including me will be gone from the Forum for the next few days. I will be gone from Friday June 11th until Sunday June 13th . Hang on until we return.


HTH (Hope that Helps)

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum