Why won't it just leave me alone?! - about:blank probs

If you have run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal then Make sure you have HJT Version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Do you have any idea what this Qni11tms.exe program is for?
C:\WINDOWS\System32\Qni11tms.exe


You have a couple of HSA hijackers running (atlla.exe and sdkdw32.exe). I would run About:Buster once in normal mode and then reboot immediately into safe mode and run About:Buster again. Then reboot in normal mode. atlla.exe may be associated we the RPC Helper service mentioned in the READ ME FIRST in step 2 of Getting Started. That service should have been disable if you followed that step. Make sure it says exactly Remote Procedure Call (RPC) Helper because you do not want to disable Remote Procedure Call (RPC).

At any rate I will proceed like those processes are still running and include then in the list of items to fix below.

Download this tool - LSP-FIX from http://www.majorgeeks.com/download4180.html

THEN:
Please run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the aklsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move aklsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.


Make sure you have system restore disabled and viewing of hidden files enabled.

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
sdkdw32.exe
atlla.exe
ophs.exe
Alw1R.exe
?hkdsk.exe


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {76823460-DF8F-B033-EE8B-9FC41F3F0DCE} - C:\WINDOWS\appgp32.dll
O4 - HKLM\..\Run: [NCqw4] C:\documents and settings\jason.mbc.000\local settings\temp\NCqw4.exe
O4 - HKLM\..\Run: [3Y4X3P53LY5KRG] C:\WINDOWS\System32\Qou5TwS4.exe
O4 - HKLM\..\Run: [NCqw4.exe] C:\documents and settings\jason.mbc.000\local settings\temp\NCqw4.exe
O4 - HKLM\..\Run: [sdkdw32.exe] C:\WINDOWS\system32\sdkdw32.exe
O4 - HKCU\..\Run: [Snro] C:\Documents and Settings\Jason.MBC.000\Application Data\ophs.exe
O4 - HKCU\..\Run: [Hoglre] C:\WINDOWS\System32\?hkdsk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O15 - Trusted Zone: *.frame.crazywinnings.com


Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Jason.MBC.000\Application Data\ophs.exe
C:\documents and settings\jason.mbc.000\local settings\temp\NCqw4.exe
C:\WINDOWS\appgp32.dll
C:\WINDOWS\system32\sdkdw32.exe
C:\WINDOWS\System32\Alw1R.exe
C:\WINDOWS\System32\Qou5TwS4.exe
C:\WINDOWS\atlla.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

To bad! I think we could have fix it. You're welcome anyware. But you should really check out the following link to help avoid problems like this from reoccurring:
How to Protect yourself from malware!