Found a few previous examples of the desktop.exe and ffisearch.exe problems being solved, and I've been working to figure this one out..
(on my younger siblings pc away from my home, so i haven't the slightest idea when the problems began)
I have located for certain the isrvs folder and affiliated problem files associated with it.. have used taskmanager to disable the desktop.exe file atm. Have also spent hours and hours of cleaning using LavaSoft AdAware, Spybot S&D, and AVG. Finally found out about HijackThis, and created a log to hopefully find someone who can help me interpret and solve this problem.
((Be warned, the log is massive, and plenty of suspicious material that is greek to me))
Logfile of HijackThis v1.99.1
Scan saved at 8:57:50 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\objsdecd.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E
C:\WINDOWS\System32\pruttct.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nv4cm.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\pruttct.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kham siharath\Desktop\Ryan\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://216.130.185.122/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.worldofwarcraft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.worldofwarcraft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {004D65DB-0C9E-454A-B9E5-B11DFCB9FDA2} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: (no name) - {13E6E103-F5F0-4EFD-BB16-9608FE3315AE} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: (no name) - {1CCF9C0E-DE9F-4E7D-B0D9-AD128EAB53E1} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINDOWS\System32\trgen.dll
O2 - BHO: (no name) - {304CD25B-CED1-4F7B-ACA0-8718D1AA7714} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {332CFB98-5A55-427C-8522-7FD4C7BA1E1D} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {34E3B427-7D4F-40A9-87D7-9077EA7A6BA6} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {4218DE73-DBB7-4FA2-A64C-52AC863EEF93} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {44CC7DDA-0A9F-42CE-9B85-A5C825E9A475} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: (no name) - {51CC7E6D-CE09-4BB1-B790-D2F7EE524A4A} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {5205480A-B7B5-4C7B-98BF-2D64D2548FE7} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54A3B46E-8995-412D-86C0-173369FA335B} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {56F94F2B-AE89-4649-BE24-781731CC718A} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {599F4781-3F90-482A-89FA-C7605252C0B2} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll (file missing)
O2 - BHO: (no name) - {59F4BB5E-C89D-4678-845F-F9E9243AE8A7} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {5B74218C-81B5-47AD-BFA1-953C452E47F3} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {6963AE8D-CF48-48E1-9753-6A1B2D3A079D} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {69A6B32F-45CC-4933-80F5-2C39274004ED} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {70B44F6D-3825-4E77-948D-6B0539B3B038} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {73A2FB5F-0B15-41B2-993C-F32A783C12EC} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {74B6B3E0-71F5-40EA-9328-8C3719C999B3} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {8B65CD4E-F62A-47C9-ACC2-18EE1800A37D} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {8EB11A3F-070D-476E-B900-E7AEC0823F6A} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {8F615293-185D-424E-A924-5F419745443F} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: ohb - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\System32\ic2_win.dll (file missing)
O2 - BHO: (no name) - {9C06233B-8E51-4D0A-87FB-A04A3A2C7F57} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {A918A56B-4A1A-469A-AFFA-CA6DDF3C7AC8} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {AAF50414-DB5F-4DB8-97BB-F4C55287F752} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {B9AF86CA-0BA5-4D11-BD42-8AAB48902535} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {C37E3181-674B-4C91-BBE5-9566BC911C1E} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: (no name) - {C6C99555-9A46-4F2D-9B01-257828CDD619} - C:\Program Files\qamm4fe1\qamm4fe1.dll
O2 - BHO: SDWin32 Class - {C733707A-88C5-4A8D-97E2-0B5654282BDA} - C:\WINDOWS\System32\xybkr.dll
{continued in next post}
Linear Mode
