Adware Spyware + Killbox killed explorer shell

Posted on 2006-03-24
Last Modified: 2008-01-09
Hi. So I think I have Adware.Look2Me and something involving many Tracking.Cookies that have persistenly stayed on my system. Let me go through what I've done so far. Prior to the steps below, I installed Prevx1 and its currently running on my computer. It has not interrupted with any alerts or errors.

**Random Windows Explorer Error** Address bar is checked as being visible, but its invisible. I never noticed this before...but the address bar in IE is missing too. Address bar in Firefox is unaffected.

1. Ran Ad-aware SE
As instructed in the "Before You Post."
Results: 0 New Critical Objects

2. Ran CWShredder
In safe mode, as instructed.
Reported removing CWS.Msconfig varient

Upon restarting normally, ewido reported "wuadefui.dll" as an infection of Adware.Look2Me from C:windows\system32. Chose "Clean" as the action.
Had to restart again and ewido reported "wfdrmsdk.dll" as an infection of Adware.Look2Me from C:\Windows\system32. Chose "clean."

3. Ran Spybot S&D
As instrcuted.
Reports removing registry entries for "Windows Security Center.AntiVirusDisableNotify" and "WindowsSecurityCenter.FirewallDisableNotify". Fixed selected problems. (But Spybot has repeatedly said it cleared these problems and they keep reappearing.)

4. Attempted to run TrendHousecall. Page would not load. Perhaps this could be the result of higher security settings that I installed in response to the infection(s)?

5. Ewido scan
Attempted to update in regular mode. No update was available.
Ran in safe mode
Results: Finds infected files. Most of them are *.dll's. Most are cleaned. "C:\windows\system32\dqwave.dll" has an "error" and cannot be deleted. I tried to delete with Windows explorer and that doesn't work. Also noted pvp.dll and o4nsle571h.dll and 04pqle751h.dll. Cannot delete these process!
Scan log from most recent running is below:
[804] C:\WINDOWS\system32\pVp.dll -> Adware.Look2Me : Error during cleaning
[880] C:\WINDOWS\system32\pVp.dll -> Adware.Look2Me : Error during cleaning
:mozilla.7:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\akzixo1s.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\akzixo1s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\akzixo1s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.6:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.54:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.55:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.58:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.59:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.68:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.69:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.70:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.78:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.79:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.80:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.81:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.82:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.83:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.84:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.85:C:\RECYCLER\S-1-5-21-3880028103-2268992153-1497372460-500\Dc1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\system32\azamlij118o.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lt4027hmg.dll -> Adware.Look2Me : Cleaned with backup

6. Ran Symantac Deep/Extended Scan in safe mode
Result: Found and deleted 1 threat. When it examined dqwave.dll, it did not pickup a threat (even though ewido did)

7. Trojan Hunter.
Attempted to install. At the last moment before complete installation, received following error message:
CoCreateInstance failed; code 0x80040154. Clicked ok. Error repeated five times. Then, installation reported as "complete."

Ran test. Found only one problem but indicated that it could not scan pVp.dll since it was in use by another program. This file was identified by ewido as containing the Adware.Look2Me infection.

Random note: After several cleaning steps, my "Quick Launch" disappeared. After putting back the "quicklaunch" and choosing Firefox, computer takes a long time to advance. When Firefox has loaded, and a page is visited, a popup begins opening in another tab. Could the malware be doing this?
Also, Prevx1 interrupts once to ask if I want to allow mpas-fe.exe from C:\windows\softwaredistribution\... to be installed. I selected "Do not run."
Address bar still invisible in IE and Explorder


Deleted files on reboot from HJT w/ Killbox. Chose to "End Explorer Shell while Killing" and did NOT choose "Keep Dummy File":

I used KillBox! -- without the explicit instruction of this board's staff -- and now I am paying for my stupidity.

I used KillBox! to "delete on reboot" a variety of DLLs that were causing problems.
I chose "End Explorer Shell While Killing" or some option like that.

KillBox rebooted and everything started normally (Normal XP graphic. Normal XP login screen.)

I clicked on my name, "Jason" and the standard music sounded up but the page didn't advance to the normal windows screen. It was stuch on "loading your personal settings" for a much longer time than ever happened before.

When that screen went away, I saw the standard XPS windows background. But no start menu. No desktop icons of any kind.

I hit CTL ALT DEL and started up task manager, which listed 47 processes working but no programs.

I launched a "New Task" for explorer.exe and the start briefly appeared on the bottom on the screen....and then immediately disappeared.

I went back into KillBox to attempt to restore the files I had deleted, but when I chose File>Open Backups the start menu briefly appeared, and then disappeared again.

I have no idea what to system appears to exist and my files all appear to be there ...but I cannot get any of my original settings, my start menu, or anything.

I'm using my backup (very old) computer....and I need help asap!
Question by:JasonCGW
    LVL 42

    Expert Comment

    by the way, watch out for Trend Micro's spyware application.  it can have weird side-effects, like removing all of your programs from the "all programs" start menu.  not sure why it doesnt always do this, but i've seen it from two different people in the past year.
    LVL 32

    Expert Comment

    OK, thanks for the very detailed notes. They will be very helpful, I am sure.

    First things first - Are you able to boot your system in Safe Mode (where you press F8 just after the bios self-test, then choose safe mode)?

    Author Comment

    I am able to boot into safe mode, but I still do not see a desktop or a start menu.
    LVL 32

    Expert Comment

    OK, sounds like some essential Windows files are missing or corrupt.

    I would suggest a re-install of Windows XP. I am talking about a so-called "Repair Install", not a clean install, so you should not lose any data, but if you have very important files on that system then please post back for tips on how you should back them up first so there is no risk of losing data.

    Before doing the repair install, you may want to browse the following page for anything helpful:;en-us;308041

    To do the repair install, check the following links:

    You will need the original Win/XP for the repair install.
    It should not damage your personal files, but I do recommend a good backup in any case.

    You can also choose to wait a bit in case the other posters in this thread have alternate suggestions.
    LVL 32

    Expert Comment

    I meant to say  "You will need the original Win/XP CD for the repair install"

    Author Comment

    I do not have any WinXP CDs. WinXP was installed with my original system from Dell.

    Dell suggests doing a SYSTEM RESTORE or a DELL PC Restore. But I turned off System Restore once I noticed the Adware. If I turn on System Restore now, it won't help, right?

    How would I backup any files?  Will my CD Burner work if my explorer shell won't open?
    LVL 32

    Expert Comment

    That does make it more tricky :(

    " If I turn on System Restore now, it won't help, right?"

     Afraid so. When you turn off system restore, it deletes all the old restore points. Turning it on now won't help, plus I am not sure it can be turned on without repairing Explorer/Desktop first. (Actually, System Restore can be run from a command prompt, see;en-us;304449&sd=tech though I'm not sure it will help, but may be worth a try).

    "How would I backup any files?"

    If you have access to another XP computer (maybe a friend's) you can create a bootable CD (see then boot from that and copy your files to another disk or CD. Alternately, if you are handy with computers you can physically remove your hard drive, attach it to another computer as a slave drive and then copy files over.

    I am no legal expert, but it would seem that since you have a legit copy of XP from Dell, it should be OK to do a repair install after borrowing an XP CD from a friend. Alternately you should call Dell Tech Support (or even better, email them) and if you explain the position they may ship you a CD either free or for a nominal charge.

    Author Comment

    All else fails, I'll try to create a bootable CD since I do have another XP Computer (my older XP Home, which I'm on now).  

    But I don't have anything monumentally important on the target computer, as it's new and doesnt have too many files. Most/many of my things are on my old, reliable dell laptop.

    Thanks for the suggestions....I think I'll wait to see if anything else is out there bfore I do something drastic.
    I feel if I can just rename some of the dlls as dummy dlls, I should be fine. Anyone out there an expert in Killbox?
    LVL 32

    Expert Comment

    I think you need the XP CD even to create the ubcdwin  bootable CD.

    Your best bet is still to do a repair install if you can find  or borrow an XP CD.

    Can you open a Command Window on the partially booted system? (i.e. run the program cmd.exe from c:\windows\system32)
    If so, you might be able to launch other programs such as a CD writing program.

    Author Comment

    Yeah, I can get to teh command prompt.

    I can get nearly all of my programs up and running....just not the explorer shell.  

    I'm not sure, though, if I could get the drivers for the  CD/DVD RW up and running.

    Think DELL will be able to offer any assistance? I've as of now refrained from calling....
    LVL 32

    Assisted Solution

    "I'm not sure, though, if I could get the drivers for the  CD/DVD RW up and running."

     I think the drivers are already loaded at this point. So you should be able to launch most programs (unless there is some basic corruption that affects all or most programs). As a test you can open a Command Prompt window, type "cd windows" and then type Notepad to launch notepad.

     I just ran a test (I have Roxio v6), and I was able to use a command window and CD to "c:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator" and then launch the Easy CD program by typing its name "creartorc.exe"

     It's worth a try.

    Re. Dell, hopefully you are still under warranty. I used to call them, but got tired of being put on hold, so lately I've had very good luck with filling out the on-line support form on their support web site (it's hidden somewhere in the Contact Us links). They usally respond within 2 to 6 hours by email and are fairly helpful. In this sort of tricky situation, though, I would be happy if they agree to mail you an XP CD so you can re-install. You need a regular XP CD, not the "System Restore" one that simply wipes out everything.
    LVL 47

    Expert Comment

    Getting rid of files that hook to winlogon notify keys can have bad effects if registry entries are not removed first. Some bad guys also uses debugger and attach themselves to registry keys that are used in startup and if you kill bad guy, explorer and IE may not start.

    Can you access regedit?

    Author Comment

    Thanks. Yeah, I got Roxio Up and I'm making a DVD backup and my files, few that they are.

    Will try for Dell. Thanks again.

    Author Comment


    Yes, I can access regedit and msconfig.
    LVL 42

    Assisted Solution

    if your computer is still under warranty will dell, they will send you the restore/OS cd's.
    also, some dell's have a recovery partition with a backup of the OS loaded there.  if your computer has this, you can use the files from the recovery partition
    LVL 47

    Expert Comment

    Open regedit and navigate to these subkeys and delete "explorer.exe"  if present.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

    LVL 47

    Expert Comment

    Ooops, doubled.
    Is it only "explorer.exe" that does not work or IE as well?

    If IE is listed and IE doesn't work, then delete "iexplore.exe" as well.

    Author Comment

    The start menu/desktop icons,preferences are not working. I have not tried to get IE to load. Firefox loads (with its favorites listed) but cannot connect to the internet.

    When I go to HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options, I do not see "explorer.exe" or "iexplore.exe."

    LVL 47

    Expert Comment

    hmm.... not there?
    so you can still run all programs?
    can you run Hijackthis and let us see the log?
    Can you download a tool to get rid of look2me (there is a tool that has never failed yet in getting rid of look2me).

    Author Comment

    I can run most (if not all) programs but no start menu, no networking, etc.

    I dont know how I can get the tool onto that computer since it doesnt have internet and i dont have a usb flash drive (i lost it)

    HJT log is below. I retyped it from the screen of the target computer to the current one im' on.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:57:38PM, on 24-Mar-06
    Platform: Windows ZP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SPT (6.00.2900.2180)

    Running processes:
    C:\Program Files\Windows Defender\MsMpeng.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EVMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\CCSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    c:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    c:\Program Files\Prevx1\PxAgent.exe
    c:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Symantec Client Security\Symantec Antivirus\Rtvscan.exe
    c:\Program Files\Symantec Client Security\Symantec Client Firewall\SySPort.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O3 - Toolbar: Adobe PDF {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\program files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [PreVxOne] c:\Program Files\Prevx1\PXConsole.exe
    O4 - HKLM\..\Run: [Windows Defender] "c:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [THGuard] "c:\Program Files\TrojanHunter 4.5\THGuard.exe
    O4 - HKLM\..\Run: [SynTPEnh] c:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "c:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "c:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "c:\Program Files\Roxio\Easy CD Creater 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "c:\Program Files\QuickTime\qttask.exe" - atboottime
    O4 - HKLM\..\Run: [nmapp] "c:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [iTunesHelper] "c:\Program Files\iTunes\iTunersHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" - start
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\updateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [IntelWireless] c:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "c:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] c:\Program Files\ehome\ehtray.exe
    O4 - HKLM\..\Run: [efax 4.1] "c:\Program Files\eFax Messenger 4.1\J2GD11Cmd.exe" /R
    O4 - HKLM\..\Run: [DVDLauncher] "c:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Dell Support] "c:\Program Files\Dell Support\DSAgent.exe" /startup
    O4 - HKLM\..\Run: [AIM] c:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0DA1DE45}   - C:\Program Files\AIM\aim.exe
    O9 - Extra button: -  {CD67F990-D8E9-11d2-98FE-00C0F0218AFE}  - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}   - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menutiem: Windows Messenger -  {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O18 - Protocol: pure-go - {4745C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" - win32service (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccevtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\GW\GBUSSNet Client 4.6\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Sumantec AntiVirus\Defwatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEnd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anit-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anit-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Maccrovision Corporation - C:\Program Files\InstallShiefld\Driver\11\Intel 32\IDriveT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - DELL Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Netowrks Network magic Service (nmserivce) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: PreVX agent (PREVXgent) - Unknown Owner - C:\Program Files\Prevx1\PXAgent.exe -f (file missing)
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S23EventMonitor) - Intel Corporation - C:\Program files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Smantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirys - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort *SYmSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: WLANKEEPER - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    LVL 47

    Accepted Solution

    how about floppy disc?

    You've actually deleted legit files, specially SpOrder.dll that is used for internet connection.


    You can download SpOrder.dll here, to restore your connection, then lspfix if still can't connect.(floppy disc)


    Author Comment

    How can I get back wpa.dbl?

    If I burn a copy of sporder.dll and bring it to the other machine...will copy & paste from the CD drive to the harddrive work?
    LVL 47

    Expert Comment

    put SpOrder.dll in System32 folder.

    Sorry, Hijackthis log did not help.

    Author Comment

    well it helped in discovering that I deleted legit system files.

    Is this all just heading towards a reinstall?
    LVL 47

    Assisted Solution

    yeah it's difficult if you can't download any tools.

    try this below,

    Restore desktop icons and taskbar:

    Restore taskbar and start menu:

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now