Adware Spyware + Killbox killed explorer shell

Hi. So I think I have Adware.Look2Me and something involving many Tracking.Cookies that have persistenly stayed on my system. Let me go through what I've done so far. Prior to the steps below, I installed Prevx1 and its currently running on my computer. It has not interrupted with any alerts or errors.

**Random Windows Explorer Error** Address bar is checked as being visible, but its invisible. I never noticed this before...but the address bar in IE is missing too. Address bar in Firefox is unaffected.

1. Ran Ad-aware SE
As instructed in the "Before You Post."
Results: 0 New Critical Objects

2. Ran CWShredder
In safe mode, as instructed.
Reported removing CWS.Msconfig varient

Upon restarting normally, ewido reported "wuadefui.dll" as an infection of Adware.Look2Me from C:windows\system32. Chose "Clean" as the action.
Had to restart again and ewido reported "wfdrmsdk.dll" as an infection of Adware.Look2Me from C:\Windows\system32. Chose "clean."

3. Ran Spybot S&D
As instrcuted.
Reports removing registry entries for "Windows Security Center.AntiVirusDisableNotify" and "WindowsSecurityCenter.FirewallDisableNotify". Fixed selected problems. (But Spybot has repeatedly said it cleared these problems and they keep reappearing.)

4. Attempted to run TrendHousecall. Page would not load. Perhaps this could be the result of higher security settings that I installed in response to the infection(s)?

5. Ewido scan
Attempted to update in regular mode. No update was available.
Ran in safe mode
Results: Finds infected files. Most of them are *.dll's. Most are cleaned. "C:\windows\system32\dqwave.dll" has an "error" and cannot be deleted. I tried to delete with Windows explorer and that doesn't work. Also noted pvp.dll and o4nsle571h.dll and 04pqle751h.dll. Cannot delete these process!
Scan log from most recent running is below:
[804] C:\WINDOWS\system32\pVp.dll -> Adware.Look2Me : Error during cleaning
[880] C:\WINDOWS\system32\pVp.dll -> Adware.Look2Me : Error during cleaning
:mozilla.7:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\akzixo1s.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\akzixo1s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\akzixo1s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.6:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.54:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.55:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.58:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.59:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.68:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.69:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.70:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.78:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.79:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.80:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.81:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.82:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.83:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.84:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.85:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\system32\azamlij118o.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lt4027hmg.dll -> Adware.Look2Me : Cleaned with backup

6. Ran Symantac Deep/Extended Scan in safe mode
Result: Found and deleted 1 threat. When it examined dqwave.dll, it did not pickup a threat (even though ewido did)

7. Trojan Hunter.
Attempted to install. At the last moment before complete installation, received following error message:
CoCreateInstance failed; code 0x80040154. Clicked ok. Error repeated five times. Then, installation reported as "complete."

Ran test. Found only one problem but indicated that it could not scan pVp.dll since it was in use by another program. This file was identified by ewido as containing the Adware.Look2Me infection.

Random note: After several cleaning steps, my "Quick Launch" disappeared. After putting back the "quicklaunch" and choosing Firefox, computer takes a long time to advance. When Firefox has loaded, and a page is visited, a popup begins opening in another tab. Could the malware be doing this?
Also, Prevx1 interrupts once to ask if I want to allow mpas-fe.exe from C:\windows\softwaredistribution\... to be installed. I selected "Do not run."
Address bar still invisible in IE and Explorder


Deleted files on reboot from HJT w/ Killbox. Chose to "End Explorer Shell while Killing" and did NOT choose "Keep Dummy File":

I used KillBox! -- without the explicit instruction of this board's staff -- and now I am paying for my stupidity.

I used KillBox! to "delete on reboot" a variety of DLLs that were causing problems.
I chose "End Explorer Shell While Killing" or some option like that.

KillBox rebooted and everything started normally (Normal XP graphic. Normal XP login screen.)

I clicked on my name, "Jason" and the standard music sounded up but the page didn't advance to the normal windows screen. It was stuch on "loading your personal settings" for a much longer time than ever happened before.

When that screen went away, I saw the standard XPS windows background. But no start menu. No desktop icons of any kind.

I hit CTL ALT DEL and started up task manager, which listed 47 processes working but no programs.

I launched a "New Task" for explorer.exe and the start briefly appeared on the bottom on the screen....and then immediately disappeared.

I went back into KillBox to attempt to restore the files I had deleted, but when I chose File>Open Backups the start menu briefly appeared, and then disappeared again.

I have no idea what to system appears to exist and my files all appear to be there ...but I cannot get any of my original settings, my start menu, or anything.

I'm using my backup (very old) computer....and I need help asap!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zephyr_hex (Megan)DeveloperCommented:
by the way, watch out for Trend Micro's spyware application.  it can have weird side-effects, like removing all of your programs from the "all programs" start menu.  not sure why it doesnt always do this, but i've seen it from two different people in the past year.
OK, thanks for the very detailed notes. They will be very helpful, I am sure.

First things first - Are you able to boot your system in Safe Mode (where you press F8 just after the bios self-test, then choose safe mode)?
JasonCGWAuthor Commented:
I am able to boot into safe mode, but I still do not see a desktop or a start menu.
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

OK, sounds like some essential Windows files are missing or corrupt.

I would suggest a re-install of Windows XP. I am talking about a so-called "Repair Install", not a clean install, so you should not lose any data, but if you have very important files on that system then please post back for tips on how you should back them up first so there is no risk of losing data.

Before doing the repair install, you may want to browse the following page for anything helpful:;en-us;308041

To do the repair install, check the following links:

You will need the original Win/XP for the repair install.
It should not damage your personal files, but I do recommend a good backup in any case.

You can also choose to wait a bit in case the other posters in this thread have alternate suggestions.
I meant to say  "You will need the original Win/XP CD for the repair install"
JasonCGWAuthor Commented:
I do not have any WinXP CDs. WinXP was installed with my original system from Dell.

Dell suggests doing a SYSTEM RESTORE or a DELL PC Restore. But I turned off System Restore once I noticed the Adware. If I turn on System Restore now, it won't help, right?

How would I backup any files?  Will my CD Burner work if my explorer shell won't open?
That does make it more tricky :(

" If I turn on System Restore now, it won't help, right?"

 Afraid so. When you turn off system restore, it deletes all the old restore points. Turning it on now won't help, plus I am not sure it can be turned on without repairing Explorer/Desktop first. (Actually, System Restore can be run from a command prompt, see;en-us;304449&sd=tech though I'm not sure it will help, but may be worth a try).

"How would I backup any files?"

If you have access to another XP computer (maybe a friend's) you can create a bootable CD (see then boot from that and copy your files to another disk or CD. Alternately, if you are handy with computers you can physically remove your hard drive, attach it to another computer as a slave drive and then copy files over.

I am no legal expert, but it would seem that since you have a legit copy of XP from Dell, it should be OK to do a repair install after borrowing an XP CD from a friend. Alternately you should call Dell Tech Support (or even better, email them) and if you explain the position they may ship you a CD either free or for a nominal charge.
JasonCGWAuthor Commented:
All else fails, I'll try to create a bootable CD since I do have another XP Computer (my older XP Home, which I'm on now).  

But I don't have anything monumentally important on the target computer, as it's new and doesnt have too many files. Most/many of my things are on my old, reliable dell laptop.

Thanks for the suggestions....I think I'll wait to see if anything else is out there bfore I do something drastic.
I feel if I can just rename some of the dlls as dummy dlls, I should be fine. Anyone out there an expert in Killbox?
I think you need the XP CD even to create the ubcdwin  bootable CD.

Your best bet is still to do a repair install if you can find  or borrow an XP CD.

Can you open a Command Window on the partially booted system? (i.e. run the program cmd.exe from c:\windows\system32)
If so, you might be able to launch other programs such as a CD writing program.
JasonCGWAuthor Commented:
Yeah, I can get to teh command prompt.

I can get nearly all of my programs up and running....just not the explorer shell.  

I'm not sure, though, if I could get the drivers for the  CD/DVD RW up and running.

Think DELL will be able to offer any assistance? I've as of now refrained from calling....
"I'm not sure, though, if I could get the drivers for the  CD/DVD RW up and running."

 I think the drivers are already loaded at this point. So you should be able to launch most programs (unless there is some basic corruption that affects all or most programs). As a test you can open a Command Prompt window, type "cd windows" and then type Notepad to launch notepad.

 I just ran a test (I have Roxio v6), and I was able to use a command window and CD to "c:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator" and then launch the Easy CD program by typing its name "creartorc.exe"

 It's worth a try.

Re. Dell, hopefully you are still under warranty. I used to call them, but got tired of being put on hold, so lately I've had very good luck with filling out the on-line support form on their support web site (it's hidden somewhere in the Contact Us links). They usally respond within 2 to 6 hours by email and are fairly helpful. In this sort of tricky situation, though, I would be happy if they agree to mail you an XP CD so you can re-install. You need a regular XP CD, not the "System Restore" one that simply wipes out everything.
Getting rid of files that hook to winlogon notify keys can have bad effects if registry entries are not removed first. Some bad guys also uses debugger and attach themselves to registry keys that are used in startup and if you kill bad guy, explorer and IE may not start.

Can you access regedit?
JasonCGWAuthor Commented:
Thanks. Yeah, I got Roxio Up and I'm making a DVD backup and my files, few that they are.

Will try for Dell. Thanks again.
JasonCGWAuthor Commented:

Yes, I can access regedit and msconfig.
zephyr_hex (Megan)DeveloperCommented:
if your computer is still under warranty will dell, they will send you the restore/OS cd's.
also, some dell's have a recovery partition with a backup of the OS loaded there.  if your computer has this, you can use the files from the recovery partition
Open regedit and navigate to these subkeys and delete "explorer.exe"  if present.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Ooops, doubled.
Is it only "explorer.exe" that does not work or IE as well?

If IE is listed and IE doesn't work, then delete "iexplore.exe" as well.
JasonCGWAuthor Commented:
The start menu/desktop icons,preferences are not working. I have not tried to get IE to load. Firefox loads (with its favorites listed) but cannot connect to the internet.

When I go to HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options, I do not see "explorer.exe" or "iexplore.exe."

hmm.... not there?
so you can still run all programs?
can you run Hijackthis and let us see the log?
Can you download a tool to get rid of look2me (there is a tool that has never failed yet in getting rid of look2me).
JasonCGWAuthor Commented:
I can run most (if not all) programs but no start menu, no networking, etc.

I dont know how I can get the tool onto that computer since it doesnt have internet and i dont have a usb flash drive (i lost it)

HJT log is below. I retyped it from the screen of the target computer to the current one im' on.

Logfile of HijackThis v1.99.1
Scan saved at 3:57:38PM, on 24-Mar-06
Platform: Windows ZP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SPT (6.00.2900.2180)

Running processes:
C:\Program Files\Windows Defender\MsMpeng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EVMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\CCSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\Program Files\Prevx1\PxAgent.exe
c:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Symantec Client Security\Symantec Antivirus\Rtvscan.exe
c:\Program Files\Symantec Client Security\Symantec Client Firewall\SySPort.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: Adobe PDF {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [PreVxOne] c:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Windows Defender] "c:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [THGuard] "c:\Program Files\TrojanHunter 4.5\THGuard.exe
O4 - HKLM\..\Run: [SynTPEnh] c:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "c:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "c:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "c:\Program Files\Roxio\Easy CD Creater 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "c:\Program Files\QuickTime\qttask.exe" - atboottime
O4 - HKLM\..\Run: [nmapp] "c:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [iTunesHelper] "c:\Program Files\iTunes\iTunersHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" - start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\updateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] c:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Google Desktop Search] "c:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] c:\Program Files\ehome\ehtray.exe
O4 - HKLM\..\Run: [efax 4.1] "c:\Program Files\eFax Messenger 4.1\J2GD11Cmd.exe" /R
O4 - HKLM\..\Run: [DVDLauncher] "c:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Dell Support] "c:\Program Files\Dell Support\DSAgent.exe" /startup
O4 - HKLM\..\Run: [AIM] c:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0DA1DE45}   - C:\Program Files\AIM\aim.exe
O9 - Extra button: -  {CD67F990-D8E9-11d2-98FE-00C0F0218AFE}  - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}   - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menutiem: Windows Messenger -  {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O18 - Protocol: pure-go - {4745C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" - win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccevtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\GW\GBUSSNet Client 4.6\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Sumantec AntiVirus\Defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anit-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anit-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Maccrovision Corporation - C:\Program Files\InstallShiefld\Driver\11\Intel 32\IDriveT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Netowrks Network magic Service (nmserivce) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PreVX agent (PREVXgent) - Unknown Owner - C:\Program Files\Prevx1\PXAgent.exe -f (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S23EventMonitor) - Intel Corporation - C:\Program files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Smantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirys - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort *SYmSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
how about floppy disc?

You've actually deleted legit files, specially SpOrder.dll that is used for internet connection.


You can download SpOrder.dll here, to restore your connection, then lspfix if still can't connect.(floppy disc)


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JasonCGWAuthor Commented:
How can I get back wpa.dbl?

If I burn a copy of sporder.dll and bring it to the other machine...will copy & paste from the CD drive to the harddrive work?
put SpOrder.dll in System32 folder.

Sorry, Hijackthis log did not help.
JasonCGWAuthor Commented:
well it helped in discovering that I deleted legit system files.

Is this all just heading towards a reinstall?
yeah it's difficult if you can't download any tools.

try this below,

Restore desktop icons and taskbar:

Restore taskbar and start menu:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.