HPE Community
Internet Products
1835357 Members
3216 Online
110078 Solutions
New Discussion

Cannot remove istsvc from my computer, looking for Ron's help

 
SOLVED
Go to solution
Chris_732
Occasional Advisor

‎01-23-2005 02:07 PM

‎01-23-2005 02:07 PM

Cannot remove istsvc from my computer, looking for Ron's help

Hello, I am having the same prob as many others. I have followed the instructions that was given to Richie Jones. Of course though my Hijack This log was different and I did not find some of the same things that you told him to delete. I was hoping the you might be able to look at my log and tell me what to delete.
Thank you
Hijack This 1.99
Windows xp home
not sure on internet explore I use mozilla firefox

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Documents and Settings\All Users\Application Data\Heart cash meta dale\FRAGUSER.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ewktp.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\COMMON~1\AOL\109752~1\EE\AOLHOS~1.EXE
C:\program files\aim\aim.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\109752~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\program files\aim\aim.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {24D6F1E0-ACDC-9FC1-F93A-23C70AD16B8D} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097521052\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Meta dale list bits] C:\Documents and Settings\All Users\Application Data\Heart cash meta dale\FRAGUSER.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Iimf] C:\WINDOWS\ewktp.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
0 Kudos
9 REPLIES 9
Ron Kinner
Honored Contributor

‎01-23-2005 03:15 PM

‎01-23-2005 03:15 PM

Solution

Re: Cannot remove istsvc from my computer, looking for Ron's help

Boot into Safe Mode (F8) and run HijackThis and check the following and Fix Checked.

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {24D6F1E0-ACDC-9FC1-F93A-23C70AD16B8D} - (no file)
O4 - HKLM\..\Run: [Meta dale list bits] C:\Documents and Settings\All Users\Application Data\Heart cash meta dale\FRAGUSER.exe
O4 - HKLM\..\Run: [Iimf] C:\WINDOWS\ewktp.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - Global Startup: Digital Line Detect.lnk = ?

Reboot and run another scan and let me see if we got it all.

Ron
Chris_732
Occasional Advisor

‎01-23-2005 03:56 PM

‎01-23-2005 03:56 PM

Re: Cannot remove istsvc from my computer, looking for Ron's help

I turned off the system restore and ran hijack this.

Logfile of HijackThis v1.99.0
Scan saved at 11:53:33 PM, on 1/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\program files\aim\aim.exe
C:\PROGRA~1\COMMON~1\AOL\109752~1\EE\AOLHOS~1.EXE
C:\Program Files\America Online 9.0c\waol.exe
C:\PROGRA~1\COMMON~1\AOL\109752~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe
C:\Documents and Settings\Jacqueline\Desktop\HijackThis.exe
C:\Program Files\America Online 9.0c\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097521052\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\program files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

0 Kudos
Ron Kinner
Honored Contributor

‎01-24-2005 07:40 AM

‎01-24-2005 07:40 AM

Re: Cannot remove istsvc from my computer, looking for Ron's help

Looks pretty clean. Any problems left?

Ron
Chris_732
Occasional Advisor

‎01-24-2005 01:55 PM

‎01-24-2005 01:55 PM

Re: Cannot remove istsvc from my computer, looking for Ron's help

I'm not sure, when I run my spybot I get nothing. But when running spy sweeper i still pick up the 5 basic adware:

istbar
powerscan
slotchbar
teenxxx(tinybar)
and a cookie that keeps coming back some how,
atwola

I check the program files folder but the istbar folder is not there. not sure what to make of this. Think it is refreshing itself through spysweeper?

Oh also can you tell me how this point system works. I def need to give you the points.
0 Kudos
Chris_732
Occasional Advisor

‎01-24-2005 02:10 PM

‎01-24-2005 02:10 PM

Re: Cannot remove istsvc from my computer, looking for Ron's help

Well the spysweeper report was
ad powerscan
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist || recover
TeenXXX (TinyBar)
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist || recover
Atwola Cookie
c:\documents and settings\jacqueline\cookies\jacqueline@atwola[1].txt

I'm not sure if the recover part of each one of these adware is what cuases it to come back.
0 Kudos
Ron Kinner
Honored Contributor

‎01-25-2005 01:01 AM

‎01-25-2005 01:01 AM

Re: Cannot remove istsvc from my computer, looking for Ron's help

Chris,

What Spysweeper is telling you is that there are a few entries left in your registry from the IST problem. You can remove them manually if you want but they are not hurting anything. Start Run then regedit and press Enter. That will bring up the registry editor. It works sort of like Windows Explorer. There are 5 main folders each starting with HKEY_

The one you want is HKEY_CURRENT_USER which is the second of the 5 main folders. Press the + in front of HKEY_CURRENT_USER and it will open up and show you the subfolders. Find the one called Software and open it the same way. You should see the IST folder. Highlight the IST folder and press the Delete key. If it asks you if "you are sure" tell it yes.

Close regedit by click on the X in the top right corner.

The last entry is nothing but a cookie. The easiest way to get rid of it is to open a CMD window: Start Run and type cmd and press Enter.

Now type with an Enter after each line:

C:
cd "c:\documents and settings\jacqueline\cookies"
attrib -r -h -s jacqueline@atwola[1].txt
rem jacqueline@atwola[1].txt

Ron

PS: When you login as the original poster and come back to this thread you will see a little down arrow next to each post that is not from you. Press it and you will be able to select from 0-10 points. Select points for each entry based on how useful it was to you with 0 being a waste of time and 10 meaning it solved your problem. Then press the Submit Points button at the bottom at the left (not the Submit button on the right).

Chris_732
Occasional Advisor

‎01-25-2005 02:00 AM

‎01-25-2005 02:00 AM

Re: Cannot remove istsvc from my computer, looking for Ron's help

Ok the spy sweeper deleted those other files but the atwola keeps coming back. What does that cmd do to the cookie. I did that and ran the spy sweeper again and it still showed up as there. I don't think its doing anything but keep coming back but i would like to get rid of it. But thank you for your help.
0 Kudos
Ron Kinner
Honored Contributor

‎01-25-2005 03:16 AM

‎01-25-2005 03:16 AM

Re: Cannot remove istsvc from my computer, looking for Ron's help

Atwola is something to do with AOL Time-Warner. I expect some ad on a website is keeping track of what ad it has shown you. Since it keeps coming back what you can do is annoy them by opening the file with Notepad and changing it to something else. Then right click on the file and select properties and make it read only. If you were using IE I would tell you to put *.atwola.com in your Restricted Zone or up your privacy settings on cookies but I don't know anything about Firefox. You could put some entries in your hosts file to send any traffic to ar.atwola.com to 127.0.0.1:

XP/ME : Open C:\windows\system32\drivers\etc\hosts
and add below the line

127.0.0.1 localhost

the following lines:

127.0.0.1 ar.atwola.com
127.0.0.1 ar1.atwola.com
127.0.0.1 ar2.atwola.com
127.0.0.1 ar3.atwola.com
127.0.0.1 ar4.atwola.com
127.0.0.1 ar5.atwola.com
127.0.0.1 ar6.atwola.com
127.0.0.1 ar7.atwola.com
127.0.0.1 ar8.atwola.com
127.0.0.1 ar9.atwola.com
127.0.0.1 ads.web.aol.com

Again I don't think it's anything to worry about. Cookies are everywhere just delete them when they come back.

Ron
Chris_732
Occasional Advisor

‎01-25-2005 09:39 AM

‎01-25-2005 09:39 AM

Re: Cannot remove istsvc from my computer, looking for Ron's help

Thank you for all your help , i'll go and try that out then just delete it as it comes back.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.