[k-stop]

Hi everyone.

When I try to open my Explorer, the usual homepage does not open. Instead, all I get each time is a blank page and in the http: address locale, I get "about:blank". This does not change even if I go to Options and change the homepage myself.

I ran AdAware but this did not solve this particular problem. Any advice here?

K-Stop

 

[tj416]

Download Hijack This! from http://www.merijn.org/files/hijackthis.zip and make sure you save it in its own folder. Run a scan and save the results of the scan in a log. Open the log with notepad.Then, copy the contents of the log and paste it here. We'll analyze your log and tell you what to fix.

 

[k-stop]

Thanks for helping out!

********************

Logfile of HijackThis v1.99.0
Scan saved at 오후 9:57:44, on 2005-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\TurboPlayer\TurboAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESTsoft\ALZip\ALZip.exe
C:\Documents and Settings\user\Local Settings\Temp\_AZTMP0_\HijackThis.exe

R3 - URLSearchHook: Search - {ED221FBF-1549-4945-979E-520A31753925} - C:\WINDOWS\system32\Q32355775.dll
R3 - URLSearchHook: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O2 - BHO: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search - {5F39C2F5-F194-487D-805A-9B8E563DB7FC} - C:\WINDOWS\system32\Q32355775.dll
O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O3 - Toolbar: 네이버 점프(&J) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\system32\iecust.dll
O3 - Toolbar: Search - {E2947A3B-B3D7-42C2-A6FB-A214058B0345} - C:\WINDOWS\system32\Q32355775.dll
O3 - Toolbar: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll /JKTRANS.HTML
O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O9 - Extra button: Search - {E2947A3B-B3D7-42C2-A6FB-A214058B0345} - C:\WINDOWS\system32\Q32355775.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.shinhanlotto.com
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn.com/contents/trustnet/TNWebToolkitForIE.cab
O16 - DPF: {13148C56-D058-48D3-B5C6-1C0098674D02} (SecureSession Class) - http://www.raemian.co.kr/secui/SecuiConstIE.cab
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} (checkVerX Control) - http://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
O16 - DPF: {1D33E39F-A1F2-495E-9F84-36D5B3B30B24} (BidqControlX Control) - http://www.bidq.co.kr/cab/BidqControl.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {1EE59A7D-F863-4E86-A3D8-93183460B761} (difplayerctrl Class) - http://images.entoi.co.kr/control/DIFPLAYER.CAB
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-873A892CEE38} (IMAPControler Control) - http://www.chzero.com/urimap/urimap_activex/OCX/IMAPOCX_WEB/IMAPOCX_WEB.CAB
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) - http://image.shinhan.com/bank/etc/keyStroke/SoftCamp/4043/SCSK4.cab
O16 - DPF: {430DE918-D723-40BE-B3D7-CC18430BB061} (MarkAny WebSAFER - Control V1.6) - http://211.61.13.150/iris/maws09.cab
O16 - DPF: {5945AB0F-BDE6-4540-BA54-B7ECA44FEA27} (KTHMap Control) - http://map.paran.com/client/KTHMap.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn.com/contents/kdefense/cab/04010601/kdfense7.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://image.shinhan.com/initech/plugin/ver455/axINIplugin40.cab
O16 - DPF: {6BB10E44-84DB-4A95-A18F-5F124909F902} (KAPAREPV Control) - http://210.98.146.20/lib/kapa2.cab
O16 - DPF: {75D147ED-5F19-458D-ADD9-1DADAE203A56} (PlusAdmin Control) - http://203.231.113.136:8082/PlusAdmin.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://chbib.chb.co.kr/XecureObject/xw_install.cab
O16 - DPF: {8C4127A8-68CC-42A8-BE05-57B00D6A4408} (MainControl3 Class) - http://appupdate.guruguru.co.kr/files/download/GomLauncher3_1006.cab
O16 - DPF: {8E64F05B-76CF-40EA-AD6B-6741F02BDC46} (MagicInstaller Class) - https://acs.epaygen.com/~acs_ve/3dsecure_pa/magicweb/setup/MagicInstaller.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {9938DDF0-9B5E-4D77-8387-4DD8AFCA1DEB} (WebHardLauncher Control) - http://program.webhard.co.kr/Plus/whexplorer/WebHardLauncher.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/wallet50/INIwallet50.cab
O16 - DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} (SecureSession Class) - http://www.dfsshilla.com/secui/client/SecuiDfsShillaIE.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdf8106/kdfense8.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://download.hts.nefficient.co.kr/hts/wcom/cab/AxSignGATE.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} (CourtPrintInfo Class) - http://211.61.13.150/iris/MaPrintInfoCourt.cab
O16 - DPF: {C1B9E5D0-5FF0-47D3-AA8A-CF8CA58FB542} (MagicToolkit Class) - https://acs.epaygen.com/~acs_ve/3dsecure_pa/magicweb/setup/MagicToolkitX.cab
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_upload/DacomUpload.cab
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} (PS_NTSATL Class) - http://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/chb/npx.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://asp.congnamul.com/AspActiveX/CongnamulMap4Asp.cab
O16 - DPF: {E0526BF3-96B0-4B71-9839-EA6C41BC851E} (SKCertManX Control) - http://download.hts.nefficient.co.kr/hts/wcom/cab/SKCertManX.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download/DacomDownload.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan.com/bank/etc/TrustSite/1002/ShbAutoTrustSiteX.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn.com/skcab/SKCommAX.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.bccard.com/initech/plugin/INISafeWeb50.cab
O16 - DPF: {FA309B66-7778-11D8-A7CA-0020ED52230E} (RPRTRegisterX Control) - http://211.61.13.150/iris/RPRTPrintRegisterX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76083CED-F75F-4434-818B-A916F0EDF5DB}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{76083CED-F75F-4434-818B-A916F0EDF5DB}: NameServer = 69.50.166.94,69.31.80.244
O18 - Filter: text/html - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O18 - Filter: text/plain - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

[tj416]

Open Hijack This!, run a scan and check these items:
R3 - URLSearchHook: Search - {ED221FBF-1549-4945-979E-520A31753925} - C:\WINDOWS\system32\Q32355775.dll
R3 - URLSearchHook: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O2 - BHO: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O2 - BHO: Search - {5F39C2F5-F194-487D-805A-9B8E563DB7FC} - C:\WINDOWS\system32\Q32355775.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\system32\iecust.dll
O3 - Toolbar: Search - {E2947A3B-B3D7-42C2-A6FB-A214058B0345} - C:\WINDOWS\system32\Q32355775.dll
O3 - Toolbar: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dllA
O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O9 - Extra button: Search - {E2947A3B-B3D7-42C2-A6FB-A214058B0345} - C:\WINDOWS\system32\Q32355775.dll
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/chb/npx.cab
O18 - Filter: text/html - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll
O18 - Filter: text/plain - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\Q32355775.dll

Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

Then,reboot in Safe mode. To reboot in Safe mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Delete this file (if present):
C:\WINDOWS\system32\Q32355775.dll

Then, reboot and post a new log.

 

[k-stop]

Done. Here is the new log on Hijack This:

Logfile of HijackThis v1.99.0
Scan saved at 오후 11:07:06, on 2005-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\TurboPlayer\TurboAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\user\바탕 화면\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O3 - Toolbar: 네이버 점프(&J) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_3_7.dll /JKTRANS.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.shinhanlotto.com
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn.com/contents/trustnet/TNWebToolkitForIE.cab
O16 - DPF: {13148C56-D058-48D3-B5C6-1C0098674D02} (SecureSession Class) - http://www.raemian.co.kr/secui/SecuiConstIE.cab
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} (checkVerX Control) - http://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
O16 - DPF: {1D33E39F-A1F2-495E-9F84-36D5B3B30B24} (BidqControlX Control) - http://www.bidq.co.kr/cab/BidqControl.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {1EE59A7D-F863-4E86-A3D8-93183460B761} (difplayerctrl Class) - http://images.entoi.co.kr/control/DIFPLAYER.CAB
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-873A892CEE38} (IMAPControler Control) - http://www.chzero.com/urimap/urimap_activex/OCX/IMAPOCX_WEB/IMAPOCX_WEB.CAB
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) - http://image.shinhan.com/bank/etc/keyStroke/SoftCamp/4043/SCSK4.cab
O16 - DPF: {430DE918-D723-40BE-B3D7-CC18430BB061} (MarkAny WebSAFER - Control V1.6) - http://211.61.13.150/iris/maws09.cab
O16 - DPF: {5945AB0F-BDE6-4540-BA54-B7ECA44FEA27} (KTHMap Control) - http://map.paran.com/client/KTHMap.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn.com/contents/kdefense/cab/04010601/kdfense7.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://image.shinhan.com/initech/plugin/ver455/axINIplugin40.cab
O16 - DPF: {6BB10E44-84DB-4A95-A18F-5F124909F902} (KAPAREPV Control) - http://210.98.146.20/lib/kapa2.cab
O16 - DPF: {75D147ED-5F19-458D-ADD9-1DADAE203A56} (PlusAdmin Control) - http://203.231.113.136:8082/PlusAdmin.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://chbib.chb.co.kr/XecureObject/xw_install.cab
O16 - DPF: {8C4127A8-68CC-42A8-BE05-57B00D6A4408} (MainControl3 Class) - http://appupdate.guruguru.co.kr/files/download/GomLauncher3_1006.cab
O16 - DPF: {8E64F05B-76CF-40EA-AD6B-6741F02BDC46} (MagicInstaller Class) - https://acs.epaygen.com/~acs_ve/3dsecure_pa/magicweb/setup/MagicInstaller.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {9938DDF0-9B5E-4D77-8387-4DD8AFCA1DEB} (WebHardLauncher Control) - http://program.webhard.co.kr/Plus/whexplorer/WebHardLauncher.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/wallet50/INIwallet50.cab
O16 - DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} (SecureSession Class) - http://www.dfsshilla.com/secui/client/SecuiDfsShillaIE.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdf8106/kdfense8.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://download.hts.nefficient.co.kr/hts/wcom/cab/AxSignGATE.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} (CourtPrintInfo Class) - http://211.61.13.150/iris/MaPrintInfoCourt.cab
O16 - DPF: {C1B9E5D0-5FF0-47D3-AA8A-CF8CA58FB542} (MagicToolkit Class) - https://acs.epaygen.com/~acs_ve/3dsecure_pa/magicweb/setup/MagicToolkitX.cab
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_upload/DacomUpload.cab
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} (PS_NTSATL Class) - http://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://asp.congnamul.com/AspActiveX/CongnamulMap4Asp.cab
O16 - DPF: {E0526BF3-96B0-4B71-9839-EA6C41BC851E} (SKCertManX Control) - http://download.hts.nefficient.co.kr/hts/wcom/cab/SKCertManX.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download/DacomDownload.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan.com/bank/etc/TrustSite/1002/ShbAutoTrustSiteX.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn.com/skcab/SKCommAX.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.bccard.com/initech/plugin/INISafeWeb50.cab
O16 - DPF: {FA309B66-7778-11D8-A7CA-0020ED52230E} (RPRTRegisterX Control) - http://211.61.13.150/iris/RPRTPrintRegisterX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76083CED-F75F-4434-818B-A916F0EDF5DB}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{76083CED-F75F-4434-818B-A916F0EDF5DB}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\Program Files\Ahnlab\V3\MonSvcNT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

[tj416]

Did you add these websites to your Trusted zone?If not Fix them.
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.shinhanlotto.com

Your log looks clean. Is everything ok?

 

[k-stop]

I think you have helped greatly to clean up the file. There is one small problem: when I first tried to open Hijack This, and each subsequent time I opened Hijack This, I saw this:

***********************

An unexpected error has occurred at procedure: cmdScan_Click()
Error #52 - Bad file name or number

Please email me at [email protected], reporting the following:
*What you were doing when the error occurred
*How you can reproduce the error
*A complete Hijack This scan log, if possible

*************************

I will email this along with the scan log, but do you know anything about this?
I can finally get into Hijack This once I keep clicking a few times on the message.

 

[tj416]

It could be because of a corrupted copy of HJT.

Try downloading it from one of these sites:
http://www.unitethecows.com/software/HijackThis.exe
http://www.merijn.org/files/hijackthis.zip
http://downloads.subratam.org/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://computercops.biz/zx/Merijn/hijackthis.zip

Do you still get the About:Blank problem?

 

[k-stop]

Thanks for the help. I don't get the about: Blank problem anymore, which is a great relief!

K-stop

 

[tj416]

You're Welcome!You may now mark this thread solved via thread tools.

To prevent this from happening in the future:
1.I suggest you download Spyware Blaster to prevent the installation of Spyware in the first place.

2.IE-Spyad puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all and I suggest you download it.

3.I recommend that you read a thead titled So how do I get infected in the first place? by Tony Klien which informs you on how to tighten the security of your PC.