Look2Me removal gone horribly wrong

Hi. I had/have the Adware.Look2Me parasite. I did not know about Kill2Me until right now. Through help with friends and on other sites, I ran the following steps to remove it. Unfortunately, I went a step too far and now my entire windows desktop/start menu will not appear.

Below are the steps I took and attached is my HJT log. My computer now will turn on and load up but once I click on my name, windows will make its startup noise, hold at "Loading your personal settings" for much longer than usual, will start up with the normal background but no start menu and no desktop icons (or the typical loading processes.)

CTRL ALT DEL will bring up the task manager, which runs. I have selected many programs from task manager and they basically seem to work fine. I have tried to run "explorer.exe" from task manager and the start menu briefly appears and then disappears just as quickly. I do not know what to do.

Here's what I ran notice/earlier, before all this latest trouble. Please note that I am on a backup computer - with the above trouble on my target computer, I cannot connect to the internet from it. I ran HJT on the target computer from task manager and reproduced the log as attached.

**Random Windows Explorer Error** Address bar is checked as being visible, but its invisible. I never noticed this before...but the address bar in IE is missing too. Address bar in Firefox is unaffected.

1. Ran Ad-aware SE
As instructed in the "Before You Post."
Results: 0 New Critical Objects

2. Ran CWShredder
In safe mode, as instructed.
Reported removing CWS.Msconfig varient

Upon restarting normally, ewido reported "wuadefui.dll" as an infection of Adware.Look2Me from C:windows\system32. Chose "Clean" as the action.
Had to restart again and ewido reported "wfdrmsdk.dll" as an infection of Adware.Look2Me from C:\Windows\system32. Chose "clean."

3. Ran Spybot S&D
As instrcuted.
Reports removing registry entries for "Windows Security Center.AntiVirusDisableNotify" and "WindowsSecurityCenter.FirewallDisableNotify". Fixed selected problems. (But Spybot has repeatedly said it cleared these problems and they keep reappearing.)


5. Ewido scan
Attempted to update in regular mode. No update was available.
Ran in safe mode
Results: Finds infected files. Most of them are *.dll's. Most are cleaned. "C:\windows\system32\dqwave.dll" has an "error" and cannot be deleted. I tried to delete with Windows explorer and that doesn't work. Also noted pvp.dll and o4nsle571h.dll and 04pqle751h.dll. Cannot delete these process!
Scan log from most recent running is attached as ewido.log

6. Ran Symantac Deep/Extended Scan in safe mode
Result: Found and deleted 1 threat. When it examined dqwave.dll, it did not pickup a threat (even though ewido did)

7. Trojan Hunter.
Attempted to install. At the last moment before complete installation, received following error message:
CoCreateInstance failed; code 0x80040154. Clicked ok. Error repeated five times. Then, installation reported as "complete."

Ran test. Found only one problem but indicated that it could not scan pVp.dll since it was in use by another program. This file was identified by ewido as containing the Adware.Look2Me infection.

REBOOT AND TEST
Random note: After several cleaning steps, my "Quick Launch" disappeared. After putting back the "quicklaunch" and choosing Firefox, computer takes a long time to advance. When Firefox has loaded, and a page is visited, a popup begins opening in another tab. Could the malware be doing this?
Also, Prevx1 interrupts once to ask if I want to allow mpas-fe.exe from C:\windows\softwaredistribution\... to be installed. I selected "Do not run."
Address bar still invisible in IE and Explorder

THE KILLBOX PROBLEM
Chose to "End Explorer Shell while Killing" and did NOT choose "Keep Dummy File":
enjml1111.dll
__delete_on_reboot_mefted.dll
pvp.dll
o4pgle751h.dll
streamhlp.dll
sporder.dll
wpa.dbl
GoogleDesktopSearch3.dll
GoogleDesktopSearch2.dll
\adobe VersionCue2\bin\

I used KillBox! -- without the explicit instruction of this board's staff -- and now I am paying for my stupidity.

I used KillBox! to "delete on reboot" a variety of DLLs that were causing problems.
I chose "End Explorer Shell While Killing" or some option like that.

KillBox rebooted and everything started normally (Normal XP graphic. Normal XP login screen.)

I clicked on my name, "Jason" and the standard music sounded up but the page didn't advance to the normal windows screen. It was stuch on "loading your personal settings" for a much longer time than ever happened before.

When that screen went away, I saw the standard XPS windows background. But no start menu. No desktop icons of any kind.

I hit CTL ALT DEL and started up task manager, which listed 47 processes working but no programs.

I launched a "New Task" for explorer.exe and the start briefly appeared on the bottom on the screen....and then immediately disappeared.

I went back into KillBox to attempt to restore the files I had deleted, but when I chose File>Open Backups the start menu briefly appeared, and then disappeared again.

I have no idea what to do...my system appears to exist and my files all appear to be there ...but I cannot get any of my original settings, my start menu, or anything.

I'm using my backup (very old) computer....and I need help asap!

HJT LOG IS ATTACHED FROM AFTER THE KILLBOX INCIDENT. (I retyed it into my current machine from the targeted machine.)

 

Thank you for your reply.

After backing up my system (and forgetting to export my favorite places...doh!) I did a PC Restore from DELL and got everything back as is.

My D:\ drive which I had created when I first got my computer was unaffected by the malware or by the complete PC factory restore -- so all my data files (and all my music) was saved and protected.

Pretty much started right back up.

Thanks for your assistance, though. Glad I joined the site.

signing out from essex county,nj...