Desktop Hijack still here

Did you do the below:

Fixing Locked Desktop
Right click on your Desktop and select Properties. Then click the Desktop tab and then the Customize Desktop button. Now in the next window that comes up click the Web tab. Make sure at the bottom that Lock desktop items is unchecked. Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too. Then click OK. Apply. OK.

 

Click Start and select Control Panel then select Display and then the Desktop tab.

 

What OS are you running? You really should do a registry backup before continuing. If running Win2K or XP you can download and use Erunt to do a backup.

See message number 76 in the below thread:

http://forums.majorgeeks.com/showthread.php?t=59117

Does any of that help?

 

It's not related to your problem. Here is what the registry key relates too, see:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/regentry/93502.asp

Please follow the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Is that HJT log from normal boot mode or safe mode?

Why are you running without an antivirus application, without a spyware blocker, and don't believe the firewall you are using (BlackIce) is very good from reports I have heard (but I have no first hand info).

You have some problems we need to fix. I'll be back in a few minutes with a fix.

 

Are you still here? I need to know if that log was from safe mode or normal boot mode?

Also, please run Windows Explorer and located the file: c:\windows\system32\flsmngr.dll
Then right click on it and select Properties. Then select the Version tab.
Now go thru the Item name list and get information about this file. Get company information at a minimum.

 

Okay will post an attempted fix but I needed my other questions answered. So let's see what happens while trying the below. Make sure you follow these steps exactly.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden & system files is enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:
C:\WINDOWS\System32\spoolsrv32.exe

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\System32\srpcsrv32.dll
C:\WINDOWS\System32\txfdb32.dll
C:\WINDOWS\Web\desktop.html

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

When you come back, also tell me the size of that c:\windows\system32\flsmngr.dll

And do you know how to use WinZip to create ZIP files?