about:blank hijack keeps returning; "This program has been damaged" error

I'm having the same exact problem as other is this forum are. Seems no one has yet to come up with a solution. And unforunatley formating is not an option for me. Let me explain a little further whats happening. about:blank hijack keeps returning. I'm running windows xp. I'm already ran ad-aware, norton antivirus, the cleaner, cws shredder, hijack. All latest versions and updated following random instructions found in this forum from various threads. I thought I had been able to fix the about:blank hijack using CWShred and Hijackthis but I returned the next day somehow. Also now 2 progams I've noticed so far (Hypersnap and UltraEdit) are giving me the "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it." error. When using xfind it came up with kbl.dll which i tried using killbox to delete but it is as if the file doesnt even exist. Now I know kgkhk.dll is a variant of CWS but i've removed it before and its returned so I'd like to try follow an experts instructions on the proper way of manual removal. Thanks. heres my hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 2:40:04 PM, on 4/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\Overnet\Overnet.exe
D:\Program Files\The Cleaner\tca.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
D:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\NetCaptor\netcaptor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
D:\Temp\hijackthis\HijackThis.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - D:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: (no name) - {6FDA18D2-81E9-4DA1-905A-FD4744934B2C} - C:\WINDOWS\System32\kgkhk.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Overnet] D:\Program Files\Overnet\Overnet.exe -t
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
O4 - Global Startup: Trillian.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Launch High Impact eMail 2.0 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altavista.com/app/too...a.cab?r=HFVHHR
O16 - DPF: {5C8D0494-02F2-40E9-8EBF-07FED5919629} - http://www.goodcontacts.com/install/GoodContacts.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...867.0132407407
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Te...loads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mshitechsolutions.com
O17 - HKLM\Software\..\Telephony: DomainName = mshitechsolutions.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mshitechsolutions.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mshitechsolutions.com

[dvk01]

Download this zip: http://tools.zerosrealm.com/pv.zip unzip it to the desktop.
Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.

select option 2 internet explorer dll and press return
Notepad will open with a log in it

copy & paste the contents of that log back here in a reply

repeat with option 1 explorer dll & also post that log

Here ya go. Thanks for the help.


Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 xpsp1.020828-1920 Internet Explorer
ntdll.dll 77f50000 684032 C\WINDOWS\System32\ntdll.dll 5.1.2600.1106 xpsp1.020828-1920 NT Layer DLL
kernel32.dll 77e60000 942080 C\WINDOWS\system32\kernel32.dll 5.1.2600.1106 xpsp1.020828-1920 Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 xpsp1.020828-1920 Windows NT CRT DLL
USER32.dll 77d40000 573440 C\WINDOWS\system32\USER32.dll 5.1.2600.1106 xpsp1.020828-1920 Windows XP USER API Client DLL
GDI32.dll 77c70000 262144 C\WINDOWS\system32\GDI32.dll 5.1.2600.1106 xpsp1.020828-1920 GDI Client DLL
ADVAPI32.dll 77dd0000 577536 C\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 xpsp1.020828-1920 Advanced Windows 32 Base API
RPCRT4.dll 78000000 548864 C\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 xpsp1.020828-1920 Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 409600 C\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 xpsp1.020828-1920 Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1351680 C\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 xpsp1.020828-1920 Shell Doc Object and Control Library
Secur32.dll 76f90000 65536 C\WINDOWS\System32\Secur32.dll 5.1.2600.1106 xpsp1.020828-1920 Security Support Provider Interface
iphlpapi.dll 76d60000 94208 C\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 xpsp1.020828-1920 IP Helper API
WS2_32.dll 71ab0000 86016 C\WINDOWS\System32\WS2_32.dll 5.1.2600.0 xpclient.010817-1148 Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 xpclient.010817-1148 Windows Socket 2.0 Helper for Windows NT
comctl32.dll 71950000 933888 C\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 xpsp1.020828-1920 User Experience Controls Library
SHELL32.dll 773d0000 8351744 C\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 xpsp1.020828-1920 Windows Shell Common Dll
comctl32.dll 77340000 569344 C\WINDOWS\system32\comctl32.dll 5.82 xpsp1.020828-1920 Common Controls Library
ole32.dll 771b0000 1183744 C\WINDOWS\system32\ole32.dll 5.1.2600.1106 xpsp1.020828-1920 Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 xpsp1.020828-1920 Microsoft UxTheme Library
MsgPlusH.dll 10000000 1122304 C\Program Files\Messenger Plus! 2\MsgPlusH.dll 2, 54, 0, 74 Hook DLL
comdlg32.dll 763b0000 282624 C\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 xpsp1.020828-1920 Common Dialogs DLL
OLEAUT32.dll 77120000 569344 C\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NTTM and Windows 95TM Operating Systems
MSCTF.dll 74720000 278528 C\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 xpsp1.020828-1920 MSCTF Server DLL
wfx.dll 69000000 303104 D\PROGRA~1\OBJECT~1\WINDOWFX\wfx.dll 2.0 WindowFX Support DLL
msimg32.dll 76380000 20480 C\WINDOWS\System32\msimg32.dll 5.1.2600.1106 xpsp1.020828-1920 GDIEXT Client DLL
BROWSEUI.dll 75f80000 1032192 C\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 xpsp1.020828-1920 Shell Browser UI Library
browselc.dll 72430000 73728 C\WINDOWS\System32\browselc.dll 6.00.2800.1106 xpsp1.020828-1920 Shell Browser UI Library
appHelp.dll 75f40000 126976 C\WINDOWS\system32\appHelp.dll 5.1.2600.1106 xpsp1.020828-1920 Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77050000 806912 C\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C\WINDOWS\system32\VERSION.dll 5.1.2600.0 xpclient.010817-1148 Version Checking and File Installation Libraries
WININET.dll 76200000 622592 C\WINDOWS\system32\WININET.dll 6.00.2800.1106 xpsp1.020828-1920 Internet Extensions for Win32
CRYPT32.dll 762c0000 569344 C\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 xpsp1.020828-1920 Crypto API32
MSASN1.dll 762a0000 61440 C\WINDOWS\system32\MSASN1.dll 5.1.2600.0 XPClient.010817-1148 ASN.1 Runtime APIs
cscui.dll 76620000 319488 C\WINDOWS\System32\cscui.dll 5.1.2600.1106 xpsp1.020828-1920 Client Side Caching UI
CSCDLL.dll 76600000 110592 C\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 xpclient.010817-1148 Offline Network Agent
SETUPAPI.dll 76670000 946176 C\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 xpsp1.020828-1920 Windows Setup API
googletoolbar.dll 1b40000 757760 c\program files\google\googletoolbar.dll 2, 0, 108, 0 Google IE Client Toolbar
urlmon.dll 760f0000 499712 C\WINDOWS\system32\urlmon.dll 6.00.2800.1106 xpsp1.020828-1920 OLE32 Extensions for Win32
WSOCK32.dll 71ad0000 32768 C\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 xpclient.010817-1148 Windows Socket 32-Bit DLL
WINTRUST.dll 76c30000 176128 C\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 xpclient.010817-1148 Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 139264 C\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 xpsp1.020828-1920 Windows NT Image Helper
WINMM.dll 76b40000 180224 C\WINDOWS\System32\WINMM.dll 5.1.2600.1106 xpsp1.020828-1920 MCI API DLL
serwvdrv.dll 5cd70000 28672 C\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 xpclient.010817-1148 Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 xpclient.010817-1148 Unimodem Tranform Module
rsaenh.dll ffd0000 143360 C\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 xpsp1.020426-1800 Microsoft Base Cryptographic Provider
RASAPI32.DLL 76ee0000 225280 C\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 xpsp1.020828-1920 Remote Access API
rasman.dll 76e90000 69632 C\WINDOWS\System32\rasman.dll 5.1.2600.1106 xpsp1.020828-1920 Remote Access Connection Manager
NETAPI32.dll 71c20000 319488 C\WINDOWS\System32\NETAPI32.dll 5.1.2600.1106 xpsp1.020828-1920 Net Win32 API DLL
TAPI32.dll 76eb0000 176128 C\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 xpsp1.020828-1920 Microsoft® WindowsTM Telephony API Client DLL
rtutils.dll 76e80000 53248 C\WINDOWS\System32\rtutils.dll 5.1.2600.0 xpclient.010817-1148 Routing Utilities
sensapi.dll 722b0000 20480 C\WINDOWS\System32\sensapi.dll 5.1.2600.1106 xpsp1.020828-1920 SENS Connectivity API DLL
USERENV.dll 75a70000 675840 C\WINDOWS\system32\USERENV.dll 5.1.2600.1106 xpsp1.020828-1920 Userenv
AcroIEHelper.dll 1f90000 36864 D\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll 6.0.0.2003040700 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SXS.DLL 75e90000 684032 C\WINDOWS\System32\SXS.DLL 5.1.2600.1106 xpsp1.020828-1920 Fusion 2.5
FpLaunch.dll 2180000 65536 D\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll 1, 0, 0, 1 FlpLaunch Module
ALTAVI~1.DLL 21a0000 811008 C\WINDOWS\DOWNLO~1\ALTAVI~1.DLL 1.1.1.26
imm32.dll 76390000 114688 C\WINDOWS\System32\imm32.dll 5.1.2600.1106 xpsp1.020828-1920 Windows XP IMM32 API Client DLL
olepro32.dll 5edd0000 106496 C\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft R OLE Property Support DLL
WebBlinds.dll 64000000 585728 D\Program Files\Object Desktop\WebBlinds\WebBlinds.dll 0, 1, 0, 5 WebBlinds
odcommon.dll 2870000 774144 C\Program Files\Common Files\Stardock\odcommon.dll 1.2.76 ODCommon Module
kgkhk.dll 29a0000 53248 C\WINDOWS\System32\kgkhk.dll
AcroIEFavClient.dll 29b0000 143360 D\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
ATL.DLL 5f3e0000 73728 D\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL 3.00.8449 ATL Module for Windows NT Unicode
MSVCP60.dll 55900000 397312 C\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft R C++ Runtime Library
shdoclc.dll 76170000 557056 C\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 xpclient.010817-1148 Shell Doc Object and Control Library
DAPIE.DLL 2af40000 65536 D\PROGRA~1\DAP\DAPIE.DLL 7, 0, 0, 1 DAP MSIE Integration DLL
MFC42.DLL 6c370000 991232 D\PROGRA~1\DAP\MFC42.DLL 6.00.8665.0 MFCDLL Shared Library - Retail Version
mlang.dll 74770000 585728 C\WINDOWS\System32\mlang.dll 6.00.2600.0000 xpclient.010817-1148 Multi Language Support DLL
mswsock.dll 71a50000 241664 C\WINDOWS\system32\mswsock.dll 5.1.2600.0 xpclient.010817-1148 Microsoft Windows Sockets 2.0 Service Provider
mslbui.dll 605d0000 32768 C\WINDOWS\System32\mslbui.dll 5.1.2600.1106 xpsp1.020828-1920 LangageBar Add In
events.dll 2fe0000 155648 D\Program Files\Trillian\events.dll 2.0.1.112 Trillian Event Control
MSVCR71.dll 7c340000 352256 D\Program Files\Trillian\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
wshtcpip.dll 71a90000 32768 C\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 xpclient.010817-1148 Windows Sockets Helper DLL
rasadhlp.dll 76fc0000 20480 C\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 xpclient.010817-1148 Remote Access AutoDial Helper
DNSAPI.dll 76f20000 151552 C\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 xpsp1.020828-1920 DNS Client API DLL
winrnr.dll 76fb0000 28672 C\WINDOWS\System32\winrnr.dll 5.1.2600.0 xpclient.010817-1148 LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 xpsp1.020828-1920 Win32 LDAP API DLL
mshtml.dll 74810000 2846720 C\WINDOWS\System32\mshtml.dll 6.00.2800.1106 xpsp1.020828-1920 Microsoft R HTML Viewer
msimtf.dll 746f0000 155648 C\WINDOWS\System32\msimtf.dll 5.1.2600.1106 xpsp1.020828-1920 Active IMM Server DLL
sptip.dll 5c2c0000 245760 C\WINDOWS\ime\sptip.dll 5.1.2600.1106 xpsp1.020828-1920 SAPI5.0/CTF layer DLL
OLEACC.dll 74c80000 180224 C\WINDOWS\System32\OLEACC.dll 4.2.5406.0 xpclient.010817-1148 Active Accessibility Core Component
SPGRMR.DLL 3ea0000 69632 C\WINDOWS\IME\SPGRMR.DLL 5.1.2600.1106 xpsp1.020828-1920 SPTIP Grammar DLL
msi.dll 3ec0000 2101248 C\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SKCHUI.DLL 4150000 372736 C\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
msohev.dll 325c0000 73728 D\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
jscript.dll 75c50000 593920 C\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft r JScript
iepeers.dll 66e50000 241664 C\WINDOWS\System32\iepeers.dll 6.00.2800.1106 xpsp1.020828-1920 Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 143360 C\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 xpsp1.020828-1920 Windows Spooler Driver
MSLS31.DLL 746c0000 159744 C\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
mshtmled.dll 74cb0000 454656 C\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 xpsp1.020828-1920 Microsoft R HTML Editing Component
actxprxy.dll 71d40000 110592 C\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 XPClient.010817-1148 ActiveX Interface Marshaling Library
MSRATING.DLL 5ff20000 143360 C\WINDOWS\System32\MSRATING.DLL 6.00.2800.1106 xpsp1.020828-1920 Internet Ratings and Local User Management DLL
msratelc.dll 5ff50000 69632 C\WINDOWS\System32\msratelc.dll 6.00.2600.0000 xpclient.010817-1148 Internet Ratings and Local User Management DLL
vbscript.dll 73300000 479232 C\WINDOWS\System32\vbscript.dll 5.6.0.7426 Microsoft r VBScript
MPR.dll 71b20000 69632 C\WINDOWS\system32\MPR.dll 5.1.2600.0 xpclient.010817-1148 Multiple Provider Router DLL
drprov.dll 75f60000 24576 C\WINDOWS\System32\drprov.dll 5.1.2600.0 xpclient.010817-1148 Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 xpsp1.020828-1920 Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C\WINDOWS\System32\NETUI0.dll 5.1.2600.0 xpclient.010817-1148 NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C\WINDOWS\System32\NETUI1.dll 5.1.2600.0 xpclient.010817-1148 NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C\WINDOWS\System32\NETRAP.dll 5.1.2600.0 xpclient.010817-1148 Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 69632 C\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 xpsp1.020828-1920 SAM Library DLL
davclnt.dll 75f70000 36864 C\WINDOWS\System32\davclnt.dll 5.1.2600.0 xpclient.010817-1148 Web DAV Client DLL
mswmdm.dll 5360000 262144 C\WINDOWS\System32\mswmdm.dll 9.0.1.56 Windows Media Device Manager Core
WMVCore.DLL 8530000 2084864 C\WINDOWS\System32\WMVCore.DLL 9.00.00.2980 built by lab03_devbld4act Windows Media Playback/Authoring DLL
WMASF.DLL 7260000 233472 C\WINDOWS\System32\WMASF.DLL 9.00.00.2980 built by lab03_devbld4act Windows Media ASF DLL
wmdmlog.dll 5320000 40960 C\WINDOWS\System32\wmdmlog.dll 9.0.1.56 Windows Media Device Manager Logger
wmdmps.dll 5330000 36864 C\WINDOWS\System32\wmdmps.dll 9.0.1.56 Windows Media Device Manager Proxy Stub
sti.dll 73ba0000 73728 C\WINDOWS\System32\sti.dll 5.1.2600.1106 xpsp1.020828-1920 Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 xpclient.010817-1148 Configuration Manager Forwarder DLL
webcheck.dll 74b30000 266240 C\WINDOWS\System32\webcheck.dll 6.00.2800.1106 xpsp1.020828-1920 Web Site Monitor

That post must be unreadable. Let me upload it to my server.

http://www.mshitechsolutions.com/downloads/ie.txt

http://www.mshitechsolutions.com/downloads/explorer.txt

[dvk01]

No sign of the usual hidden dll's that reinstall it
See if this helps
to see if we can prevent the cws hijackers reinfecting you try this
a workaround seems to be install a good firewall, lists here http://www.wilders.org/firewalls.htm if you haven't already got one and block these ranges of ports, both incoming and outgoing 209.66.114.0-209.66.115.255 and 81.211.105.0-81.211.105.255
that stops the known cws servers responding or the hidden files on your computer updating. This works sometimes but not always, but it's a help. The problem with this approach is that some good sites might also be blocked
then when we have a guaranteed working cure for it we can advise how to fully remove it.


First download CWshredder from http://www.wilderssecurity.com/showthread.php?t=14086

boot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kgkhk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {6FDA18D2-81E9-4DA1-905A-FD4744934B2C} - C:\WINDOWS\System32\kgkhk.dll
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {5C8D0494-02F2-40E9-8EBF-07FED5919629} - http://www.goodcontacts.com/install/GoodContacts.cab

Now Run Cwshreddder
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.

Reboot After running cwshredder and as soon as possible follow this advice:
Now as CWS Hijacks are normally installed via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

then
Reboot normally

Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

Spybot - Search & Destroy from http://security.kolla.de
AdAware 6 from http://www.lavasoft.de/support/download

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read at least 01R300 28.04.2004 or a higher number/later date

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again

then post a new hijackthis log to check what is left